From 748cb28017398ca125f507342a2c8cf5d7480a85 Mon Sep 17 00:00:00 2001 From: Ian Epperson Date: Wed, 13 May 2020 10:39:11 -0700 Subject: [PATCH 0001/1526] Add Discord notification --- notify/discord.sh | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 notify/discord.sh diff --git a/notify/discord.sh b/notify/discord.sh new file mode 100644 index 00000000..3cce4ee5 --- /dev/null +++ b/notify/discord.sh @@ -0,0 +1,57 @@ +#!/usr/bin/env sh + +#Support Discord webhooks + +# Required: +#DISCORD_WEBHOOK_URL="" +# Optional: +#DISCORD_USERNAME="" +#DISCORD_AVATAR_URL="" + +discord_send() { + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_statusCode" "$_statusCode" + + DISCORD_WEBHOOK_URL="${DISCORD_WEBHOOK_URL:-$(_readaccountconf_mutable DISCORD_WEBHOOK_URL)}" + if [ -z "$DISCORD_WEBHOOK_URL" ]; then + DISCORD_WEBHOOK_URL="" + _err "You didn't specify a Discord webhook url DISCORD_WEBHOOK_URL yet." + return 1 + fi + _saveaccountconf_mutable DISCORD_WEBHOOK_URL "$DISCORD_WEBHOOK_URL" + + DISCORD_USERNAME="${DISCORD_USERNAME:-$(_readaccountconf_mutable DISCORD_USERNAME)}" + if [ -n "$DISCORD_USERNAME" ]; then + _saveaccountconf_mutable DISCORD_USERNAME "$DISCORD_USERNAME" + fi + + DISCORD_AVATAR_URL="${DISCORD_AVATAR_URL:-$(_readaccountconf_mutable DISCORD_AVATAR_URL)}" + if [ -n "$DISCORD_AVATAR_URL" ]; then + _saveaccountconf_mutable DISCORD_AVATAR_URL "$DISCORD_AVATAR_URL" + fi + + export _H1="Content-Type: application/json" + + _content="$(printf "**%s**\n%s" "$_subject" "$_content" | _json_encode)" + _data="{\"content\": \"$_content\" " + if [ -n "$DISCORD_USERNAME" ]; then + _data="$_data, \"username\": \"$DISCORD_USERNAME\" " + fi + if [ -n "$DISCORD_AVATAR_URL" ]; then + _data="$_data, \"avatar_url\": \"$DISCORD_AVATAR_URL\" " + fi + _data="$_data}" + + if _post "$_data" "$DISCORD_WEBHOOK_URL?wait=true"; then + # shellcheck disable=SC2154 + if [ -n "$response" ]; then + _info "discord send success." + return 0 + fi + fi + _err "discord send error." + _err "$response" + return 1 +} From a674e410e0ec9de7a5f98e2be103b0c53307908a Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Fri, 21 Aug 2020 17:15:18 -0400 Subject: [PATCH 0002/1526] initial commit --- dnsapi/dns_edgedns.sh | 379 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 379 insertions(+) create mode 100755 dnsapi/dns_edgedns.sh diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh new file mode 100755 index 00000000..75ef4f9b --- /dev/null +++ b/dnsapi/dns_edgedns.sh @@ -0,0 +1,379 @@ +#!/usr/bin/env sh + +# Akamai Edge DNS v2 API +# User must provide Open Edgegrid API credentials to the EdgeDNS installation. The remote user in EdgeDNS must have CRUD access to +# Edge DNS Zones and Recordsets, e.g. DNS—Zone Record Management authorization + +# Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support + +# Values to export: +# --EITHER-- +# *** NOT IMPLEMENTED YET *** +# specify Edgegrid credentials file and section +# AKAMAI_EDGERC= +# AKAMAI_EDGERC_SECTION="default" +## --OR-- +# specify indiviual credentials +# export AKAMAI_HOST = +# export AKAMAI_ACCESS_TOKEN = +# export AKAMAI_CLIENT_TOKEN = +# export AKAMAI_CLIENT_SECRET = + +ACME_EDGEDNS_VERSION="0.1.0" + +######## Public functions ##################### + +# Usage: dns_edgedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +# Used to add txt record +# +dns_edgedns_add() { + fulldomain=$1 + txtvalue=$2 + + _debug "ENTERING DNS_EDGEDNS_ADD" + + _debug2 "fulldomain" "$fulldomain" + _debug2 "txtvalue" "$txtvalue" + + if ! _EDGEDNS_credentials; then + _err "$@" + return 1 + fi + + if ! _EDGEDNS_getZoneInfo "$fulldomain"; then + _err "Invalid domain" + return 1 + fi + _debug2 "Add: zone" "${zone}" + acmeRecordURI=$(printf "%s/%s/names/%s/type/TXT" "${edge_endpoint}" "${zone}" "${fulldomain}") + _debug3 "Add URL" "$acmeRecordURI" + # Get existing TXT record + _edge_result=$(_edgedns_rest GET "$acmeRecordURI") + _api_status="$?" + if [ "$_api_status" -ne 0 ] && [ "$_edge_result" != "404" ]; then + _err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" + return 1 + fi + rdata="\"$txtvalue\"" + record_op="POST" + if [ "$_api_status" -eq 0 ]; then + # record already exists. Get existing record data and update + record_op="PUT" + rdlist=$(echo -n "$response" | _egrep_o "\"rdata\"\\s*:\\s*\\[\\s*\"[^\"]*\"\\s*]" | cut -d : -f 2 | tr -d "[]\"") + _debug2 "existing TXT found" + _debug2 "record data" "$rdlist" + # value already there? + if _contains "$rdlist" "$txtvalue" ; then + return 0 + fi + comma="," + rdata="$rdata$comma\"${txtvalue}\"" + fi + _debug2 "new/updated rdata: " "${rdata}" + # Add the txtvalue TXT Record + body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" + _debug3 "Add body '${body}'" + _edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") + _api_status="$?" + if [ "$_api_status" -eq 0 ]; then + _log "$(printf "Text value %s added to recordset %s" "${txtvalue}" "${fulldomain}")" + return 0 + else + _err "$(printf "error adding TXT record for validation. Error: %s" "$_edge_result")" + return 1 + fi +} + +# Usage: dns_edgedns_rm _acme-challenge.www.domain.com +# Used to delete txt record +# +dns_edgedns_rm() { + fulldomain=$1 +} + +#################### Private functions below ################################## + +_EDGEDNS_credentials() { + _debug "GettingEdge DNS credentials" + _log $(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION}) + args_missing=0 + if [ -z "${AKAMAI_ACCESS_TOKEN}" ]; then + AKAMAI_ACCESS_TOKEN="" + AKAMAI_CLIENT_TOKEN="" + AKAMAI_HOST="" + AKAMAI_CLIENT_SECRET="" + _err "AKAMAI_ACCESS_TOKEN is missing" + args_missing=1 + fi + if [ -z "$AKAMAI_CLIENT_TOKEN" ]; then + AKAMAI_ACCESS_TOKEN="" + AKAMAI_CLIENT_TOKEN="" + AKAMAI_HOST="" + AKAMAI_CLIENT_SECRET="" + _err "AKAMAI_CLIENT_TOKEN is missing" + args_missing=1 + fi + if [ -z "${AKAMAI_HOST}" ]; then + AKAMAI_ACCESS_TOKEN="" + AKAMAI_CLIENT_TOKEN="" + AKAMAI_HOST="" + AKAMAI_CLIENT_SECRET="" + _err "AKAMAI_HOST is missing" + args_missing=1 + fi + if [ -z "${AKAMAI_CLIENT_SECRET}" ]; then + AKAMAI_ACCESS_TOKEN="" + AKAMAI_CLIENT_TOKEN="" + AKAMAI_HOST="" + AKAMAI_CLIENT_SECRET="" + _err "AKAMAI_CLIENT_SECRET is missing" + args_missing=1 + fi + + if [ "${args_missing}" = 1 ]; then + _err "You have not properly specified the EdgeDNS Open Edgegrid API credentials. Please try again." + return 1 + else + _saveaccountconf_mutable AKAMAI_ACCESS_TOKEN "${AKAMAI_ACCESS_TOKEN}" + _saveaccountconf_mutable AKAMAI_CLIENT_TOKEN "${AKAMAI_CLIENT_TOKEN}" + _saveaccountconf_mutable AKAMAI_HOST "${AKAMAI_HOST}" + _saveaccountconf_mutable AKAMAI_CLIENT_SECRET "${AKAMAI_CLIENT_SECRET}" + # Set whether curl should use secure or insecure mode + fi + export HTTPS_INSECURE=0 # All Edgegrid API calls are secure + edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "${AKAMAI_HOST}") + _debug3 "Edge API Endpoint:" "${edge_endpoint}" + +} + +_EDGEDNS_getZoneInfo() { + _debug "Getting Zoneinfo" + zoneEnd=false + curZone=$1 + while [ -n "${zoneEnd}" ]; do + # we can strip the first part of the fulldomain, since its just the _acme-challenge string + curZone="${curZone#*.}" + # suffix . needed for zone -> domain.tld. + # create zone get url + get_zone_url=$(printf "%s/%s" "${edge_endpoint}" "${curZone}") + _debug3 "Zone Get: " "${get_zone_url}" + curResult=$(_edgedns_rest GET "$get_zone_url") + retVal=$? + if [ $retVal -ne 0 ]; then + if ["$curResult" != "404" ]; then + _err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")" + return 1 + fi + fi + + if _contains "${curResult}" "\"zone\":" ; then + _debug2 "Zone data" "${curResult}" + zone=$(echo -n "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") + _debug2 "Zone" "${zone}" + zoneFound="" + zoneEnd="" + return 0 + fi + + if [ "${curZone#*.}" != "$curZone" ]; then + _debug2 $(printf "%s still contains a '.' - so we can check next higher level" "$curZone") + else + zoneEnd=true + _err "Couldn't retrieve zone data." + return 1 + fi + done + _err "Failed to retrieve zone data." + return 2 +} + +_edgedns_headers="" + +_edgedns_rest() { + _debug "Handling API Request" + m=$1 + # Assume endpoint is complete path, including query args if applicable + ep=$2 + body_data=$3 + _edgedns_content_type="" + _request_url_path="$ep" + _request_body="$body_data" + _request_method="$m" + _edgedns_headers="" + tab="" + _edgedns_headers="${_edgedns_headers}${tab}Host: ${AKAMAI_HOST}" + tab="\t" + # Set in acme.sh _post/_get + #_edgedns_headers="${_edgedns_headers}${tab}User-Agent:ACME DNSAPI Edge DNS version ${ACME_EDGEDNS_VERSION}" + _edgedns_headers="${_edgedns_headers}${tab}Accept: application/json" + if [ "$m" != "GET" ] && [ "$m" != "DELETE" ] ; then + _edgedns_content_type="application/json;charset=UTF-8" + _utf8_body_data="$(echo -n "$ _request_body" | iconv -t utf-8)" + _utf8_body_len="$(echo -n "$_utf8_body_data" | awk '{print length}')" + _edgedns_headers="${_edgedns_headers}${tab}Content-Length: ${_utf8_body_len}" + fi + _made_auth_header=$(_edgedns_make_auth_header) + _edgedns_headers="${_edgedns_headers}${tab}Authorization: ${_made_auth_header}" + _secure_debug2 "Made Auth Header" "${_made_auth_header}" + hdr_indx=1 + work_header="${_edgedns_headers}${tab}" + _debug3 "work_header" "${work_header}" + while [ "${work_header}" ]; do + entry="${work_header%%\\t*}"; work_header="${work_header#*\\t}" + export "$(printf "_H%s=%s" "${hdr_indx}" "${entry}")" + _debug2 "Request Header " "${entry}" + hdr_indx=$(( hdr_indx + 1 )) + done + + # clear headers from previous request to avoid getting wrong http code on timeouts + :>"$HTTP_HEADER" + _debug "$ep" + if [ "$m" != "GET" ]; then + _debug "Method data" "$data" + # body url [needbase64] [POST|PUT|DELETE] [ContentType] + response="$(_post "$_utf8_body_data" "$ep" false "$m")" + else + response="$(_get "$ep")" + fi + + _ret="$?" + _debug "response" "$response" + _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" + _debug2 "http response code" "$_code" + + if [ "$_code" = "200" ] || [ "$_code" = "201" ]; then + # All good + response="$(echo "$response" | _normalizeJson)" + echo -n "${response}" + return 0 + fi + + if [ "$_code" = "204" ]; then + # Success, no body + echo -n "" + return 0 + fi + + if [ "$_code" = "400" ]; then + _err "Bad request presented" + _log "$(printf "Headers: %s" "$_edgedns_headers")" + _log "$(printf "Method: %s" "$_request_method")" + _log "$(printf "URL: %s" "$ep")" + _log "$(printf "Data: %s" "$data")" + fi + + if [ "$_code" = "403" ]; then + _err "access denied make sure your Edgegrid cedentials are correct." + fi + + echo "$_code" + return 1 +} + +_edgedns_eg_timestamp() { + _eg_timestamp=$(date -u "+%Y%m%dT%H:%M:%S+0000") +} + +_edgedns_new_nonce() { + _nonce=$(uuidgen -r) +} + +_edgedns_make_auth_header() { + _debug "Constructing Auth Header" + _edgedns_eg_timestamp + _edgedns_new_nonce + # "Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'" + _auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "${AKAMAI_CLIENT_TOKEN}" "${AKAMAI_ACCESS_TOKEN}" "${_eg_timestamp}" "${_nonce}")" + _secure_debug2 "Unsigned Auth Header: " "$_auth_header" + + _sig="$(_edgedns_sign_request)" + _signed_auth_header="$(printf "%ssignature=%s" "${_auth_header}" "${_sig}")" + _secure_debug2 "Signed Auth Header: " "${_signed_auth_header}" + echo -n "${_signed_auth_header}" +} + +_edgedns_sign_request() { + _debug2 "Signing http request" + _signed_data=$(_edgedns_make_data_to_sign "${_auth_header}") + _secure_debug2 "Returned signed data" "$_signed_data" + _key=$(_edgedns_make_signing_key "${_eg_timestamp}") + _signed_req=$(_edgedns_base64_hmac_sha256 "$_signed_data" "$_key") + _secure_debug2 "Signed Request" "${_signed_req}" + echo -n "${_signed_req}" +} + +_edgedns_make_signing_key() { + _debug2 "Creating sigining key" + ts=$1 + _signing_key=$(_edgedns_base64_hmac_sha256 "$ts" "${AKAMAI_CLIENT_SECRET}") + _secure_debug2 "Signing Key" "${_signing_key}" + echo -n "${_signing_key}" + +} + +_edgedns_make_data_to_sign() { + _debug2 "Processing data to sign" + hdr=$1 + _secure_debug2 "hdr" "$hdr" + content_hash=$(_edgedns_make_content_hash) + path="$(echo -n "${_request_url_path}" |sed 's/https\?:\/\///')" + path="${path#*$AKAMAI_HOST}" + _debug "hier path" "${path}" + # dont expose headers to sign so use MT string + data="$(printf "%s\thttps\t%s\t%s\t%s\t%s\t%s" "${_request_method}" "${AKAMAI_HOST}" "${path}" "" "${content_hash}" "$hdr")" + _secure_debug2 "Data to Sign" "${data}" + echo -n "${data}" +} + +_edgedns_make_content_hash() { + _debug2 "Generating content hash" + prep_body="" + _hash="" + _debug2 "Request method" "${_request_method}" + if [ "${_request_method}" != "POST" ] || [ -z "${_request_body}" ]; then + echo -n "${prep_body}" + return 0 + fi + prep_body="$(echo -n "${_request_body}")" + _debug2 "Req body" "${prep_body}" + _hash=$(_edgedns_base64_sha256 "${prep_body}") + _debug2 "Content hash" "${_hash}" + echo -n "${_hash}" +} + +_edgedns_base64_hmac_sha256() { + _debug2 "Generating hmac" + data=$1 + key=$2 + encoded_data="$(echo -n "${data}" | iconv -t utf-8)" + encoded_key="$(echo -n "${key}" | iconv -t utf-8)" + _secure_debug2 "encoded data" "${encoded_data}" + _secure_debug2 "encoded key" "${encoded_key}" + #key_hex="$(_durl_replace_base64 "$key" | _dbase64 | _hex_dump | tr -d ' ')" + #data_sig="$(printf "%s" "$encoded_data" | _hmac sha256 "${key_hex}" | _base64 | _url_replace)" + + data_sig="$(echo -n "$encoded_data" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -hmac $encoded_key -binary | _base64)" + _secure_debug2 "data_sig:" "${data_sig}" + out="$(echo -n "${data_sig}" | iconv -f utf-8)" + _secure_debug2 "hmac" "${out}" + echo -n "${out}" +} + +_edgedns_base64_sha256() { + _debug2 "Creating sha256 digest" + trg=$1 + utf8_str="$(echo -n "${trg}" | iconv -t utf-8)" + _secure_debug2 "digest data" "$trg" + _secure_debug2 "encoded digest data" "${utf8_str}" + digest="$(echo -n "${trg}" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -binary | _base64)" + out="$(echo -n "${digest}" | iconv -f utf-8)" + _secure_debug2 "digest decode" "${out}" + echo -n "${out}" +} + +#_edgedns_parse_edgerc() { +# filepath=$1 +# section=$2 +#} + + From d66c430e46fdaa7b7180cf619361d2d96da5262c Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Wed, 26 Aug 2020 16:11:11 -0400 Subject: [PATCH 0003/1526] debugging and cleanup --- dnsapi/dns_edgedns.sh | 283 ++++++++++++++++++++++++++---------------- 1 file changed, 176 insertions(+), 107 deletions(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 75ef4f9b..7be49761 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -29,9 +29,7 @@ ACME_EDGEDNS_VERSION="0.1.0" dns_edgedns_add() { fulldomain=$1 txtvalue=$2 - _debug "ENTERING DNS_EDGEDNS_ADD" - _debug2 "fulldomain" "$fulldomain" _debug2 "txtvalue" "$txtvalue" @@ -39,44 +37,53 @@ dns_edgedns_add() { _err "$@" return 1 fi - if ! _EDGEDNS_getZoneInfo "$fulldomain"; then _err "Invalid domain" return 1 fi - _debug2 "Add: zone" "${zone}" - acmeRecordURI=$(printf "%s/%s/names/%s/type/TXT" "${edge_endpoint}" "${zone}" "${fulldomain}") + _debug2 "Add: zone" "$zone" + acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "$edge_endpoint" "$zone" "$fulldomain") _debug3 "Add URL" "$acmeRecordURI" # Get existing TXT record _edge_result=$(_edgedns_rest GET "$acmeRecordURI") _api_status="$?" - if [ "$_api_status" -ne 0 ] && [ "$_edge_result" != "404" ]; then - _err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" - return 1 + _debug3 "_edge_result" "$_edge_result" + if [ "$_api_status" -ne 0 ]; then + if [ "$curResult" = "FATAL" ]; then + _err "$(printf "Fatal error: acme API function call : %s" "$retVal")" + fi + if [ "$_edge_result" != "404" ]; then + _err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" + return 1 + fi fi - rdata="\"$txtvalue\"" + rdata="\"${txtvalue}\"" record_op="POST" if [ "$_api_status" -eq 0 ]; then # record already exists. Get existing record data and update record_op="PUT" - rdlist=$(echo -n "$response" | _egrep_o "\"rdata\"\\s*:\\s*\\[\\s*\"[^\"]*\"\\s*]" | cut -d : -f 2 | tr -d "[]\"") - _debug2 "existing TXT found" - _debug2 "record data" "$rdlist" + rdlist="${_edge_result#*\"rdata\":[}" + rdlist="${rdlist%%]*}" + rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\") + _debug3 "existing TXT found" + _debug3 "record data" "$rdlist" # value already there? if _contains "$rdlist" "$txtvalue" ; then return 0 fi - comma="," - rdata="$rdata$comma\"${txtvalue}\"" + _txt_val="" + while [ "$_txt_val" != "$rdlist" ] && [ "${rdlist}" ]; do + _txt_val="${rdlist%%,*}"; rdlist="${rdlist#*,}" + rdata="${rdata},\"${_txt_val}\"" + done fi - _debug2 "new/updated rdata: " "${rdata}" # Add the txtvalue TXT Record body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" _debug3 "Add body '${body}'" _edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") _api_status="$?" if [ "$_api_status" -eq 0 ]; then - _log "$(printf "Text value %s added to recordset %s" "${txtvalue}" "${fulldomain}")" + _log "$(printf "Text value %s added to recordset %s" "$txtvalue" "$fulldomain")" return 0 else _err "$(printf "error adding TXT record for validation. Error: %s" "$_edge_result")" @@ -84,20 +91,89 @@ dns_edgedns_add() { fi } -# Usage: dns_edgedns_rm _acme-challenge.www.domain.com +# Usage: dns_edgedns_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" # Used to delete txt record # dns_edgedns_rm() { fulldomain=$1 + txtvalue=$2 + _debug "ENTERING DNS_EDGEDNS_RM" + _debug2 "fulldomain" "$fulldomain" + _debug2 "txtvalue" "$txtvalue" + + if ! _EDGEDNS_credentials; then + _err "$@" + return 1 + fi + if ! _EDGEDNS_getZoneInfo "$fulldomain"; then + _err "Invalid domain" + return 1 + fi + _debug2 "RM: zone" "${zone}" + acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "${edge_endpoint}" "$zone" "$fulldomain") + _debug3 "RM URL" "$acmeRecordURI" + # Get existing TXT record + _edge_result=$(_edgedns_rest GET "$acmeRecordURI") + _api_status="$?" + if [ "$_api_status" -ne 0 ]; then + if [ "$curResult" = "FATAL" ]; then + _err "$(printf "Fatal error: acme API function call : %s" "$retVal")" + fi + if [ "$_edge_result" != "404" ]; then + _err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" + return 1 + fi + fi + _debug3 "_edge_result" "$_edge_result" + record_op="DELETE" + body="" + if [ "$_api_status" -eq 0 ]; then + # record already exists. Get existing record data and update + rdlist="${_edge_result#*\"rdata\":[}" + rdlist="${rdlist%%]*}" + rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\") + _debug3 "rdlist" "$rdlist" + if [ -n "$rdlist" ]; then + record_op="PUT" + comma="" + rdata="" + _txt_val="" + while [ "$_txt_val" != "$rdlist" ] && [ "$rdlist" ]; do + _txt_val="${rdlist%%,*}"; rdlist="${rdlist#*,}" + _debug3 "_txt_val" "$_txt_val" + _debug3 "txtvalue" "$txtvalue" + if ! _contains "$_txt_val" "$txtvalue" ; then + rdata="${rdata}${comma}\"${_txt_val}\"" + comma="," + fi + done + if [ -z "$rdata" ]; then + record_op="DELETE" + else + # Recreate the txtvalue TXT Record + body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" + _debug3 "body" "$body" + fi + fi + fi + _edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") + _api_status="$?" + if [ "$_api_status" -eq 0 ]; then + _log "$(printf "Text value %s removed from recordset %s" "$txtvalue" "$fulldomain")" + return 0 + else + _err "$(printf "error removing TXT record for validation. Error: %s" "$_edge_result")" + return 1 + fi } #################### Private functions below ################################## _EDGEDNS_credentials() { _debug "GettingEdge DNS credentials" - _log $(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION}) + _log "$(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION})" args_missing=0 - if [ -z "${AKAMAI_ACCESS_TOKEN}" ]; then + if [ -z "$AKAMAI_ACCESS_TOKEN" ]; then AKAMAI_ACCESS_TOKEN="" AKAMAI_CLIENT_TOKEN="" AKAMAI_HOST="" @@ -113,7 +189,7 @@ _EDGEDNS_credentials() { _err "AKAMAI_CLIENT_TOKEN is missing" args_missing=1 fi - if [ -z "${AKAMAI_HOST}" ]; then + if [ -z "$AKAMAI_HOST" ]; then AKAMAI_ACCESS_TOKEN="" AKAMAI_CLIENT_TOKEN="" AKAMAI_HOST="" @@ -121,7 +197,7 @@ _EDGEDNS_credentials() { _err "AKAMAI_HOST is missing" args_missing=1 fi - if [ -z "${AKAMAI_CLIENT_SECRET}" ]; then + if [ -z "$AKAMAI_CLIENT_SECRET" ]; then AKAMAI_ACCESS_TOKEN="" AKAMAI_CLIENT_TOKEN="" AKAMAI_HOST="" @@ -130,19 +206,19 @@ _EDGEDNS_credentials() { args_missing=1 fi - if [ "${args_missing}" = 1 ]; then + if [ "$args_missing" = 1 ]; then _err "You have not properly specified the EdgeDNS Open Edgegrid API credentials. Please try again." return 1 else - _saveaccountconf_mutable AKAMAI_ACCESS_TOKEN "${AKAMAI_ACCESS_TOKEN}" - _saveaccountconf_mutable AKAMAI_CLIENT_TOKEN "${AKAMAI_CLIENT_TOKEN}" - _saveaccountconf_mutable AKAMAI_HOST "${AKAMAI_HOST}" - _saveaccountconf_mutable AKAMAI_CLIENT_SECRET "${AKAMAI_CLIENT_SECRET}" + _saveaccountconf_mutable AKAMAI_ACCESS_TOKEN "$AKAMAI_ACCESS_TOKEN" + _saveaccountconf_mutable AKAMAI_CLIENT_TOKEN "$AKAMAI_CLIENT_TOKEN" + _saveaccountconf_mutable AKAMAI_HOST "$AKAMAI_HOST" + _saveaccountconf_mutable AKAMAI_CLIENT_SECRET "$AKAMAI_CLIENT_SECRET" # Set whether curl should use secure or insecure mode fi export HTTPS_INSECURE=0 # All Edgegrid API calls are secure - edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "${AKAMAI_HOST}") - _debug3 "Edge API Endpoint:" "${edge_endpoint}" + edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "$AKAMAI_HOST") + _debug3 "Edge API Endpoint:" "$edge_endpoint" } @@ -150,33 +226,34 @@ _EDGEDNS_getZoneInfo() { _debug "Getting Zoneinfo" zoneEnd=false curZone=$1 - while [ -n "${zoneEnd}" ]; do + while [ -n "$zoneEnd" ]; do # we can strip the first part of the fulldomain, since its just the _acme-challenge string curZone="${curZone#*.}" # suffix . needed for zone -> domain.tld. # create zone get url - get_zone_url=$(printf "%s/%s" "${edge_endpoint}" "${curZone}") + get_zone_url=$(printf "%s/%s" "$edge_endpoint" "$curZone") _debug3 "Zone Get: " "${get_zone_url}" curResult=$(_edgedns_rest GET "$get_zone_url") retVal=$? - if [ $retVal -ne 0 ]; then - if ["$curResult" != "404" ]; then - _err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")" + if [ "$retVal" -ne 0 ]; then + if [ "$curResult" = "FATAL" ]; then + _err "$(printf "Fatal error: acme API function call : %s" "$retVal")" + fi + if [ "$curResult" != "404" ]; then + err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")" return 1 fi fi - - if _contains "${curResult}" "\"zone\":" ; then + if _contains "$curResult" "\"zone\":" ; then _debug2 "Zone data" "${curResult}" - zone=$(echo -n "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") - _debug2 "Zone" "${zone}" - zoneFound="" + zone=$(echo "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") + _debug3 "Zone" "${zone}" zoneEnd="" return 0 fi if [ "${curZone#*.}" != "$curZone" ]; then - _debug2 $(printf "%s still contains a '.' - so we can check next higher level" "$curZone") + _debug3 "$(printf "%s still contains a '.' - so we can check next higher level" "$curZone")" else zoneEnd=true _err "Couldn't retrieve zone data." @@ -205,52 +282,55 @@ _edgedns_rest() { tab="\t" # Set in acme.sh _post/_get #_edgedns_headers="${_edgedns_headers}${tab}User-Agent:ACME DNSAPI Edge DNS version ${ACME_EDGEDNS_VERSION}" - _edgedns_headers="${_edgedns_headers}${tab}Accept: application/json" + _edgedns_headers="${_edgedns_headers}${tab}Accept: application/json,*/*" if [ "$m" != "GET" ] && [ "$m" != "DELETE" ] ; then - _edgedns_content_type="application/json;charset=UTF-8" - _utf8_body_data="$(echo -n "$ _request_body" | iconv -t utf-8)" - _utf8_body_len="$(echo -n "$_utf8_body_data" | awk '{print length}')" - _edgedns_headers="${_edgedns_headers}${tab}Content-Length: ${_utf8_body_len}" + _edgedns_content_type="application/json" + _debug3 "_request_body" "$_request_body" + _body_len=$(echo "$_request_body" | tr -d "\n\r" | awk '{print length}') + _edgedns_headers="${_edgedns_headers}${tab}Content-Length: ${_body_len}" fi - _made_auth_header=$(_edgedns_make_auth_header) - _edgedns_headers="${_edgedns_headers}${tab}Authorization: ${_made_auth_header}" - _secure_debug2 "Made Auth Header" "${_made_auth_header}" + _edgedns_make_auth_header + _edgedns_headers="${_edgedns_headers}${tab}Authorization: ${_signed_auth_header}" + _secure_debug2 "Made Auth Header" "$_signed_auth_header" hdr_indx=1 work_header="${_edgedns_headers}${tab}" - _debug3 "work_header" "${work_header}" - while [ "${work_header}" ]; do + _debug3 "work_header" "$work_header" + while [ "$work_header" ]; do entry="${work_header%%\\t*}"; work_header="${work_header#*\\t}" - export "$(printf "_H%s=%s" "${hdr_indx}" "${entry}")" - _debug2 "Request Header " "${entry}" + export "$(printf "_H%s=%s" "$hdr_indx" "$entry")" + _debug2 "Request Header " "$entry" hdr_indx=$(( hdr_indx + 1 )) done # clear headers from previous request to avoid getting wrong http code on timeouts - :>"$HTTP_HEADER" - _debug "$ep" + : >"$HTTP_HEADER" + _debug2 "$ep" if [ "$m" != "GET" ]; then - _debug "Method data" "$data" + _debug3 "Method data" "$data" # body url [needbase64] [POST|PUT|DELETE] [ContentType] - response="$(_post "$_utf8_body_data" "$ep" false "$m")" + response=$(_post "$_request_body" "$ep" false "$m" "$_edgedns_content_type") else - response="$(_get "$ep")" + response=$(_get "$ep") fi - _ret="$?" - _debug "response" "$response" + if [ "$_ret" -ne 0 ]; then + _err "$(printf "acme.sh API function call failed. Error: %s" "$_ret")" + echo "FATAL" + return "$_ret" + fi + _debug2 "response" "${response}" _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" _debug2 "http response code" "$_code" - if [ "$_code" = "200" ] || [ "$_code" = "201" ]; then # All good - response="$(echo "$response" | _normalizeJson)" - echo -n "${response}" + response="$(echo "${response}" | _normalizeJson)" + echo "$response" return 0 fi if [ "$_code" = "204" ]; then # Success, no body - echo -n "" + echo "$_code" return 0 fi @@ -283,31 +363,30 @@ _edgedns_make_auth_header() { _edgedns_eg_timestamp _edgedns_new_nonce # "Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'" - _auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "${AKAMAI_CLIENT_TOKEN}" "${AKAMAI_ACCESS_TOKEN}" "${_eg_timestamp}" "${_nonce}")" + _auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "$AKAMAI_CLIENT_TOKEN" "$AKAMAI_ACCESS_TOKEN" "$_eg_timestamp" "$_nonce")" _secure_debug2 "Unsigned Auth Header: " "$_auth_header" - _sig="$(_edgedns_sign_request)" - _signed_auth_header="$(printf "%ssignature=%s" "${_auth_header}" "${_sig}")" + _edgedns_sign_request + _signed_auth_header="$(printf "%ssignature=%s" "$_auth_header" "$_signed_req")" _secure_debug2 "Signed Auth Header: " "${_signed_auth_header}" - echo -n "${_signed_auth_header}" } _edgedns_sign_request() { _debug2 "Signing http request" - _signed_data=$(_edgedns_make_data_to_sign "${_auth_header}") - _secure_debug2 "Returned signed data" "$_signed_data" - _key=$(_edgedns_make_signing_key "${_eg_timestamp}") - _signed_req=$(_edgedns_base64_hmac_sha256 "$_signed_data" "$_key") - _secure_debug2 "Signed Request" "${_signed_req}" - echo -n "${_signed_req}" + _edgedns_make_data_to_sign "$_auth_header" + _secure_debug2 "Returned signed data" "$_mdata" + _edgedns_make_signing_key "$_eg_timestamp" + _edgedns_base64_hmac_sha256 "$_mdata" "$_signing_key" + _signed_req="$_hmac_out" + _secure_debug2 "Signed Request" "$_signed_req" } _edgedns_make_signing_key() { _debug2 "Creating sigining key" ts=$1 - _signing_key=$(_edgedns_base64_hmac_sha256 "$ts" "${AKAMAI_CLIENT_SECRET}") - _secure_debug2 "Signing Key" "${_signing_key}" - echo -n "${_signing_key}" + _edgedns_base64_hmac_sha256 "$ts" "$AKAMAI_CLIENT_SECRET" + _signing_key="$_hmac_out" + _secure_debug2 "Signing Key" "$_signing_key" } @@ -315,60 +394,50 @@ _edgedns_make_data_to_sign() { _debug2 "Processing data to sign" hdr=$1 _secure_debug2 "hdr" "$hdr" - content_hash=$(_edgedns_make_content_hash) - path="$(echo -n "${_request_url_path}" |sed 's/https\?:\/\///')" + _edgedns_make_content_hash + path="$(echo "$_request_url_path" | tr -d "\n\r" | sed 's/https\?:\/\///')" path="${path#*$AKAMAI_HOST}" - _debug "hier path" "${path}" + _debug "hier path" "$path" # dont expose headers to sign so use MT string - data="$(printf "%s\thttps\t%s\t%s\t%s\t%s\t%s" "${_request_method}" "${AKAMAI_HOST}" "${path}" "" "${content_hash}" "$hdr")" - _secure_debug2 "Data to Sign" "${data}" - echo -n "${data}" + _mdata="$(printf "%s\thttps\t%s\t%s\t%s\t%s\t%s" "$_request_method" "$AKAMAI_HOST" "$path" "" "$_hash" "$hdr")" + _secure_debug2 "Data to Sign" "$_mdata" } _edgedns_make_content_hash() { _debug2 "Generating content hash" - prep_body="" _hash="" _debug2 "Request method" "${_request_method}" - if [ "${_request_method}" != "POST" ] || [ -z "${_request_body}" ]; then - echo -n "${prep_body}" + if [ "$_request_method" != "POST" ] || [ -z "$_request_body" ]; then return 0 fi - prep_body="$(echo -n "${_request_body}")" - _debug2 "Req body" "${prep_body}" - _hash=$(_edgedns_base64_sha256 "${prep_body}") - _debug2 "Content hash" "${_hash}" - echo -n "${_hash}" + _debug2 "Req body" "$_request_body" + _edgedns_base64_sha256 "$_request_body" + _hash="$_sha256_out" + _debug2 "Content hash" "$_hash" } _edgedns_base64_hmac_sha256() { _debug2 "Generating hmac" data=$1 key=$2 - encoded_data="$(echo -n "${data}" | iconv -t utf-8)" - encoded_key="$(echo -n "${key}" | iconv -t utf-8)" - _secure_debug2 "encoded data" "${encoded_data}" - _secure_debug2 "encoded key" "${encoded_key}" - #key_hex="$(_durl_replace_base64 "$key" | _dbase64 | _hex_dump | tr -d ' ')" - #data_sig="$(printf "%s" "$encoded_data" | _hmac sha256 "${key_hex}" | _base64 | _url_replace)" - - data_sig="$(echo -n "$encoded_data" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -hmac $encoded_key -binary | _base64)" - _secure_debug2 "data_sig:" "${data_sig}" - out="$(echo -n "${data_sig}" | iconv -f utf-8)" - _secure_debug2 "hmac" "${out}" - echo -n "${out}" + encoded_data="$(echo "$data" | iconv -t utf-8)" + encoded_key="$(echo "$key" | iconv -t utf-8)" + _secure_debug2 "encoded data" "$encoded_data" + _secure_debug2 "encoded key" "$encoded_key" + + data_sig="$(echo "$encoded_data" | tr -d "\n\r" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -hmac "$encoded_key" -binary | _base64)" + _secure_debug2 "data_sig:" "$data_sig" + _hmac_out="$(echo "$data_sig" | tr -d "\n\r" | iconv -f utf-8)" + _secure_debug2 "hmac" "$_hmac_out" } _edgedns_base64_sha256() { _debug2 "Creating sha256 digest" trg=$1 - utf8_str="$(echo -n "${trg}" | iconv -t utf-8)" _secure_debug2 "digest data" "$trg" - _secure_debug2 "encoded digest data" "${utf8_str}" - digest="$(echo -n "${trg}" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -binary | _base64)" - out="$(echo -n "${digest}" | iconv -f utf-8)" - _secure_debug2 "digest decode" "${out}" - echo -n "${out}" + digest="$(echo "$trg" | tr -d "\n\r" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -binary | _base64)" + _sha256_out="$(echo "$digest" | tr -d "\n\r" | iconv -f utf-8)" + _secure_debug2 "digest decode" "$_sha256_out" } #_edgedns_parse_edgerc() { From 281ee1a853936e6decbc755c5298f7551c8b52ac Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Wed, 26 Aug 2020 18:07:46 -0400 Subject: [PATCH 0004/1526] vetted by shfmt --- dnsapi/dns_edgedns.sh | 49 ++++++++++++++++++++++--------------------- 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 7be49761..2072637a 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -7,15 +7,15 @@ # Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support # Values to export: -# --EITHER-- +# --EITHER-- # *** NOT IMPLEMENTED YET *** # specify Edgegrid credentials file and section -# AKAMAI_EDGERC= +# AKAMAI_EDGERC= # AKAMAI_EDGERC_SECTION="default" ## --OR-- # specify indiviual credentials # export AKAMAI_HOST = -# export AKAMAI_ACCESS_TOKEN = +# export AKAMAI_ACCESS_TOKEN = # export AKAMAI_CLIENT_TOKEN = # export AKAMAI_CLIENT_SECRET = @@ -32,7 +32,7 @@ dns_edgedns_add() { _debug "ENTERING DNS_EDGEDNS_ADD" _debug2 "fulldomain" "$fulldomain" _debug2 "txtvalue" "$txtvalue" - + if ! _EDGEDNS_credentials; then _err "$@" return 1 @@ -42,7 +42,7 @@ dns_edgedns_add() { return 1 fi _debug2 "Add: zone" "$zone" - acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "$edge_endpoint" "$zone" "$fulldomain") + acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "$edge_endpoint" "$zone" "$fulldomain") _debug3 "Add URL" "$acmeRecordURI" # Get existing TXT record _edge_result=$(_edgedns_rest GET "$acmeRecordURI") @@ -68,13 +68,14 @@ dns_edgedns_add() { _debug3 "existing TXT found" _debug3 "record data" "$rdlist" # value already there? - if _contains "$rdlist" "$txtvalue" ; then + if _contains "$rdlist" "$txtvalue"; then return 0 fi _txt_val="" while [ "$_txt_val" != "$rdlist" ] && [ "${rdlist}" ]; do - _txt_val="${rdlist%%,*}"; rdlist="${rdlist#*,}" - rdata="${rdata},\"${_txt_val}\"" + _txt_val="${rdlist%%,*}" + rdlist="${rdlist#*,}" + rdata="${rdata},\"${_txt_val}\"" done fi # Add the txtvalue TXT Record @@ -139,10 +140,11 @@ dns_edgedns_rm() { rdata="" _txt_val="" while [ "$_txt_val" != "$rdlist" ] && [ "$rdlist" ]; do - _txt_val="${rdlist%%,*}"; rdlist="${rdlist#*,}" + _txt_val="${rdlist%%,*}" + rdlist="${rdlist#*,}" _debug3 "_txt_val" "$_txt_val" _debug3 "txtvalue" "$txtvalue" - if ! _contains "$_txt_val" "$txtvalue" ; then + if ! _contains "$_txt_val" "$txtvalue"; then rdata="${rdata}${comma}\"${_txt_val}\"" comma="," fi @@ -170,7 +172,7 @@ dns_edgedns_rm() { #################### Private functions below ################################## _EDGEDNS_credentials() { - _debug "GettingEdge DNS credentials" + _debug "GettingEdge DNS credentials" _log "$(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION})" args_missing=0 if [ -z "$AKAMAI_ACCESS_TOKEN" ]; then @@ -216,7 +218,7 @@ _EDGEDNS_credentials() { _saveaccountconf_mutable AKAMAI_CLIENT_SECRET "$AKAMAI_CLIENT_SECRET" # Set whether curl should use secure or insecure mode fi - export HTTPS_INSECURE=0 # All Edgegrid API calls are secure + export HTTPS_INSECURE=0 # All Edgegrid API calls are secure edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "$AKAMAI_HOST") _debug3 "Edge API Endpoint:" "$edge_endpoint" @@ -244,7 +246,7 @@ _EDGEDNS_getZoneInfo() { return 1 fi fi - if _contains "$curResult" "\"zone\":" ; then + if _contains "$curResult" "\"zone\":"; then _debug2 "Zone data" "${curResult}" zone=$(echo "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") _debug3 "Zone" "${zone}" @@ -283,7 +285,7 @@ _edgedns_rest() { # Set in acme.sh _post/_get #_edgedns_headers="${_edgedns_headers}${tab}User-Agent:ACME DNSAPI Edge DNS version ${ACME_EDGEDNS_VERSION}" _edgedns_headers="${_edgedns_headers}${tab}Accept: application/json,*/*" - if [ "$m" != "GET" ] && [ "$m" != "DELETE" ] ; then + if [ "$m" != "GET" ] && [ "$m" != "DELETE" ]; then _edgedns_content_type="application/json" _debug3 "_request_body" "$_request_body" _body_len=$(echo "$_request_body" | tr -d "\n\r" | awk '{print length}') @@ -295,13 +297,14 @@ _edgedns_rest() { hdr_indx=1 work_header="${_edgedns_headers}${tab}" _debug3 "work_header" "$work_header" - while [ "$work_header" ]; do - entry="${work_header%%\\t*}"; work_header="${work_header#*\\t}" + while [ "$work_header" ]; do + entry="${work_header%%\\t*}" + work_header="${work_header#*\\t}" export "$(printf "_H%s=%s" "$hdr_indx" "$entry")" _debug2 "Request Header " "$entry" - hdr_indx=$(( hdr_indx + 1 )) + hdr_indx=$((hdr_indx + 1)) done - + # clear headers from previous request to avoid getting wrong http code on timeouts : >"$HTTP_HEADER" _debug2 "$ep" @@ -360,15 +363,15 @@ _edgedns_new_nonce() { _edgedns_make_auth_header() { _debug "Constructing Auth Header" - _edgedns_eg_timestamp - _edgedns_new_nonce + _edgedns_eg_timestamp + _edgedns_new_nonce # "Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'" - _auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "$AKAMAI_CLIENT_TOKEN" "$AKAMAI_ACCESS_TOKEN" "$_eg_timestamp" "$_nonce")" + _auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "$AKAMAI_CLIENT_TOKEN" "$AKAMAI_ACCESS_TOKEN" "$_eg_timestamp" "$_nonce")" _secure_debug2 "Unsigned Auth Header: " "$_auth_header" _edgedns_sign_request _signed_auth_header="$(printf "%ssignature=%s" "$_auth_header" "$_signed_req")" - _secure_debug2 "Signed Auth Header: " "${_signed_auth_header}" + _secure_debug2 "Signed Auth Header: " "${_signed_auth_header}" } _edgedns_sign_request() { @@ -444,5 +447,3 @@ _edgedns_base64_sha256() { # filepath=$1 # section=$2 #} - - From cf7334eb7dc8293f321ebf5bb7123764d28279e0 Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Thu, 27 Aug 2020 17:40:07 -0400 Subject: [PATCH 0005/1526] add alt nonce generation logic --- dnsapi/dns_edgedns.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 2072637a..f5705ee8 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -64,7 +64,7 @@ dns_edgedns_add() { record_op="PUT" rdlist="${_edge_result#*\"rdata\":[}" rdlist="${rdlist%%]*}" - rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\") + rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\") _debug3 "existing TXT found" _debug3 "record data" "$rdlist" # value already there? @@ -132,7 +132,7 @@ dns_edgedns_rm() { # record already exists. Get existing record data and update rdlist="${_edge_result#*\"rdata\":[}" rdlist="${rdlist%%]*}" - rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\") + rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\") _debug3 "rdlist" "$rdlist" if [ -n "$rdlist" ]; then record_op="PUT" @@ -355,10 +355,16 @@ _edgedns_rest() { _edgedns_eg_timestamp() { _eg_timestamp=$(date -u "+%Y%m%dT%H:%M:%S+0000") + _debug3 "_eg_timestamp" "$_eg_timestamp" } _edgedns_new_nonce() { _nonce=$(uuidgen -r) + _ret="$?" + if [ "$_ret" -ne 0 ]; then + _nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32) + fi + _debug3 "_nonce" "$_nonce" } _edgedns_make_auth_header() { From e4e6173efff2aa880eecb37509602c12eeac367e Mon Sep 17 00:00:00 2001 From: Jan-Philipp Benecke Date: Fri, 28 Aug 2020 11:21:20 +0200 Subject: [PATCH 0006/1526] CleverReach Deploy API --- deploy/cleverreach.sh | 70 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 deploy/cleverreach.sh diff --git a/deploy/cleverreach.sh b/deploy/cleverreach.sh new file mode 100644 index 00000000..bf16ed34 --- /dev/null +++ b/deploy/cleverreach.sh @@ -0,0 +1,70 @@ +#!/usr/bin/env sh +# Here is the script to deploy the cert to your CleverReach Account using the CleverReach REST API. +# Your OAuth needs the right scope, please contact CleverReach support for that. +# +# It requires that jq are in the $PATH. +# +# Written by Jan-Philipp Benecke +# Public domain, 2020 +# +# Following environment variables must be set: +# +#export DEPLOY_CLEVERREACH_CLIENT_ID=myid +#export DEPLOY_CLEVERREACH_CLIENT_SECRET=mysecret + +cleverreach_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + _cleverreach_client_id="${DEPLOY_CLEVERREACH_CLIENT_ID}" + _cleverreach_client_secret="${DEPLOY_CLEVERREACH_CLIENT_SECRET}" + + if [ -z "$_cleverreach_client_id" ]; then + _err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID." + return 1 + fi + if [ -z "$_cleverreach_client_secret" ]; then + _err "CleverReach client secret is not found, please define DEPLOY_CLEVERREACH_CLIENT_SECRET." + return 1 + fi + + _saveaccountconf DEPLOY_CLEVERREACH_CLIENT_ID "${_cleverreach_client_id}" + _saveaccountconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${_cleverreach_client_secret}" + + _info "Obtaining a CleverReach access token" + + _data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${_cleverreach_client_id}\", \"client_secret\": \"${_cleverreach_client_secret}\"}" + _auth_result="$(_post "$_data" "https://rest.cleverreach.com/oauth/token.php" "" "POST" "application/json")" + + _debug _data "$_data" + _debug _auth_result "$_auth_result" + + _access_token=$(echo "$_auth_result" | _json_decode | jq -r .access_token) + + _info "Uploading certificate and key to CleverReach" + + _certData="{\"cert\":\"$(cat $_cfullchain | _json_encode)\", \"key\":\"$(cat $_ckey | _json_encode)\"}" + export _H1="Authorization: Bearer ${_access_token}" + _add_cert_result="$(_post "$_certData" "https://rest.cleverreach.com/v3/ssl/${_cdomain}" "" "POST" "application/json")" + + _debug "Destroying token at CleverReach" + _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json" + + if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then + _info "Uploaded certificate successfully" + return 0 + else + _debug _add_cert_result "$_add_cert_result" + _err "Unable to update certificate" + return 1 + fi +} From 39a56884646f0a4038547037050cc8e14d560360 Mon Sep 17 00:00:00 2001 From: Jan-Philipp Benecke Date: Fri, 28 Aug 2020 11:28:06 +0200 Subject: [PATCH 0007/1526] Make CI happy --- deploy/cleverreach.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/cleverreach.sh b/deploy/cleverreach.sh index bf16ed34..c22e69e1 100644 --- a/deploy/cleverreach.sh +++ b/deploy/cleverreach.sh @@ -52,12 +52,12 @@ cleverreach_deploy() { _info "Uploading certificate and key to CleverReach" - _certData="{\"cert\":\"$(cat $_cfullchain | _json_encode)\", \"key\":\"$(cat $_ckey | _json_encode)\"}" + _certData="{\"cert\":\"$(_json_encode < "$_cfullchain")\", \"key\":\"$(_json_encode < "$_ckey")\"}" export _H1="Authorization: Bearer ${_access_token}" _add_cert_result="$(_post "$_certData" "https://rest.cleverreach.com/v3/ssl/${_cdomain}" "" "POST" "application/json")" _debug "Destroying token at CleverReach" - _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json" + _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json" if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then _info "Uploaded certificate successfully" From 2a9c56d9e328716dd90503760a5834488a76c3a6 Mon Sep 17 00:00:00 2001 From: Jan-Philipp Benecke Date: Fri, 28 Aug 2020 11:30:23 +0200 Subject: [PATCH 0008/1526] Formatting for CI --- deploy/cleverreach.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/cleverreach.sh b/deploy/cleverreach.sh index c22e69e1..d212846b 100644 --- a/deploy/cleverreach.sh +++ b/deploy/cleverreach.sh @@ -52,7 +52,7 @@ cleverreach_deploy() { _info "Uploading certificate and key to CleverReach" - _certData="{\"cert\":\"$(_json_encode < "$_cfullchain")\", \"key\":\"$(_json_encode < "$_ckey")\"}" + _certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}" export _H1="Authorization: Bearer ${_access_token}" _add_cert_result="$(_post "$_certData" "https://rest.cleverreach.com/v3/ssl/${_cdomain}" "" "POST" "application/json")" From 339218508d2fd6ef34a2db283c0dea4dc123e8f4 Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Fri, 28 Aug 2020 09:55:20 -0400 Subject: [PATCH 0009/1526] shfmt fixes --- dnsapi/dns_edgedns.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index f5705ee8..94cf809c 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -361,9 +361,9 @@ _edgedns_eg_timestamp() { _edgedns_new_nonce() { _nonce=$(uuidgen -r) _ret="$?" - if [ "$_ret" -ne 0 ]; then + if [ "$_ret" -ne 0 ]; then _nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32) - fi + fi _debug3 "_nonce" "$_nonce" } From f7e12b629f7bdf3b5f637189fafef0af37994f98 Mon Sep 17 00:00:00 2001 From: Jan-Philipp Benecke Date: Thu, 1 Oct 2020 11:26:29 +0200 Subject: [PATCH 0010/1526] Update CleverReach REST Endpoint --- deploy/cleverreach.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/cleverreach.sh b/deploy/cleverreach.sh index d212846b..0fa07f4a 100644 --- a/deploy/cleverreach.sh +++ b/deploy/cleverreach.sh @@ -54,7 +54,7 @@ cleverreach_deploy() { _certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}" export _H1="Authorization: Bearer ${_access_token}" - _add_cert_result="$(_post "$_certData" "https://rest.cleverreach.com/v3/ssl/${_cdomain}" "" "POST" "application/json")" + _add_cert_result="$(_post "$_certData" "https://rest.cleverreach.com/v3/ssl" "" "POST" "application/json")" _debug "Destroying token at CleverReach" _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json" From 8881a9f40e1ae697ec0004670cda032c5a17f1a1 Mon Sep 17 00:00:00 2001 From: Arnaud Launay <2205303+alaunay@users.noreply.github.com> Date: Mon, 5 Oct 2020 15:46:18 +0200 Subject: [PATCH 0011/1526] Add BookMyName API support --- dnsapi/dns_bookmyname.sh | 93 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 dnsapi/dns_bookmyname.sh diff --git a/dnsapi/dns_bookmyname.sh b/dnsapi/dns_bookmyname.sh new file mode 100644 index 00000000..188d93cb --- /dev/null +++ b/dnsapi/dns_bookmyname.sh @@ -0,0 +1,93 @@ +#!/usr/bin/env sh + +#Here is a sample custom api script. +#This file name is "dns_bookmyname.sh" +#So, here must be a method dns_bookmyname_add() +#Which will be called by acme.sh to add the txt record to your api system. +#returns 0 means success, otherwise error. +# +#Author: Neilpang +#Report Bugs here: https://github.com/acmesh-official/acme.sh +# +######## Public functions ##################### + +# Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide + + +# BMN urls: +# https://BMN_USER:BMN_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=add&value="XXXXXXXX"' +# https://BMN_USER:BMN_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=remove&value="XXXXXXXX"' + +# Output: +#good: update done, cid 123456, domain id 456789, type txt, ip XXXXXXXX +#good: remove done 1, cid 123456, domain id 456789, ttl 300, type txt, ip XXXXXXXX + +# Be careful, BMN DNS servers can be slow to pick up changes; using dnssleep is thus advised. + +# Usage: +# export BOOKMYNAME_USERNAME="ABCDE-FREE" +# export BOOKMYNAME_PASSWORD="MyPassword" +# /usr/local/ssl/acme.sh/acme.sh --dns dns_bookmyname --dnssleep 600 --issue -d domain.tld + + +#Usage: dns_bookmyname_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_bookmyname_add() { + fulldomain=$1 + txtvalue=$2 + _info "Using bookmyname" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}" + BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}" + + if [ -z "$BOOKMYNAME_USERNAME" ] || [ -z "$BOOKMYNAME_PASSWORD" ]; then + BOOKMYNAME_USERNAME="" + BOOKMYNAME_PASSWORD="" + _err "You didn't specify BookMyName username and password yet." + _err "Please specify them and try again." + return 1 + fi + + #save the credentials to the account conf file. + _saveaccountconf_mutable BOOKMYNAME_USERNAME "$BOOKMYNAME_USERNAME" + _saveaccountconf_mutable BOOKMYNAME_PASSWORD "$BOOKMYNAME_PASSWORD" + + + uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" + data="?hostname=${fulldomain}&type=TXT&ttl=300&do=add&value=${txtvalue}" + result="$(_get "${uri}${data}")" + _debug "Result: $result" + + if ! _startswith "$result" 'good: update done, cid '; then + _err "Can't add $fulldomain" + return 1 + fi + +} + +#Usage: fulldomain txtvalue +#Remove the txt record after validation. +dns_bookmyname_rm() { + fulldomain=$1 + txtvalue=$2 + _info "Using bookmyname" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}" + BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}" + + + uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" + data="?hostname=${fulldomain}&type=TXT&ttl=300&do=remove&value=${txtvalue}" + result="$(_get "${uri}${data}")" + _debug "Result: $result" + + if ! _startswith "$result" 'good: remove done 1, cid '; then + _info "Can't remove $fulldomain" + fi + +} + +#################### Private functions below ################################## From 4ab5456a984eeafed71a6f56d1dda2830780c446 Mon Sep 17 00:00:00 2001 From: Arnaud Launay <2205303+alaunay@users.noreply.github.com> Date: Mon, 5 Oct 2020 15:49:00 +0200 Subject: [PATCH 0012/1526] keep shfmt happy --- dnsapi/dns_bookmyname.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/dnsapi/dns_bookmyname.sh b/dnsapi/dns_bookmyname.sh index 188d93cb..99b3b680 100644 --- a/dnsapi/dns_bookmyname.sh +++ b/dnsapi/dns_bookmyname.sh @@ -13,7 +13,6 @@ # Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide - # BMN urls: # https://BMN_USER:BMN_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=add&value="XXXXXXXX"' # https://BMN_USER:BMN_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=remove&value="XXXXXXXX"' @@ -29,7 +28,6 @@ # export BOOKMYNAME_PASSWORD="MyPassword" # /usr/local/ssl/acme.sh/acme.sh --dns dns_bookmyname --dnssleep 600 --issue -d domain.tld - #Usage: dns_bookmyname_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_bookmyname_add() { fulldomain=$1 @@ -53,7 +51,6 @@ dns_bookmyname_add() { _saveaccountconf_mutable BOOKMYNAME_USERNAME "$BOOKMYNAME_USERNAME" _saveaccountconf_mutable BOOKMYNAME_PASSWORD "$BOOKMYNAME_PASSWORD" - uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" data="?hostname=${fulldomain}&type=TXT&ttl=300&do=add&value=${txtvalue}" result="$(_get "${uri}${data}")" @@ -78,7 +75,6 @@ dns_bookmyname_rm() { BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}" BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}" - uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" data="?hostname=${fulldomain}&type=TXT&ttl=300&do=remove&value=${txtvalue}" result="$(_get "${uri}${data}")" From 7eea866869031a7a02aea7ada5c27edc37470458 Mon Sep 17 00:00:00 2001 From: Arnaud Launay <2205303+alaunay@users.noreply.github.com> Date: Mon, 5 Oct 2020 15:57:52 +0200 Subject: [PATCH 0013/1526] BMN -> BookMyName --- dnsapi/dns_bookmyname.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_bookmyname.sh b/dnsapi/dns_bookmyname.sh index 99b3b680..7acdea02 100644 --- a/dnsapi/dns_bookmyname.sh +++ b/dnsapi/dns_bookmyname.sh @@ -21,7 +21,7 @@ #good: update done, cid 123456, domain id 456789, type txt, ip XXXXXXXX #good: remove done 1, cid 123456, domain id 456789, ttl 300, type txt, ip XXXXXXXX -# Be careful, BMN DNS servers can be slow to pick up changes; using dnssleep is thus advised. +# Be careful, BookMyName DNS servers can be slow to pick up changes; using dnssleep is thus advised. # Usage: # export BOOKMYNAME_USERNAME="ABCDE-FREE" From 4a60292f8284bc74c54d7f376bac70b2ded6ecd9 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 9 Oct 2020 22:33:21 +0800 Subject: [PATCH 0014/1526] update freebsd --- .github/workflows/DNS.yml | 3 ++- .github/workflows/LetsEncrypt.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 976aff56..b06db229 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -183,10 +183,11 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.0.4 + - uses: vmactions/freebsd-vm@v0.0.5 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl + usesh: true run: | if [ "${{ secrets.TokenName1}}" ] ; then export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index ba5e933d..d71f3ac1 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -106,10 +106,11 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.0.4 + - uses: vmactions/freebsd-vm@v0.0.5 with: envs: 'NGROK_TOKEN TEST_LOCAL' prepare: pkg install -y socat curl + usesh: true run: | cd ../acmetest && ./letest.sh From d76fb566a258ad1bdefe0d7629493ca85fbcf51d Mon Sep 17 00:00:00 2001 From: Arnaud Launay <2205303+alaunay@users.noreply.github.com> Date: Sat, 10 Oct 2020 11:02:47 +0200 Subject: [PATCH 0015/1526] no private functions --- dnsapi/dns_bookmyname.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/dnsapi/dns_bookmyname.sh b/dnsapi/dns_bookmyname.sh index 7acdea02..79e6b14d 100644 --- a/dnsapi/dns_bookmyname.sh +++ b/dnsapi/dns_bookmyname.sh @@ -85,5 +85,3 @@ dns_bookmyname_rm() { fi } - -#################### Private functions below ################################## From b71a088da73f4ecc3a4d3e4a79de0e838f532e5e Mon Sep 17 00:00:00 2001 From: Arnaud Launay <2205303+alaunay@users.noreply.github.com> Date: Sat, 10 Oct 2020 11:46:32 +0200 Subject: [PATCH 0016/1526] Revert "no private functions" This reverts commit d76fb566a258ad1bdefe0d7629493ca85fbcf51d. --- dnsapi/dns_bookmyname.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dnsapi/dns_bookmyname.sh b/dnsapi/dns_bookmyname.sh index 79e6b14d..7acdea02 100644 --- a/dnsapi/dns_bookmyname.sh +++ b/dnsapi/dns_bookmyname.sh @@ -85,3 +85,5 @@ dns_bookmyname_rm() { fi } + +#################### Private functions below ################################## From 0781e8cf12f09fad71d0d63ce59c49c701b35d50 Mon Sep 17 00:00:00 2001 From: Marcel Waldvogel Date: Mon, 12 Oct 2020 13:52:57 +0200 Subject: [PATCH 0017/1526] Use random hour for cron job The hour for the cron job isn't really random (as is the minute), but assuming acme.sh installation times are not correlated, neither will be the resulting cron start times. --- acme.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 3be3849d..eb8aca49 100755 --- a/acme.sh +++ b/acme.sh @@ -5590,6 +5590,7 @@ installcronjob() { fi _t=$(_time) random_minute=$(_math $_t % 60) + random_hour=$(_math $_t / 60 % 24) if ! _exists "$_CRONTAB" && _exists "fcrontab"; then _CRONTAB="fcrontab" @@ -5616,12 +5617,12 @@ installcronjob() { if _exists uname && uname -a | grep SunOS >/dev/null; then $_CRONTAB -l | { cat - echo "$random_minute 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry> /dev/null" + echo "$random_minute $random_hour * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry> /dev/null" } | $_CRONTAB -- else $_CRONTAB -l | { cat - echo "$random_minute 0 * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry> /dev/null" + echo "$random_minute $random_hour * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry> /dev/null" } | $_CRONTAB - fi fi From 92dbe6cdf8eb7d3b07b84876db79032c1d41f9c6 Mon Sep 17 00:00:00 2001 From: Marcel Waldvogel Date: Mon, 12 Oct 2020 14:20:40 +0200 Subject: [PATCH 0018/1526] Simplify and clarify SunOS crontab differences --- acme.sh | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/acme.sh b/acme.sh index eb8aca49..2ea5ccd7 100755 --- a/acme.sh +++ b/acme.sh @@ -5615,16 +5615,14 @@ installcronjob() { _info "Installing cron job" if ! $_CRONTAB -l | grep "$PROJECT_ENTRY --cron"; then if _exists uname && uname -a | grep SunOS >/dev/null; then - $_CRONTAB -l | { - cat - echo "$random_minute $random_hour * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry> /dev/null" - } | $_CRONTAB -- + _CRONTAB_STDIN="$_CRONTAB --" else - $_CRONTAB -l | { - cat - echo "$random_minute $random_hour * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry> /dev/null" - } | $_CRONTAB - + _CRONTAB_STDIN="$_CRONTAB -" fi + $_CRONTAB -l | { + cat + echo "$random_minute $random_hour * * * $lesh --cron --home \"$LE_WORKING_DIR\" $_c_entry> /dev/null" + } | $_CRONTAB_STDIN fi if [ "$?" != "0" ]; then _err "Install cron job failed. You need to manually renew your certs." From ea3e6dae93e76dfe79272c6cb9dd0c6b9acbb297 Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Wed, 14 Oct 2020 14:49:09 -0400 Subject: [PATCH 0019/1526] remove uuidgen --- dnsapi/dns_edgedns.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 94cf809c..89e77936 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -359,11 +359,7 @@ _edgedns_eg_timestamp() { } _edgedns_new_nonce() { - _nonce=$(uuidgen -r) - _ret="$?" - if [ "$_ret" -ne 0 ]; then - _nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32) - fi + _nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32) _debug3 "_nonce" "$_nonce" } From 6ad5ea169679e22de4f0314b312e886b03ac6bc7 Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Fri, 16 Oct 2020 10:16:25 -0400 Subject: [PATCH 0020/1526] use _digest instead of openssl --- dnsapi/dns_edgedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 89e77936..7ab448d2 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -440,7 +440,7 @@ _edgedns_base64_sha256() { _debug2 "Creating sha256 digest" trg=$1 _secure_debug2 "digest data" "$trg" - digest="$(echo "$trg" | tr -d "\n\r" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -binary | _base64)" + digest="$(echo "$trg" | tr -d "\n\r" | _digest "sha256")" _sha256_out="$(echo "$digest" | tr -d "\n\r" | iconv -f utf-8)" _secure_debug2 "digest decode" "$_sha256_out" } From c61495df5239f7034531fc787bcd91d5deb42372 Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Fri, 16 Oct 2020 10:32:01 -0400 Subject: [PATCH 0021/1526] fix format --- dnsapi/dns_edgedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 7ab448d2..05c8e886 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -440,7 +440,7 @@ _edgedns_base64_sha256() { _debug2 "Creating sha256 digest" trg=$1 _secure_debug2 "digest data" "$trg" - digest="$(echo "$trg" | tr -d "\n\r" | _digest "sha256")" + digest="$(echo "$trg" | tr -d "\n\r" | _digest "sha256")" _sha256_out="$(echo "$digest" | tr -d "\n\r" | iconv -f utf-8)" _secure_debug2 "digest decode" "$_sha256_out" } From d5674c85d7735f2f3cdf6e44c2f9f1059d844d20 Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Fri, 21 Aug 2020 17:15:18 -0400 Subject: [PATCH 0022/1526] initial commit --- dnsapi/dns_edgedns.sh | 379 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 379 insertions(+) create mode 100755 dnsapi/dns_edgedns.sh diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh new file mode 100755 index 00000000..75ef4f9b --- /dev/null +++ b/dnsapi/dns_edgedns.sh @@ -0,0 +1,379 @@ +#!/usr/bin/env sh + +# Akamai Edge DNS v2 API +# User must provide Open Edgegrid API credentials to the EdgeDNS installation. The remote user in EdgeDNS must have CRUD access to +# Edge DNS Zones and Recordsets, e.g. DNS—Zone Record Management authorization + +# Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support + +# Values to export: +# --EITHER-- +# *** NOT IMPLEMENTED YET *** +# specify Edgegrid credentials file and section +# AKAMAI_EDGERC= +# AKAMAI_EDGERC_SECTION="default" +## --OR-- +# specify indiviual credentials +# export AKAMAI_HOST = +# export AKAMAI_ACCESS_TOKEN = +# export AKAMAI_CLIENT_TOKEN = +# export AKAMAI_CLIENT_SECRET = + +ACME_EDGEDNS_VERSION="0.1.0" + +######## Public functions ##################### + +# Usage: dns_edgedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +# Used to add txt record +# +dns_edgedns_add() { + fulldomain=$1 + txtvalue=$2 + + _debug "ENTERING DNS_EDGEDNS_ADD" + + _debug2 "fulldomain" "$fulldomain" + _debug2 "txtvalue" "$txtvalue" + + if ! _EDGEDNS_credentials; then + _err "$@" + return 1 + fi + + if ! _EDGEDNS_getZoneInfo "$fulldomain"; then + _err "Invalid domain" + return 1 + fi + _debug2 "Add: zone" "${zone}" + acmeRecordURI=$(printf "%s/%s/names/%s/type/TXT" "${edge_endpoint}" "${zone}" "${fulldomain}") + _debug3 "Add URL" "$acmeRecordURI" + # Get existing TXT record + _edge_result=$(_edgedns_rest GET "$acmeRecordURI") + _api_status="$?" + if [ "$_api_status" -ne 0 ] && [ "$_edge_result" != "404" ]; then + _err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" + return 1 + fi + rdata="\"$txtvalue\"" + record_op="POST" + if [ "$_api_status" -eq 0 ]; then + # record already exists. Get existing record data and update + record_op="PUT" + rdlist=$(echo -n "$response" | _egrep_o "\"rdata\"\\s*:\\s*\\[\\s*\"[^\"]*\"\\s*]" | cut -d : -f 2 | tr -d "[]\"") + _debug2 "existing TXT found" + _debug2 "record data" "$rdlist" + # value already there? + if _contains "$rdlist" "$txtvalue" ; then + return 0 + fi + comma="," + rdata="$rdata$comma\"${txtvalue}\"" + fi + _debug2 "new/updated rdata: " "${rdata}" + # Add the txtvalue TXT Record + body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" + _debug3 "Add body '${body}'" + _edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") + _api_status="$?" + if [ "$_api_status" -eq 0 ]; then + _log "$(printf "Text value %s added to recordset %s" "${txtvalue}" "${fulldomain}")" + return 0 + else + _err "$(printf "error adding TXT record for validation. Error: %s" "$_edge_result")" + return 1 + fi +} + +# Usage: dns_edgedns_rm _acme-challenge.www.domain.com +# Used to delete txt record +# +dns_edgedns_rm() { + fulldomain=$1 +} + +#################### Private functions below ################################## + +_EDGEDNS_credentials() { + _debug "GettingEdge DNS credentials" + _log $(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION}) + args_missing=0 + if [ -z "${AKAMAI_ACCESS_TOKEN}" ]; then + AKAMAI_ACCESS_TOKEN="" + AKAMAI_CLIENT_TOKEN="" + AKAMAI_HOST="" + AKAMAI_CLIENT_SECRET="" + _err "AKAMAI_ACCESS_TOKEN is missing" + args_missing=1 + fi + if [ -z "$AKAMAI_CLIENT_TOKEN" ]; then + AKAMAI_ACCESS_TOKEN="" + AKAMAI_CLIENT_TOKEN="" + AKAMAI_HOST="" + AKAMAI_CLIENT_SECRET="" + _err "AKAMAI_CLIENT_TOKEN is missing" + args_missing=1 + fi + if [ -z "${AKAMAI_HOST}" ]; then + AKAMAI_ACCESS_TOKEN="" + AKAMAI_CLIENT_TOKEN="" + AKAMAI_HOST="" + AKAMAI_CLIENT_SECRET="" + _err "AKAMAI_HOST is missing" + args_missing=1 + fi + if [ -z "${AKAMAI_CLIENT_SECRET}" ]; then + AKAMAI_ACCESS_TOKEN="" + AKAMAI_CLIENT_TOKEN="" + AKAMAI_HOST="" + AKAMAI_CLIENT_SECRET="" + _err "AKAMAI_CLIENT_SECRET is missing" + args_missing=1 + fi + + if [ "${args_missing}" = 1 ]; then + _err "You have not properly specified the EdgeDNS Open Edgegrid API credentials. Please try again." + return 1 + else + _saveaccountconf_mutable AKAMAI_ACCESS_TOKEN "${AKAMAI_ACCESS_TOKEN}" + _saveaccountconf_mutable AKAMAI_CLIENT_TOKEN "${AKAMAI_CLIENT_TOKEN}" + _saveaccountconf_mutable AKAMAI_HOST "${AKAMAI_HOST}" + _saveaccountconf_mutable AKAMAI_CLIENT_SECRET "${AKAMAI_CLIENT_SECRET}" + # Set whether curl should use secure or insecure mode + fi + export HTTPS_INSECURE=0 # All Edgegrid API calls are secure + edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "${AKAMAI_HOST}") + _debug3 "Edge API Endpoint:" "${edge_endpoint}" + +} + +_EDGEDNS_getZoneInfo() { + _debug "Getting Zoneinfo" + zoneEnd=false + curZone=$1 + while [ -n "${zoneEnd}" ]; do + # we can strip the first part of the fulldomain, since its just the _acme-challenge string + curZone="${curZone#*.}" + # suffix . needed for zone -> domain.tld. + # create zone get url + get_zone_url=$(printf "%s/%s" "${edge_endpoint}" "${curZone}") + _debug3 "Zone Get: " "${get_zone_url}" + curResult=$(_edgedns_rest GET "$get_zone_url") + retVal=$? + if [ $retVal -ne 0 ]; then + if ["$curResult" != "404" ]; then + _err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")" + return 1 + fi + fi + + if _contains "${curResult}" "\"zone\":" ; then + _debug2 "Zone data" "${curResult}" + zone=$(echo -n "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") + _debug2 "Zone" "${zone}" + zoneFound="" + zoneEnd="" + return 0 + fi + + if [ "${curZone#*.}" != "$curZone" ]; then + _debug2 $(printf "%s still contains a '.' - so we can check next higher level" "$curZone") + else + zoneEnd=true + _err "Couldn't retrieve zone data." + return 1 + fi + done + _err "Failed to retrieve zone data." + return 2 +} + +_edgedns_headers="" + +_edgedns_rest() { + _debug "Handling API Request" + m=$1 + # Assume endpoint is complete path, including query args if applicable + ep=$2 + body_data=$3 + _edgedns_content_type="" + _request_url_path="$ep" + _request_body="$body_data" + _request_method="$m" + _edgedns_headers="" + tab="" + _edgedns_headers="${_edgedns_headers}${tab}Host: ${AKAMAI_HOST}" + tab="\t" + # Set in acme.sh _post/_get + #_edgedns_headers="${_edgedns_headers}${tab}User-Agent:ACME DNSAPI Edge DNS version ${ACME_EDGEDNS_VERSION}" + _edgedns_headers="${_edgedns_headers}${tab}Accept: application/json" + if [ "$m" != "GET" ] && [ "$m" != "DELETE" ] ; then + _edgedns_content_type="application/json;charset=UTF-8" + _utf8_body_data="$(echo -n "$ _request_body" | iconv -t utf-8)" + _utf8_body_len="$(echo -n "$_utf8_body_data" | awk '{print length}')" + _edgedns_headers="${_edgedns_headers}${tab}Content-Length: ${_utf8_body_len}" + fi + _made_auth_header=$(_edgedns_make_auth_header) + _edgedns_headers="${_edgedns_headers}${tab}Authorization: ${_made_auth_header}" + _secure_debug2 "Made Auth Header" "${_made_auth_header}" + hdr_indx=1 + work_header="${_edgedns_headers}${tab}" + _debug3 "work_header" "${work_header}" + while [ "${work_header}" ]; do + entry="${work_header%%\\t*}"; work_header="${work_header#*\\t}" + export "$(printf "_H%s=%s" "${hdr_indx}" "${entry}")" + _debug2 "Request Header " "${entry}" + hdr_indx=$(( hdr_indx + 1 )) + done + + # clear headers from previous request to avoid getting wrong http code on timeouts + :>"$HTTP_HEADER" + _debug "$ep" + if [ "$m" != "GET" ]; then + _debug "Method data" "$data" + # body url [needbase64] [POST|PUT|DELETE] [ContentType] + response="$(_post "$_utf8_body_data" "$ep" false "$m")" + else + response="$(_get "$ep")" + fi + + _ret="$?" + _debug "response" "$response" + _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" + _debug2 "http response code" "$_code" + + if [ "$_code" = "200" ] || [ "$_code" = "201" ]; then + # All good + response="$(echo "$response" | _normalizeJson)" + echo -n "${response}" + return 0 + fi + + if [ "$_code" = "204" ]; then + # Success, no body + echo -n "" + return 0 + fi + + if [ "$_code" = "400" ]; then + _err "Bad request presented" + _log "$(printf "Headers: %s" "$_edgedns_headers")" + _log "$(printf "Method: %s" "$_request_method")" + _log "$(printf "URL: %s" "$ep")" + _log "$(printf "Data: %s" "$data")" + fi + + if [ "$_code" = "403" ]; then + _err "access denied make sure your Edgegrid cedentials are correct." + fi + + echo "$_code" + return 1 +} + +_edgedns_eg_timestamp() { + _eg_timestamp=$(date -u "+%Y%m%dT%H:%M:%S+0000") +} + +_edgedns_new_nonce() { + _nonce=$(uuidgen -r) +} + +_edgedns_make_auth_header() { + _debug "Constructing Auth Header" + _edgedns_eg_timestamp + _edgedns_new_nonce + # "Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'" + _auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "${AKAMAI_CLIENT_TOKEN}" "${AKAMAI_ACCESS_TOKEN}" "${_eg_timestamp}" "${_nonce}")" + _secure_debug2 "Unsigned Auth Header: " "$_auth_header" + + _sig="$(_edgedns_sign_request)" + _signed_auth_header="$(printf "%ssignature=%s" "${_auth_header}" "${_sig}")" + _secure_debug2 "Signed Auth Header: " "${_signed_auth_header}" + echo -n "${_signed_auth_header}" +} + +_edgedns_sign_request() { + _debug2 "Signing http request" + _signed_data=$(_edgedns_make_data_to_sign "${_auth_header}") + _secure_debug2 "Returned signed data" "$_signed_data" + _key=$(_edgedns_make_signing_key "${_eg_timestamp}") + _signed_req=$(_edgedns_base64_hmac_sha256 "$_signed_data" "$_key") + _secure_debug2 "Signed Request" "${_signed_req}" + echo -n "${_signed_req}" +} + +_edgedns_make_signing_key() { + _debug2 "Creating sigining key" + ts=$1 + _signing_key=$(_edgedns_base64_hmac_sha256 "$ts" "${AKAMAI_CLIENT_SECRET}") + _secure_debug2 "Signing Key" "${_signing_key}" + echo -n "${_signing_key}" + +} + +_edgedns_make_data_to_sign() { + _debug2 "Processing data to sign" + hdr=$1 + _secure_debug2 "hdr" "$hdr" + content_hash=$(_edgedns_make_content_hash) + path="$(echo -n "${_request_url_path}" |sed 's/https\?:\/\///')" + path="${path#*$AKAMAI_HOST}" + _debug "hier path" "${path}" + # dont expose headers to sign so use MT string + data="$(printf "%s\thttps\t%s\t%s\t%s\t%s\t%s" "${_request_method}" "${AKAMAI_HOST}" "${path}" "" "${content_hash}" "$hdr")" + _secure_debug2 "Data to Sign" "${data}" + echo -n "${data}" +} + +_edgedns_make_content_hash() { + _debug2 "Generating content hash" + prep_body="" + _hash="" + _debug2 "Request method" "${_request_method}" + if [ "${_request_method}" != "POST" ] || [ -z "${_request_body}" ]; then + echo -n "${prep_body}" + return 0 + fi + prep_body="$(echo -n "${_request_body}")" + _debug2 "Req body" "${prep_body}" + _hash=$(_edgedns_base64_sha256 "${prep_body}") + _debug2 "Content hash" "${_hash}" + echo -n "${_hash}" +} + +_edgedns_base64_hmac_sha256() { + _debug2 "Generating hmac" + data=$1 + key=$2 + encoded_data="$(echo -n "${data}" | iconv -t utf-8)" + encoded_key="$(echo -n "${key}" | iconv -t utf-8)" + _secure_debug2 "encoded data" "${encoded_data}" + _secure_debug2 "encoded key" "${encoded_key}" + #key_hex="$(_durl_replace_base64 "$key" | _dbase64 | _hex_dump | tr -d ' ')" + #data_sig="$(printf "%s" "$encoded_data" | _hmac sha256 "${key_hex}" | _base64 | _url_replace)" + + data_sig="$(echo -n "$encoded_data" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -hmac $encoded_key -binary | _base64)" + _secure_debug2 "data_sig:" "${data_sig}" + out="$(echo -n "${data_sig}" | iconv -f utf-8)" + _secure_debug2 "hmac" "${out}" + echo -n "${out}" +} + +_edgedns_base64_sha256() { + _debug2 "Creating sha256 digest" + trg=$1 + utf8_str="$(echo -n "${trg}" | iconv -t utf-8)" + _secure_debug2 "digest data" "$trg" + _secure_debug2 "encoded digest data" "${utf8_str}" + digest="$(echo -n "${trg}" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -binary | _base64)" + out="$(echo -n "${digest}" | iconv -f utf-8)" + _secure_debug2 "digest decode" "${out}" + echo -n "${out}" +} + +#_edgedns_parse_edgerc() { +# filepath=$1 +# section=$2 +#} + + From 8e09e1b248ec77ae4954e6928b22dc083c9174be Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Wed, 26 Aug 2020 16:11:11 -0400 Subject: [PATCH 0023/1526] debugging and cleanup --- dnsapi/dns_edgedns.sh | 283 ++++++++++++++++++++++++++---------------- 1 file changed, 176 insertions(+), 107 deletions(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 75ef4f9b..7be49761 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -29,9 +29,7 @@ ACME_EDGEDNS_VERSION="0.1.0" dns_edgedns_add() { fulldomain=$1 txtvalue=$2 - _debug "ENTERING DNS_EDGEDNS_ADD" - _debug2 "fulldomain" "$fulldomain" _debug2 "txtvalue" "$txtvalue" @@ -39,44 +37,53 @@ dns_edgedns_add() { _err "$@" return 1 fi - if ! _EDGEDNS_getZoneInfo "$fulldomain"; then _err "Invalid domain" return 1 fi - _debug2 "Add: zone" "${zone}" - acmeRecordURI=$(printf "%s/%s/names/%s/type/TXT" "${edge_endpoint}" "${zone}" "${fulldomain}") + _debug2 "Add: zone" "$zone" + acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "$edge_endpoint" "$zone" "$fulldomain") _debug3 "Add URL" "$acmeRecordURI" # Get existing TXT record _edge_result=$(_edgedns_rest GET "$acmeRecordURI") _api_status="$?" - if [ "$_api_status" -ne 0 ] && [ "$_edge_result" != "404" ]; then - _err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" - return 1 + _debug3 "_edge_result" "$_edge_result" + if [ "$_api_status" -ne 0 ]; then + if [ "$curResult" = "FATAL" ]; then + _err "$(printf "Fatal error: acme API function call : %s" "$retVal")" + fi + if [ "$_edge_result" != "404" ]; then + _err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" + return 1 + fi fi - rdata="\"$txtvalue\"" + rdata="\"${txtvalue}\"" record_op="POST" if [ "$_api_status" -eq 0 ]; then # record already exists. Get existing record data and update record_op="PUT" - rdlist=$(echo -n "$response" | _egrep_o "\"rdata\"\\s*:\\s*\\[\\s*\"[^\"]*\"\\s*]" | cut -d : -f 2 | tr -d "[]\"") - _debug2 "existing TXT found" - _debug2 "record data" "$rdlist" + rdlist="${_edge_result#*\"rdata\":[}" + rdlist="${rdlist%%]*}" + rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\") + _debug3 "existing TXT found" + _debug3 "record data" "$rdlist" # value already there? if _contains "$rdlist" "$txtvalue" ; then return 0 fi - comma="," - rdata="$rdata$comma\"${txtvalue}\"" + _txt_val="" + while [ "$_txt_val" != "$rdlist" ] && [ "${rdlist}" ]; do + _txt_val="${rdlist%%,*}"; rdlist="${rdlist#*,}" + rdata="${rdata},\"${_txt_val}\"" + done fi - _debug2 "new/updated rdata: " "${rdata}" # Add the txtvalue TXT Record body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" _debug3 "Add body '${body}'" _edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") _api_status="$?" if [ "$_api_status" -eq 0 ]; then - _log "$(printf "Text value %s added to recordset %s" "${txtvalue}" "${fulldomain}")" + _log "$(printf "Text value %s added to recordset %s" "$txtvalue" "$fulldomain")" return 0 else _err "$(printf "error adding TXT record for validation. Error: %s" "$_edge_result")" @@ -84,20 +91,89 @@ dns_edgedns_add() { fi } -# Usage: dns_edgedns_rm _acme-challenge.www.domain.com +# Usage: dns_edgedns_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" # Used to delete txt record # dns_edgedns_rm() { fulldomain=$1 + txtvalue=$2 + _debug "ENTERING DNS_EDGEDNS_RM" + _debug2 "fulldomain" "$fulldomain" + _debug2 "txtvalue" "$txtvalue" + + if ! _EDGEDNS_credentials; then + _err "$@" + return 1 + fi + if ! _EDGEDNS_getZoneInfo "$fulldomain"; then + _err "Invalid domain" + return 1 + fi + _debug2 "RM: zone" "${zone}" + acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "${edge_endpoint}" "$zone" "$fulldomain") + _debug3 "RM URL" "$acmeRecordURI" + # Get existing TXT record + _edge_result=$(_edgedns_rest GET "$acmeRecordURI") + _api_status="$?" + if [ "$_api_status" -ne 0 ]; then + if [ "$curResult" = "FATAL" ]; then + _err "$(printf "Fatal error: acme API function call : %s" "$retVal")" + fi + if [ "$_edge_result" != "404" ]; then + _err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" + return 1 + fi + fi + _debug3 "_edge_result" "$_edge_result" + record_op="DELETE" + body="" + if [ "$_api_status" -eq 0 ]; then + # record already exists. Get existing record data and update + rdlist="${_edge_result#*\"rdata\":[}" + rdlist="${rdlist%%]*}" + rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\") + _debug3 "rdlist" "$rdlist" + if [ -n "$rdlist" ]; then + record_op="PUT" + comma="" + rdata="" + _txt_val="" + while [ "$_txt_val" != "$rdlist" ] && [ "$rdlist" ]; do + _txt_val="${rdlist%%,*}"; rdlist="${rdlist#*,}" + _debug3 "_txt_val" "$_txt_val" + _debug3 "txtvalue" "$txtvalue" + if ! _contains "$_txt_val" "$txtvalue" ; then + rdata="${rdata}${comma}\"${_txt_val}\"" + comma="," + fi + done + if [ -z "$rdata" ]; then + record_op="DELETE" + else + # Recreate the txtvalue TXT Record + body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" + _debug3 "body" "$body" + fi + fi + fi + _edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") + _api_status="$?" + if [ "$_api_status" -eq 0 ]; then + _log "$(printf "Text value %s removed from recordset %s" "$txtvalue" "$fulldomain")" + return 0 + else + _err "$(printf "error removing TXT record for validation. Error: %s" "$_edge_result")" + return 1 + fi } #################### Private functions below ################################## _EDGEDNS_credentials() { _debug "GettingEdge DNS credentials" - _log $(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION}) + _log "$(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION})" args_missing=0 - if [ -z "${AKAMAI_ACCESS_TOKEN}" ]; then + if [ -z "$AKAMAI_ACCESS_TOKEN" ]; then AKAMAI_ACCESS_TOKEN="" AKAMAI_CLIENT_TOKEN="" AKAMAI_HOST="" @@ -113,7 +189,7 @@ _EDGEDNS_credentials() { _err "AKAMAI_CLIENT_TOKEN is missing" args_missing=1 fi - if [ -z "${AKAMAI_HOST}" ]; then + if [ -z "$AKAMAI_HOST" ]; then AKAMAI_ACCESS_TOKEN="" AKAMAI_CLIENT_TOKEN="" AKAMAI_HOST="" @@ -121,7 +197,7 @@ _EDGEDNS_credentials() { _err "AKAMAI_HOST is missing" args_missing=1 fi - if [ -z "${AKAMAI_CLIENT_SECRET}" ]; then + if [ -z "$AKAMAI_CLIENT_SECRET" ]; then AKAMAI_ACCESS_TOKEN="" AKAMAI_CLIENT_TOKEN="" AKAMAI_HOST="" @@ -130,19 +206,19 @@ _EDGEDNS_credentials() { args_missing=1 fi - if [ "${args_missing}" = 1 ]; then + if [ "$args_missing" = 1 ]; then _err "You have not properly specified the EdgeDNS Open Edgegrid API credentials. Please try again." return 1 else - _saveaccountconf_mutable AKAMAI_ACCESS_TOKEN "${AKAMAI_ACCESS_TOKEN}" - _saveaccountconf_mutable AKAMAI_CLIENT_TOKEN "${AKAMAI_CLIENT_TOKEN}" - _saveaccountconf_mutable AKAMAI_HOST "${AKAMAI_HOST}" - _saveaccountconf_mutable AKAMAI_CLIENT_SECRET "${AKAMAI_CLIENT_SECRET}" + _saveaccountconf_mutable AKAMAI_ACCESS_TOKEN "$AKAMAI_ACCESS_TOKEN" + _saveaccountconf_mutable AKAMAI_CLIENT_TOKEN "$AKAMAI_CLIENT_TOKEN" + _saveaccountconf_mutable AKAMAI_HOST "$AKAMAI_HOST" + _saveaccountconf_mutable AKAMAI_CLIENT_SECRET "$AKAMAI_CLIENT_SECRET" # Set whether curl should use secure or insecure mode fi export HTTPS_INSECURE=0 # All Edgegrid API calls are secure - edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "${AKAMAI_HOST}") - _debug3 "Edge API Endpoint:" "${edge_endpoint}" + edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "$AKAMAI_HOST") + _debug3 "Edge API Endpoint:" "$edge_endpoint" } @@ -150,33 +226,34 @@ _EDGEDNS_getZoneInfo() { _debug "Getting Zoneinfo" zoneEnd=false curZone=$1 - while [ -n "${zoneEnd}" ]; do + while [ -n "$zoneEnd" ]; do # we can strip the first part of the fulldomain, since its just the _acme-challenge string curZone="${curZone#*.}" # suffix . needed for zone -> domain.tld. # create zone get url - get_zone_url=$(printf "%s/%s" "${edge_endpoint}" "${curZone}") + get_zone_url=$(printf "%s/%s" "$edge_endpoint" "$curZone") _debug3 "Zone Get: " "${get_zone_url}" curResult=$(_edgedns_rest GET "$get_zone_url") retVal=$? - if [ $retVal -ne 0 ]; then - if ["$curResult" != "404" ]; then - _err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")" + if [ "$retVal" -ne 0 ]; then + if [ "$curResult" = "FATAL" ]; then + _err "$(printf "Fatal error: acme API function call : %s" "$retVal")" + fi + if [ "$curResult" != "404" ]; then + err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")" return 1 fi fi - - if _contains "${curResult}" "\"zone\":" ; then + if _contains "$curResult" "\"zone\":" ; then _debug2 "Zone data" "${curResult}" - zone=$(echo -n "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") - _debug2 "Zone" "${zone}" - zoneFound="" + zone=$(echo "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") + _debug3 "Zone" "${zone}" zoneEnd="" return 0 fi if [ "${curZone#*.}" != "$curZone" ]; then - _debug2 $(printf "%s still contains a '.' - so we can check next higher level" "$curZone") + _debug3 "$(printf "%s still contains a '.' - so we can check next higher level" "$curZone")" else zoneEnd=true _err "Couldn't retrieve zone data." @@ -205,52 +282,55 @@ _edgedns_rest() { tab="\t" # Set in acme.sh _post/_get #_edgedns_headers="${_edgedns_headers}${tab}User-Agent:ACME DNSAPI Edge DNS version ${ACME_EDGEDNS_VERSION}" - _edgedns_headers="${_edgedns_headers}${tab}Accept: application/json" + _edgedns_headers="${_edgedns_headers}${tab}Accept: application/json,*/*" if [ "$m" != "GET" ] && [ "$m" != "DELETE" ] ; then - _edgedns_content_type="application/json;charset=UTF-8" - _utf8_body_data="$(echo -n "$ _request_body" | iconv -t utf-8)" - _utf8_body_len="$(echo -n "$_utf8_body_data" | awk '{print length}')" - _edgedns_headers="${_edgedns_headers}${tab}Content-Length: ${_utf8_body_len}" + _edgedns_content_type="application/json" + _debug3 "_request_body" "$_request_body" + _body_len=$(echo "$_request_body" | tr -d "\n\r" | awk '{print length}') + _edgedns_headers="${_edgedns_headers}${tab}Content-Length: ${_body_len}" fi - _made_auth_header=$(_edgedns_make_auth_header) - _edgedns_headers="${_edgedns_headers}${tab}Authorization: ${_made_auth_header}" - _secure_debug2 "Made Auth Header" "${_made_auth_header}" + _edgedns_make_auth_header + _edgedns_headers="${_edgedns_headers}${tab}Authorization: ${_signed_auth_header}" + _secure_debug2 "Made Auth Header" "$_signed_auth_header" hdr_indx=1 work_header="${_edgedns_headers}${tab}" - _debug3 "work_header" "${work_header}" - while [ "${work_header}" ]; do + _debug3 "work_header" "$work_header" + while [ "$work_header" ]; do entry="${work_header%%\\t*}"; work_header="${work_header#*\\t}" - export "$(printf "_H%s=%s" "${hdr_indx}" "${entry}")" - _debug2 "Request Header " "${entry}" + export "$(printf "_H%s=%s" "$hdr_indx" "$entry")" + _debug2 "Request Header " "$entry" hdr_indx=$(( hdr_indx + 1 )) done # clear headers from previous request to avoid getting wrong http code on timeouts - :>"$HTTP_HEADER" - _debug "$ep" + : >"$HTTP_HEADER" + _debug2 "$ep" if [ "$m" != "GET" ]; then - _debug "Method data" "$data" + _debug3 "Method data" "$data" # body url [needbase64] [POST|PUT|DELETE] [ContentType] - response="$(_post "$_utf8_body_data" "$ep" false "$m")" + response=$(_post "$_request_body" "$ep" false "$m" "$_edgedns_content_type") else - response="$(_get "$ep")" + response=$(_get "$ep") fi - _ret="$?" - _debug "response" "$response" + if [ "$_ret" -ne 0 ]; then + _err "$(printf "acme.sh API function call failed. Error: %s" "$_ret")" + echo "FATAL" + return "$_ret" + fi + _debug2 "response" "${response}" _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" _debug2 "http response code" "$_code" - if [ "$_code" = "200" ] || [ "$_code" = "201" ]; then # All good - response="$(echo "$response" | _normalizeJson)" - echo -n "${response}" + response="$(echo "${response}" | _normalizeJson)" + echo "$response" return 0 fi if [ "$_code" = "204" ]; then # Success, no body - echo -n "" + echo "$_code" return 0 fi @@ -283,31 +363,30 @@ _edgedns_make_auth_header() { _edgedns_eg_timestamp _edgedns_new_nonce # "Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'" - _auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "${AKAMAI_CLIENT_TOKEN}" "${AKAMAI_ACCESS_TOKEN}" "${_eg_timestamp}" "${_nonce}")" + _auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "$AKAMAI_CLIENT_TOKEN" "$AKAMAI_ACCESS_TOKEN" "$_eg_timestamp" "$_nonce")" _secure_debug2 "Unsigned Auth Header: " "$_auth_header" - _sig="$(_edgedns_sign_request)" - _signed_auth_header="$(printf "%ssignature=%s" "${_auth_header}" "${_sig}")" + _edgedns_sign_request + _signed_auth_header="$(printf "%ssignature=%s" "$_auth_header" "$_signed_req")" _secure_debug2 "Signed Auth Header: " "${_signed_auth_header}" - echo -n "${_signed_auth_header}" } _edgedns_sign_request() { _debug2 "Signing http request" - _signed_data=$(_edgedns_make_data_to_sign "${_auth_header}") - _secure_debug2 "Returned signed data" "$_signed_data" - _key=$(_edgedns_make_signing_key "${_eg_timestamp}") - _signed_req=$(_edgedns_base64_hmac_sha256 "$_signed_data" "$_key") - _secure_debug2 "Signed Request" "${_signed_req}" - echo -n "${_signed_req}" + _edgedns_make_data_to_sign "$_auth_header" + _secure_debug2 "Returned signed data" "$_mdata" + _edgedns_make_signing_key "$_eg_timestamp" + _edgedns_base64_hmac_sha256 "$_mdata" "$_signing_key" + _signed_req="$_hmac_out" + _secure_debug2 "Signed Request" "$_signed_req" } _edgedns_make_signing_key() { _debug2 "Creating sigining key" ts=$1 - _signing_key=$(_edgedns_base64_hmac_sha256 "$ts" "${AKAMAI_CLIENT_SECRET}") - _secure_debug2 "Signing Key" "${_signing_key}" - echo -n "${_signing_key}" + _edgedns_base64_hmac_sha256 "$ts" "$AKAMAI_CLIENT_SECRET" + _signing_key="$_hmac_out" + _secure_debug2 "Signing Key" "$_signing_key" } @@ -315,60 +394,50 @@ _edgedns_make_data_to_sign() { _debug2 "Processing data to sign" hdr=$1 _secure_debug2 "hdr" "$hdr" - content_hash=$(_edgedns_make_content_hash) - path="$(echo -n "${_request_url_path}" |sed 's/https\?:\/\///')" + _edgedns_make_content_hash + path="$(echo "$_request_url_path" | tr -d "\n\r" | sed 's/https\?:\/\///')" path="${path#*$AKAMAI_HOST}" - _debug "hier path" "${path}" + _debug "hier path" "$path" # dont expose headers to sign so use MT string - data="$(printf "%s\thttps\t%s\t%s\t%s\t%s\t%s" "${_request_method}" "${AKAMAI_HOST}" "${path}" "" "${content_hash}" "$hdr")" - _secure_debug2 "Data to Sign" "${data}" - echo -n "${data}" + _mdata="$(printf "%s\thttps\t%s\t%s\t%s\t%s\t%s" "$_request_method" "$AKAMAI_HOST" "$path" "" "$_hash" "$hdr")" + _secure_debug2 "Data to Sign" "$_mdata" } _edgedns_make_content_hash() { _debug2 "Generating content hash" - prep_body="" _hash="" _debug2 "Request method" "${_request_method}" - if [ "${_request_method}" != "POST" ] || [ -z "${_request_body}" ]; then - echo -n "${prep_body}" + if [ "$_request_method" != "POST" ] || [ -z "$_request_body" ]; then return 0 fi - prep_body="$(echo -n "${_request_body}")" - _debug2 "Req body" "${prep_body}" - _hash=$(_edgedns_base64_sha256 "${prep_body}") - _debug2 "Content hash" "${_hash}" - echo -n "${_hash}" + _debug2 "Req body" "$_request_body" + _edgedns_base64_sha256 "$_request_body" + _hash="$_sha256_out" + _debug2 "Content hash" "$_hash" } _edgedns_base64_hmac_sha256() { _debug2 "Generating hmac" data=$1 key=$2 - encoded_data="$(echo -n "${data}" | iconv -t utf-8)" - encoded_key="$(echo -n "${key}" | iconv -t utf-8)" - _secure_debug2 "encoded data" "${encoded_data}" - _secure_debug2 "encoded key" "${encoded_key}" - #key_hex="$(_durl_replace_base64 "$key" | _dbase64 | _hex_dump | tr -d ' ')" - #data_sig="$(printf "%s" "$encoded_data" | _hmac sha256 "${key_hex}" | _base64 | _url_replace)" - - data_sig="$(echo -n "$encoded_data" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -hmac $encoded_key -binary | _base64)" - _secure_debug2 "data_sig:" "${data_sig}" - out="$(echo -n "${data_sig}" | iconv -f utf-8)" - _secure_debug2 "hmac" "${out}" - echo -n "${out}" + encoded_data="$(echo "$data" | iconv -t utf-8)" + encoded_key="$(echo "$key" | iconv -t utf-8)" + _secure_debug2 "encoded data" "$encoded_data" + _secure_debug2 "encoded key" "$encoded_key" + + data_sig="$(echo "$encoded_data" | tr -d "\n\r" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -hmac "$encoded_key" -binary | _base64)" + _secure_debug2 "data_sig:" "$data_sig" + _hmac_out="$(echo "$data_sig" | tr -d "\n\r" | iconv -f utf-8)" + _secure_debug2 "hmac" "$_hmac_out" } _edgedns_base64_sha256() { _debug2 "Creating sha256 digest" trg=$1 - utf8_str="$(echo -n "${trg}" | iconv -t utf-8)" _secure_debug2 "digest data" "$trg" - _secure_debug2 "encoded digest data" "${utf8_str}" - digest="$(echo -n "${trg}" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -binary | _base64)" - out="$(echo -n "${digest}" | iconv -f utf-8)" - _secure_debug2 "digest decode" "${out}" - echo -n "${out}" + digest="$(echo "$trg" | tr -d "\n\r" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -binary | _base64)" + _sha256_out="$(echo "$digest" | tr -d "\n\r" | iconv -f utf-8)" + _secure_debug2 "digest decode" "$_sha256_out" } #_edgedns_parse_edgerc() { From 596a1764ef799eb08f8004f0ea68a15fc977376e Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Wed, 26 Aug 2020 18:07:46 -0400 Subject: [PATCH 0024/1526] vetted by shfmt --- dnsapi/dns_edgedns.sh | 49 ++++++++++++++++++++++--------------------- 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 7be49761..2072637a 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -7,15 +7,15 @@ # Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support # Values to export: -# --EITHER-- +# --EITHER-- # *** NOT IMPLEMENTED YET *** # specify Edgegrid credentials file and section -# AKAMAI_EDGERC= +# AKAMAI_EDGERC= # AKAMAI_EDGERC_SECTION="default" ## --OR-- # specify indiviual credentials # export AKAMAI_HOST = -# export AKAMAI_ACCESS_TOKEN = +# export AKAMAI_ACCESS_TOKEN = # export AKAMAI_CLIENT_TOKEN = # export AKAMAI_CLIENT_SECRET = @@ -32,7 +32,7 @@ dns_edgedns_add() { _debug "ENTERING DNS_EDGEDNS_ADD" _debug2 "fulldomain" "$fulldomain" _debug2 "txtvalue" "$txtvalue" - + if ! _EDGEDNS_credentials; then _err "$@" return 1 @@ -42,7 +42,7 @@ dns_edgedns_add() { return 1 fi _debug2 "Add: zone" "$zone" - acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "$edge_endpoint" "$zone" "$fulldomain") + acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "$edge_endpoint" "$zone" "$fulldomain") _debug3 "Add URL" "$acmeRecordURI" # Get existing TXT record _edge_result=$(_edgedns_rest GET "$acmeRecordURI") @@ -68,13 +68,14 @@ dns_edgedns_add() { _debug3 "existing TXT found" _debug3 "record data" "$rdlist" # value already there? - if _contains "$rdlist" "$txtvalue" ; then + if _contains "$rdlist" "$txtvalue"; then return 0 fi _txt_val="" while [ "$_txt_val" != "$rdlist" ] && [ "${rdlist}" ]; do - _txt_val="${rdlist%%,*}"; rdlist="${rdlist#*,}" - rdata="${rdata},\"${_txt_val}\"" + _txt_val="${rdlist%%,*}" + rdlist="${rdlist#*,}" + rdata="${rdata},\"${_txt_val}\"" done fi # Add the txtvalue TXT Record @@ -139,10 +140,11 @@ dns_edgedns_rm() { rdata="" _txt_val="" while [ "$_txt_val" != "$rdlist" ] && [ "$rdlist" ]; do - _txt_val="${rdlist%%,*}"; rdlist="${rdlist#*,}" + _txt_val="${rdlist%%,*}" + rdlist="${rdlist#*,}" _debug3 "_txt_val" "$_txt_val" _debug3 "txtvalue" "$txtvalue" - if ! _contains "$_txt_val" "$txtvalue" ; then + if ! _contains "$_txt_val" "$txtvalue"; then rdata="${rdata}${comma}\"${_txt_val}\"" comma="," fi @@ -170,7 +172,7 @@ dns_edgedns_rm() { #################### Private functions below ################################## _EDGEDNS_credentials() { - _debug "GettingEdge DNS credentials" + _debug "GettingEdge DNS credentials" _log "$(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION})" args_missing=0 if [ -z "$AKAMAI_ACCESS_TOKEN" ]; then @@ -216,7 +218,7 @@ _EDGEDNS_credentials() { _saveaccountconf_mutable AKAMAI_CLIENT_SECRET "$AKAMAI_CLIENT_SECRET" # Set whether curl should use secure or insecure mode fi - export HTTPS_INSECURE=0 # All Edgegrid API calls are secure + export HTTPS_INSECURE=0 # All Edgegrid API calls are secure edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "$AKAMAI_HOST") _debug3 "Edge API Endpoint:" "$edge_endpoint" @@ -244,7 +246,7 @@ _EDGEDNS_getZoneInfo() { return 1 fi fi - if _contains "$curResult" "\"zone\":" ; then + if _contains "$curResult" "\"zone\":"; then _debug2 "Zone data" "${curResult}" zone=$(echo "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") _debug3 "Zone" "${zone}" @@ -283,7 +285,7 @@ _edgedns_rest() { # Set in acme.sh _post/_get #_edgedns_headers="${_edgedns_headers}${tab}User-Agent:ACME DNSAPI Edge DNS version ${ACME_EDGEDNS_VERSION}" _edgedns_headers="${_edgedns_headers}${tab}Accept: application/json,*/*" - if [ "$m" != "GET" ] && [ "$m" != "DELETE" ] ; then + if [ "$m" != "GET" ] && [ "$m" != "DELETE" ]; then _edgedns_content_type="application/json" _debug3 "_request_body" "$_request_body" _body_len=$(echo "$_request_body" | tr -d "\n\r" | awk '{print length}') @@ -295,13 +297,14 @@ _edgedns_rest() { hdr_indx=1 work_header="${_edgedns_headers}${tab}" _debug3 "work_header" "$work_header" - while [ "$work_header" ]; do - entry="${work_header%%\\t*}"; work_header="${work_header#*\\t}" + while [ "$work_header" ]; do + entry="${work_header%%\\t*}" + work_header="${work_header#*\\t}" export "$(printf "_H%s=%s" "$hdr_indx" "$entry")" _debug2 "Request Header " "$entry" - hdr_indx=$(( hdr_indx + 1 )) + hdr_indx=$((hdr_indx + 1)) done - + # clear headers from previous request to avoid getting wrong http code on timeouts : >"$HTTP_HEADER" _debug2 "$ep" @@ -360,15 +363,15 @@ _edgedns_new_nonce() { _edgedns_make_auth_header() { _debug "Constructing Auth Header" - _edgedns_eg_timestamp - _edgedns_new_nonce + _edgedns_eg_timestamp + _edgedns_new_nonce # "Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'" - _auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "$AKAMAI_CLIENT_TOKEN" "$AKAMAI_ACCESS_TOKEN" "$_eg_timestamp" "$_nonce")" + _auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "$AKAMAI_CLIENT_TOKEN" "$AKAMAI_ACCESS_TOKEN" "$_eg_timestamp" "$_nonce")" _secure_debug2 "Unsigned Auth Header: " "$_auth_header" _edgedns_sign_request _signed_auth_header="$(printf "%ssignature=%s" "$_auth_header" "$_signed_req")" - _secure_debug2 "Signed Auth Header: " "${_signed_auth_header}" + _secure_debug2 "Signed Auth Header: " "${_signed_auth_header}" } _edgedns_sign_request() { @@ -444,5 +447,3 @@ _edgedns_base64_sha256() { # filepath=$1 # section=$2 #} - - From 9c28a04c65435b6f801f313b26c4633791d5cb94 Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Thu, 27 Aug 2020 17:40:07 -0400 Subject: [PATCH 0025/1526] add alt nonce generation logic --- dnsapi/dns_edgedns.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 2072637a..f5705ee8 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -64,7 +64,7 @@ dns_edgedns_add() { record_op="PUT" rdlist="${_edge_result#*\"rdata\":[}" rdlist="${rdlist%%]*}" - rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\") + rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\") _debug3 "existing TXT found" _debug3 "record data" "$rdlist" # value already there? @@ -132,7 +132,7 @@ dns_edgedns_rm() { # record already exists. Get existing record data and update rdlist="${_edge_result#*\"rdata\":[}" rdlist="${rdlist%%]*}" - rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\") + rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\") _debug3 "rdlist" "$rdlist" if [ -n "$rdlist" ]; then record_op="PUT" @@ -355,10 +355,16 @@ _edgedns_rest() { _edgedns_eg_timestamp() { _eg_timestamp=$(date -u "+%Y%m%dT%H:%M:%S+0000") + _debug3 "_eg_timestamp" "$_eg_timestamp" } _edgedns_new_nonce() { _nonce=$(uuidgen -r) + _ret="$?" + if [ "$_ret" -ne 0 ]; then + _nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32) + fi + _debug3 "_nonce" "$_nonce" } _edgedns_make_auth_header() { From 9801876a2f3d07f2fa7eba0f7e8cc07a09fe7ef4 Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Fri, 28 Aug 2020 09:55:20 -0400 Subject: [PATCH 0026/1526] shfmt fixes --- dnsapi/dns_edgedns.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index f5705ee8..94cf809c 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -361,9 +361,9 @@ _edgedns_eg_timestamp() { _edgedns_new_nonce() { _nonce=$(uuidgen -r) _ret="$?" - if [ "$_ret" -ne 0 ]; then + if [ "$_ret" -ne 0 ]; then _nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32) - fi + fi _debug3 "_nonce" "$_nonce" } From 491842ea3431d645dae2022999a9a953385d3748 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 12 Sep 2020 08:47:46 +0800 Subject: [PATCH 0027/1526] fix https://github.com/acmesh-official/acme.sh/issues/3159 --- dnsapi/dns_ovh.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index dda47dda..f6f9689a 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -248,7 +248,7 @@ _ovh_authentication() { # _domain=domain.com _get_root() { domain=$1 - i=2 + i=1 p=1 while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) From 369cfc24138be9a0fb0c1227d17f4922e6043831 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 12 Sep 2020 14:22:18 +0800 Subject: [PATCH 0028/1526] use testall target --- .github/workflows/DNS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 0f60ace2..0274afcf 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -67,7 +67,7 @@ jobs: - name: Set env file run: cd ../acmetest && echo "${{ secrets.TokenName1 }}" >> env.list && echo "${{ secrets.TokenName2 }}" >> env.list && echo "TEST_DNS_NO_WILDCARD" >> env.list && echo "TEST_DNS_SLEEP" >> env.list - name: Run acmetest - run: cd ../acmetest && ./rundocker.sh _cron + run: cd ../acmetest && ./rundocker.sh testall MacOS: runs-on: macos-latest From 4875ef045af0c2ef1d8f8442a12821df404ca16c Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 13 Sep 2020 00:16:04 +0800 Subject: [PATCH 0029/1526] support more dns tokens --- .github/workflows/DNS.yml | 71 ++++++++++++++++++++++++++++++--------- 1 file changed, 56 insertions(+), 15 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 0274afcf..ae71d594 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -19,13 +19,11 @@ jobs: runs-on: ubuntu-latest outputs: hasToken: ${{ steps.step_one.outputs.hasToken }} - env: - _ACME_CHECK_TOKEN_${{ secrets.TokenName1 }} : ${{ secrets.TokenValue1 }} steps: - name: Set the value id: step_one run: | - if [ "$_ACME_CHECK_TOKEN_${{ secrets.TokenName1}}" ] ; then + if [ "${{secrets.TokenName1}}" ] ; then echo "::set-output name=hasToken::true" else echo "::set-output name=hasToken::false" @@ -50,11 +48,8 @@ jobs: needs: CheckToken if: "contains(needs.CheckToken.outputs.hasToken, 'true')" env: - ${{ secrets.TokenName1 }} : ${{ secrets.TokenValue1 }} - ${{ secrets.TokenName2 }} : ${{ secrets.TokenValue2 }} TEST_DNS : ${{ secrets.TEST_DNS }} TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi @@ -65,7 +60,25 @@ jobs: - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Set env file - run: cd ../acmetest && echo "${{ secrets.TokenName1 }}" >> env.list && echo "${{ secrets.TokenName2 }}" >> env.list && echo "TEST_DNS_NO_WILDCARD" >> env.list && echo "TEST_DNS_SLEEP" >> env.list + run: | + cd ../acmetest + if [ "${{ secrets.TokenName1}}" ] ; then + echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> env.list + fi + if [ "${{ secrets.TokenName2}}" ] ; then + echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> env.list + fi + if [ "${{ secrets.TokenName3}}" ] ; then + echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> env.list + fi + if [ "${{ secrets.TokenName4}}" ] ; then + echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> env.list + fi + if [ "${{ secrets.TokenName5}}" ] ; then + echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> env.list + fi + echo "TEST_DNS_NO_WILDCARD" >> env.list + echo "TEST_DNS_SLEEP" >> env.list - name: Run acmetest run: cd ../acmetest && ./rundocker.sh testall @@ -73,11 +86,8 @@ jobs: runs-on: macos-latest needs: Docker env: - ${{ secrets.TokenName1 }} : ${{ secrets.TokenValue1 }} - ${{ secrets.TokenName2 }} : ${{ secrets.TokenValue2 }} TEST_DNS : ${{ secrets.TEST_DNS }} TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi @@ -90,17 +100,31 @@ jobs: - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest - run: cd ../acmetest && ./letest.sh + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + ./letest.sh Windows: runs-on: windows-latest needs: MacOS env: - ${{ secrets.TokenName1 }} : ${{ secrets.TokenValue1 }} - ${{ secrets.TokenName2 }} : ${{ secrets.TokenValue2 }} TEST_DNS : ${{ secrets.TEST_DNS }} TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi @@ -127,6 +151,23 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest shell: cmd - run: cd ../acmetest && bash.exe -c ./letest.sh + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + set ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + set ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + set ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + set ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + set ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + bash.exe -c ./letest.sh From 69c5291e52c7fe59721e5224f69cab9df12ac41e Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 14 Sep 2020 21:51:21 +0800 Subject: [PATCH 0030/1526] fix for Windows --- .github/workflows/DNS.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index ae71d594..5591b8f1 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -150,24 +150,24 @@ jobs: - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest - shell: cmd + shell: bash run: | if [ "${{ secrets.TokenName1}}" ] ; then - set ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} fi if [ "${{ secrets.TokenName2}}" ] ; then - set ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} fi if [ "${{ secrets.TokenName3}}" ] ; then - set ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} fi if [ "${{ secrets.TokenName4}}" ] ; then - set ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} fi if [ "${{ secrets.TokenName5}}" ] ; then - set ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} fi cd ../acmetest - bash.exe -c ./letest.sh + ./letest.sh From 576a146ed223f06cdf5dcbd3c984a6ae2cfe1873 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 14 Sep 2020 22:22:36 +0800 Subject: [PATCH 0031/1526] add debug info for duckdns --- dnsapi/dns_duckdns.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dnsapi/dns_duckdns.sh b/dnsapi/dns_duckdns.sh index 11b685c0..7c2ecfb2 100755 --- a/dnsapi/dns_duckdns.sh +++ b/dnsapi/dns_duckdns.sh @@ -112,6 +112,9 @@ _duckdns_rest() { param="$2" _debug param "$param" url="$DuckDNS_API?$param" + if [ "$DEBUG" -gt 0 ]; then + url="$url&verbose=true" + fi _debug url "$url" # DuckDNS uses GET to update domain info From 85736d697cf9068fb79fd53fdb67519b24c13b08 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 14 Sep 2020 22:29:23 +0800 Subject: [PATCH 0032/1526] fix debug info --- dnsapi/dns_duckdns.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_duckdns.sh b/dnsapi/dns_duckdns.sh index 7c2ecfb2..f0af2741 100755 --- a/dnsapi/dns_duckdns.sh +++ b/dnsapi/dns_duckdns.sh @@ -120,11 +120,13 @@ _duckdns_rest() { # DuckDNS uses GET to update domain info if [ "$method" = "GET" ]; then response="$(_get "$url")" + _debug2 response "$response" + if [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then + response="OK" + fi else _err "Unsupported method" return 1 fi - - _debug2 response "$response" return 0 } From ea724e343bab76850d8d3f5a76d700af451864b7 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 21 Sep 2020 19:57:10 +0800 Subject: [PATCH 0033/1526] enable for any branches. --- .github/workflows/DNS.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 5591b8f1..3ad9506b 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -1,8 +1,6 @@ name: DNS on: push: - branches: - - 'dev' paths: - 'dnsapi/*.sh' - '.github/workflows/DNS.yml' From 098ef976f7ce3c99052c0984359515ab95fde04e Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 24 Sep 2020 21:37:51 +0800 Subject: [PATCH 0034/1526] add freebsd --- .github/workflows/LetsEncrypt.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 9a0175b5..69ff35ff 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -96,4 +96,20 @@ jobs: shell: cmd run: cd ../acmetest && bash.exe -c ./letest.sh + FreeBSD: + runs-on: macos-latest + needs: Windows + env: + NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} + TEST_LOCAL: 1 + steps: + - uses: actions/checkout@v2 + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/freebsd@main + with: + envs: 'NGROK_TOKEN TEST_LOCAL' + prepare: pkg install -y socat + run: | + cd ../acmetest && ./letest.sh From 182d150eaa0a48b1ebe5b0d1fd13bd175d16eee9 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 24 Sep 2020 22:18:38 +0800 Subject: [PATCH 0035/1526] add curl to freebsd --- .github/workflows/LetsEncrypt.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 69ff35ff..4a8d4336 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -109,7 +109,7 @@ jobs: - uses: vmactions/freebsd@main with: envs: 'NGROK_TOKEN TEST_LOCAL' - prepare: pkg install -y socat + prepare: pkg install -y socat curl run: | cd ../acmetest && ./letest.sh From 27ec69fb97260b180ab919314d8cced1d062a2ab Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 24 Sep 2020 22:57:26 +0800 Subject: [PATCH 0036/1526] add FreeBSD --- .github/workflows/DNS.yml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 3ad9506b..fd9a98b3 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -168,4 +168,42 @@ jobs: cd ../acmetest ./letest.sh + FreeBSD: + runs-on: macos-latest + needs: Windows + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: 1 + steps: + - uses: actions/checkout@v2 + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/freebsd@main + with: + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + prepare: pkg install -y socat curl + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + ./letest.sh + From 7616e94fd313025cc6c0386ee0997b1e1981cd76 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 28 Sep 2020 21:50:20 +0800 Subject: [PATCH 0037/1526] fix message --- .github/workflows/DNS.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index fd9a98b3..191ae8c9 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -36,10 +36,10 @@ jobs: steps: - name: "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" run: | - echo "Plese see this page to fix the error: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" - - name: Fail - if: "github.actor != 'Neilpang'" - run: false + echo "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" + if [ "${{github.actor}}" != "Neilpang" ]; then + false + fi Docker: runs-on: ubuntu-latest From 967096f01ce2daa819ae082c2d9fba098af8a752 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 2 Oct 2020 16:17:16 +0800 Subject: [PATCH 0038/1526] update freebsd-vm --- .github/workflows/DNS.yml | 2 +- .github/workflows/LetsEncrypt.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 191ae8c9..1c0165c0 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -183,7 +183,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd@main + - uses: vmactions/freebsd-vm@v0.0.4 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 4a8d4336..ba5e933d 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -106,7 +106,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd@main + - uses: vmactions/freebsd-vm@v0.0.4 with: envs: 'NGROK_TOKEN TEST_LOCAL' prepare: pkg install -y socat curl From 71f00a9efd5d458b03a96a98f5718bd9d12899b3 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 2 Oct 2020 16:20:27 +0800 Subject: [PATCH 0039/1526] minor --- .github/workflows/DNS.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 1c0165c0..976aff56 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -206,4 +206,5 @@ jobs: cd ../acmetest ./letest.sh + From a160b798cac43e8cc7cda355b3ef5e58b9e56b28 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 2 Oct 2020 17:11:04 +0800 Subject: [PATCH 0040/1526] update badge --- README.md | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 953c44a5..6fb88daf 100644 --- a/README.md +++ b/README.md @@ -57,26 +57,26 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) | NO | Status| Platform| |----|-------|---------| -|1|[![](https://acmesh-official.github.io/acmetest/status/ubuntu-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)| Ubuntu -|2|[![](https://acmesh-official.github.io/acmetest/status/debian-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)| Debian -|3|[![](https://acmesh-official.github.io/acmetest/status/centos-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|CentOS -|4|[![](https://acmesh-official.github.io/acmetest/status/windows-cygwin.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Windows (cygwin with curl, openssl and crontab included) -|5|[![](https://acmesh-official.github.io/acmetest/status/freebsd.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|FreeBSD -|6|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|pfsense -|7|[![](https://acmesh-official.github.io/acmetest/status/opensuse-leap-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|openSUSE -|8|[![](https://acmesh-official.github.io/acmetest/status/alpine-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Alpine Linux (with curl) -|9|[![](https://acmesh-official.github.io/acmetest/status/archlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Archlinux -|10|[![](https://acmesh-official.github.io/acmetest/status/fedora-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|fedora -|11|[![](https://acmesh-official.github.io/acmetest/status/kalilinux-kali.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Kali Linux -|12|[![](https://acmesh-official.github.io/acmetest/status/oraclelinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Oracle Linux -|13|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) -|14|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 -|15|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|OpenBSD -|16|[![](https://acmesh-official.github.io/acmetest/status/mageia.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Mageia -|17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) -|18|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|SunOS/Solaris -|19|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Gentoo Linux -|20|[![Build Status](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Mac OSX +|1|[![MacOS](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Mac OSX +|2|[![Windows](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Windows (cygwin with curl, openssl and crontab included) +|3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|FreeBSD +|4|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|pfsense +|5|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|OpenBSD +|6|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|SunOS/Solaris +|7|[![](https://acmesh-official.github.io/acmetest/status/ubuntu-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)| Ubuntu +|8|[![](https://acmesh-official.github.io/acmetest/status/debian-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)| Debian +|9|[![](https://acmesh-official.github.io/acmetest/status/centos-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|CentOS +|10|[![](https://acmesh-official.github.io/acmetest/status/opensuse-leap-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|openSUSE +|11|[![](https://acmesh-official.github.io/acmetest/status/alpine-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Alpine Linux (with curl) +|12|[![](https://acmesh-official.github.io/acmetest/status/archlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Archlinux +|13|[![](https://acmesh-official.github.io/acmetest/status/fedora-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|fedora +|14|[![](https://acmesh-official.github.io/acmetest/status/kalilinux-kali.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Kali Linux +|15|[![](https://acmesh-official.github.io/acmetest/status/oraclelinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Oracle Linux +|16|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) +|17|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 +|18|[![](https://acmesh-official.github.io/acmetest/status/mageia.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Mageia +|19|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) +|20|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Gentoo Linux |21|[![](https://acmesh-official.github.io/acmetest/status/clearlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|ClearLinux For all build statuses, check our [weekly build project](https://github.com/acmesh-official/acmetest): From 13c1f4ab19c1f2ff6f9f8335425de8d18861ad45 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 2 Oct 2020 17:17:31 +0800 Subject: [PATCH 0041/1526] update badge --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 6fb88daf..7215785c 100644 --- a/README.md +++ b/README.md @@ -60,10 +60,10 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |1|[![MacOS](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Mac OSX |2|[![Windows](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Windows (cygwin with curl, openssl and crontab included) |3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|FreeBSD -|4|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|pfsense -|5|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|OpenBSD -|6|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|SunOS/Solaris -|7|[![](https://acmesh-official.github.io/acmetest/status/ubuntu-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)| Ubuntu +|4|[![Ubuntu](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)| Ubuntu +|5|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|pfsense +|6|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|OpenBSD +|7|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|SunOS/Solaris |8|[![](https://acmesh-official.github.io/acmetest/status/debian-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)| Debian |9|[![](https://acmesh-official.github.io/acmetest/status/centos-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|CentOS |10|[![](https://acmesh-official.github.io/acmetest/status/opensuse-leap-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|openSUSE From 2340c55d762269c06cae13f310649c758d739729 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 9 Oct 2020 22:33:21 +0800 Subject: [PATCH 0042/1526] update freebsd --- .github/workflows/DNS.yml | 3 ++- .github/workflows/LetsEncrypt.yml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 976aff56..b06db229 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -183,10 +183,11 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.0.4 + - uses: vmactions/freebsd-vm@v0.0.5 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl + usesh: true run: | if [ "${{ secrets.TokenName1}}" ] ; then export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index ba5e933d..d71f3ac1 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -106,10 +106,11 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.0.4 + - uses: vmactions/freebsd-vm@v0.0.5 with: envs: 'NGROK_TOKEN TEST_LOCAL' prepare: pkg install -y socat curl + usesh: true run: | cd ../acmetest && ./letest.sh From 25468f55ffbca9a78330221404571786f9f229a5 Mon Sep 17 00:00:00 2001 From: Rene Luria Date: Mon, 21 Sep 2020 14:17:23 +0200 Subject: [PATCH 0043/1526] Added dnsapi/dns_infomaniak.sh --- dnsapi/dns_infomaniak.sh | 199 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 199 insertions(+) create mode 100755 dnsapi/dns_infomaniak.sh diff --git a/dnsapi/dns_infomaniak.sh b/dnsapi/dns_infomaniak.sh new file mode 100755 index 00000000..e2328a36 --- /dev/null +++ b/dnsapi/dns_infomaniak.sh @@ -0,0 +1,199 @@ +#!/usr/bin/env sh + +############################################################################### +# Infomaniak API integration +# +# To use this API you need visit the API dashboard of your account +# once logged into https://manager.infomaniak.com add /api/dashboard to the URL +# +# Please report bugs to +# https://github.com/acmesh-official/acme.sh/issues/3188 +# +# Note: the URL looks like this: +# https://manager.infomaniak.com/v3//api/dashboard +# Then generate a token with the scope Domain +# this is given as an environment variable INFOMANIAK_API_TOKEN +############################################################################### + +# base variables + +DEFAULT_INFOMANIAK_API_URL="https://api.infomaniak.com" +DEFAULT_INFOMANIAK_TTL=300 + +######## Public functions ##################### + +#Usage: dns_infomaniak_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_infomaniak_add() { + + INFOMANIAK_API_TOKEN="${INFOMANIAK_API_TOKEN:-$(_readaccountconf_mutable INFOMANIAK_API_TOKEN)}" + INFOMANIAK_API_URL="${INFOMANIAK_API_URL:-$(_readaccountconf_mutable INFOMANIAK_API_URL)}" + INFOMANIAK_TTL="${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}" + + if [ -z "$INFOMANIAK_API_TOKEN" ]; then + INFOMANIAK_API_TOKEN="" + _err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN" + return 1 + fi + + if [ -z "$INFOMANIAK_API_URL" ]; then + INFOMANIAK_API_URL="$DEFAULT_INFOMANIAK_API_URL" + fi + + if [ -z "$INFOMANIAK_TTL" ]; then + INFOMANIAK_TTL="$DEFAULT_INFOMANIAK_TTL" + fi + + #save the token to the account conf file. + _saveaccountconf_mutable INFOMANIAK_API_TOKEN "$INFOMANIAK_API_TOKEN" + + if [ "$INFOMANIAK_API_URL" != "$DEFAULT_INFOMANIAK_API_URL" ]; then + _saveaccountconf_mutable INFOMANIAK_API_URL "$INFOMANIAK_API_URL" + fi + + if [ "$INFOMANIAK_TTL" != "$DEFAULT_INFOMANIAK_TTL" ]; then + _saveaccountconf_mutable INFOMANIAK_TTL "$INFOMANIAK_TTL" + fi + + export _H1="Authorization: Bearer $INFOMANIAK_API_TOKEN" + export _H2="Content-Type: application/json" + + fulldomain="$1" + txtvalue="$2" + + _info "Infomaniak DNS API" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + fqdn=${fulldomain#_acme-challenge.} + + # guess which base domain to add record to + zone_and_id=$(_find_zone "$fqdn") + if [ -z "$zone_and_id" ]; then + _err "cannot find zone to modify" + return 1 + fi + zone=${zone_and_id% *} + domain_id=${zone_and_id#* } + + # extract first part of domain + key=${fulldomain%.$zone} + + _debug "zone:$zone id:$domain_id key:$key" + + # payload + data="{\"type\": \"TXT\", \"source\": \"$key\", \"target\": \"$txtvalue\", \"ttl\": $INFOMANIAK_TTL}" + + # API call + response=$(_post "$data" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record") + if [ -n "$response" ] && echo "$response" | grep -qF '"result":"success"'; then + _info "Record added" + _debug "Response: $response" + return 0 + fi + _err "could not create record" + _debug "Response: $response" + return 1 +} + +#Usage: fulldomain txtvalue +#Remove the txt record after validation. +dns_infomaniak_rm() { + + INFOMANIAK_API_TOKEN="${INFOMANIAK_API_TOKEN:-$(_readaccountconf_mutable INFOMANIAK_API_TOKEN)}" + INFOMANIAK_API_URL="${INFOMANIAK_API_URL:-$(_readaccountconf_mutable INFOMANIAK_API_URL)}" + INFOMANIAK_TTL="${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}" + + if [ -z "$INFOMANIAK_API_TOKEN" ]; then + INFOMANIAK_API_TOKEN="" + _err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN" + return 1 + fi + + if [ -z "$INFOMANIAK_API_URL" ]; then + INFOMANIAK_API_URL="$DEFAULT_INFOMANIAK_API_URL" + fi + + if [ -z "$INFOMANIAK_TTL" ]; then + INFOMANIAK_TTL="$DEFAULT_INFOMANIAK_TTL" + fi + + #save the token to the account conf file. + _saveaccountconf_mutable INFOMANIAK_API_TOKEN "$INFOMANIAK_API_TOKEN" + + if [ "$INFOMANIAK_API_URL" != "$DEFAULT_INFOMANIAK_API_URL" ]; then + _saveaccountconf_mutable INFOMANIAK_API_URL "$INFOMANIAK_API_URL" + fi + + if [ "$INFOMANIAK_TTL" != "$DEFAULT_INFOMANIAK_TTL" ]; then + _saveaccountconf_mutable INFOMANIAK_TTL "$INFOMANIAK_TTL" + fi + + export _H1="Authorization: Bearer $INFOMANIAK_API_TOKEN" + export _H2="ContentType: application/json" + + fulldomain=$1 + txtvalue=$2 + _info "Infomaniak DNS API" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + fqdn=${fulldomain#_acme-challenge.} + + # guess which base domain to add record to + zone_and_id=$(_find_zone "$fqdn") + if [ -z "$zone_and_id" ]; then + _err "cannot find zone to modify" + return 1 + fi + zone=${zone_and_id% *} + domain_id=${zone_and_id#* } + + # extract first part of domain + key=${fulldomain%.$zone} + + _debug "zone:$zone id:$domain_id key:$key" + + # find previous record + # shellcheck disable=SC1004 + record_id=$(_get "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record" | sed 's/.*"data":\[\(.*\)\]}/\1/; s/},{/}\ +{/g' | sed -n 's/.*"id":"*\([0-9]*\)"*.*"source_idn":"'"$fulldomain"'".*"target_idn":"'"$txtvalue"'".*/\1/p') + if [ -z "$record_id" ]; then + _err "could not find record to delete" + return 1 + fi + _debug "record_id: $record_id" + + # API call + response=$(_post "" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record/$record_id" "" DELETE) + if [ -n "$response" ] && echo "$response" | grep -qF '"result":"success"'; then + _info "Record deleted" + return 0 + fi + _err "could not delete record" + return 1 +} + +#################### Private functions below ################################## + +_get_domain_id() { + domain="$1" + + # shellcheck disable=SC1004 + _get "${INFOMANIAK_API_URL}/1/product?service_name=domain&customer_name=$domain" | sed 's/.*"data":\[{\(.*\)}\]}/\1/; s/,/\ +/g' | sed -n 's/^"id":\(.*\)/\1/p' +} + +_find_zone() { + zone="$1" + + # find domain in list, removing . parts sequentialy + while echo "$zone" | grep -q '\.'; do + _debug "testing $zone" + id=$(_get_domain_id "$zone") + if [ -n "$id" ]; then + echo "$zone $id" + return + fi + zone=${zone#*.} + done +} From 15fa0c264f7cfd8bc9542ec18a1c7cb407e7404e Mon Sep 17 00:00:00 2001 From: Rene Luria Date: Fri, 2 Oct 2020 12:47:33 +0200 Subject: [PATCH 0044/1526] dnsapi/dns_infomaniak.sh: Replace grep by _contains --- dnsapi/dns_infomaniak.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_infomaniak.sh b/dnsapi/dns_infomaniak.sh index e2328a36..765cf39d 100755 --- a/dnsapi/dns_infomaniak.sh +++ b/dnsapi/dns_infomaniak.sh @@ -85,7 +85,7 @@ dns_infomaniak_add() { # API call response=$(_post "$data" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record") - if [ -n "$response" ] && echo "$response" | grep -qF '"result":"success"'; then + if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then _info "Record added" _debug "Response: $response" return 0 @@ -165,7 +165,7 @@ dns_infomaniak_rm() { # API call response=$(_post "" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record/$record_id" "" DELETE) - if [ -n "$response" ] && echo "$response" | grep -qF '"result":"success"'; then + if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then _info "Record deleted" return 0 fi @@ -187,7 +187,7 @@ _find_zone() { zone="$1" # find domain in list, removing . parts sequentialy - while echo "$zone" | grep -q '\.'; do + while _contains "$zone" '\.'; do _debug "testing $zone" id=$(_get_domain_id "$zone") if [ -n "$id" ]; then From c6617ebc9faf47e08ee21f23dee9ce839974af27 Mon Sep 17 00:00:00 2001 From: Rene Luria Date: Thu, 8 Oct 2020 23:42:05 +0200 Subject: [PATCH 0045/1526] Fix DNS workflow use variables TEST_DNS_SLEEP and TEST_DNS_NO_WILDCARD --- .github/workflows/DNS.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index b06db229..1909cb03 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -75,8 +75,8 @@ jobs: if [ "${{ secrets.TokenName5}}" ] ; then echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> env.list fi - echo "TEST_DNS_NO_WILDCARD" >> env.list - echo "TEST_DNS_SLEEP" >> env.list + echo "TEST_DNS_NO_WILDCARD=$TEST_DNS_NO_WILDCARD" >> env.list + echo "TEST_DNS_SLEEP=$TEST_DNS_SLEEP" >> env.list - name: Run acmetest run: cd ../acmetest && ./rundocker.sh testall From ff8fe7e01857afd3c18d94e4a529ddefac85da4e Mon Sep 17 00:00:00 2001 From: Rene Luria Date: Sat, 10 Oct 2020 18:20:26 +0200 Subject: [PATCH 0046/1526] Revert "Fix DNS workflow use variables TEST_DNS_SLEEP and TEST_DNS_NO_WILDCARD" This reverts commit f864416e39753b66f26d8d3fa19cbb094493731a. --- .github/workflows/DNS.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 1909cb03..b06db229 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -75,8 +75,8 @@ jobs: if [ "${{ secrets.TokenName5}}" ] ; then echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> env.list fi - echo "TEST_DNS_NO_WILDCARD=$TEST_DNS_NO_WILDCARD" >> env.list - echo "TEST_DNS_SLEEP=$TEST_DNS_SLEEP" >> env.list + echo "TEST_DNS_NO_WILDCARD" >> env.list + echo "TEST_DNS_SLEEP" >> env.list - name: Run acmetest run: cd ../acmetest && ./rundocker.sh testall From 5aff548794a9569a38a439014cc36073c0ff38b8 Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Wed, 14 Oct 2020 14:49:09 -0400 Subject: [PATCH 0047/1526] remove uuidgen --- dnsapi/dns_edgedns.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 94cf809c..89e77936 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -359,11 +359,7 @@ _edgedns_eg_timestamp() { } _edgedns_new_nonce() { - _nonce=$(uuidgen -r) - _ret="$?" - if [ "$_ret" -ne 0 ]; then - _nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32) - fi + _nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32) _debug3 "_nonce" "$_nonce" } From 054a62de6073492457bf35e406f743d2c1eb5477 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 16 Oct 2020 18:47:02 +0800 Subject: [PATCH 0048/1526] Update DNS.yml --- .github/workflows/DNS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index b06db229..25d92137 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -183,7 +183,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.0.5 + - uses: vmactions/freebsd-vm@v0.0.7 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl From 23088bc89778d48b183a9c26789b4d4f4ee53b4c Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 16 Oct 2020 18:47:27 +0800 Subject: [PATCH 0049/1526] Update LetsEncrypt.yml --- .github/workflows/LetsEncrypt.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index d71f3ac1..39e91161 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -106,7 +106,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.0.5 + - uses: vmactions/freebsd-vm@v0.0.7 with: envs: 'NGROK_TOKEN TEST_LOCAL' prepare: pkg install -y socat curl From 9ab16bdbb36462db2b63b0a2362369e1d1f5e91b Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Fri, 16 Oct 2020 10:16:25 -0400 Subject: [PATCH 0050/1526] use _digest instead of openssl --- dnsapi/dns_edgedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 89e77936..7ab448d2 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -440,7 +440,7 @@ _edgedns_base64_sha256() { _debug2 "Creating sha256 digest" trg=$1 _secure_debug2 "digest data" "$trg" - digest="$(echo "$trg" | tr -d "\n\r" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -binary | _base64)" + digest="$(echo "$trg" | tr -d "\n\r" | _digest "sha256")" _sha256_out="$(echo "$digest" | tr -d "\n\r" | iconv -f utf-8)" _secure_debug2 "digest decode" "$_sha256_out" } From 6b20993d2a54b30642ef4987a0370307c4d6dfd4 Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Fri, 16 Oct 2020 10:32:01 -0400 Subject: [PATCH 0051/1526] fix format --- dnsapi/dns_edgedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 7ab448d2..05c8e886 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -440,7 +440,7 @@ _edgedns_base64_sha256() { _debug2 "Creating sha256 digest" trg=$1 _secure_debug2 "digest data" "$trg" - digest="$(echo "$trg" | tr -d "\n\r" | _digest "sha256")" + digest="$(echo "$trg" | tr -d "\n\r" | _digest "sha256")" _sha256_out="$(echo "$digest" | tr -d "\n\r" | iconv -f utf-8)" _secure_debug2 "digest decode" "$_sha256_out" } From 27a54bcbaa666da69eea8256d73fe6ce4648ba64 Mon Sep 17 00:00:00 2001 From: Adrian Fedoreanu Date: Mon, 19 Oct 2020 20:45:52 +0200 Subject: [PATCH 0052/1526] fix dnsapi/dns_1984hosting --- dnsapi/dns_1984hosting.sh | 84 +++++++++++++++------------------------ 1 file changed, 33 insertions(+), 51 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index bcb675ab..d720c1c5 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -40,8 +40,35 @@ dns_1984hosting_add() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - _1984hosting_add_txt_record "$_domain" "$_sub_domain" "$txtvalue" - return $? + _debug "Add TXT record $fulldomain with value '$txtvalue'" + value="$(printf '%s' "$txtvalue" | _url_encode)" + url="https://management.1984hosting.com/domains/entry/" + + postdata="entry=new" + postdata="$postdata&type=TXT" + postdata="$postdata&ttl=3600" + postdata="$postdata&zone=$_domain" + postdata="$postdata&host=$_sub_domain" + postdata="$postdata&rdata=%22$value%22" + _debug2 postdata "$postdata" + + _authpost "$postdata" "$url" + response="$(echo "$_response" | _normalizeJson)" + _debug2 response "$response" + + if _contains "$response" '"haserrors": true'; then + _err "1984Hosting failed to add TXT record for $_sub_domain bad RC from _post" + return 1 + elif _contains "$response" ""; then + _err "1984Hosting failed to add TXT record for $_sub_domain. Check $HTTP_HEADER file" + return 1 + elif _contains "$response" '"auth": false'; then + _err "1984Hosting failed to add TXT record for $_sub_domain. Invalid or expired cookie" + return 1 + fi + + _info "Added acme challenge TXT record for $fulldomain at 1984Hosting" + return 0 } #Usage: fulldomain txtvalue @@ -67,57 +94,10 @@ dns_1984hosting_rm() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - _1984hosting_delete_txt_record "$_domain" "$_sub_domain" - return $? -} - -#################### Private functions below ################################## - -# usage _1984hosting_add_txt_record domain subdomain value -# returns 0 success -_1984hosting_add_txt_record() { - _debug "Add TXT record $1 with value '$3'" - domain="$1" - subdomain="$2" - value="$(printf '%s' "$3" | _url_encode)" - url="https://management.1984hosting.com/domains/entry/" - - postdata="entry=new" - postdata="$postdata&type=TXT" - postdata="$postdata&ttl=3600" - postdata="$postdata&zone=$domain" - postdata="$postdata&host=$subdomain" - postdata="$postdata&rdata=%22$value%22" - _debug2 postdata "$postdata" - - _authpost "$postdata" "$url" - response="$(echo "$_response" | _normalizeJson)" - _debug2 response "$response" - - if _contains "$response" '"haserrors": true'; then - _err "1984Hosting failed to add TXT record for $subdomain bad RC from _post" - return 1 - elif _contains "$response" ""; then - _err "1984Hosting failed to add TXT record for $subdomain. Check $HTTP_HEADER file" - return 1 - elif _contains "$response" '"auth": false'; then - _err "1984Hosting failed to add TXT record for $subdomain. Invalid or expired cookie" - return 1 - fi - - _info "Added acme challenge TXT record for $fulldomain at 1984Hosting" - return 0 -} - -# usage _1984hosting_delete_txt_record entry_id -# returns 0 success -_1984hosting_delete_txt_record() { _debug "Delete $fulldomain TXT record" - domain="$1" - subdomain="$2" url="https://management.1984hosting.com/domains" - _htmlget "$url" "$domain" + _htmlget "$url" "$_domain" _debug2 _response "$_response" zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')" _debug2 zone_id "$zone_id" @@ -126,7 +106,7 @@ _1984hosting_delete_txt_record() { return 1 fi - _htmlget "$url/$zone_id" "$subdomain" + _htmlget "$url/$zone_id" "$_sub_domain" _debug2 _response "$_response" entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')" _debug2 entry_id "$entry_id" @@ -148,6 +128,8 @@ _1984hosting_delete_txt_record() { return 0 } +#################### Private functions below ################################## + # usage: _1984hosting_login username password # returns 0 success _1984hosting_login() { From b025ed60579e194140a75062e8bb6ef5d42b6c00 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 21 Oct 2020 15:00:33 +0800 Subject: [PATCH 0053/1526] Update LetsEncrypt.yml --- .github/workflows/LetsEncrypt.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 39e91161..5f0bba72 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -58,7 +58,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: Install tools - run: brew update && brew install socat; + run: brew install socat - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest From 1db963361c4b832c048b8d85fe302d37b5d41cec Mon Sep 17 00:00:00 2001 From: Jan-Philipp Benecke Date: Wed, 28 Oct 2020 13:50:40 +0100 Subject: [PATCH 0054/1526] Rework based on review from Neilpang --- deploy/cleverreach.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/deploy/cleverreach.sh b/deploy/cleverreach.sh index 0fa07f4a..552d8149 100644 --- a/deploy/cleverreach.sh +++ b/deploy/cleverreach.sh @@ -2,8 +2,6 @@ # Here is the script to deploy the cert to your CleverReach Account using the CleverReach REST API. # Your OAuth needs the right scope, please contact CleverReach support for that. # -# It requires that jq are in the $PATH. -# # Written by Jan-Philipp Benecke # Public domain, 2020 # @@ -25,30 +23,32 @@ cleverreach_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - _cleverreach_client_id="${DEPLOY_CLEVERREACH_CLIENT_ID}" - _cleverreach_client_secret="${DEPLOY_CLEVERREACH_CLIENT_SECRET}" + _getdeployconf DEPLOY_CLEVERREACH_CLIENT_ID + _getdeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET - if [ -z "$_cleverreach_client_id" ]; then + if [ -z "${DEPLOY_CLEVERREACH_CLIENT_ID}" ]; then _err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID." return 1 fi - if [ -z "$_cleverreach_client_secret" ]; then + if [ -z "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" ]; then _err "CleverReach client secret is not found, please define DEPLOY_CLEVERREACH_CLIENT_SECRET." return 1 fi - _saveaccountconf DEPLOY_CLEVERREACH_CLIENT_ID "${_cleverreach_client_id}" - _saveaccountconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${_cleverreach_client_secret}" + _savedeployconf DEPLOY_CLEVERREACH_CLIENT_ID "${DEPLOY_CLEVERREACH_CLIENT_ID}" + _savedeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" _info "Obtaining a CleverReach access token" - _data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${_cleverreach_client_id}\", \"client_secret\": \"${_cleverreach_client_secret}\"}" + _data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${DEPLOY_CLEVERREACH_CLIENT_ID}\", \"client_secret\": \"${DEPLOY_CLEVERREACH_CLIENT_SECRET}\"}" _auth_result="$(_post "$_data" "https://rest.cleverreach.com/oauth/token.php" "" "POST" "application/json")" _debug _data "$_data" _debug _auth_result "$_auth_result" - _access_token=$(echo "$_auth_result" | _json_decode | jq -r .access_token) + _regex=".*\"access_token\":\"\([-._0-9A-Za-z]*\)\".*$" + _debug _regex "$_regex" + _access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p") _info "Uploading certificate and key to CleverReach" From aa85d0ffeba66fd438a2f1d5312b919e731cb8be Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Wed, 28 Oct 2020 09:05:14 -0400 Subject: [PATCH 0055/1526] trigger commit --- dnsapi/dns_edgedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 05c8e886..1b3996cf 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -8,7 +8,7 @@ # Values to export: # --EITHER-- -# *** NOT IMPLEMENTED YET *** +# *** TBD. NOT IMPLEMENTED YET *** # specify Edgegrid credentials file and section # AKAMAI_EDGERC= # AKAMAI_EDGERC_SECTION="default" From df60a2248a6ce4f1f3c7675be0305feb3b88cf7d Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Wed, 28 Oct 2020 15:20:24 -0400 Subject: [PATCH 0056/1526] fix typo --- dnsapi/dns_edgedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 1b3996cf..8ed6e5d2 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -242,7 +242,7 @@ _EDGEDNS_getZoneInfo() { _err "$(printf "Fatal error: acme API function call : %s" "$retVal")" fi if [ "$curResult" != "404" ]; then - err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")" + _err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")" return 1 fi fi From cc40110d7e339fe2d314776142266bda7d870ba5 Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Fri, 30 Oct 2020 13:12:45 -0400 Subject: [PATCH 0057/1526] refactored sig timestamp generation --- dnsapi/dns_edgedns.sh | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 8ed6e5d2..7c47cc0b 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -41,6 +41,7 @@ dns_edgedns_add() { _err "Invalid domain" return 1 fi + _debug2 "Add: zone" "$zone" acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "$edge_endpoint" "$zone" "$fulldomain") _debug3 "Add URL" "$acmeRecordURI" @@ -354,19 +355,31 @@ _edgedns_rest() { } _edgedns_eg_timestamp() { - _eg_timestamp=$(date -u "+%Y%m%dT%H:%M:%S+0000") - _debug3 "_eg_timestamp" "$_eg_timestamp" + _debug "Generating signature Timestamp" + _debug3 "Retriving ntp time" + _timeheaders="$(_get "https://www.ntp.org" "onlyheader")" + _debug3 "_timeheaders" "$_timeheaders" + _ntpdate="$(echo "$_timeheaders" | grep -i "Date:" | _head_n 1 | cut -d ':' -f 2- | tr -d "\r\n")" + _debug3 "_ntpdate" "$_ntpdate" + _ntpdate="$(echo "${_ntpdate}" | sed -e 's/^[[:space:]]*//')" + _debug3 "_NTPDATE" "$_ntpdate" + _ntptime="$(echo "${_ntpdate}" | _head_n 1 | cut -d " " -f 5 | tr -d "\r\n")" + _debug3 "_ntptime" "$_ntptime" + _eg_timestamp=$(date -u "+%Y%m%dT") + _eg_timestamp="$(printf "%s%s+0000" "$_eg_timestamp" "$_ntptime")" + _debug "_eg_timestamp" "$_eg_timestamp" } _edgedns_new_nonce() { + _debug "Generating Nonce" _nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32) _debug3 "_nonce" "$_nonce" } _edgedns_make_auth_header() { _debug "Constructing Auth Header" - _edgedns_eg_timestamp _edgedns_new_nonce + _edgedns_eg_timestamp # "Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'" _auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "$AKAMAI_CLIENT_TOKEN" "$AKAMAI_ACCESS_TOKEN" "$_eg_timestamp" "$_nonce")" _secure_debug2 "Unsigned Auth Header: " "$_auth_header" From 7530266330afcf09f2cebfc8b8775dec5dbe8f03 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 9 Nov 2020 20:14:22 +0800 Subject: [PATCH 0058/1526] remove dependency to md5 and awk --- deploy/fritzbox.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/fritzbox.sh b/deploy/fritzbox.sh index 21ea6cfd..89b19806 100644 --- a/deploy/fritzbox.sh +++ b/deploy/fritzbox.sh @@ -64,9 +64,9 @@ fritzbox_deploy() { _info "Log in to the FRITZ!Box" _fritzbox_challenge="$(_get "${_fritzbox_url}/login_sid.lua" | sed -e 's/^.*//' -e 's/<\/Challenge>.*$//')" if _exists iconv; then - _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | iconv -f ASCII -t UTF16LE | md5sum | awk '{print $1}')" + _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | iconv -f ASCII -t UTF16LE | _digest md5 hex)" else - _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | md5sum | awk '{print $1}')" + _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | _digest md5 hex)" fi _fritzbox_sid="$(_get "${_fritzbox_url}/login_sid.lua?sid=0000000000000000&username=${_fritzbox_username}&response=${_fritzbox_challenge}-${_fritzbox_hash}" | sed -e 's/^.*//' -e 's/<\/SID>.*$//')" From d866b3df1f1342794e428975e489a7a942ab6941 Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Mon, 9 Nov 2020 10:16:57 -0500 Subject: [PATCH 0059/1526] convert key to hex before calling _hmac --- dnsapi/dns_edgedns.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 7c47cc0b..3b9e0032 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -443,7 +443,9 @@ _edgedns_base64_hmac_sha256() { _secure_debug2 "encoded data" "$encoded_data" _secure_debug2 "encoded key" "$encoded_key" - data_sig="$(echo "$encoded_data" | tr -d "\n\r" | ${ACME_OPENSSL_BIN:-openssl} dgst -sha256 -hmac "$encoded_key" -binary | _base64)" + encoded_key_hex=$(printf "%s" "$encoded_key" | _hex_dump | tr -d ' ') + data_sig="$(echo "$encoded_data" | tr -d "\n\r" | _hmac sha256 $encoded_key_hex | _base64)" + _secure_debug2 "data_sig:" "$data_sig" _hmac_out="$(echo "$data_sig" | tr -d "\n\r" | iconv -f utf-8)" _secure_debug2 "hmac" "$_hmac_out" From c490dd1563d9d069221a0bcf946722cb9a5038a0 Mon Sep 17 00:00:00 2001 From: Ed Lynes Date: Mon, 9 Nov 2020 10:36:12 -0500 Subject: [PATCH 0060/1526] add quotes to resolve shell check failure --- dnsapi/dns_edgedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 3b9e0032..2e5c7d30 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -444,7 +444,7 @@ _edgedns_base64_hmac_sha256() { _secure_debug2 "encoded key" "$encoded_key" encoded_key_hex=$(printf "%s" "$encoded_key" | _hex_dump | tr -d ' ') - data_sig="$(echo "$encoded_data" | tr -d "\n\r" | _hmac sha256 $encoded_key_hex | _base64)" + data_sig="$(echo "$encoded_data" | tr -d "\n\r" | _hmac sha256 "$encoded_key_hex" | _base64)" _secure_debug2 "data_sig:" "$data_sig" _hmac_out="$(echo "$data_sig" | tr -d "\n\r" | iconv -f utf-8)" From a077132d825e6176add7b87f3abf66f81fe48b7f Mon Sep 17 00:00:00 2001 From: tsoybe <51762970+tsoybe@users.noreply.github.com> Date: Thu, 12 Nov 2020 22:04:05 +0100 Subject: [PATCH 0061/1526] Update dns_desec.sh ttl must be greater than or equal 3600, see https://desec.readthedocs.io/en/latest/dns/domains.html#domain-object --- dnsapi/dns_desec.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_desec.sh b/dnsapi/dns_desec.sh index 61d080bd..a2e4d887 100644 --- a/dnsapi/dns_desec.sh +++ b/dnsapi/dns_desec.sh @@ -61,7 +61,7 @@ dns_desec_add() { fi _debug txtvalues "$txtvalues" _info "Adding record" - body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":60}]" + body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":3600}]" if _desec_rest PUT "$REST_API/$DEDYN_NAME/rrsets/" "$body"; then if _contains "$response" "$txtvalue"; then From 7dfc5a78bae3f4da640c3cb53b3eedd588c04837 Mon Sep 17 00:00:00 2001 From: tsoybe <51762970+tsoybe@users.noreply.github.com> Date: Thu, 12 Nov 2020 22:09:31 +0100 Subject: [PATCH 0062/1526] Update dns_desec.sh Deletion to --- dnsapi/dns_desec.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_desec.sh b/dnsapi/dns_desec.sh index a2e4d887..f64660a8 100644 --- a/dnsapi/dns_desec.sh +++ b/dnsapi/dns_desec.sh @@ -130,7 +130,7 @@ dns_desec_rm() { _debug txtvalues "$txtvalues" _info "Deleting record" - body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":60}]" + body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":3600}]" _desec_rest PUT "$REST_API/$DEDYN_NAME/rrsets/" "$body" if [ "$_code" = "200" ]; then _info "Deleted, OK" From b19cb0805cfe72aec1cea8b1f4fc9e5921cf0d4e Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Tue, 17 Nov 2020 13:19:55 +0100 Subject: [PATCH 0063/1526] Adds dnsapi support for Simply.com --- dnsapi/dns_simply.sh | 240 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 240 insertions(+) create mode 100644 dnsapi/dns_simply.sh diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh new file mode 100644 index 00000000..25dd9ff3 --- /dev/null +++ b/dnsapi/dns_simply.sh @@ -0,0 +1,240 @@ +#!/usr/bin/env sh + +# +#SIMPLY_AccountName="accountname" +# +#SIMPLY_ApiKey="apikey" +# +#SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" + +SIMPLY_Api="https://api.simply.com/1" +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_simply_add() { + fulldomain=$1 + txtvalue=$2 + + if ! _simply_load_config; then + return 1 + fi + + _simply_save_config + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _info "Adding record" + + if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then + _err "Could not add DNS record" + return 1 + fi + + return 0 +} + +dns_simply_rm() { + fulldomain=$1 + txtvalue=$2 + + if ! _simply_load_config; then + return 1 + fi + + _simply_save_config + + _debug "First detect the root zone" + + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + _debug "$txtvalue" + + _debug "Getting existing records" + + if ! _simply_get_all_records "$_domain"; then + _err "invalid domain" + return 1 + fi + + records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/') + record_array=(`echo $records |tr -d ' ' | tr ';' ' '`) + nr_of_deleted_records=0 + + for (( i=0; i<=${#record_array[@]}; i++ )); do + + record="${record_array[$i]}" + + if [[ "$record" == *"$txtvalue"* && "$record" == *"TXT"* ]]; then + + _info "Deleting record: $record" + + record_id=`echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2` + + if [[ $record_id -gt 0 ]]; then + + if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then + _err "Record with id $record_id could not be deleted" + return 1 + fi + + nr_of_deleted_records=1 + break + else + _err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record" + break + fi + fi + + done + + if [[ $nr_of_deleted_records -eq 0 ]]; then + _err "No record deleted, the DNS record needs to be removed manually." + else + _info "Deleted $nr_of_deleted_records record" + fi + + return 0 +} + +#################### Private functions below ################################## + +_simply_load_config() { + SIMPLY_Api="${SIMPLY_Api:-$(_readaccountconf_mutable SIMPLY_Api)}" + SIMPLY_AccountName="${SIMPLY_AccountName:-$(_readaccountconf_mutable SIMPLY_AccountName)}" + SIMPLY_ApiKey="${SIMPLY_ApiKey:-$(_readaccountconf_mutable SIMPLY_ApiKey)}" + + if [ -z "$SIMPLY_Api" ]; then + SIMPLY_Api="$SIMPLY_Api_Default" + fi + + if [ -z "$SIMPLY_AccountName" ] || [ -z "$SIMPLY_ApiKey" ]; then + SIMPLY_AccountName="" + SIMPLY_ApiKey="" + + _err "A valid Simply API account and apikey not provided." + _err "Please provide a valid API user and try again." + + return 1 + fi + + return 0 +} + +_simply_save_config() { + if [ "$SIMPLY_Api" != "$SIMPLY_Api_Default" ]; then + _saveaccountconf_mutable SIMPLY_Api "$SIMPLY_Api" + fi + _saveaccountconf_mutable SIMPLY_AccountName "$SIMPLY_AccountName" + _saveaccountconf_mutable SIMPLY_ApiKey "$SIMPLY_ApiKey" +} + +_simply_get_all_records() { + domain=$1 + + if ! _simply_rest GET "my/products/$domain/dns/records"; then + return 1 + fi + + return 0 +} + +_get_root() { + domain=$1 + i=2 + p=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if ! _simply_rest GET "my/products/$h/dns"; then + return 1 + fi + + if _contains "$response" '"code":"NOT_FOUND"'; then + _debug "$h not found" + else + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + return 0 + fi + p="$i" + i=$(_math "$i" + 1) + done + return 1 +} + +_simply_add_record() { + domain=$1 + sub_domain=$2 + txtval=$3 + + data="{\"name\": \"$sub_domain\", \"type\":\"TXT\", \"data\": \"$txtval\", \"priority\":0, \"ttl\": 3600}" + + if ! _simply_rest POST "my/products/$domain/dns/records" "$data"; then + _err "Adding record not successfull!" + return 1 + fi + + return 0 +} + +_simply_delete_record() { + domain=$1 + sub_domain=$2 + record_id=$3 + + _debug "Delete record with id $record_id" + + if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id"; then + _err "Deleting record not successfull!" + return 1 + fi + + return 0 +} + +_simply_rest() { + m=$1 + ep="$2" + data="$3" + + _debug "Data: $data" + _debug "Methodcall: $ep" + _debug "Call type: $m" + + export _H1="Content-Type: application/json" + + if [ "$m" != "GET" ]; then + response="$(_post "$data" "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep" "" "$m")" + else + response="$(_get "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + + _debug2 response "$response" + + if _contains "$response" "Invalid account authorization"; then + _err "It seems that your api key or accountnumber is not correct." + return 1 + fi + return 0 +} From bcc1b7b48a1c848bf675e1757f896f7a18a7776e Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Tue, 17 Nov 2020 13:49:32 +0100 Subject: [PATCH 0064/1526] Fix comments --- dnsapi/dns_simply.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 25dd9ff3..3914e1ab 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -59,7 +59,7 @@ dns_simply_rm() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - _debug "$txtvalue" + _debug txtvalue "$txtvalue" _debug "Getting existing records" @@ -78,9 +78,9 @@ dns_simply_rm() { if [[ "$record" == *"$txtvalue"* && "$record" == *"TXT"* ]]; then - _info "Deleting record: $record" - record_id=`echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2` + + _info "Deleting record $record" if [[ $record_id -gt 0 ]]; then @@ -198,7 +198,7 @@ _simply_delete_record() { sub_domain=$2 record_id=$3 - _debug "Delete record with id $record_id" + _debug record_id "Delete record with id $record_id" if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id"; then _err "Deleting record not successfull!" @@ -213,9 +213,9 @@ _simply_rest() { ep="$2" data="$3" - _debug "Data: $data" - _debug "Methodcall: $ep" - _debug "Call type: $m" + _debug2 data "$data" + _debug2 ep "$ep" + _debug2 m "$m" export _H1="Content-Type: application/json" From c60613fbcbea3c9518df45ff6ec99ef5de5266f4 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Tue, 17 Nov 2020 14:20:45 +0100 Subject: [PATCH 0065/1526] Fix indentation and added some debug messages --- dnsapi/dns_simply.sh | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 3914e1ab..8fb56585 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -61,7 +61,7 @@ dns_simply_rm() { _debug _domain "$_domain" _debug txtvalue "$txtvalue" - _debug "Getting existing records" + _info "Getting all existing records" if ! _simply_get_all_records "$_domain"; then _err "invalid domain" @@ -71,31 +71,34 @@ dns_simply_rm() { records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/') record_array=(`echo $records |tr -d ' ' | tr ';' ' '`) nr_of_deleted_records=0 + + _info "Fetching txt record.." for (( i=0; i<=${#record_array[@]}; i++ )); do - record="${record_array[$i]}" + record="${record_array[$i]}" + _debug record "$record" - if [[ "$record" == *"$txtvalue"* && "$record" == *"TXT"* ]]; then + if [[ "$record" == *"$txtvalue"* && "$record" == *"TXT"* ]]; then - record_id=`echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2` + record_id=`echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2` - _info "Deleting record $record" + _info "Deleting record $record" - if [[ $record_id -gt 0 ]]; then + if [[ $record_id -gt 0 ]]; then - if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then - _err "Record with id $record_id could not be deleted" - return 1 - fi + if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then + _err "Record with id $record_id could not be deleted" + return 1 + fi - nr_of_deleted_records=1 - break - else - _err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record" - break + nr_of_deleted_records=1 + break + else + _err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record" + break + fi fi - fi done From 6ee38ceaba06e3ba9da63bb480f4b53cc4c76aa5 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 17 Nov 2020 22:50:40 +0800 Subject: [PATCH 0066/1526] fix https://github.com/acmesh-official/acme.sh/issues/3252 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 3be3849d..456383bd 100755 --- a/acme.sh +++ b/acme.sh @@ -3993,7 +3993,7 @@ _check_dns_entries() { #file _get_cert_issuers() { _cfile="$1" - if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7"; then + if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 else ${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 From c349e9aabe5a3affa35d8c18292427edb0067b9d Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 18 Nov 2020 21:19:10 +0800 Subject: [PATCH 0067/1526] fix set-env --- .github/workflows/LetsEncrypt.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 5f0bba72..c4d3167c 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -88,7 +88,7 @@ jobs: shell: cmd - name: Set ENV run: | - echo '::set-env name=PATH::C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin' + echo "PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin" >> $GITHUB_ENV - name: Clone acmetest shell: cmd run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ From 6cf0eb9e1d5b8f831c44b93adfcb8b9d5fe1d405 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 14:52:32 +0100 Subject: [PATCH 0068/1526] Fix CI-errors --- dnsapi/dns_simply.sh | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 8fb56585..9deceb25 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -7,7 +7,7 @@ # #SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" -SIMPLY_Api="https://api.simply.com/1" +SIMPLY_Api_Default="https://api.simply.com/1" ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" @@ -22,6 +22,7 @@ dns_simply_add() { _simply_save_config _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 @@ -69,23 +70,28 @@ dns_simply_rm() { fi records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/') - record_array=(`echo $records |tr -d ' ' | tr ';' ' '`) + record_array=$(echo $records |tr -d ' ' | tr ';' ' ') + nr_of_deleted_records=0 - - _info "Fetching txt record.." + _info "Fetching txt record" - for (( i=0; i<=${#record_array[@]}; i++ )); do - - record="${record_array[$i]}" + for record in $record_array; do _debug record "$record" + + record_data=$(echo $record | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) + record_type=$(echo $record | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) + + _debug2 record_data "$record_data" + _debug2 record_type "$record_type" + + if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then - if [[ "$record" == *"$txtvalue"* && "$record" == *"TXT"* ]]; then - - record_id=`echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2` + record_id=$(echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2) _info "Deleting record $record" - - if [[ $record_id -gt 0 ]]; then + _debug2 record_id "$record_id" + + if [ "$record_id" -gt 0 ]; then if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then _err "Record with id $record_id could not be deleted" @@ -102,7 +108,7 @@ dns_simply_rm() { done - if [[ $nr_of_deleted_records -eq 0 ]]; then + if [ "$nr_of_deleted_records" -eq 0 ]; then _err "No record deleted, the DNS record needs to be removed manually." else _info "Deleted $nr_of_deleted_records record" From b20d8f195ba879c4af5f35f2910541d8bbf58383 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 15:12:22 +0100 Subject: [PATCH 0069/1526] Add double quotes to variables --- dnsapi/dns_simply.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 9deceb25..30211f7a 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -69,26 +69,25 @@ dns_simply_rm() { return 1 fi - records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/') - record_array=$(echo $records |tr -d ' ' | tr ';' ' ') + records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/' | tr "\n" ' '| tr -d ' ' | tr ';' ' ') nr_of_deleted_records=0 _info "Fetching txt record" - for record in $record_array; do + for record in $records; do _debug record "$record" - record_data=$(echo $record | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) - record_type=$(echo $record | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) + record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) + record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) _debug2 record_data "$record_data" _debug2 record_type "$record_type" if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then - record_id=$(echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2) + record_id=$(echo "$record" | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2) - _info "Deleting record $record" + _info "Deleting record $record" _debug2 record_id "$record_id" if [ "$record_id" -gt 0 ]; then From 2b8561f27d2376f4e7b1a8f45783e62227cadf35 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 18 Nov 2020 22:23:36 +0800 Subject: [PATCH 0070/1526] fix set-env --- .github/workflows/DNS.yml | 2 +- .github/workflows/LetsEncrypt.yml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index b7153506..c41851b8 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -144,7 +144,7 @@ jobs: shell: cmd - name: Set ENV run: | - echo '::set-env name=PATH::C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin' + echo "PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index c4d3167c..b5468ff6 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -89,6 +89,9 @@ jobs: - name: Set ENV run: | echo "PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin" >> $GITHUB_ENV + - name: Check ENV + run: | + echo "PATH=$PATH" - name: Clone acmetest shell: cmd run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ From 6ef66399f8accca401e0c55d24cb74624617bea6 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 15:37:26 +0100 Subject: [PATCH 0071/1526] Removed spaces on empty lines --- dnsapi/dns_simply.sh | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 30211f7a..6f2464ef 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -21,8 +21,7 @@ dns_simply_add() { _simply_save_config - _debug "First detect the root zone" - + _debug "First detect the root zone" if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 @@ -36,8 +35,7 @@ dns_simply_add() { if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then _err "Could not add DNS record" return 1 - fi - + fi return 0 } @@ -126,7 +124,7 @@ _simply_load_config() { if [ -z "$SIMPLY_Api" ]; then SIMPLY_Api="$SIMPLY_Api_Default" fi - + if [ -z "$SIMPLY_AccountName" ] || [ -z "$SIMPLY_ApiKey" ]; then SIMPLY_AccountName="" SIMPLY_ApiKey="" @@ -149,8 +147,8 @@ _simply_save_config() { } _simply_get_all_records() { - domain=$1 - + domain=$1 + if ! _simply_rest GET "my/products/$domain/dns/records"; then return 1 fi @@ -190,14 +188,14 @@ _simply_add_record() { domain=$1 sub_domain=$2 txtval=$3 - + data="{\"name\": \"$sub_domain\", \"type\":\"TXT\", \"data\": \"$txtval\", \"priority\":0, \"ttl\": 3600}" if ! _simply_rest POST "my/products/$domain/dns/records" "$data"; then _err "Adding record not successfull!" return 1 fi - + return 0 } @@ -205,14 +203,14 @@ _simply_delete_record() { domain=$1 sub_domain=$2 record_id=$3 - + _debug record_id "Delete record with id $record_id" - + if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id"; then _err "Deleting record not successfull!" return 1 fi - + return 0 } @@ -220,7 +218,7 @@ _simply_rest() { m=$1 ep="$2" data="$3" - + _debug2 data "$data" _debug2 ep "$ep" _debug2 m "$m" @@ -237,12 +235,13 @@ _simply_rest() { _err "error $ep" return 1 fi - + _debug2 response "$response" - + if _contains "$response" "Invalid account authorization"; then _err "It seems that your api key or accountnumber is not correct." return 1 fi + return 0 } From c7116d40caf9e3b9bc48e77b34bcc255b0609083 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 15:46:16 +0100 Subject: [PATCH 0072/1526] Removes tabs and trailing spaces --- dnsapi/dns_simply.sh | 45 ++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 6f2464ef..bf383019 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -21,28 +21,29 @@ dns_simply_add() { _simply_save_config - _debug "First detect the root zone" + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi - + _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" _info "Adding record" - if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then + if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then _err "Could not add DNS record" return 1 - fi + fi return 0 } dns_simply_rm() { fulldomain=$1 txtvalue=$2 - + if ! _simply_load_config; then return 1 fi @@ -61,12 +62,12 @@ dns_simply_rm() { _debug txtvalue "$txtvalue" _info "Getting all existing records" - + if ! _simply_get_all_records "$_domain"; then _err "invalid domain" return 1 fi - + records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/' | tr "\n" ' '| tr -d ' ' | tr ';' ' ') nr_of_deleted_records=0 @@ -74,27 +75,27 @@ dns_simply_rm() { for record in $records; do _debug record "$record" - - record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) - record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) - - _debug2 record_data "$record_data" - _debug2 record_type "$record_type" - - if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then + record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) + record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) + + _debug2 record_data "$record_data" + _debug2 record_type "$record_type" + + if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then + record_id=$(echo "$record" | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2) - + _info "Deleting record $record" _debug2 record_id "$record_id" - + if [ "$record_id" -gt 0 ]; then - + if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then _err "Record with id $record_id could not be deleted" return 1 fi - + nr_of_deleted_records=1 break else @@ -102,7 +103,7 @@ dns_simply_rm() { break fi fi - + done if [ "$nr_of_deleted_records" -eq 0 ]; then @@ -110,7 +111,7 @@ dns_simply_rm() { else _info "Deleted $nr_of_deleted_records record" fi - + return 0 } @@ -242,6 +243,6 @@ _simply_rest() { _err "It seems that your api key or accountnumber is not correct." return 1 fi - + return 0 } From f90f8824bb6034d90c47e6dae7acad54ffa0a056 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 15:52:46 +0100 Subject: [PATCH 0073/1526] Fix code style problems --- dnsapi/dns_simply.sh | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index bf383019..379f1b42 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -22,7 +22,6 @@ dns_simply_add() { _simply_save_config _debug "First detect the root zone" - if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 @@ -68,19 +67,19 @@ dns_simply_rm() { return 1 fi - records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/' | tr "\n" ' '| tr -d ' ' | tr ';' ' ') + records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/' | tr "\n" ' ' | tr -d ' ' | tr ';' ' ') nr_of_deleted_records=0 _info "Fetching txt record" - for record in $records; do + for record in $records; do _debug record "$record" - - record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) - record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) - _debug2 record_data "$record_data" - _debug2 record_type "$record_type" + record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) + record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) + + _debug2 record_data "$record_data" + _debug2 record_type "$record_type" if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then @@ -98,7 +97,7 @@ dns_simply_rm() { nr_of_deleted_records=1 break - else + else _err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record" break fi @@ -107,7 +106,7 @@ dns_simply_rm() { done if [ "$nr_of_deleted_records" -eq 0 ]; then - _err "No record deleted, the DNS record needs to be removed manually." + _err "No record deleted, the DNS record needs to be removed manually." else _info "Deleted $nr_of_deleted_records record" fi From 3274f9f155acb6f5ec13b9b56c8166c0fb6cc537 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 15:55:02 +0100 Subject: [PATCH 0074/1526] Fix code style problems --- dnsapi/dns_simply.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 379f1b42..9a9133e6 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -50,7 +50,7 @@ dns_simply_rm() { _simply_save_config _debug "First detect the root zone" - + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 @@ -80,7 +80,7 @@ dns_simply_rm() { _debug2 record_data "$record_data" _debug2 record_type "$record_type" - + if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then record_id=$(echo "$record" | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2) From 11b980f574c567361d720ea3421b68b668240b39 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 18 Nov 2020 23:16:36 +0800 Subject: [PATCH 0075/1526] fix set-env --- .github/workflows/DNS.yml | 3 ++- .github/workflows/LetsEncrypt.yml | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index c41851b8..748628dd 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -143,8 +143,9 @@ jobs: C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git shell: cmd - name: Set ENV + shell: cmd run: | - echo "PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin" >> $GITHUB_ENV + echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index b5468ff6..16b7e779 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -87,11 +87,13 @@ jobs: C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git shell: cmd - name: Set ENV + shell: cmd run: | - echo "PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin" >> $GITHUB_ENV + echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% - name: Check ENV + shell: cmd run: | - echo "PATH=$PATH" + echo "PATH=%PATH%" - name: Clone acmetest shell: cmd run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ From 1e2d2abbdf668a2d307a07363d5e6e265d2dbee2 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 18:01:02 +0100 Subject: [PATCH 0076/1526] Fix comment --- dnsapi/dns_simply.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 9a9133e6..d053dcf6 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -8,8 +8,8 @@ #SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" SIMPLY_Api_Default="https://api.simply.com/1" -######## Public functions ##################### +######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_simply_add() { fulldomain=$1 From 199ca77c2a07dc6821df516f8cba7662c018ba4e Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 19 Nov 2020 20:14:28 +0800 Subject: [PATCH 0077/1526] fix for PebbleStrict mode test. --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 456383bd..1e4b1152 100755 --- a/acme.sh +++ b/acme.sh @@ -5823,7 +5823,7 @@ _deactivate() { _URL_NAME="uri" fi - entries="$(echo "$response" | _egrep_o "[^{]*\"type\":\"[^\"]*\", *\"status\": *\"valid\", *\"$_URL_NAME\"[^}]*")" + entries="$(echo "$response" | tr '][' '=' | _egrep_o "challenges\": *=[^=]*=" | tr '}{' '\n' | grep "\"status\": *\"valid\"")" if [ -z "$entries" ]; then _info "No valid entries found." if [ -z "$thumbprint" ]; then @@ -5866,7 +5866,7 @@ _deactivate() { _debug _vtype "$_vtype" _info "Found $_vtype" - uri="$(echo "$entry" | _egrep_o "\"$_URL_NAME\":\"[^\"]*" | cut -d : -f 2,3 | tr -d '"')" + uri="$(echo "$entry" | _egrep_o "\"$_URL_NAME\":\"[^\"]*\"" | tr -d '" ' | cut -d : -f 2-)" _debug uri "$uri" if [ "$_d_type" ] && [ "$_d_type" != "$_vtype" ]; then From 1a163243ec280f0d776d838ddfebac57db5c75b5 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 22 Nov 2020 12:19:52 +0800 Subject: [PATCH 0078/1526] fix https://github.com/acmesh-official/acme.sh/issues/3259 --- dnsapi/dns_dpi.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_dpi.sh b/dnsapi/dns_dpi.sh index 831150a9..9cbf4d51 100755 --- a/dnsapi/dns_dpi.sh +++ b/dnsapi/dns_dpi.sh @@ -75,7 +75,7 @@ dns_dpi_rm() { return 1 fi - _contains "$response" "Action completed successful" + _contains "$response" "Operation successful" } @@ -93,7 +93,7 @@ add_record() { return 1 fi - _contains "$response" "Action completed successful" || _contains "$response" "Domain record already exists" + _contains "$response" "Operation successful" || _contains "$response" "Domain record already exists" } #################### Private functions below ################################## @@ -117,7 +117,7 @@ _get_root() { return 1 fi - if _contains "$response" "Action completed successful"; then + if _contains "$response" "Operation successful"; then _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") _debug _domain_id "$_domain_id" if [ "$_domain_id" ]; then From 2e97b20f94bff7bd1e464ed49e95ba8c3f3c2618 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 22 Nov 2020 11:22:54 +0100 Subject: [PATCH 0079/1526] Added World4You DNS API --- dnsapi/dns_world4you.sh | 159 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 dnsapi/dns_world4you.sh diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh new file mode 100644 index 00000000..ec5a0e47 --- /dev/null +++ b/dnsapi/dns_world4you.sh @@ -0,0 +1,159 @@ +#!/usr/bin/env sh + +# World4You - www.world4you.com +# Lorenz Stechauner, 2020 - https://www.github.com/NerLOR + +WORLD4YOU_API="https://my.world4you.com/en" + +################ Public functions ################ + +# Usage: dns_world4you_add +dns_world4you_add() { + fqdn="$1" + value="$2" + _info "Using world4you" + _debug fulldomain "$fqdn" + _debug txtvalue "$value" + + tld=$(echo "$fqdn" | grep -o '[^.]*\.[^.]*$') + record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") + + _login + if [ "$?" != 0 ]; then + return 1 + fi + + export _H1="Cookie: W4YSESSID=$sessid" + paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | grep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\)<.*$/\1/') + if [ -z "$paketnr" ]; then + _err "Unable to parse paketnr" + return 3 + fi + _debug paketnr "$paketnr" + + export _H1="Cookie: W4YSESSID=$sessid" + form=$(_get "$WORLD4YOU_API/$paketnr/dns") + formiddp=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/') + formidttl=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/') + form_token=$(echo "$form" | grep 'AddDnsRecordForm\[_token\]' | sed 's/^.*name="AddDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/') + if [ -z "$formiddp" ]; then + _err "Unable to parse form" + return 3 + fi + + _ORIG_ACME_CURL="$_ACME_CURL" + _ACME_CURL=$(echo "$_ACME_CURL" | sed 's/ -L / /') + + body="AddDnsRecordForm[name]=$record&AddDnsRecordForm[dnsType][type]=TXT&\ +AddDnsRecordForm[value]=$value&AddDnsRecordForm[aktivPaket]=$paketnr&AddDnsRecordForm[uniqueFormIdDP]=$formiddp&\ +AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_token" + _info "Adding record..." + ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded') + + _ACME_CURL="$_ORIG_ACME_CURL" + + success=$(grep '302\|200' <"$HTTP_HEADER") + if [ "$success" ]; then + return 0 + else + _err "$(head -n 1 <"$HTTP_HEADER")" + return 2 + fi +} + +# Usage: dns_world4you_rm +dns_world4you_rm() { + fqdn="$1" + value="$2" + _info "Using world4you" + _debug fulldomain "$fqdn" + _debug txtvalue "$value" + + tld=$(echo "$fqdn" | grep -o '[^.]*\.[^.]*$') + record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") + + _login + if [ "$?" != 0 ]; then + return 1 + fi + + export _H1="Cookie: W4YSESSID=$sessid" + paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | grep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') + if [ -z "$paketnr" ]; then + _err "Unable to parse paketnr" + return 3 + fi + _debug paketnr "$paketnr" + + form=$(_get "$WORLD4YOU_API/$paketnr/dns") + formiddp=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/') + formidttl=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/') + form_token=$(echo "$form" | grep 'DeleteDnsRecordForm\[_token\]' | sed 's/^.*name="DeleteDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/') + if [ -z "$formiddp" ]; then + _err "Unable to parse form" + return 3 + fi + + recordid=$(printf "TXT:%s.:\"%s\"" "$fqdn" "$value" | _base64) + _debug recordid "$recordid" + + _ORIG_ACME_CURL="$_ACME_CURL" + _ACME_CURL=$(echo "$_ACME_CURL" | sed 's/ -L / /') + + body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[aktivPaket]=$paketnr&\ +DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[uniqueFormIdTTL]=$formidttl&\ +DeleteDnsRecordForm[_token]=$form_token" + _info "Removing record..." + ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/deleteRecord" '' POST 'application/x-www-form-urlencoded') + + _ACME_CURL="$_ORIG_ACME_CURL" + + success=$(grep '302\|200' <"$HTTP_HEADER") + if [ "$success" ]; then + return 0 + else + _err "$(head -n 1 <"$HTTP_HEADER")" + return 2 + fi +} + +################ Private functions ################ + +# Usage: _login +_login() { + WORLD4YOU_USERNAME="${WORLD4YOU_USERNAME:-$(_readaccountconf_mutable WORLD4YOU_USERNAME)}" + WORLD4YOU_PASSWORD="${WORLD4YOU_PASSWORD:-$(_readaccountconf_mutable WORLD4YOU_PASSWORD)}" + + if [ -z "$WORLD4YOU_USERNAME" ] || [ -z "$WORLD4YOU_PASSWORD" ]; then + WORLD4YOU_USERNAME="" + WORLD4YOU_PASSWORD="" + _err "You don't specified world4you username and password yet." + _err "Usage: export WORLD4YOU_USERNAME=" + _err "Usage: export WORLD4YOU_PASSWORD=" + return 2 + fi + + _saveaccountconf_mutable WORLD4YOU_USERNAME "$WORLD4YOU_USERNAME" + _saveaccountconf_mutable WORLD4YOU_PASSWORD "$WORLD4YOU_PASSWORD" + + _info "Logging in..." + + username="$WORLD4YOU_USERNAME" + password="$WORLD4YOU_PASSWORD" + csrf_token=$(_get "$WORLD4YOU_API/login" | grep '_csrf_token' | sed 's/^.*]*value=\"\([^"]*\)\".*$/\1/') + sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') + + export _H1="Cookie: W4YSESSID=$sessid" + export _H2="X-Requested-With: XMLHttpRequest" + body="_username=$username&_password=$password&_csrf_token=$csrf_token" + ret=$(_post "$body" "$WORLD4YOU_API/login" '' POST 'application/x-www-form-urlencoded') + unset _H2 + _debug ret "$ret" + if _contains "$ret" "\"success\":true"; then + _info "Successfully logged in" + sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') + else + _err "Unable to log in: $(echo "$ret" | sed 's/^.*"message":"\([^\"]*\)".*$/\1/')" + return 1 + fi +} From cc8f2afce9ed2009565f65fa81369d7a96f18d74 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 22 Nov 2020 21:41:22 +0800 Subject: [PATCH 0080/1526] fix for Solaris, and add Solaris to Github actions --- .github/workflows/DNS.yml | 37 +++++++++++++++++++++++++++++++ .github/workflows/LetsEncrypt.yml | 26 ++++++++++++++++++++++ acme.sh | 4 ++-- 3 files changed, 65 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 748628dd..5dc2d453 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -208,5 +208,42 @@ jobs: cd ../acmetest ./letest.sh + Solaris: + runs-on: macos-latest + needs: FreeBSD + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: 1 + steps: + - uses: actions/checkout@v2 + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/solaris-vm@v0.0.1 + with: + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + prepare: pkgutil -y -i socat curl + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + ./letest.sh diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 16b7e779..8d0c4eb0 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -119,3 +119,29 @@ jobs: run: | cd ../acmetest && ./letest.sh + Solaris: + runs-on: macos-latest + needs: FreeBSD + env: + NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} + TEST_LOCAL: 1 + steps: + - uses: actions/checkout@v2 + - uses: vmactions/ngrok-tunnel@v0.0.1 + id: ngrok + with: + protocol: http + port: 8080 + - name: Set envs + run: echo "TestingDomain=${{steps.ngrok.outputs.server}}" >> $GITHUB_ENV + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/solaris-vm@v0.0.1 + with: + envs: 'TEST_LOCAL TestingDomain' + nat: | + "8080": "80" + prepare: pkgutil -y -i socat curl + run: | + cd ../acmetest && ./letest.sh + diff --git a/acme.sh b/acme.sh index 1e4b1152..e549f7c8 100755 --- a/acme.sh +++ b/acme.sh @@ -2086,7 +2086,7 @@ _send_signed_request() { _debug2 original "$response" if echo "$responseHeaders" | grep -i "Content-Type: *application/json" >/dev/null 2>&1; then - response="$(echo "$response" | _normalizeJson | _json_decode)" + response="$(echo "$response" | _json_decode | _normalizeJson)" fi _debug2 response "$response" @@ -5823,7 +5823,7 @@ _deactivate() { _URL_NAME="uri" fi - entries="$(echo "$response" | tr '][' '=' | _egrep_o "challenges\": *=[^=]*=" | tr '}{' '\n' | grep "\"status\": *\"valid\"")" + entries="$(echo "$response" | tr '][' '==' | _egrep_o "challenges\": *=[^=]*=" | tr '}{' '\n' | grep "\"status\": *\"valid\"")" if [ -z "$entries" ]; then _info "No valid entries found." if [ -z "$thumbprint" ]; then From 349429b76e534313a4989794707fc1463399cfb2 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 22 Nov 2020 21:55:55 +0800 Subject: [PATCH 0081/1526] fix solaris badge --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 7215785c..cd747666 100644 --- a/README.md +++ b/README.md @@ -60,10 +60,10 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |1|[![MacOS](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Mac OSX |2|[![Windows](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Windows (cygwin with curl, openssl and crontab included) |3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|FreeBSD -|4|[![Ubuntu](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)| Ubuntu -|5|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|pfsense -|6|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|OpenBSD -|7|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|SunOS/Solaris +|4|[![Solaris](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Solaris +|5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)| Ubuntu +|6|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|pfsense +|7|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|OpenBSD |8|[![](https://acmesh-official.github.io/acmetest/status/debian-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)| Debian |9|[![](https://acmesh-official.github.io/acmetest/status/centos-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|CentOS |10|[![](https://acmesh-official.github.io/acmetest/status/opensuse-leap-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|openSUSE From b8e5c0d8988522acbad8e0346d8a69fe024fcdd1 Mon Sep 17 00:00:00 2001 From: Easton Man Date: Sun, 22 Nov 2020 22:34:21 +0800 Subject: [PATCH 0082/1526] feat: Add huaweicloud intl dnsapi --- dnsapi/dns_huaweicloud.sh | 199 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 199 insertions(+) create mode 100644 dnsapi/dns_huaweicloud.sh diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh new file mode 100644 index 00000000..69ab14be --- /dev/null +++ b/dnsapi/dns_huaweicloud.sh @@ -0,0 +1,199 @@ +#!/usr/bin/env sh + +# HUAWEICLOUD_Username +# HUAWEICLOUD_Password +# HUAWEICLOUD_ProjectID + +iam_api="https://iam.myhuaweicloud.com" +dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" + +######## Public functions ##################### + +# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +# Used to add txt record +# +# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/zh-cn_topic_0132421999.html +# + +dns_huaweicloud_add() { + fulldomain=$1 + txtvalue=$2 + + HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" + HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" + HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" + + token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" + _debug2 "${token}" + zoneid="$(_get_zoneid "${token}" "${fulldomain}")" + _debug "${zoneid}" + + _debug "Adding Record" + _add_record "${token}" "${fulldomain}" "${txtvalue}" + ret="$?" + if [ "${ret}" != "0" ]; then + _err "dns_huaweicloud: Error adding record." + return 1 + fi + + # Do saving work if all succeeded + _saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}" + _saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}" + _saveaccountconf_mutable HUAWEICLOUD_ProjectID "${HUAWEICLOUD_ProjectID}" + return 0 +} + +# Usage: fulldomain txtvalue +# Used to remove the txt record after validation +# +# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/dns_api_64005.html +# + +dns_huaweicloud_rm() { + fulldomain=$1 + txtvalue=$2 + + HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" + HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" + HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" + + token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" + _debug2 "${token}" + zoneid="$(_get_zoneid "${token}" "${fulldomain}")" + _debug "${zoneid}" + record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" + _debug "Record Set ID is: ${record_id}" + while [ "${record_id}" != "0" ]; do + _debug "Adding Record" + _rm_record "${token}" "${zoneid}" "${record_id}" + record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" + done + return 0 +} + +################### Private functions below ################################## + +# _get_zoneid +# +# _token=$1 +# _domain_string=$2 +# +# printf "%s" "${_zoneid}" +_get_zoneid() { + _token=$1 + _domain_string=$2 + export _H1="X-Auth-Token: ${_token}" + + i=1 + while true; do + h=$(printf "%s" "${_domain_string}" | cut -d . -f $i-100) + if [ -z "$h" ]; then + #not valid + return 1 + fi + _debug "$h" + response=$(_get "${dns_api}/v2/zones?name=${h}") + + if _contains "${response}" "id"; then + _debug "Get Zone ID Success." + _zoneid=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ") + printf "%s" "${_zoneid}" + return 0 + fi + + i=$(_math "$i" + 1) + done + return 1 +} + +_get_recordset_id() { + _token=$1 + _domain=$2 + _zoneid=$3 + export _H1="X-Auth-Token: ${_token}" + + response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}") + if _contains "${response}" "id"; then + _id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")" + printf "%s" "${_id}" + return 0 + fi + printf "%s" "0" + return 1 +} + +_add_record() { + _token=$1 + _domain=$2 + _txtvalue=$3 + body="{ + \"name\": \"${_domain}.\", + \"description\": \"ACME Challenge\", + \"type\": \"TXT\", + \"ttl\": 1, + \"records\": [ + \"\\\"${_txtvalue}\\\"\" + ] + }" + _debug2 "${body}" + export _H2="Content-Type: application/json" + export _H1="X-Auth-Token: ${_token}" + + _post "${body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null + _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" + if [ "$_code" != "202" ]; then + _err "dns_huaweicloud: http code ${_code}" + return 1 + fi + return 0 +} + +_rm_record() { + _token=$1 + _zone_id=$2 + _record_id=$3 + + export _H2="Content-Type: application/json" + export _H1="X-Auth-Token: ${_token}" + + _post "${body}" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" + return 0 +} + +_get_token() { + _username=$1 + _password=$2 + _project=$3 + + _debug "Getting Token" + body="{ + \"auth\": { + \"identity\": { + \"methods\": [ + \"password\" + ], + \"password\": { + \"user\": { + \"name\": \"${_username}\", + \"password\": \"${_password}\", + \"domain\": { + \"name\": \"${_username}\" + } + } + } + }, + \"scope\": { + \"project\": { + \"id\": \"${_project}\" + } + } + } + }" + export _H1="Content-Type: application/json;charset=utf8" + _post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null + _code=$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n") + _token=$(grep "^X-Subject-Token" "$HTTP_HEADER" | cut -d " " -f 2-) + _debug2 "${_code}" + printf "%s" "${_token}" + return 0 +} From 7db592d27a7be071033d221cb57cf33bb5ae206a Mon Sep 17 00:00:00 2001 From: Easton Man Date: Sun, 22 Nov 2020 22:56:47 +0800 Subject: [PATCH 0083/1526] fix: fix failing ci test --- dnsapi/dns_huaweicloud.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index 69ab14be..4aee6410 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -63,6 +63,8 @@ dns_huaweicloud_rm() { _debug "${zoneid}" record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" _debug "Record Set ID is: ${record_id}" + + # Remove all records while [ "${record_id}" != "0" ]; do _debug "Adding Record" _rm_record "${token}" "${zoneid}" "${record_id}" From 28ce1c1249bc2297d3588adfa49c2974d0353c3d Mon Sep 17 00:00:00 2001 From: Easton Man Date: Mon, 23 Nov 2020 00:20:38 +0800 Subject: [PATCH 0084/1526] fix: fix wrong debug output --- dnsapi/dns_huaweicloud.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index 4aee6410..56ba19ef 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -66,7 +66,7 @@ dns_huaweicloud_rm() { # Remove all records while [ "${record_id}" != "0" ]; do - _debug "Adding Record" + _debug "Removing Record" _rm_record "${token}" "${zoneid}" "${record_id}" record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" done @@ -158,7 +158,7 @@ _rm_record() { export _H2="Content-Type: application/json" export _H1="X-Auth-Token: ${_token}" - _post "${body}" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" + _post "${body}" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null return 0 } From e01fb503592f4c9fd4a58edfc8aa1b445396cf2e Mon Sep 17 00:00:00 2001 From: Easton Man Date: Mon, 23 Nov 2020 00:32:50 +0800 Subject: [PATCH 0085/1526] feat: add env var check --- dnsapi/dns_huaweicloud.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index 56ba19ef..0f08bcdf 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -57,6 +57,11 @@ dns_huaweicloud_rm() { HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" + if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Username}" ]; then + _err "Please provide enough information" + return 1 + fi + token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" _debug2 "${token}" zoneid="$(_get_zoneid "${token}" "${fulldomain}")" From f6f6550bfbf19c0b3554d531787a33b20b9ddd83 Mon Sep 17 00:00:00 2001 From: Easton Man Date: Mon, 23 Nov 2020 14:25:48 +0800 Subject: [PATCH 0086/1526] feat: add very tricky method to adapt to non-intuitive huaweicloud api --- dnsapi/dns_huaweicloud.sh | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index 0f08bcdf..2b891b38 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -23,6 +23,11 @@ dns_huaweicloud_add() { HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" + if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Username}" ]; then + _err "Not enough info provided to dns_huaweicloud!" + return 1 + fi + token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" _debug2 "${token}" zoneid="$(_get_zoneid "${token}" "${fulldomain}")" @@ -133,15 +138,36 @@ _add_record() { _token=$1 _domain=$2 _txtvalue=$3 + + # Get Existing Records + export _H1="X-Auth-Token: ${_token}" + response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}") + _exist_record=$(echo "${response}" | sed ':a;N;$!ba;s/\n/ /g' | grep -o '"records":[^]]*' | sed 's/\"records\"\: \[//g') + _debug "${_exist_record}" + + # Check if record exist + # Generate body data body="{ \"name\": \"${_domain}.\", \"description\": \"ACME Challenge\", \"type\": \"TXT\", \"ttl\": 1, \"records\": [ + ${_exist_record}, \"\\\"${_txtvalue}\\\"\" ] }" + if [ -z "${_exist_record}" ]; then + body="{ + \"name\": \"${_domain}.\", + \"description\": \"ACME Challenge\", + \"type\": \"TXT\", + \"ttl\": 1, + \"records\": [ + \"\\\"${_txtvalue}\\\"\" + ] + }" + fi _debug2 "${body}" export _H2="Content-Type: application/json" export _H1="X-Auth-Token: ${_token}" From 5d0657c49a0d2ac6f50981f91c6a95cfe490ae15 Mon Sep 17 00:00:00 2001 From: Easton Man Date: Mon, 23 Nov 2020 14:57:33 +0800 Subject: [PATCH 0087/1526] fix: fix adding record before removing --- dnsapi/dns_huaweicloud.sh | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index 2b891b38..625588d1 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -141,13 +141,15 @@ _add_record() { # Get Existing Records export _H1="X-Auth-Token: ${_token}" - response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}") - _exist_record=$(echo "${response}" | sed ':a;N;$!ba;s/\n/ /g' | grep -o '"records":[^]]*' | sed 's/\"records\"\: \[//g') + response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}") + + _debug "${response}" + _exist_record=$(echo "${response}" | sed ':a;N;$!ba;s/\n/ /g' | grep -o '"records":[^]]*' | sed 's/\"records\"\:\[//g') _debug "${_exist_record}" # Check if record exist # Generate body data - body="{ + _post_body="{ \"name\": \"${_domain}.\", \"description\": \"ACME Challenge\", \"type\": \"TXT\", @@ -158,7 +160,7 @@ _add_record() { ] }" if [ -z "${_exist_record}" ]; then - body="{ + _post_body="{ \"name\": \"${_domain}.\", \"description\": \"ACME Challenge\", \"type\": \"TXT\", @@ -168,19 +170,38 @@ _add_record() { ] }" fi - _debug2 "${body}" + + _record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")" + _debug "Record Set ID is: ${_record_id}" + + # Remove all records + while [ "${_record_id}" != "0" ]; do + _debug "Removing Record" + _rm_record "${_token}" "${zoneid}" "${_record_id}" + _record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")" + _debug "${_record_id}" + done + + # Add brand new records with all old and new records export _H2="Content-Type: application/json" export _H1="X-Auth-Token: ${_token}" - _post "${body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null + _debug "${_post_body}" + sleep 2 + _post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" if [ "$_code" != "202" ]; then _err "dns_huaweicloud: http code ${_code}" + sleep 60 return 1 fi return 0 } +# _rm_record $token $zoneid $recordid +# assume ${dns_api} exist +# no output +# return 0 _rm_record() { _token=$1 _zone_id=$2 @@ -189,8 +210,8 @@ _rm_record() { export _H2="Content-Type: application/json" export _H1="X-Auth-Token: ${_token}" - _post "${body}" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null - return 0 + _post "" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null + return $? } _get_token() { From 65c06da275c49b1675d46af91d8e0e0e366cf29e Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Tue, 17 Nov 2020 13:19:55 +0100 Subject: [PATCH 0088/1526] Adds dnsapi support for Simply.com --- dnsapi/dns_simply.sh | 240 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 240 insertions(+) create mode 100644 dnsapi/dns_simply.sh diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh new file mode 100644 index 00000000..25dd9ff3 --- /dev/null +++ b/dnsapi/dns_simply.sh @@ -0,0 +1,240 @@ +#!/usr/bin/env sh + +# +#SIMPLY_AccountName="accountname" +# +#SIMPLY_ApiKey="apikey" +# +#SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" + +SIMPLY_Api="https://api.simply.com/1" +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_simply_add() { + fulldomain=$1 + txtvalue=$2 + + if ! _simply_load_config; then + return 1 + fi + + _simply_save_config + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _info "Adding record" + + if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then + _err "Could not add DNS record" + return 1 + fi + + return 0 +} + +dns_simply_rm() { + fulldomain=$1 + txtvalue=$2 + + if ! _simply_load_config; then + return 1 + fi + + _simply_save_config + + _debug "First detect the root zone" + + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + _debug "$txtvalue" + + _debug "Getting existing records" + + if ! _simply_get_all_records "$_domain"; then + _err "invalid domain" + return 1 + fi + + records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/') + record_array=(`echo $records |tr -d ' ' | tr ';' ' '`) + nr_of_deleted_records=0 + + for (( i=0; i<=${#record_array[@]}; i++ )); do + + record="${record_array[$i]}" + + if [[ "$record" == *"$txtvalue"* && "$record" == *"TXT"* ]]; then + + _info "Deleting record: $record" + + record_id=`echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2` + + if [[ $record_id -gt 0 ]]; then + + if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then + _err "Record with id $record_id could not be deleted" + return 1 + fi + + nr_of_deleted_records=1 + break + else + _err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record" + break + fi + fi + + done + + if [[ $nr_of_deleted_records -eq 0 ]]; then + _err "No record deleted, the DNS record needs to be removed manually." + else + _info "Deleted $nr_of_deleted_records record" + fi + + return 0 +} + +#################### Private functions below ################################## + +_simply_load_config() { + SIMPLY_Api="${SIMPLY_Api:-$(_readaccountconf_mutable SIMPLY_Api)}" + SIMPLY_AccountName="${SIMPLY_AccountName:-$(_readaccountconf_mutable SIMPLY_AccountName)}" + SIMPLY_ApiKey="${SIMPLY_ApiKey:-$(_readaccountconf_mutable SIMPLY_ApiKey)}" + + if [ -z "$SIMPLY_Api" ]; then + SIMPLY_Api="$SIMPLY_Api_Default" + fi + + if [ -z "$SIMPLY_AccountName" ] || [ -z "$SIMPLY_ApiKey" ]; then + SIMPLY_AccountName="" + SIMPLY_ApiKey="" + + _err "A valid Simply API account and apikey not provided." + _err "Please provide a valid API user and try again." + + return 1 + fi + + return 0 +} + +_simply_save_config() { + if [ "$SIMPLY_Api" != "$SIMPLY_Api_Default" ]; then + _saveaccountconf_mutable SIMPLY_Api "$SIMPLY_Api" + fi + _saveaccountconf_mutable SIMPLY_AccountName "$SIMPLY_AccountName" + _saveaccountconf_mutable SIMPLY_ApiKey "$SIMPLY_ApiKey" +} + +_simply_get_all_records() { + domain=$1 + + if ! _simply_rest GET "my/products/$domain/dns/records"; then + return 1 + fi + + return 0 +} + +_get_root() { + domain=$1 + i=2 + p=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if ! _simply_rest GET "my/products/$h/dns"; then + return 1 + fi + + if _contains "$response" '"code":"NOT_FOUND"'; then + _debug "$h not found" + else + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + return 0 + fi + p="$i" + i=$(_math "$i" + 1) + done + return 1 +} + +_simply_add_record() { + domain=$1 + sub_domain=$2 + txtval=$3 + + data="{\"name\": \"$sub_domain\", \"type\":\"TXT\", \"data\": \"$txtval\", \"priority\":0, \"ttl\": 3600}" + + if ! _simply_rest POST "my/products/$domain/dns/records" "$data"; then + _err "Adding record not successfull!" + return 1 + fi + + return 0 +} + +_simply_delete_record() { + domain=$1 + sub_domain=$2 + record_id=$3 + + _debug "Delete record with id $record_id" + + if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id"; then + _err "Deleting record not successfull!" + return 1 + fi + + return 0 +} + +_simply_rest() { + m=$1 + ep="$2" + data="$3" + + _debug "Data: $data" + _debug "Methodcall: $ep" + _debug "Call type: $m" + + export _H1="Content-Type: application/json" + + if [ "$m" != "GET" ]; then + response="$(_post "$data" "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep" "" "$m")" + else + response="$(_get "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + + _debug2 response "$response" + + if _contains "$response" "Invalid account authorization"; then + _err "It seems that your api key or accountnumber is not correct." + return 1 + fi + return 0 +} From 81c496d96c4fe5b4aa4de3e47cc7d40f017af194 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Tue, 17 Nov 2020 13:49:32 +0100 Subject: [PATCH 0089/1526] Fix comments --- dnsapi/dns_simply.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 25dd9ff3..3914e1ab 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -59,7 +59,7 @@ dns_simply_rm() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - _debug "$txtvalue" + _debug txtvalue "$txtvalue" _debug "Getting existing records" @@ -78,9 +78,9 @@ dns_simply_rm() { if [[ "$record" == *"$txtvalue"* && "$record" == *"TXT"* ]]; then - _info "Deleting record: $record" - record_id=`echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2` + + _info "Deleting record $record" if [[ $record_id -gt 0 ]]; then @@ -198,7 +198,7 @@ _simply_delete_record() { sub_domain=$2 record_id=$3 - _debug "Delete record with id $record_id" + _debug record_id "Delete record with id $record_id" if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id"; then _err "Deleting record not successfull!" @@ -213,9 +213,9 @@ _simply_rest() { ep="$2" data="$3" - _debug "Data: $data" - _debug "Methodcall: $ep" - _debug "Call type: $m" + _debug2 data "$data" + _debug2 ep "$ep" + _debug2 m "$m" export _H1="Content-Type: application/json" From 4284777556d11747015273051f260a60b539e392 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Tue, 17 Nov 2020 14:20:45 +0100 Subject: [PATCH 0090/1526] Fix indentation and added some debug messages --- dnsapi/dns_simply.sh | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 3914e1ab..8fb56585 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -61,7 +61,7 @@ dns_simply_rm() { _debug _domain "$_domain" _debug txtvalue "$txtvalue" - _debug "Getting existing records" + _info "Getting all existing records" if ! _simply_get_all_records "$_domain"; then _err "invalid domain" @@ -71,31 +71,34 @@ dns_simply_rm() { records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/') record_array=(`echo $records |tr -d ' ' | tr ';' ' '`) nr_of_deleted_records=0 + + _info "Fetching txt record.." for (( i=0; i<=${#record_array[@]}; i++ )); do - record="${record_array[$i]}" + record="${record_array[$i]}" + _debug record "$record" - if [[ "$record" == *"$txtvalue"* && "$record" == *"TXT"* ]]; then + if [[ "$record" == *"$txtvalue"* && "$record" == *"TXT"* ]]; then - record_id=`echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2` + record_id=`echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2` - _info "Deleting record $record" + _info "Deleting record $record" - if [[ $record_id -gt 0 ]]; then + if [[ $record_id -gt 0 ]]; then - if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then - _err "Record with id $record_id could not be deleted" - return 1 - fi + if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then + _err "Record with id $record_id could not be deleted" + return 1 + fi - nr_of_deleted_records=1 - break - else - _err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record" - break + nr_of_deleted_records=1 + break + else + _err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record" + break + fi fi - fi done From 8e64329d05edf4035460f08aacf244d5f68dbb44 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 14:52:32 +0100 Subject: [PATCH 0091/1526] Fix CI-errors --- dnsapi/dns_simply.sh | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 8fb56585..9deceb25 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -7,7 +7,7 @@ # #SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" -SIMPLY_Api="https://api.simply.com/1" +SIMPLY_Api_Default="https://api.simply.com/1" ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" @@ -22,6 +22,7 @@ dns_simply_add() { _simply_save_config _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 @@ -69,23 +70,28 @@ dns_simply_rm() { fi records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/') - record_array=(`echo $records |tr -d ' ' | tr ';' ' '`) + record_array=$(echo $records |tr -d ' ' | tr ';' ' ') + nr_of_deleted_records=0 - - _info "Fetching txt record.." + _info "Fetching txt record" - for (( i=0; i<=${#record_array[@]}; i++ )); do - - record="${record_array[$i]}" + for record in $record_array; do _debug record "$record" + + record_data=$(echo $record | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) + record_type=$(echo $record | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) + + _debug2 record_data "$record_data" + _debug2 record_type "$record_type" + + if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then - if [[ "$record" == *"$txtvalue"* && "$record" == *"TXT"* ]]; then - - record_id=`echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2` + record_id=$(echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2) _info "Deleting record $record" - - if [[ $record_id -gt 0 ]]; then + _debug2 record_id "$record_id" + + if [ "$record_id" -gt 0 ]; then if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then _err "Record with id $record_id could not be deleted" @@ -102,7 +108,7 @@ dns_simply_rm() { done - if [[ $nr_of_deleted_records -eq 0 ]]; then + if [ "$nr_of_deleted_records" -eq 0 ]; then _err "No record deleted, the DNS record needs to be removed manually." else _info "Deleted $nr_of_deleted_records record" From 449f00f9606268112c215450ef233bc051767db1 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 15:12:22 +0100 Subject: [PATCH 0092/1526] Add double quotes to variables --- dnsapi/dns_simply.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 9deceb25..30211f7a 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -69,26 +69,25 @@ dns_simply_rm() { return 1 fi - records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/') - record_array=$(echo $records |tr -d ' ' | tr ';' ' ') + records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/' | tr "\n" ' '| tr -d ' ' | tr ';' ' ') nr_of_deleted_records=0 _info "Fetching txt record" - for record in $record_array; do + for record in $records; do _debug record "$record" - record_data=$(echo $record | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) - record_type=$(echo $record | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) + record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) + record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) _debug2 record_data "$record_data" _debug2 record_type "$record_type" if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then - record_id=$(echo $record | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2) + record_id=$(echo "$record" | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2) - _info "Deleting record $record" + _info "Deleting record $record" _debug2 record_id "$record_id" if [ "$record_id" -gt 0 ]; then From 9ad05e640d83ae368ff690c14306e0cad085c338 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 15:37:26 +0100 Subject: [PATCH 0093/1526] Removed spaces on empty lines --- dnsapi/dns_simply.sh | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 30211f7a..6f2464ef 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -21,8 +21,7 @@ dns_simply_add() { _simply_save_config - _debug "First detect the root zone" - + _debug "First detect the root zone" if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 @@ -36,8 +35,7 @@ dns_simply_add() { if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then _err "Could not add DNS record" return 1 - fi - + fi return 0 } @@ -126,7 +124,7 @@ _simply_load_config() { if [ -z "$SIMPLY_Api" ]; then SIMPLY_Api="$SIMPLY_Api_Default" fi - + if [ -z "$SIMPLY_AccountName" ] || [ -z "$SIMPLY_ApiKey" ]; then SIMPLY_AccountName="" SIMPLY_ApiKey="" @@ -149,8 +147,8 @@ _simply_save_config() { } _simply_get_all_records() { - domain=$1 - + domain=$1 + if ! _simply_rest GET "my/products/$domain/dns/records"; then return 1 fi @@ -190,14 +188,14 @@ _simply_add_record() { domain=$1 sub_domain=$2 txtval=$3 - + data="{\"name\": \"$sub_domain\", \"type\":\"TXT\", \"data\": \"$txtval\", \"priority\":0, \"ttl\": 3600}" if ! _simply_rest POST "my/products/$domain/dns/records" "$data"; then _err "Adding record not successfull!" return 1 fi - + return 0 } @@ -205,14 +203,14 @@ _simply_delete_record() { domain=$1 sub_domain=$2 record_id=$3 - + _debug record_id "Delete record with id $record_id" - + if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id"; then _err "Deleting record not successfull!" return 1 fi - + return 0 } @@ -220,7 +218,7 @@ _simply_rest() { m=$1 ep="$2" data="$3" - + _debug2 data "$data" _debug2 ep "$ep" _debug2 m "$m" @@ -237,12 +235,13 @@ _simply_rest() { _err "error $ep" return 1 fi - + _debug2 response "$response" - + if _contains "$response" "Invalid account authorization"; then _err "It seems that your api key or accountnumber is not correct." return 1 fi + return 0 } From fcb97f802f8c19852bb56216716d17395f4441cf Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 15:46:16 +0100 Subject: [PATCH 0094/1526] Removes tabs and trailing spaces --- dnsapi/dns_simply.sh | 45 ++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 6f2464ef..bf383019 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -21,28 +21,29 @@ dns_simply_add() { _simply_save_config - _debug "First detect the root zone" + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi - + _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" _info "Adding record" - if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then + if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then _err "Could not add DNS record" return 1 - fi + fi return 0 } dns_simply_rm() { fulldomain=$1 txtvalue=$2 - + if ! _simply_load_config; then return 1 fi @@ -61,12 +62,12 @@ dns_simply_rm() { _debug txtvalue "$txtvalue" _info "Getting all existing records" - + if ! _simply_get_all_records "$_domain"; then _err "invalid domain" return 1 fi - + records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/' | tr "\n" ' '| tr -d ' ' | tr ';' ' ') nr_of_deleted_records=0 @@ -74,27 +75,27 @@ dns_simply_rm() { for record in $records; do _debug record "$record" - - record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) - record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) - - _debug2 record_data "$record_data" - _debug2 record_type "$record_type" - - if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then + record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) + record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) + + _debug2 record_data "$record_data" + _debug2 record_type "$record_type" + + if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then + record_id=$(echo "$record" | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2) - + _info "Deleting record $record" _debug2 record_id "$record_id" - + if [ "$record_id" -gt 0 ]; then - + if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then _err "Record with id $record_id could not be deleted" return 1 fi - + nr_of_deleted_records=1 break else @@ -102,7 +103,7 @@ dns_simply_rm() { break fi fi - + done if [ "$nr_of_deleted_records" -eq 0 ]; then @@ -110,7 +111,7 @@ dns_simply_rm() { else _info "Deleted $nr_of_deleted_records record" fi - + return 0 } @@ -242,6 +243,6 @@ _simply_rest() { _err "It seems that your api key or accountnumber is not correct." return 1 fi - + return 0 } From 29d0a1714e3d7a33e55617c1f11573b2a44eafef Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 15:52:46 +0100 Subject: [PATCH 0095/1526] Fix code style problems --- dnsapi/dns_simply.sh | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index bf383019..379f1b42 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -22,7 +22,6 @@ dns_simply_add() { _simply_save_config _debug "First detect the root zone" - if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 @@ -68,19 +67,19 @@ dns_simply_rm() { return 1 fi - records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/' | tr "\n" ' '| tr -d ' ' | tr ';' ' ') + records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/' | tr "\n" ' ' | tr -d ' ' | tr ';' ' ') nr_of_deleted_records=0 _info "Fetching txt record" - for record in $records; do + for record in $records; do _debug record "$record" - - record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) - record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) - _debug2 record_data "$record_data" - _debug2 record_type "$record_type" + record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) + record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) + + _debug2 record_data "$record_data" + _debug2 record_type "$record_type" if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then @@ -98,7 +97,7 @@ dns_simply_rm() { nr_of_deleted_records=1 break - else + else _err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record" break fi @@ -107,7 +106,7 @@ dns_simply_rm() { done if [ "$nr_of_deleted_records" -eq 0 ]; then - _err "No record deleted, the DNS record needs to be removed manually." + _err "No record deleted, the DNS record needs to be removed manually." else _info "Deleted $nr_of_deleted_records record" fi From 30f359e6427f289c0181375f4f2b9300c1e27a09 Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 15:55:02 +0100 Subject: [PATCH 0096/1526] Fix code style problems --- dnsapi/dns_simply.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 379f1b42..9a9133e6 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -50,7 +50,7 @@ dns_simply_rm() { _simply_save_config _debug "First detect the root zone" - + if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 @@ -80,7 +80,7 @@ dns_simply_rm() { _debug2 record_data "$record_data" _debug2 record_type "$record_type" - + if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then record_id=$(echo "$record" | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2) From 69bdbaed410c8bb38ed5a67f031b30e8420ab6bc Mon Sep 17 00:00:00 2001 From: jakelamotta Date: Wed, 18 Nov 2020 18:01:02 +0100 Subject: [PATCH 0097/1526] Fix comment --- dnsapi/dns_simply.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 9a9133e6..d053dcf6 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -8,8 +8,8 @@ #SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" SIMPLY_Api_Default="https://api.simply.com/1" -######## Public functions ##################### +######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_simply_add() { fulldomain=$1 From e35ef7594993665e8f472a99e0a6d392cc80e44d Mon Sep 17 00:00:00 2001 From: Easton Man Date: Mon, 23 Nov 2020 22:18:57 +0800 Subject: [PATCH 0098/1526] fix: fix solaris sed and grep issue --- dnsapi/dns_huaweicloud.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index 625588d1..11f231bc 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -144,7 +144,7 @@ _add_record() { response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}") _debug "${response}" - _exist_record=$(echo "${response}" | sed ':a;N;$!ba;s/\n/ /g' | grep -o '"records":[^]]*' | sed 's/\"records\"\:\[//g') + _exist_record=$(echo "${response}" | sed -e ':a' -e 'N;$!ba;' -e 's/\n/ /g' | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g') _debug "${_exist_record}" # Check if record exist From 83a4db3b31f7fb91c4a6c9a3fed447c92d486092 Mon Sep 17 00:00:00 2001 From: Easton Man Date: Mon, 23 Nov 2020 23:46:06 +0800 Subject: [PATCH 0099/1526] fix: remove sed before grep, but lead to less robusty --- dnsapi/dns_huaweicloud.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index 11f231bc..36be21a3 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -144,7 +144,7 @@ _add_record() { response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}") _debug "${response}" - _exist_record=$(echo "${response}" | sed -e ':a' -e 'N;$!ba;' -e 's/\n/ /g' | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g') + _exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g') _debug "${_exist_record}" # Check if record exist From c4ddddd4344e728e3273634cb58583fe62e4022f Mon Sep 17 00:00:00 2001 From: Easton Man Date: Tue, 24 Nov 2020 10:05:34 +0800 Subject: [PATCH 0100/1526] refactor: remove dirty debug code - add tr to replace sed for robusty - add comments --- dnsapi/dns_huaweicloud.sh | 42 ++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index 36be21a3..a7ca619f 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -23,8 +23,9 @@ dns_huaweicloud_add() { HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" - if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Username}" ]; then - _err "Not enough info provided to dns_huaweicloud!" + # Check information + if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then + _err "Not enough information provided to dns_huaweicloud!" return 1 fi @@ -62,8 +63,9 @@ dns_huaweicloud_rm() { HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" - if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Username}" ]; then - _err "Please provide enough information" + # Check information + if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then + _err "Not enough information provided to dns_huaweicloud!" return 1 fi @@ -75,6 +77,8 @@ dns_huaweicloud_rm() { _debug "Record Set ID is: ${record_id}" # Remove all records + # Therotically HuaweiCloud does not allow more than one record set + # But remove them recurringly to increase robusty while [ "${record_id}" != "0" ]; do _debug "Removing Record" _rm_record "${token}" "${zoneid}" "${record_id}" @@ -143,22 +147,12 @@ _add_record() { export _H1="X-Auth-Token: ${_token}" response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}") - _debug "${response}" - _exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g') + _debug2 "${response}" + _exist_record=$(echo "${response}" | tr -d "\\r\\n" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g') _debug "${_exist_record}" # Check if record exist # Generate body data - _post_body="{ - \"name\": \"${_domain}.\", - \"description\": \"ACME Challenge\", - \"type\": \"TXT\", - \"ttl\": 1, - \"records\": [ - ${_exist_record}, - \"\\\"${_txtvalue}\\\"\" - ] - }" if [ -z "${_exist_record}" ]; then _post_body="{ \"name\": \"${_domain}.\", @@ -169,6 +163,17 @@ _add_record() { \"\\\"${_txtvalue}\\\"\" ] }" + else + _post_body="{ + \"name\": \"${_domain}.\", + \"description\": \"ACME Challenge\", + \"type\": \"TXT\", + \"ttl\": 1, + \"records\": [ + ${_exist_record}, + \"\\\"${_txtvalue}\\\"\" + ] + }" fi _record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")" @@ -179,20 +184,17 @@ _add_record() { _debug "Removing Record" _rm_record "${_token}" "${zoneid}" "${_record_id}" _record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")" - _debug "${_record_id}" done # Add brand new records with all old and new records export _H2="Content-Type: application/json" export _H1="X-Auth-Token: ${_token}" - _debug "${_post_body}" - sleep 2 + _debug2 "${_post_body}" _post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" if [ "$_code" != "202" ]; then _err "dns_huaweicloud: http code ${_code}" - sleep 60 return 1 fi return 0 From fd511966a75e416a1c8cd00783305228e960bc37 Mon Sep 17 00:00:00 2001 From: Easton Man Date: Tue, 24 Nov 2020 12:58:16 +0800 Subject: [PATCH 0101/1526] fix: revert adding tr to replace sed --- dnsapi/dns_huaweicloud.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index a7ca619f..74fec2a9 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -148,7 +148,7 @@ _add_record() { response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}") _debug2 "${response}" - _exist_record=$(echo "${response}" | tr -d "\\r\\n" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g') + _exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g') _debug "${_exist_record}" # Check if record exist From 996f53373e490fc37e9373b1ff575f42cae5b7f0 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 13 Nov 2020 19:58:21 +0800 Subject: [PATCH 0102/1526] fix https://github.com/acmesh-official/acme.sh/issues/3250 --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index e549f7c8..b234fb26 100755 --- a/acme.sh +++ b/acme.sh @@ -6649,8 +6649,8 @@ _checkSudo() { return 0 fi if [ -n "$SUDO_COMMAND" ]; then - #it's a normal user doing "sudo su", or `sudo -i` or `sudo -s` - _endswith "$SUDO_COMMAND" /bin/su || grep "^$SUDO_COMMAND\$" /etc/shells >/dev/null 2>&1 + #it's a normal user doing "sudo su", or `sudo -i` or `sudo -s`, or `sudo su acmeuser1` + _endswith "$SUDO_COMMAND" /bin/su || _contains "$SUDO_COMMAND" "/bin/su " || grep "^$SUDO_COMMAND\$" /etc/shells >/dev/null 2>&1 return $? fi #otherwise From d7cafe25ff642ca6e32da27992e2e0e9a4017e14 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Thu, 26 Nov 2020 13:59:18 +0100 Subject: [PATCH 0103/1526] World4You using _egrep_o --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index ec5a0e47..b58ea89a 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -15,7 +15,7 @@ dns_world4you_add() { _debug fulldomain "$fqdn" _debug txtvalue "$value" - tld=$(echo "$fqdn" | grep -o '[^.]*\.[^.]*$') + tld=$(echo "$fqdn" | _egrep_o '[^.]*\.[^.]*$') record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") _login @@ -69,7 +69,7 @@ dns_world4you_rm() { _debug fulldomain "$fqdn" _debug txtvalue "$value" - tld=$(echo "$fqdn" | grep -o '[^.]*\.[^.]*$') + tld=$(echo "$fqdn" | _egrep_o '[^.]*\.[^.]*$') record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") _login From d639c7be392206e8cbcfd6215166450dc5b554c8 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 22 Nov 2020 11:22:54 +0100 Subject: [PATCH 0104/1526] Added World4You DNS API --- dnsapi/dns_world4you.sh | 159 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 dnsapi/dns_world4you.sh diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh new file mode 100644 index 00000000..ec5a0e47 --- /dev/null +++ b/dnsapi/dns_world4you.sh @@ -0,0 +1,159 @@ +#!/usr/bin/env sh + +# World4You - www.world4you.com +# Lorenz Stechauner, 2020 - https://www.github.com/NerLOR + +WORLD4YOU_API="https://my.world4you.com/en" + +################ Public functions ################ + +# Usage: dns_world4you_add +dns_world4you_add() { + fqdn="$1" + value="$2" + _info "Using world4you" + _debug fulldomain "$fqdn" + _debug txtvalue "$value" + + tld=$(echo "$fqdn" | grep -o '[^.]*\.[^.]*$') + record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") + + _login + if [ "$?" != 0 ]; then + return 1 + fi + + export _H1="Cookie: W4YSESSID=$sessid" + paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | grep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\)<.*$/\1/') + if [ -z "$paketnr" ]; then + _err "Unable to parse paketnr" + return 3 + fi + _debug paketnr "$paketnr" + + export _H1="Cookie: W4YSESSID=$sessid" + form=$(_get "$WORLD4YOU_API/$paketnr/dns") + formiddp=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/') + formidttl=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/') + form_token=$(echo "$form" | grep 'AddDnsRecordForm\[_token\]' | sed 's/^.*name="AddDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/') + if [ -z "$formiddp" ]; then + _err "Unable to parse form" + return 3 + fi + + _ORIG_ACME_CURL="$_ACME_CURL" + _ACME_CURL=$(echo "$_ACME_CURL" | sed 's/ -L / /') + + body="AddDnsRecordForm[name]=$record&AddDnsRecordForm[dnsType][type]=TXT&\ +AddDnsRecordForm[value]=$value&AddDnsRecordForm[aktivPaket]=$paketnr&AddDnsRecordForm[uniqueFormIdDP]=$formiddp&\ +AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_token" + _info "Adding record..." + ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded') + + _ACME_CURL="$_ORIG_ACME_CURL" + + success=$(grep '302\|200' <"$HTTP_HEADER") + if [ "$success" ]; then + return 0 + else + _err "$(head -n 1 <"$HTTP_HEADER")" + return 2 + fi +} + +# Usage: dns_world4you_rm +dns_world4you_rm() { + fqdn="$1" + value="$2" + _info "Using world4you" + _debug fulldomain "$fqdn" + _debug txtvalue "$value" + + tld=$(echo "$fqdn" | grep -o '[^.]*\.[^.]*$') + record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") + + _login + if [ "$?" != 0 ]; then + return 1 + fi + + export _H1="Cookie: W4YSESSID=$sessid" + paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | grep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') + if [ -z "$paketnr" ]; then + _err "Unable to parse paketnr" + return 3 + fi + _debug paketnr "$paketnr" + + form=$(_get "$WORLD4YOU_API/$paketnr/dns") + formiddp=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/') + formidttl=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/') + form_token=$(echo "$form" | grep 'DeleteDnsRecordForm\[_token\]' | sed 's/^.*name="DeleteDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/') + if [ -z "$formiddp" ]; then + _err "Unable to parse form" + return 3 + fi + + recordid=$(printf "TXT:%s.:\"%s\"" "$fqdn" "$value" | _base64) + _debug recordid "$recordid" + + _ORIG_ACME_CURL="$_ACME_CURL" + _ACME_CURL=$(echo "$_ACME_CURL" | sed 's/ -L / /') + + body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[aktivPaket]=$paketnr&\ +DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[uniqueFormIdTTL]=$formidttl&\ +DeleteDnsRecordForm[_token]=$form_token" + _info "Removing record..." + ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/deleteRecord" '' POST 'application/x-www-form-urlencoded') + + _ACME_CURL="$_ORIG_ACME_CURL" + + success=$(grep '302\|200' <"$HTTP_HEADER") + if [ "$success" ]; then + return 0 + else + _err "$(head -n 1 <"$HTTP_HEADER")" + return 2 + fi +} + +################ Private functions ################ + +# Usage: _login +_login() { + WORLD4YOU_USERNAME="${WORLD4YOU_USERNAME:-$(_readaccountconf_mutable WORLD4YOU_USERNAME)}" + WORLD4YOU_PASSWORD="${WORLD4YOU_PASSWORD:-$(_readaccountconf_mutable WORLD4YOU_PASSWORD)}" + + if [ -z "$WORLD4YOU_USERNAME" ] || [ -z "$WORLD4YOU_PASSWORD" ]; then + WORLD4YOU_USERNAME="" + WORLD4YOU_PASSWORD="" + _err "You don't specified world4you username and password yet." + _err "Usage: export WORLD4YOU_USERNAME=" + _err "Usage: export WORLD4YOU_PASSWORD=" + return 2 + fi + + _saveaccountconf_mutable WORLD4YOU_USERNAME "$WORLD4YOU_USERNAME" + _saveaccountconf_mutable WORLD4YOU_PASSWORD "$WORLD4YOU_PASSWORD" + + _info "Logging in..." + + username="$WORLD4YOU_USERNAME" + password="$WORLD4YOU_PASSWORD" + csrf_token=$(_get "$WORLD4YOU_API/login" | grep '_csrf_token' | sed 's/^.*]*value=\"\([^"]*\)\".*$/\1/') + sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') + + export _H1="Cookie: W4YSESSID=$sessid" + export _H2="X-Requested-With: XMLHttpRequest" + body="_username=$username&_password=$password&_csrf_token=$csrf_token" + ret=$(_post "$body" "$WORLD4YOU_API/login" '' POST 'application/x-www-form-urlencoded') + unset _H2 + _debug ret "$ret" + if _contains "$ret" "\"success\":true"; then + _info "Successfully logged in" + sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') + else + _err "Unable to log in: $(echo "$ret" | sed 's/^.*"message":"\([^\"]*\)".*$/\1/')" + return 1 + fi +} From 95235d69c20484d340d44d21950a76f6492e3c7e Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Thu, 26 Nov 2020 13:59:18 +0100 Subject: [PATCH 0105/1526] World4You using _egrep_o --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index ec5a0e47..b58ea89a 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -15,7 +15,7 @@ dns_world4you_add() { _debug fulldomain "$fqdn" _debug txtvalue "$value" - tld=$(echo "$fqdn" | grep -o '[^.]*\.[^.]*$') + tld=$(echo "$fqdn" | _egrep_o '[^.]*\.[^.]*$') record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") _login @@ -69,7 +69,7 @@ dns_world4you_rm() { _debug fulldomain "$fqdn" _debug txtvalue "$value" - tld=$(echo "$fqdn" | grep -o '[^.]*\.[^.]*$') + tld=$(echo "$fqdn" | _egrep_o '[^.]*\.[^.]*$') record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") _login From bb3cc1130b22335f5664878635db43293b367194 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 19:34:16 +0100 Subject: [PATCH 0106/1526] World4You using ggrep in solaris --- dnsapi/dns_world4you.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index b58ea89a..db52cda1 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -24,7 +24,7 @@ dns_world4you_add() { fi export _H1="Cookie: W4YSESSID=$sessid" - paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | grep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\)<.*$/\1/') + paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | _ggrep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\)<.*$/\1/') if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 @@ -78,7 +78,7 @@ dns_world4you_rm() { fi export _H1="Cookie: W4YSESSID=$sessid" - paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | grep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') + paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | _ggrep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 @@ -157,3 +157,13 @@ _login() { return 1 fi } + +_ggrep() { + if _exists "ggrep"; then + ggrep $@ + return $? + else + grep $@ + return $? + fi +} From 268eaddad8845ed35af46a4f7ac36d2859a8d074 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 19:35:53 +0100 Subject: [PATCH 0107/1526] World4You shellcheck --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index db52cda1..fbc5fe40 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -160,10 +160,10 @@ _login() { _ggrep() { if _exists "ggrep"; then - ggrep $@ + ggrep "$@" return $? else - grep $@ + grep "$@" return $? fi } From 339ff8ca773e196613db5ca29f651893c3227682 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 22:12:11 +0100 Subject: [PATCH 0108/1526] World4You domain root fix --- dnsapi/dns_world4you.sh | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index fbc5fe40..502e8631 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -4,6 +4,7 @@ # Lorenz Stechauner, 2020 - https://www.github.com/NerLOR WORLD4YOU_API="https://my.world4you.com/en" +PAKETNR='' ################ Public functions ################ @@ -24,7 +25,9 @@ dns_world4you_add() { fi export _H1="Cookie: W4YSESSID=$sessid" - paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | _ggrep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\)<.*$/\1/') + form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") + _get_paketnr "$tld" "$form" + paketnr="$PAKETNR" if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 @@ -78,7 +81,9 @@ dns_world4you_rm() { fi export _H1="Cookie: W4YSESSID=$sessid" - paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | _ggrep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') + form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") + _get_paketnr "$tld" "$form" + paketnr="$PAKETNR" if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 @@ -158,6 +163,25 @@ _login() { fi } +# Usage _get_paketnr
+_get_paketnr() { + tld="$1" + form="$2" + + domains=($(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/')) + paketnrs=($(echo "$form" | _ggrep -B 3 -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed -n '1~5p' | sed 's/^.*>\([0-9][0-9]*\).*$/\1/')) + + total="${#domains[*]}" + for (( i=0; i<=$(( $total - 1 )); i++ )); do + domain="${domains[$i]}" + if [ $(echo "$domain" | grep "$tld\$") ]; then + PAKETNR="${paketnrs[$i]}" + return 0 + fi + done + return 1 +} + _ggrep() { if _exists "ggrep"; then ggrep "$@" From 2e15371d616a3b83c4cdc3b51176edf2d1d2966d Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 22:22:50 +0100 Subject: [PATCH 0109/1526] World4You posix shell --- dnsapi/dns_world4you.sh | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 502e8631..8e12dd5f 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -168,18 +168,19 @@ _get_paketnr() { tld="$1" form="$2" - domains=($(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/')) - paketnrs=($(echo "$form" | _ggrep -B 3 -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed -n '1~5p' | sed 's/^.*>\([0-9][0-9]*\).*$/\1/')) - - total="${#domains[*]}" - for (( i=0; i<=$(( $total - 1 )); i++ )); do - domain="${domains[$i]}" + domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') + domain='' + for domain in $domains; do if [ $(echo "$domain" | grep "$tld\$") ]; then - PAKETNR="${paketnrs[$i]}" - return 0 + break fi done - return 1 + if [ -z "$domain" ]; then + return 1 + fi + + PAKETNR=$(echo "$form" | _ggrep -B 3 "^\\s*$domain\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') + return 0 } _ggrep() { From 42583cf3bb6d4ea091491533d33d1717f746065f Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 22:25:29 +0100 Subject: [PATCH 0110/1526] World4You Shellcheck --- dnsapi/dns_world4you.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 8e12dd5f..e1585801 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -171,7 +171,7 @@ _get_paketnr() { domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do - if [ $(echo "$domain" | grep "$tld\$") ]; then + if [ "$(echo "$domain" | grep -q "$tld\$")" ]; then break fi done From 198b8400597881a82bf8c3cc1f14edf32068862a Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 22:27:10 +0100 Subject: [PATCH 0111/1526] World4You grep -q --- dnsapi/dns_world4you.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index e1585801..2be5a6b9 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -171,7 +171,7 @@ _get_paketnr() { domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do - if [ "$(echo "$domain" | grep -q "$tld\$")" ]; then + if $(echo "$domain" | grep -q "$tld\$"; then break fi done From dcb4cb3a1e439661b4f0fd2d1b63fa61c78b0f1a Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 22:28:25 +0100 Subject: [PATCH 0112/1526] World4You Bugfix --- dnsapi/dns_world4you.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 2be5a6b9..e1ced163 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -171,7 +171,7 @@ _get_paketnr() { domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do - if $(echo "$domain" | grep -q "$tld\$"; then + if $(echo "$domain" | grep -q "$tld\$"); then break fi done From f3987b453c4115fb19a565dfe4850fd2dff0d595 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 22:29:31 +0100 Subject: [PATCH 0113/1526] World4You Bugfix 2 --- dnsapi/dns_world4you.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index e1ced163..4c0be782 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -171,7 +171,7 @@ _get_paketnr() { domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do - if $(echo "$domain" | grep -q "$tld\$"); then + if echo "$domain" | grep -q "$tld\$"; then break fi done From 9474933070bf18c5cfc0a298f3da54790be141af Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sat, 28 Nov 2020 08:50:47 +0100 Subject: [PATCH 0114/1526] World4You dns root parsing --- dnsapi/dns_world4you.sh | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 4c0be782..455418a5 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -5,6 +5,8 @@ WORLD4YOU_API="https://my.world4you.com/en" PAKETNR='' +TLD='' +RECORD='' ################ Public functions ################ @@ -16,9 +18,6 @@ dns_world4you_add() { _debug fulldomain "$fqdn" _debug txtvalue "$value" - tld=$(echo "$fqdn" | _egrep_o '[^.]*\.[^.]*$') - record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") - _login if [ "$?" != 0 ]; then return 1 @@ -26,8 +25,10 @@ dns_world4you_add() { export _H1="Cookie: W4YSESSID=$sessid" form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") - _get_paketnr "$tld" "$form" + _get_paketnr "$fqdn" "$form" paketnr="$PAKETNR" + tld="$TLD" + record="$RECORD" if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 @@ -82,8 +83,10 @@ dns_world4you_rm() { export _H1="Cookie: W4YSESSID=$sessid" form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") - _get_paketnr "$tld" "$form" + _get_paketnr "$fqdn" "$form" paketnr="$PAKETNR" + tld="$TLD" + record="$RECORD" if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 @@ -163,22 +166,25 @@ _login() { fi } -# Usage _get_paketnr +# Usage _get_paketnr _get_paketnr() { - tld="$1" + fqdn="$1" form="$2" domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do - if echo "$domain" | grep -q "$tld\$"; then + if echo "$fqdn" | grep -q "$domain\$"; then break fi + domain='' done if [ -z "$domain" ]; then return 1 fi + TLD="$domain" + RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))") PAKETNR=$(echo "$form" | _ggrep -B 3 "^\\s*$domain\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') return 0 } From ed01fd4edfd76fe96a1d38af3731f6efb46c904c Mon Sep 17 00:00:00 2001 From: Moritz H Date: Sat, 28 Nov 2020 15:22:14 +0100 Subject: [PATCH 0115/1526] uconv as fallback for iconv --- deploy/fritzbox.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/deploy/fritzbox.sh b/deploy/fritzbox.sh index 89b19806..2ca7ab7d 100644 --- a/deploy/fritzbox.sh +++ b/deploy/fritzbox.sh @@ -28,9 +28,11 @@ fritzbox_deploy() { _debug _cfullchain "$_cfullchain" if ! _exists iconv; then - if ! _exists perl; then - _err "iconv or perl not found" - return 1 + if ! _exists uconv; then + if ! _exists perl; then + _err "iconv or uconv or perl not found" + return 1 + fi fi fi @@ -65,6 +67,8 @@ fritzbox_deploy() { _fritzbox_challenge="$(_get "${_fritzbox_url}/login_sid.lua" | sed -e 's/^.*//' -e 's/<\/Challenge>.*$//')" if _exists iconv; then _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | iconv -f ASCII -t UTF16LE | _digest md5 hex)" + elif _exists uconv; then + _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | uconv -f ASCII -t UTF16LE | _digest md5 hex)" else _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | _digest md5 hex)" fi From 0ed2659698ac08a175eb50ad1c5c27d69346bd2c Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sat, 28 Nov 2020 17:27:50 +0100 Subject: [PATCH 0116/1526] World4You using ggrep more often --- dnsapi/dns_world4you.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 455418a5..10c1628b 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -56,8 +56,7 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke _ACME_CURL="$_ORIG_ACME_CURL" - success=$(grep '302\|200' <"$HTTP_HEADER") - if [ "$success" ]; then + if _ggrep -q '302\|200' <"$HTTP_HEADER"; then return 0 else _err "$(head -n 1 <"$HTTP_HEADER")" @@ -116,8 +115,7 @@ DeleteDnsRecordForm[_token]=$form_token" _ACME_CURL="$_ORIG_ACME_CURL" - success=$(grep '302\|200' <"$HTTP_HEADER") - if [ "$success" ]; then + if _ggrep -q '302\|200' <"$HTTP_HEADER"; then return 0 else _err "$(head -n 1 <"$HTTP_HEADER")" From 1987c32761cc8ae20263400ccbe8822c8f9911e3 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 09:34:52 +0100 Subject: [PATCH 0117/1526] World4You using _egrep_o instead of grep -E --- dnsapi/dns_world4you.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 10c1628b..bcb01619 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -169,7 +169,7 @@ _get_paketnr() { fqdn="$1" form="$2" - domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') + domains=$(echo "$form" | _egrep_o '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do if echo "$fqdn" | grep -q "$domain\$"; then From 9fee0805c41539d8cec2a56a694882b36141432d Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 09:40:35 +0100 Subject: [PATCH 0118/1526] World4You using /dev/null instead of grep -q --- dnsapi/dns_world4you.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index bcb01619..fff8089d 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -56,7 +56,7 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke _ACME_CURL="$_ORIG_ACME_CURL" - if _ggrep -q '302\|200' <"$HTTP_HEADER"; then + if _ggrep '302\|200' >/dev/null <"$HTTP_HEADER"; then return 0 else _err "$(head -n 1 <"$HTTP_HEADER")" @@ -115,7 +115,7 @@ DeleteDnsRecordForm[_token]=$form_token" _ACME_CURL="$_ORIG_ACME_CURL" - if _ggrep -q '302\|200' <"$HTTP_HEADER"; then + if _ggrep '302\|200' >/dev/null <"$HTTP_HEADER"; then return 0 else _err "$(head -n 1 <"$HTTP_HEADER")" @@ -172,7 +172,7 @@ _get_paketnr() { domains=$(echo "$form" | _egrep_o '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do - if echo "$fqdn" | grep -q "$domain\$"; then + if echo "$fqdn" | grep "$domain\$" >/dev/null; then break fi domain='' From 2dd8527566fb37431abb84c52d526a7069345bea Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 10:33:46 +0100 Subject: [PATCH 0119/1526] World4You success on 302 instead of 302 or 200 --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index fff8089d..76acacf8 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -56,7 +56,7 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke _ACME_CURL="$_ORIG_ACME_CURL" - if _ggrep '302\|200' >/dev/null <"$HTTP_HEADER"; then + if grep '302' >/dev/null <"$HTTP_HEADER"; then return 0 else _err "$(head -n 1 <"$HTTP_HEADER")" @@ -115,7 +115,7 @@ DeleteDnsRecordForm[_token]=$form_token" _ACME_CURL="$_ORIG_ACME_CURL" - if _ggrep '302\|200' >/dev/null <"$HTTP_HEADER"; then + if grep '302' >/dev/null <"$HTTP_HEADER"; then return 0 else _err "$(head -n 1 <"$HTTP_HEADER")" From 6c039d2ad080c58d36ea6775bbf2fbffa269a7cb Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 10:43:25 +0100 Subject: [PATCH 0120/1526] World4You removed _ggrep --- dnsapi/dns_world4you.sh | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 76acacf8..573c5ee6 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -183,16 +183,6 @@ _get_paketnr() { TLD="$domain" RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))") - PAKETNR=$(echo "$form" | _ggrep -B 3 "^\\s*$domain\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') + PAKETNR=$(echo "$form" | _egrep_o "data-textfilter=\" $domain .* [0-9]*" | head -n 1 | _egrep_o "[0-9]*") return 0 } - -_ggrep() { - if _exists "ggrep"; then - ggrep "$@" - return $? - else - grep "$@" - return $? - fi -} From effa7fd57d2a36233f8c3f3d29bac0789a9a12b4 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 29 Nov 2020 18:39:11 +0800 Subject: [PATCH 0121/1526] add ACME_HTTP_NO_REDIRECTS and _resethttp to make http requests not follow redirects --- acme.sh | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index b234fb26..dcbe3c9d 100755 --- a/acme.sh +++ b/acme.sh @@ -1722,6 +1722,14 @@ _mktemp() { _err "Can not create temp file." } +#clear all the https envs to cause _inithttp() to run next time. +_resethttp() { + __HTTP_INITIALIZED="" + _ACME_CURL="" + _ACME_WGET="" + ACME_HTTP_NO_REDIRECTS="" +} + _inithttp() { if [ -z "$HTTP_HEADER" ] || ! touch "$HTTP_HEADER"; then @@ -1737,7 +1745,10 @@ _inithttp() { fi if [ -z "$_ACME_CURL" ] && _exists "curl"; then - _ACME_CURL="curl -L --silent --dump-header $HTTP_HEADER " + _ACME_CURL="curl --silent --dump-header $HTTP_HEADER " + if [ -z "$ACME_HTTP_NO_REDIRECTS" ]; then + _ACME_CURL="$_ACME_CURL -L " + fi if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _CURL_DUMP="$(_mktemp)" _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP " @@ -1756,6 +1767,9 @@ _inithttp() { if [ -z "$_ACME_WGET" ] && _exists "wget"; then _ACME_WGET="wget -q" + if [ "$ACME_HTTP_NO_REDIRECTS" ]; then + _ACME_WGET="$_ACME_WGET --max-redirect 0 " + fi if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _ACME_WGET="$_ACME_WGET -d " fi From 8ee5726e0cc1b3cf7e106363b958ed22472c8237 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 22 Nov 2020 11:22:54 +0100 Subject: [PATCH 0122/1526] Added World4You DNS API --- dnsapi/dns_world4you.sh | 159 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 dnsapi/dns_world4you.sh diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh new file mode 100644 index 00000000..ec5a0e47 --- /dev/null +++ b/dnsapi/dns_world4you.sh @@ -0,0 +1,159 @@ +#!/usr/bin/env sh + +# World4You - www.world4you.com +# Lorenz Stechauner, 2020 - https://www.github.com/NerLOR + +WORLD4YOU_API="https://my.world4you.com/en" + +################ Public functions ################ + +# Usage: dns_world4you_add +dns_world4you_add() { + fqdn="$1" + value="$2" + _info "Using world4you" + _debug fulldomain "$fqdn" + _debug txtvalue "$value" + + tld=$(echo "$fqdn" | grep -o '[^.]*\.[^.]*$') + record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") + + _login + if [ "$?" != 0 ]; then + return 1 + fi + + export _H1="Cookie: W4YSESSID=$sessid" + paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | grep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\)<.*$/\1/') + if [ -z "$paketnr" ]; then + _err "Unable to parse paketnr" + return 3 + fi + _debug paketnr "$paketnr" + + export _H1="Cookie: W4YSESSID=$sessid" + form=$(_get "$WORLD4YOU_API/$paketnr/dns") + formiddp=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/') + formidttl=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/') + form_token=$(echo "$form" | grep 'AddDnsRecordForm\[_token\]' | sed 's/^.*name="AddDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/') + if [ -z "$formiddp" ]; then + _err "Unable to parse form" + return 3 + fi + + _ORIG_ACME_CURL="$_ACME_CURL" + _ACME_CURL=$(echo "$_ACME_CURL" | sed 's/ -L / /') + + body="AddDnsRecordForm[name]=$record&AddDnsRecordForm[dnsType][type]=TXT&\ +AddDnsRecordForm[value]=$value&AddDnsRecordForm[aktivPaket]=$paketnr&AddDnsRecordForm[uniqueFormIdDP]=$formiddp&\ +AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_token" + _info "Adding record..." + ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded') + + _ACME_CURL="$_ORIG_ACME_CURL" + + success=$(grep '302\|200' <"$HTTP_HEADER") + if [ "$success" ]; then + return 0 + else + _err "$(head -n 1 <"$HTTP_HEADER")" + return 2 + fi +} + +# Usage: dns_world4you_rm +dns_world4you_rm() { + fqdn="$1" + value="$2" + _info "Using world4you" + _debug fulldomain "$fqdn" + _debug txtvalue "$value" + + tld=$(echo "$fqdn" | grep -o '[^.]*\.[^.]*$') + record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") + + _login + if [ "$?" != 0 ]; then + return 1 + fi + + export _H1="Cookie: W4YSESSID=$sessid" + paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | grep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') + if [ -z "$paketnr" ]; then + _err "Unable to parse paketnr" + return 3 + fi + _debug paketnr "$paketnr" + + form=$(_get "$WORLD4YOU_API/$paketnr/dns") + formiddp=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/') + formidttl=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/') + form_token=$(echo "$form" | grep 'DeleteDnsRecordForm\[_token\]' | sed 's/^.*name="DeleteDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/') + if [ -z "$formiddp" ]; then + _err "Unable to parse form" + return 3 + fi + + recordid=$(printf "TXT:%s.:\"%s\"" "$fqdn" "$value" | _base64) + _debug recordid "$recordid" + + _ORIG_ACME_CURL="$_ACME_CURL" + _ACME_CURL=$(echo "$_ACME_CURL" | sed 's/ -L / /') + + body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[aktivPaket]=$paketnr&\ +DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[uniqueFormIdTTL]=$formidttl&\ +DeleteDnsRecordForm[_token]=$form_token" + _info "Removing record..." + ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/deleteRecord" '' POST 'application/x-www-form-urlencoded') + + _ACME_CURL="$_ORIG_ACME_CURL" + + success=$(grep '302\|200' <"$HTTP_HEADER") + if [ "$success" ]; then + return 0 + else + _err "$(head -n 1 <"$HTTP_HEADER")" + return 2 + fi +} + +################ Private functions ################ + +# Usage: _login +_login() { + WORLD4YOU_USERNAME="${WORLD4YOU_USERNAME:-$(_readaccountconf_mutable WORLD4YOU_USERNAME)}" + WORLD4YOU_PASSWORD="${WORLD4YOU_PASSWORD:-$(_readaccountconf_mutable WORLD4YOU_PASSWORD)}" + + if [ -z "$WORLD4YOU_USERNAME" ] || [ -z "$WORLD4YOU_PASSWORD" ]; then + WORLD4YOU_USERNAME="" + WORLD4YOU_PASSWORD="" + _err "You don't specified world4you username and password yet." + _err "Usage: export WORLD4YOU_USERNAME=" + _err "Usage: export WORLD4YOU_PASSWORD=" + return 2 + fi + + _saveaccountconf_mutable WORLD4YOU_USERNAME "$WORLD4YOU_USERNAME" + _saveaccountconf_mutable WORLD4YOU_PASSWORD "$WORLD4YOU_PASSWORD" + + _info "Logging in..." + + username="$WORLD4YOU_USERNAME" + password="$WORLD4YOU_PASSWORD" + csrf_token=$(_get "$WORLD4YOU_API/login" | grep '_csrf_token' | sed 's/^.*]*value=\"\([^"]*\)\".*$/\1/') + sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') + + export _H1="Cookie: W4YSESSID=$sessid" + export _H2="X-Requested-With: XMLHttpRequest" + body="_username=$username&_password=$password&_csrf_token=$csrf_token" + ret=$(_post "$body" "$WORLD4YOU_API/login" '' POST 'application/x-www-form-urlencoded') + unset _H2 + _debug ret "$ret" + if _contains "$ret" "\"success\":true"; then + _info "Successfully logged in" + sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') + else + _err "Unable to log in: $(echo "$ret" | sed 's/^.*"message":"\([^\"]*\)".*$/\1/')" + return 1 + fi +} From f3b5d5ab7b7dcebc595ce281f13827f7d051dfbf Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Thu, 26 Nov 2020 13:59:18 +0100 Subject: [PATCH 0123/1526] World4You using _egrep_o --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index ec5a0e47..b58ea89a 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -15,7 +15,7 @@ dns_world4you_add() { _debug fulldomain "$fqdn" _debug txtvalue "$value" - tld=$(echo "$fqdn" | grep -o '[^.]*\.[^.]*$') + tld=$(echo "$fqdn" | _egrep_o '[^.]*\.[^.]*$') record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") _login @@ -69,7 +69,7 @@ dns_world4you_rm() { _debug fulldomain "$fqdn" _debug txtvalue "$value" - tld=$(echo "$fqdn" | grep -o '[^.]*\.[^.]*$') + tld=$(echo "$fqdn" | _egrep_o '[^.]*\.[^.]*$') record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") _login From 9449501537a84385f9431f411ecb8e0e41c8670a Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 19:34:16 +0100 Subject: [PATCH 0124/1526] World4You using ggrep in solaris --- dnsapi/dns_world4you.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index b58ea89a..db52cda1 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -24,7 +24,7 @@ dns_world4you_add() { fi export _H1="Cookie: W4YSESSID=$sessid" - paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | grep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\)<.*$/\1/') + paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | _ggrep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\)<.*$/\1/') if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 @@ -78,7 +78,7 @@ dns_world4you_rm() { fi export _H1="Cookie: W4YSESSID=$sessid" - paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | grep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') + paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | _ggrep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 @@ -157,3 +157,13 @@ _login() { return 1 fi } + +_ggrep() { + if _exists "ggrep"; then + ggrep $@ + return $? + else + grep $@ + return $? + fi +} From f9dfd3b3485c03b3fae9e975dec50112fde26e57 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 19:35:53 +0100 Subject: [PATCH 0125/1526] World4You shellcheck --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index db52cda1..fbc5fe40 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -160,10 +160,10 @@ _login() { _ggrep() { if _exists "ggrep"; then - ggrep $@ + ggrep "$@" return $? else - grep $@ + grep "$@" return $? fi } From abe05456f785c222fd06a4062a2533b72f73a058 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 22:12:11 +0100 Subject: [PATCH 0126/1526] World4You domain root fix --- dnsapi/dns_world4you.sh | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index fbc5fe40..502e8631 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -4,6 +4,7 @@ # Lorenz Stechauner, 2020 - https://www.github.com/NerLOR WORLD4YOU_API="https://my.world4you.com/en" +PAKETNR='' ################ Public functions ################ @@ -24,7 +25,9 @@ dns_world4you_add() { fi export _H1="Cookie: W4YSESSID=$sessid" - paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | _ggrep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\)<.*$/\1/') + form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") + _get_paketnr "$tld" "$form" + paketnr="$PAKETNR" if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 @@ -78,7 +81,9 @@ dns_world4you_rm() { fi export _H1="Cookie: W4YSESSID=$sessid" - paketnr=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht" | _ggrep -B 3 "^\\s*$tld\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') + form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") + _get_paketnr "$tld" "$form" + paketnr="$PAKETNR" if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 @@ -158,6 +163,25 @@ _login() { fi } +# Usage _get_paketnr +_get_paketnr() { + tld="$1" + form="$2" + + domains=($(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/')) + paketnrs=($(echo "$form" | _ggrep -B 3 -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed -n '1~5p' | sed 's/^.*>\([0-9][0-9]*\).*$/\1/')) + + total="${#domains[*]}" + for (( i=0; i<=$(( $total - 1 )); i++ )); do + domain="${domains[$i]}" + if [ $(echo "$domain" | grep "$tld\$") ]; then + PAKETNR="${paketnrs[$i]}" + return 0 + fi + done + return 1 +} + _ggrep() { if _exists "ggrep"; then ggrep "$@" From ef9147512b20499ac57442f58d3d1bcfdbd9c9bf Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 22:22:50 +0100 Subject: [PATCH 0127/1526] World4You posix shell --- dnsapi/dns_world4you.sh | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 502e8631..8e12dd5f 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -168,18 +168,19 @@ _get_paketnr() { tld="$1" form="$2" - domains=($(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/')) - paketnrs=($(echo "$form" | _ggrep -B 3 -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed -n '1~5p' | sed 's/^.*>\([0-9][0-9]*\).*$/\1/')) - - total="${#domains[*]}" - for (( i=0; i<=$(( $total - 1 )); i++ )); do - domain="${domains[$i]}" + domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') + domain='' + for domain in $domains; do if [ $(echo "$domain" | grep "$tld\$") ]; then - PAKETNR="${paketnrs[$i]}" - return 0 + break fi done - return 1 + if [ -z "$domain" ]; then + return 1 + fi + + PAKETNR=$(echo "$form" | _ggrep -B 3 "^\\s*$domain\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') + return 0 } _ggrep() { From 895da5cbf07eb333610a9b4acaf39e536ae7a9d9 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 22:25:29 +0100 Subject: [PATCH 0128/1526] World4You Shellcheck --- dnsapi/dns_world4you.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 8e12dd5f..e1585801 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -171,7 +171,7 @@ _get_paketnr() { domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do - if [ $(echo "$domain" | grep "$tld\$") ]; then + if [ "$(echo "$domain" | grep -q "$tld\$")" ]; then break fi done From 46611857195f9c53286738f44c11ed42a65805cc Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 22:27:10 +0100 Subject: [PATCH 0129/1526] World4You grep -q --- dnsapi/dns_world4you.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index e1585801..2be5a6b9 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -171,7 +171,7 @@ _get_paketnr() { domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do - if [ "$(echo "$domain" | grep -q "$tld\$")" ]; then + if $(echo "$domain" | grep -q "$tld\$"; then break fi done From 2edc4a79b9ff3c8668220b4d2a80624320c3b0fa Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 22:28:25 +0100 Subject: [PATCH 0130/1526] World4You Bugfix --- dnsapi/dns_world4you.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 2be5a6b9..e1ced163 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -171,7 +171,7 @@ _get_paketnr() { domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do - if $(echo "$domain" | grep -q "$tld\$"; then + if $(echo "$domain" | grep -q "$tld\$"); then break fi done From 13f6ec04d55b15f0620ee30d4f370c017425715a Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Fri, 27 Nov 2020 22:29:31 +0100 Subject: [PATCH 0131/1526] World4You Bugfix 2 --- dnsapi/dns_world4you.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index e1ced163..4c0be782 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -171,7 +171,7 @@ _get_paketnr() { domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do - if $(echo "$domain" | grep -q "$tld\$"); then + if echo "$domain" | grep -q "$tld\$"; then break fi done From 5cfe5e312b15846ed1711b6da35ca5c6f47c11b8 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sat, 28 Nov 2020 08:50:47 +0100 Subject: [PATCH 0132/1526] World4You dns root parsing --- dnsapi/dns_world4you.sh | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 4c0be782..455418a5 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -5,6 +5,8 @@ WORLD4YOU_API="https://my.world4you.com/en" PAKETNR='' +TLD='' +RECORD='' ################ Public functions ################ @@ -16,9 +18,6 @@ dns_world4you_add() { _debug fulldomain "$fqdn" _debug txtvalue "$value" - tld=$(echo "$fqdn" | _egrep_o '[^.]*\.[^.]*$') - record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") - _login if [ "$?" != 0 ]; then return 1 @@ -26,8 +25,10 @@ dns_world4you_add() { export _H1="Cookie: W4YSESSID=$sessid" form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") - _get_paketnr "$tld" "$form" + _get_paketnr "$fqdn" "$form" paketnr="$PAKETNR" + tld="$TLD" + record="$RECORD" if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 @@ -82,8 +83,10 @@ dns_world4you_rm() { export _H1="Cookie: W4YSESSID=$sessid" form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") - _get_paketnr "$tld" "$form" + _get_paketnr "$fqdn" "$form" paketnr="$PAKETNR" + tld="$TLD" + record="$RECORD" if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 @@ -163,22 +166,25 @@ _login() { fi } -# Usage _get_paketnr +# Usage _get_paketnr _get_paketnr() { - tld="$1" + fqdn="$1" form="$2" domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do - if echo "$domain" | grep -q "$tld\$"; then + if echo "$fqdn" | grep -q "$domain\$"; then break fi + domain='' done if [ -z "$domain" ]; then return 1 fi + TLD="$domain" + RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))") PAKETNR=$(echo "$form" | _ggrep -B 3 "^\\s*$domain\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') return 0 } From a0edb8f2ad8bbc193e52c10e052fbdf4541dcf80 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sat, 28 Nov 2020 17:27:50 +0100 Subject: [PATCH 0133/1526] World4You using ggrep more often --- dnsapi/dns_world4you.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 455418a5..10c1628b 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -56,8 +56,7 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke _ACME_CURL="$_ORIG_ACME_CURL" - success=$(grep '302\|200' <"$HTTP_HEADER") - if [ "$success" ]; then + if _ggrep -q '302\|200' <"$HTTP_HEADER"; then return 0 else _err "$(head -n 1 <"$HTTP_HEADER")" @@ -116,8 +115,7 @@ DeleteDnsRecordForm[_token]=$form_token" _ACME_CURL="$_ORIG_ACME_CURL" - success=$(grep '302\|200' <"$HTTP_HEADER") - if [ "$success" ]; then + if _ggrep -q '302\|200' <"$HTTP_HEADER"; then return 0 else _err "$(head -n 1 <"$HTTP_HEADER")" From 35cab4ee7398edd9547acabeabc6937fec153ccf Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 09:34:52 +0100 Subject: [PATCH 0134/1526] World4You using _egrep_o instead of grep -E --- dnsapi/dns_world4you.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 10c1628b..bcb01619 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -169,7 +169,7 @@ _get_paketnr() { fqdn="$1" form="$2" - domains=$(echo "$form" | _ggrep -E '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') + domains=$(echo "$form" | _egrep_o '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do if echo "$fqdn" | grep -q "$domain\$"; then From 3d79d78134dd6f19be2e7f6f11be06c08450de79 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 09:40:35 +0100 Subject: [PATCH 0135/1526] World4You using /dev/null instead of grep -q --- dnsapi/dns_world4you.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index bcb01619..fff8089d 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -56,7 +56,7 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke _ACME_CURL="$_ORIG_ACME_CURL" - if _ggrep -q '302\|200' <"$HTTP_HEADER"; then + if _ggrep '302\|200' >/dev/null <"$HTTP_HEADER"; then return 0 else _err "$(head -n 1 <"$HTTP_HEADER")" @@ -115,7 +115,7 @@ DeleteDnsRecordForm[_token]=$form_token" _ACME_CURL="$_ORIG_ACME_CURL" - if _ggrep -q '302\|200' <"$HTTP_HEADER"; then + if _ggrep '302\|200' >/dev/null <"$HTTP_HEADER"; then return 0 else _err "$(head -n 1 <"$HTTP_HEADER")" @@ -172,7 +172,7 @@ _get_paketnr() { domains=$(echo "$form" | _egrep_o '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do - if echo "$fqdn" | grep -q "$domain\$"; then + if echo "$fqdn" | grep "$domain\$" >/dev/null; then break fi domain='' From faf6c1671739af4ac9414423231da34ed6c6465c Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 10:33:46 +0100 Subject: [PATCH 0136/1526] World4You success on 302 instead of 302 or 200 --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index fff8089d..76acacf8 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -56,7 +56,7 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke _ACME_CURL="$_ORIG_ACME_CURL" - if _ggrep '302\|200' >/dev/null <"$HTTP_HEADER"; then + if grep '302' >/dev/null <"$HTTP_HEADER"; then return 0 else _err "$(head -n 1 <"$HTTP_HEADER")" @@ -115,7 +115,7 @@ DeleteDnsRecordForm[_token]=$form_token" _ACME_CURL="$_ORIG_ACME_CURL" - if _ggrep '302\|200' >/dev/null <"$HTTP_HEADER"; then + if grep '302' >/dev/null <"$HTTP_HEADER"; then return 0 else _err "$(head -n 1 <"$HTTP_HEADER")" From c3d7f2f1708d13eb4d434fc27830a99f268e724a Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 10:43:25 +0100 Subject: [PATCH 0137/1526] World4You removed _ggrep --- dnsapi/dns_world4you.sh | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 76acacf8..573c5ee6 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -183,16 +183,6 @@ _get_paketnr() { TLD="$domain" RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))") - PAKETNR=$(echo "$form" | _ggrep -B 3 "^\\s*$domain\$" | head -n 1 | sed 's/^.*>\([0-9][0-9]*\).*$/\1/') + PAKETNR=$(echo "$form" | _egrep_o "data-textfilter=\" $domain .* [0-9]*" | head -n 1 | _egrep_o "[0-9]*") return 0 } - -_ggrep() { - if _exists "ggrep"; then - ggrep "$@" - return $? - else - grep "$@" - return $? - fi -} From 0dcf6771e736c6587d3dc064c95ad07059cbf2f6 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 11:51:16 +0100 Subject: [PATCH 0138/1526] World4you grammar --- dnsapi/dns_world4you.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 573c5ee6..87f6885f 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -133,7 +133,7 @@ _login() { if [ -z "$WORLD4YOU_USERNAME" ] || [ -z "$WORLD4YOU_PASSWORD" ]; then WORLD4YOU_USERNAME="" WORLD4YOU_PASSWORD="" - _err "You don't specified world4you username and password yet." + _err "You didn't specify world4you username and password yet." _err "Usage: export WORLD4YOU_USERNAME=" _err "Usage: export WORLD4YOU_PASSWORD=" return 2 From 1e3bb1f02b674e37d6dd15096782eea2e3cafb0a Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 11:51:59 +0100 Subject: [PATCH 0139/1526] World4You head_n --- dnsapi/dns_world4you.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 87f6885f..3db6db72 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -59,7 +59,7 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke if grep '302' >/dev/null <"$HTTP_HEADER"; then return 0 else - _err "$(head -n 1 <"$HTTP_HEADER")" + _err "$(head_n 1 <"$HTTP_HEADER")" return 2 fi } @@ -118,7 +118,7 @@ DeleteDnsRecordForm[_token]=$form_token" if grep '302' >/dev/null <"$HTTP_HEADER"; then return 0 else - _err "$(head -n 1 <"$HTTP_HEADER")" + _err "$(head_n 1 <"$HTTP_HEADER")" return 2 fi } @@ -183,6 +183,6 @@ _get_paketnr() { TLD="$domain" RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))") - PAKETNR=$(echo "$form" | _egrep_o "data-textfilter=\" $domain .* [0-9]*" | head -n 1 | _egrep_o "[0-9]*") + PAKETNR=$(echo "$form" | _egrep_o "data-textfilter=\" $domain .* [0-9]*" | head_n 1 | _egrep_o "[0-9]*") return 0 } From bfccf29ccf9605df86f74a19b6d8156da590e2f1 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 11:55:22 +0100 Subject: [PATCH 0140/1526] World4You redirect fix --- dnsapi/dns_world4you.sh | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 3db6db72..c8ad43c2 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -45,8 +45,8 @@ dns_world4you_add() { return 3 fi - _ORIG_ACME_CURL="$_ACME_CURL" - _ACME_CURL=$(echo "$_ACME_CURL" | sed 's/ -L / /') + ACME_HTTP_NO_REDIRECTS=1 + _resethttp body="AddDnsRecordForm[name]=$record&AddDnsRecordForm[dnsType][type]=TXT&\ AddDnsRecordForm[value]=$value&AddDnsRecordForm[aktivPaket]=$paketnr&AddDnsRecordForm[uniqueFormIdDP]=$formiddp&\ @@ -54,7 +54,8 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke _info "Adding record..." ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded') - _ACME_CURL="$_ORIG_ACME_CURL" + unset ACME_HTTP_NO_REDIRECTS + _resethttp if grep '302' >/dev/null <"$HTTP_HEADER"; then return 0 @@ -104,8 +105,8 @@ dns_world4you_rm() { recordid=$(printf "TXT:%s.:\"%s\"" "$fqdn" "$value" | _base64) _debug recordid "$recordid" - _ORIG_ACME_CURL="$_ACME_CURL" - _ACME_CURL=$(echo "$_ACME_CURL" | sed 's/ -L / /') + ACME_HTTP_NO_REDIRECTS=1 + _resethttp body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[aktivPaket]=$paketnr&\ DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[uniqueFormIdTTL]=$formidttl&\ @@ -113,7 +114,8 @@ DeleteDnsRecordForm[_token]=$form_token" _info "Removing record..." ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/deleteRecord" '' POST 'application/x-www-form-urlencoded') - _ACME_CURL="$_ORIG_ACME_CURL" + unset ACME_HTTP_NO_REDIRECTS + _resethttp if grep '302' >/dev/null <"$HTTP_HEADER"; then return 0 From 5f3e7f02ccb720a6367ce320b7b754842da4d9e6 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 11:55:49 +0100 Subject: [PATCH 0141/1526] World4You _head_n fix --- dnsapi/dns_world4you.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index c8ad43c2..2fcdc114 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -60,7 +60,7 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke if grep '302' >/dev/null <"$HTTP_HEADER"; then return 0 else - _err "$(head_n 1 <"$HTTP_HEADER")" + _err "$(_head_n 1 <"$HTTP_HEADER")" return 2 fi } @@ -120,7 +120,7 @@ DeleteDnsRecordForm[_token]=$form_token" if grep '302' >/dev/null <"$HTTP_HEADER"; then return 0 else - _err "$(head_n 1 <"$HTTP_HEADER")" + _err "$(_head_n 1 <"$HTTP_HEADER")" return 2 fi } @@ -185,6 +185,6 @@ _get_paketnr() { TLD="$domain" RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))") - PAKETNR=$(echo "$form" | _egrep_o "data-textfilter=\" $domain .* [0-9]*" | head_n 1 | _egrep_o "[0-9]*") + PAKETNR=$(echo "$form" | _egrep_o "data-textfilter=\" $domain .* [0-9]*" | _head_n 1 | _egrep_o "[0-9]*") return 0 } From 342b48105fcd32048cb7a893fc9aa03f6308f0d7 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 12:02:05 +0100 Subject: [PATCH 0142/1526] World4You fix for no redirects --- dnsapi/dns_world4you.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 2fcdc114..0ea969a1 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -45,8 +45,8 @@ dns_world4you_add() { return 3 fi - ACME_HTTP_NO_REDIRECTS=1 _resethttp + ACME_HTTP_NO_REDIRECTS=1 body="AddDnsRecordForm[name]=$record&AddDnsRecordForm[dnsType][type]=TXT&\ AddDnsRecordForm[value]=$value&AddDnsRecordForm[aktivPaket]=$paketnr&AddDnsRecordForm[uniqueFormIdDP]=$formiddp&\ @@ -54,7 +54,6 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke _info "Adding record..." ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded') - unset ACME_HTTP_NO_REDIRECTS _resethttp if grep '302' >/dev/null <"$HTTP_HEADER"; then @@ -105,8 +104,8 @@ dns_world4you_rm() { recordid=$(printf "TXT:%s.:\"%s\"" "$fqdn" "$value" | _base64) _debug recordid "$recordid" - ACME_HTTP_NO_REDIRECTS=1 _resethttp + ACME_HTTP_NO_REDIRECTS=1 body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[aktivPaket]=$paketnr&\ DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[uniqueFormIdTTL]=$formidttl&\ @@ -114,7 +113,6 @@ DeleteDnsRecordForm[_token]=$form_token" _info "Removing record..." ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/deleteRecord" '' POST 'application/x-www-form-urlencoded') - unset ACME_HTTP_NO_REDIRECTS _resethttp if grep '302' >/dev/null <"$HTTP_HEADER"; then From fbcbc10174d325d7bafd7d37a686a8f05cdc37e3 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 12:03:51 +0100 Subject: [PATCH 0143/1526] World4You Shellcheck --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 0ea969a1..04d40945 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -46,7 +46,7 @@ dns_world4you_add() { fi _resethttp - ACME_HTTP_NO_REDIRECTS=1 + export ACME_HTTP_NO_REDIRECTS=1 body="AddDnsRecordForm[name]=$record&AddDnsRecordForm[dnsType][type]=TXT&\ AddDnsRecordForm[value]=$value&AddDnsRecordForm[aktivPaket]=$paketnr&AddDnsRecordForm[uniqueFormIdDP]=$formiddp&\ @@ -105,7 +105,7 @@ dns_world4you_rm() { _debug recordid "$recordid" _resethttp - ACME_HTTP_NO_REDIRECTS=1 + export ACME_HTTP_NO_REDIRECTS=1 body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[aktivPaket]=$paketnr&\ DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[uniqueFormIdTTL]=$formidttl&\ From 48942de75e82210135e2b6c7c8bf8c57b9e698d5 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 13:59:33 +0100 Subject: [PATCH 0144/1526] World4You cleaning --- dnsapi/dns_world4you.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 04d40945..bed8db81 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -47,13 +47,11 @@ dns_world4you_add() { _resethttp export ACME_HTTP_NO_REDIRECTS=1 - body="AddDnsRecordForm[name]=$record&AddDnsRecordForm[dnsType][type]=TXT&\ AddDnsRecordForm[value]=$value&AddDnsRecordForm[aktivPaket]=$paketnr&AddDnsRecordForm[uniqueFormIdDP]=$formiddp&\ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_token" _info "Adding record..." ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded') - _resethttp if grep '302' >/dev/null <"$HTTP_HEADER"; then @@ -72,9 +70,6 @@ dns_world4you_rm() { _debug fulldomain "$fqdn" _debug txtvalue "$value" - tld=$(echo "$fqdn" | _egrep_o '[^.]*\.[^.]*$') - record=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#tld} - 1))") - _login if [ "$?" != 0 ]; then return 1 @@ -106,13 +101,11 @@ dns_world4you_rm() { _resethttp export ACME_HTTP_NO_REDIRECTS=1 - body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[aktivPaket]=$paketnr&\ DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[uniqueFormIdTTL]=$formidttl&\ DeleteDnsRecordForm[_token]=$form_token" _info "Removing record..." ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/deleteRecord" '' POST 'application/x-www-form-urlencoded') - _resethttp if grep '302' >/dev/null <"$HTTP_HEADER"; then From b7e6d98647b0006249973902980ee0bb20f82c5b Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 14:38:04 +0100 Subject: [PATCH 0145/1526] World4You grep fix --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index bed8db81..8254663a 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -162,7 +162,7 @@ _get_paketnr() { fqdn="$1" form="$2" - domains=$(echo "$form" | _egrep_o '^\s*([A-Za-z0-9_-]+\.)+[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') + domains=$(echo "$form" | grep '^ *[A-Za-z0-9_\.-]*\.[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do if echo "$fqdn" | grep "$domain\$" >/dev/null; then @@ -176,6 +176,6 @@ _get_paketnr() { TLD="$domain" RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))") - PAKETNR=$(echo "$form" | _egrep_o "data-textfilter=\" $domain .* [0-9]*" | _head_n 1 | _egrep_o "[0-9]*") + PAKETNR=$(echo "$form" | grep "data-textfilter=\" $domain " | _head_n 1 | sed 's/^.* \([0-9]*\) .*$/\1/') return 0 } From 3c309df6dd4d8975165d8e8555d4e5b938ea3c78 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 14:42:55 +0100 Subject: [PATCH 0146/1526] World4You shellcheck cleaning --- dnsapi/dns_world4you.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 8254663a..64491d08 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -27,8 +27,6 @@ dns_world4you_add() { form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") _get_paketnr "$fqdn" "$form" paketnr="$PAKETNR" - tld="$TLD" - record="$RECORD" if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 @@ -47,7 +45,7 @@ dns_world4you_add() { _resethttp export ACME_HTTP_NO_REDIRECTS=1 - body="AddDnsRecordForm[name]=$record&AddDnsRecordForm[dnsType][type]=TXT&\ + body="AddDnsRecordForm[name]=$RECORD&AddDnsRecordForm[dnsType][type]=TXT&\ AddDnsRecordForm[value]=$value&AddDnsRecordForm[aktivPaket]=$paketnr&AddDnsRecordForm[uniqueFormIdDP]=$formiddp&\ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_token" _info "Adding record..." @@ -79,8 +77,6 @@ dns_world4you_rm() { form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") _get_paketnr "$fqdn" "$form" paketnr="$PAKETNR" - tld="$TLD" - record="$RECORD" if [ -z "$paketnr" ]; then _err "Unable to parse paketnr" return 3 From f665c73bb19d256bebfeed129813eb021e816ded Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 15:03:54 +0100 Subject: [PATCH 0147/1526] World4You fixed return value --- dnsapi/dns_world4you.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 64491d08..a89b029b 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -56,7 +56,7 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke return 0 else _err "$(_head_n 1 <"$HTTP_HEADER")" - return 2 + return 1 fi } @@ -108,7 +108,7 @@ DeleteDnsRecordForm[_token]=$form_token" return 0 else _err "$(_head_n 1 <"$HTTP_HEADER")" - return 2 + return 1 fi } @@ -125,7 +125,7 @@ _login() { _err "You didn't specify world4you username and password yet." _err "Usage: export WORLD4YOU_USERNAME=" _err "Usage: export WORLD4YOU_PASSWORD=" - return 2 + return 1 fi _saveaccountconf_mutable WORLD4YOU_USERNAME "$WORLD4YOU_USERNAME" From 40631f465eee608f4121177721c705157f29d84b Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 29 Nov 2020 15:22:41 +0100 Subject: [PATCH 0148/1526] World4You updated info strings --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index a89b029b..54cc1511 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -14,7 +14,7 @@ RECORD='' dns_world4you_add() { fqdn="$1" value="$2" - _info "Using world4you" + _info "Using world4you to add record" _debug fulldomain "$fqdn" _debug txtvalue "$value" @@ -64,7 +64,7 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke dns_world4you_rm() { fqdn="$1" value="$2" - _info "Using world4you" + _info "Using world4you to remove record" _debug fulldomain "$fqdn" _debug txtvalue "$value" From da839aae668227aa8d27e3a23ce2acfe5146de79 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Mon, 30 Nov 2020 17:57:25 +0100 Subject: [PATCH 0149/1526] World4You check response message --- dnsapi/dns_world4you.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 54cc1511..b35df75b 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -53,7 +53,13 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke _resethttp if grep '302' >/dev/null <"$HTTP_HEADER"; then - return 0 + msg=$(_get "$WORLD4YOU_API/$paketnr/dns" | tr '\n' '\t' | sed 's/^.*

[^\t]*\t *\([^\t]*\)\t.*/\1\n/') + if _contains "$msg" "successfully"; then + return 0 + else + _err "Unable to add record: $msg" + return 1 + fi else _err "$(_head_n 1 <"$HTTP_HEADER")" return 1 @@ -105,7 +111,13 @@ DeleteDnsRecordForm[_token]=$form_token" _resethttp if grep '302' >/dev/null <"$HTTP_HEADER"; then - return 0 + msg=$(_get "$WORLD4YOU_API/$paketnr/dns" | tr '\n' '\t' | sed 's/^.*

[^\t]*\t *\([^\t]*\)\t.*/\1\n/') + if _contains "$msg" "successfully"; then + return 0 + else + _err "Unable to remove record: $msg" + return 1 + fi else _err "$(_head_n 1 <"$HTTP_HEADER")" return 1 From f38317d01f6805e5256a811e076f1c45c990a2e8 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Mon, 30 Nov 2020 19:56:48 +0100 Subject: [PATCH 0150/1526] World4You Mac debug --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index b35df75b..8b7f2eed 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -53,7 +53,7 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke _resethttp if grep '302' >/dev/null <"$HTTP_HEADER"; then - msg=$(_get "$WORLD4YOU_API/$paketnr/dns" | tr '\n' '\t' | sed 's/^.*

[^\t]*\t *\([^\t]*\)\t.*/\1\n/') + msg=$(_get "$WORLD4YOU_API/$paketnr/dns" | tr '\n' '\t' | sed 's/.*

[^\t]*\t *\([^\t]*\)\t.*/\1/') if _contains "$msg" "successfully"; then return 0 else @@ -111,7 +111,7 @@ DeleteDnsRecordForm[_token]=$form_token" _resethttp if grep '302' >/dev/null <"$HTTP_HEADER"; then - msg=$(_get "$WORLD4YOU_API/$paketnr/dns" | tr '\n' '\t' | sed 's/^.*

[^\t]*\t *\([^\t]*\)\t.*/\1\n/') + msg=$(_get "$WORLD4YOU_API/$paketnr/dns" | tr '\n' '\t' | sed 's/.*

[^\t]*\t *\([^\t]*\)\t.*/\1/') if _contains "$msg" "successfully"; then return 0 else From be43cebf7de68575dcf96f7bdb609b53d9dfa5dc Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Mon, 30 Nov 2020 20:01:43 +0100 Subject: [PATCH 0151/1526] World4You Mac fix --- dnsapi/dns_world4you.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 8b7f2eed..24b8dd68 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -53,10 +53,11 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke _resethttp if grep '302' >/dev/null <"$HTTP_HEADER"; then - msg=$(_get "$WORLD4YOU_API/$paketnr/dns" | tr '\n' '\t' | sed 's/.*

[^\t]*\t *\([^\t]*\)\t.*/\1/') - if _contains "$msg" "successfully"; then + res=$(_get "$WORLD4YOU_API/$paketnr/dns") + if _contains "$res" "successfully"; then return 0 else + msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*

[^\t]*\t *\([^\t]*\)\t.*/\1/') _err "Unable to add record: $msg" return 1 fi @@ -111,10 +112,11 @@ DeleteDnsRecordForm[_token]=$form_token" _resethttp if grep '302' >/dev/null <"$HTTP_HEADER"; then - msg=$(_get "$WORLD4YOU_API/$paketnr/dns" | tr '\n' '\t' | sed 's/.*

[^\t]*\t *\([^\t]*\)\t.*/\1/') - if _contains "$msg" "successfully"; then + res=$(_get "$WORLD4YOU_API/$paketnr/dns") + if _contains "$res" "successfully"; then return 0 else + msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*

[^\t]*\t *\([^\t]*\)\t.*/\1/') _err "Unable to remove record: $msg" return 1 fi From 2bc627970ed38fbccd7316e7e4a868eb33cff94c Mon Sep 17 00:00:00 2001 From: Christian Burmeister Date: Tue, 1 Dec 2020 20:30:56 +0100 Subject: [PATCH 0152/1526] Update mailcow.sh I have modified the following things: Originally, "/data/assets/ssl/" is always appended to the varialbe ${_mailcow_path}. Since I use acme.sh as docker container, I only want to include the mailcow-ssl directory in the acem.sh container and not the complete mailcow directory. So now it is checked if the file generate_config.sh is in the directory (then it is the mailcow root directory, see https://github.com/mailcow/mailcow-dockerized) and only then "/data/assets/ssl/" is appended, in all other cases the passed variable is taken over unchanged. Because of the RP mailcow/mailcow-dockerized#2443 I have extended the script with ECC certificates. I adapted the reboot commands as described in the mailcow manual (https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ssl/#how-to-use-your-own-certificate). --- deploy/mailcow.sh | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/deploy/mailcow.sh b/deploy/mailcow.sh index 3a806e83..830bec04 100644 --- a/deploy/mailcow.sh +++ b/deploy/mailcow.sh @@ -27,26 +27,46 @@ mailcow_deploy() { return 1 fi - _ssl_path="${_mailcow_path}/data/assets/ssl/" + #Tests if _ssl_path is the mailcow root directory. + if [ -f "${_mailcow_path}/generate_config.sh" ]; then + _ssl_path="${_mailcow_path}/data/assets/ssl/" + else + _ssl_path="${_mailcow_path}" + fi + if [ ! -d "$_ssl_path" ]; then _err "Cannot find mailcow ssl path: $_ssl_path" return 1 fi + # ECC or RSA + if [ -z "${Le_Keylength}" ]; then + Le_Keylength="" + fi + if _isEccKey "${Le_Keylength}"; then + _info "ECC key type detected" + _cert_type="ecdsa" + _cert_name_prefix="ecdsa-" + else + _info "RSA key type detected" + _cert_type="rsa" + _cert_name_prefix="" + + fi _info "Copying key and cert" - _real_key="$_ssl_path/key.pem" + _real_key="$_ssl_path/${_cert_name_prefix}key.pem" if ! cat "$_ckey" >"$_real_key"; then _err "Error: write key file to: $_real_key" return 1 fi - _real_fullchain="$_ssl_path/cert.pem" + _real_fullchain="$_ssl_path/${_cert_name_prefix}cert.pem" if ! cat "$_cfullchain" >"$_real_fullchain"; then _err "Error: write cert file to: $_real_fullchain" return 1 fi - DEFAULT_MAILCOW_RELOAD="cd ${_mailcow_path} && docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow" + DEFAULT_MAILCOW_RELOAD="docker restart $(docker ps -qaf name=postfix-mailcow); docker restart $(docker ps -qaf name=nginx-mailcow); docker restart $(docker ps -qaf name=dovecot-mailcow)" _reload="${DEPLOY_MAILCOW_RELOAD:-$DEFAULT_MAILCOW_RELOAD}" _info "Run reload: $_reload" From 94bba4ac9c977194209b3829bc83f4b3b783aa9f Mon Sep 17 00:00:00 2001 From: Nate Date: Sun, 6 Dec 2020 22:45:42 +0700 Subject: [PATCH 0153/1526] Correct sed regex Corrects issue #3285. The '?' character after a group is not supported in POSIX Basic Regular Expressions. Replacing it with '\{0,1\}' retains the same functionality and also works on non-GNU systems. --- dnsapi/dns_duckdns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_duckdns.sh b/dnsapi/dns_duckdns.sh index f0af2741..41685147 100755 --- a/dnsapi/dns_duckdns.sh +++ b/dnsapi/dns_duckdns.sh @@ -96,7 +96,7 @@ dns_duckdns_rm() { _duckdns_get_domain() { # We'll extract the domain/username from full domain - _duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '^(_acme-challenge\.)?[a-z0-9-]*\.duckdns\.org' | sed 's/^\(_acme-challenge\.\)\?\([a-z0-9-]*\)\.duckdns\.org/\2/')" + _duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '^(_acme-challenge\.)?[a-z0-9-]*\.duckdns\.org' | sed 's/^\(_acme-challenge\.\)\{0,1\}\([a-z0-9-]*\)\.duckdns\.org/\2/')" if [ -z "$_duckdns_domain" ]; then _err "Error extracting the domain." From 671bd1022e92009873e596ab341d1cd3b1ec1c24 Mon Sep 17 00:00:00 2001 From: Van Hau TRAN Date: Sun, 6 Dec 2020 22:59:36 +0100 Subject: [PATCH 0154/1526] feat: add scaleway provider --- dnsapi/dns_scaleway.sh | 162 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 162 insertions(+) create mode 100755 dnsapi/dns_scaleway.sh diff --git a/dnsapi/dns_scaleway.sh b/dnsapi/dns_scaleway.sh new file mode 100755 index 00000000..20397096 --- /dev/null +++ b/dnsapi/dns_scaleway.sh @@ -0,0 +1,162 @@ +#!/usr/bin/env sh + +# Scaleway API +# https://developers.scaleway.com/en/products/domain/dns/api/ +# +# Requires Scaleway API token set in SCALEWAY_API_TOKEN + +######## Public functions ##################### + +SCALEWAY_API="https://api.scaleway.com/domain/v2beta1" + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_scaleway_add() { + fulldomain=$1 + txtvalue=$2 + + if ! _scaleway_check_config; then + return 1 + fi + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _info "Adding record" + _scaleway_create_TXT_record "$_domain" "$_sub_domain" "$txtvalue" + _info "Record added." + + return 0 +} + +dns_scaleway_rm() { + fulldomain=$1 + txtvalue=$2 + + if ! _scaleway_check_config; then + return 1 + fi + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _info "Deleting record" + _scaleway_create_TXT_record "$_domain" "$_sub_domain" "$txtvalue" + _info "Record deleted." + + return 0 +} + +#################### Private functions below ################################## + +_scaleway_check_config() { + SCALEWAY_API_TOKEN="${SCALEWAY_API_TOKEN:-$(_readaccountconf_mutable SCALEWAY_API_TOKEN)}" + if [ -z "$SCALEWAY_API_TOKEN" ]; then + _err "No API key specified for Scaleway API." + _err "Create your key and export it as SCALEWAY_API_TOKEN" + return 1 + fi + if ! _scaleway_rest GET "dns-zones"; then + _err "Invalid API key specified for Scaleway API." + return 1 + fi + + _saveaccountconf_mutable SCALEWAY_API_TOKEN "$SCALEWAY_API_TOKEN" + + return 0 +} + +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +_get_root() { + domain=$1 + i=2 + p=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + if [ -z "$h" ]; then + #not valid + return 1 + fi + + _scaleway_rest GET "dns-zones/$h/records" + + if ! _contains "$response" "subdomain not found" >/dev/null; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + return 0 + fi + p=$i + i=$(_math "$i" + 1) + done + _err "Unable to retrive DNS zone matching this domain" + return 1 +} + +_scaleway_create_TXT_record() { + txt_zone=$1 + txt_name=$2 + txt_value=$3 + + _scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"add\":{\"records\":[{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\",\"ttl\":60}]}}]}" + + if [ _contains "$response" "records"; then + return 0 + else + _err "error1 $response" + return 1 + fi +} + +_scaleway_delete_TXT_record() { + txt_zone=$1 + txt_name=$2 + txt_value=$3 + + _scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"delete\":{\"id_fields\":{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\"}}}]}" + + if [ _contains "$response" "records"; then + return 0 + else + _err "error2 $response" + return 1 + fi +} + +_scaleway_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + _scaleway_url="$SCALEWAY_API/$ep" + _debug2 _scaleway_url "$_scaleway_url" + export _H1="x-auth-token: $SCALEWAY_API_TOKEN" + export _H2="Accept: application/json" + export _H3="Content-Type: application/json" + + if [ "$data" ] || [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$_scaleway_url" "" "$m")" + else + response="$(_get "$_scaleway_url")" + fi + if [ "$?" != "0" ] || _contains "$response" "denied_authentication" || _contains "$response" "Method not allowed" || _contains "$response" "json parse error: unexpected EOF"; then + _err "error $response" + return 1 + fi + _debug2 response "$response" + return 0 +} From b5653a1c06e93f745e716a8860897b15a481affc Mon Sep 17 00:00:00 2001 From: Van Hau TRAN Date: Sun, 6 Dec 2020 23:14:25 +0100 Subject: [PATCH 0155/1526] feat: add comment and configure workflow ci test --- dnsapi/dns_scaleway.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dnsapi/dns_scaleway.sh b/dnsapi/dns_scaleway.sh index 20397096..abca5125 100755 --- a/dnsapi/dns_scaleway.sh +++ b/dnsapi/dns_scaleway.sh @@ -106,6 +106,7 @@ _get_root() { return 1 } +# this function add a TXT record _scaleway_create_TXT_record() { txt_zone=$1 txt_name=$2 @@ -121,6 +122,7 @@ _scaleway_create_TXT_record() { fi } +# this function delete a TXT record based on name and content _scaleway_delete_TXT_record() { txt_zone=$1 txt_name=$2 From 5127a9ae3cbc611047a42d041b8e5da50906d1da Mon Sep 17 00:00:00 2001 From: Van Hau TRAN Date: Sun, 6 Dec 2020 23:20:41 +0100 Subject: [PATCH 0156/1526] fix: shell if --- dnsapi/dns_scaleway.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_scaleway.sh b/dnsapi/dns_scaleway.sh index abca5125..778738f4 100755 --- a/dnsapi/dns_scaleway.sh +++ b/dnsapi/dns_scaleway.sh @@ -114,7 +114,7 @@ _scaleway_create_TXT_record() { _scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"add\":{\"records\":[{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\",\"ttl\":60}]}}]}" - if [ _contains "$response" "records"; then + if _contains "$response" "records"; then return 0 else _err "error1 $response" @@ -130,7 +130,7 @@ _scaleway_delete_TXT_record() { _scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"delete\":{\"id_fields\":{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\"}}}]}" - if [ _contains "$response" "records"; then + if _contains "$response" "records"; then return 0 else _err "error2 $response" From a0c2d312e9e1698076bbacf010c37d933427c2f0 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 7 Dec 2020 21:31:02 +0800 Subject: [PATCH 0157/1526] start 2.8.9 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index dcbe3c9d..ae387535 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.8.8 +VER=2.8.9 PROJECT_NAME="acme.sh" From 32b62d6d4f3424b0212ce1bf196c04353a23c838 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 7 Dec 2020 21:41:08 +0800 Subject: [PATCH 0158/1526] fix --- deploy/mailcow.sh | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/deploy/mailcow.sh b/deploy/mailcow.sh index 830bec04..babd5d28 100644 --- a/deploy/mailcow.sh +++ b/deploy/mailcow.sh @@ -27,11 +27,11 @@ mailcow_deploy() { return 1 fi - #Tests if _ssl_path is the mailcow root directory. + #Tests if _ssl_path is the mailcow root directory. if [ -f "${_mailcow_path}/generate_config.sh" ]; then _ssl_path="${_mailcow_path}/data/assets/ssl/" else - _ssl_path="${_mailcow_path}" + _ssl_path="${_mailcow_path}" fi if [ ! -d "$_ssl_path" ]; then @@ -41,17 +41,16 @@ mailcow_deploy() { # ECC or RSA if [ -z "${Le_Keylength}" ]; then - Le_Keylength="" + Le_Keylength="" fi if _isEccKey "${Le_Keylength}"; then - _info "ECC key type detected" - _cert_type="ecdsa" - _cert_name_prefix="ecdsa-" + _info "ECC key type detected" + _cert_type="ecdsa" + _cert_name_prefix="ecdsa-" else - _info "RSA key type detected" - _cert_type="rsa" - _cert_name_prefix="" - + _info "RSA key type detected" + _cert_type="rsa" + _cert_name_prefix="" fi _info "Copying key and cert" _real_key="$_ssl_path/${_cert_name_prefix}key.pem" From 174c87a192cb86749d83697a347624f33797e874 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 7 Dec 2020 21:42:31 +0800 Subject: [PATCH 0159/1526] fix --- deploy/mailcow.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/mailcow.sh b/deploy/mailcow.sh index babd5d28..932956c0 100644 --- a/deploy/mailcow.sh +++ b/deploy/mailcow.sh @@ -49,7 +49,6 @@ mailcow_deploy() { _cert_name_prefix="ecdsa-" else _info "RSA key type detected" - _cert_type="rsa" _cert_name_prefix="" fi _info "Copying key and cert" From 8440d013f8cfd678c3a03677b949e18459920827 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 7 Dec 2020 22:01:30 +0800 Subject: [PATCH 0160/1526] fix --- deploy/mailcow.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/mailcow.sh b/deploy/mailcow.sh index 932956c0..c3535e7e 100644 --- a/deploy/mailcow.sh +++ b/deploy/mailcow.sh @@ -45,7 +45,6 @@ mailcow_deploy() { fi if _isEccKey "${Le_Keylength}"; then _info "ECC key type detected" - _cert_type="ecdsa" _cert_name_prefix="ecdsa-" else _info "RSA key type detected" From 9b532584d6f3e33bf4c548f2f035799779a2c895 Mon Sep 17 00:00:00 2001 From: Van Hau TRAN Date: Tue, 8 Dec 2020 16:32:31 +0100 Subject: [PATCH 0161/1526] fix: fix delete txt record and error mngtt --- dnsapi/dns_scaleway.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_scaleway.sh b/dnsapi/dns_scaleway.sh index 778738f4..a0a0f318 100755 --- a/dnsapi/dns_scaleway.sh +++ b/dnsapi/dns_scaleway.sh @@ -29,6 +29,12 @@ dns_scaleway_add() { _info "Adding record" _scaleway_create_TXT_record "$_domain" "$_sub_domain" "$txtvalue" + if _contains "$response" "records"; then + return 0 + else + _err error "$response" + return 1 + fi _info "Record added." return 0 @@ -52,7 +58,13 @@ dns_scaleway_rm() { _debug _domain "$_domain" _info "Deleting record" - _scaleway_create_TXT_record "$_domain" "$_sub_domain" "$txtvalue" + _scaleway_delete_TXT_record "$_domain" "$_sub_domain" "$txtvalue" + if _contains "$response" "records"; then + return 0 + else + _err error "$response" + return 1 + fi _info "Record deleted." return 0 @@ -83,7 +95,7 @@ _scaleway_check_config() { # _domain=domain.com _get_root() { domain=$1 - i=2 + i=1 p=1 while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) From 99d3a283efd9a6a6a5c6e5812aa829984cbb8cff Mon Sep 17 00:00:00 2001 From: Brian Hartvigsen Date: Sat, 26 Sep 2020 19:38:18 -0600 Subject: [PATCH 0162/1526] Use POST for login This allows us to get the cookie and the token (as it appears to be only in the body in DSM 7.) HTTP_HEADERS is only guarenteed to be output with POST for both wget and curl. --- deploy/synology_dsm.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 2ec0ceb3..53ab5dd9 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -22,7 +22,7 @@ ######## Public functions ##################### _syno_get_cookie_data() { - grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' + grep -i "\W$1=" "$HTTP_HEADER" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' } #domain keyfile certfile cafile fullchain @@ -78,8 +78,8 @@ synology_dsm_deploy() { encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)" encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)" encoded_did="$(printf "%s" "$SYNO_DID" | _url_encode)" - response=$(_get "$_base_url/webman/login.cgi?username=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&device_id=$encoded_did" 1) - token=$(echo "$response" | grep -i "X-SYNO-TOKEN:" | sed -n 's/^X-SYNO-TOKEN: \(.*\)$/\1/pI' | tr -d "\r\n") + response=$(_post "username=$encoded_username&passwd=$encoded_password&device_id=$encoded_did" "$_base_url/webman/login.cgi?enable_syno_token=yes") + token=$(echo "$response" | grep "SynoToken" | sed -n 's/.*"SynoToken" *: *"\([^"]*\).*/\1/p') _debug3 response "$response" _debug token "$token" @@ -89,7 +89,7 @@ synology_dsm_deploy() { return 1 fi - _H1="Cookie: $(echo "$response" | _syno_get_cookie_data "id"); $(echo "$response" | _syno_get_cookie_data "smid")" + _H1="Cookie: $(_syno_get_cookie_data "id"); $(_syno_get_cookie_data "smid")" _H2="X-SYNO-TOKEN: $token" export _H1 export _H2 From cc69285420a49f118acb37c77e3c8f9f73c19f7f Mon Sep 17 00:00:00 2001 From: Thijn Date: Wed, 9 Dec 2020 11:45:25 +0100 Subject: [PATCH 0163/1526] Fix synology_dsm deployhook for DSM 7 --- deploy/synology_dsm.sh | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 53ab5dd9..bca12d8d 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -73,13 +73,25 @@ synology_dsm_deploy() { _base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port" _debug _base_url "$_base_url" + _debug "Getting API version" + response=$(_get "$_base_url/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth") + api_version=$(echo "$response" | grep "SYNO.API.Auth" | sed -n 's/.*"maxVersion" *: *\([0-9]*\).*/\1/p') + _debug3 response "$response" + _debug3 api_version "$api_version" + # Login, get the token from JSON and session id from cookie _info "Logging into $SYNO_Hostname:$SYNO_Port" encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)" encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)" - encoded_did="$(printf "%s" "$SYNO_DID" | _url_encode)" - response=$(_post "username=$encoded_username&passwd=$encoded_password&device_id=$encoded_did" "$_base_url/webman/login.cgi?enable_syno_token=yes") - token=$(echo "$response" | grep "SynoToken" | sed -n 's/.*"SynoToken" *: *"\([^"]*\).*/\1/p') + + if [ ! -z "$SYNO_DID" ]; then + _H1="Cookie: did=$SYNO_DID" + export _H1 + _debug3 H1 "${_H1}" + fi + + response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&enable_device_token=yes&enable_syno_token=yes" "$_base_url/webapi/entry.cgi?api=SYNO.API.Auth&version=$api_version") + token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p') _debug3 response "$response" _debug token "$token" @@ -88,13 +100,11 @@ synology_dsm_deploy() { _err "Check your username and password." return 1 fi + sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p') - _H1="Cookie: $(_syno_get_cookie_data "id"); $(_syno_get_cookie_data "smid")" - _H2="X-SYNO-TOKEN: $token" + _H1="X-SYNO-TOKEN: $token" export _H1 - export _H2 _debug2 H1 "${_H1}" - _debug2 H2 "${_H2}" # Now that we know the username and password are good, save them _savedeployconf SYNO_Username "$SYNO_Username" @@ -102,7 +112,7 @@ synology_dsm_deploy() { _savedeployconf SYNO_DID "$SYNO_DID" _info "Getting certificates in Synology DSM" - response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1" "$_base_url/webapi/entry.cgi") + response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi") _debug3 response "$response" id=$(echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\"id\":\"\([^\"]*\).*/\1/p") _debug2 id "$id" @@ -135,7 +145,7 @@ synology_dsm_deploy() { content="${content%_}" # protect trailing \n _info "Upload certificate to the Synology DSM" - response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token" "" "POST" "multipart/form-data; boundary=${delim}") + response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token&_sid=$sid" "" "POST" "multipart/form-data; boundary=${delim}") _debug3 response "$response" if ! echo "$response" | grep '"error":' >/dev/null; then From 7d7789ae96ef4061dfb97c41d45a7b017626d305 Mon Sep 17 00:00:00 2001 From: Brian Hartvigsen Date: Wed, 9 Dec 2020 20:35:50 -0700 Subject: [PATCH 0164/1526] Support DSM 6 and 7 Small changes for DSM 6: All fields (except enable_syno_token as explained below) must either be in the GET params or the POST params, you can't mix GET and POST params enable_syno_token=yes must be in both the GET and POST params. If enable_syno_token=yes is only in the POST fields, then DSM6 returns a synotoken of --------. If enable_syno_token=yes is only in the GET params, then it returns no synotoken at all. It must be in both to work. Need to use /webapi/auth.cgi instead of /webapi/entry.cgi Verified with DSM 6.2.3-25426 Update 2 and DSM 7.0-40850 --- deploy/synology_dsm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index bca12d8d..edbc1e3e 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -90,7 +90,7 @@ synology_dsm_deploy() { _debug3 H1 "${_H1}" fi - response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&enable_device_token=yes&enable_syno_token=yes" "$_base_url/webapi/entry.cgi?api=SYNO.API.Auth&version=$api_version") + response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes" "$_base_url/webapi/auth.cgi?enable_syno_token=yes") token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p') _debug3 response "$response" _debug token "$token" From 2635dfef9659a69d003cc2cb1f108a6c7de044a1 Mon Sep 17 00:00:00 2001 From: Brian Hartvigsen Date: Wed, 9 Dec 2020 21:01:44 -0700 Subject: [PATCH 0165/1526] Shellcheck linting Also removed unused code --- deploy/synology_dsm.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index edbc1e3e..35d33209 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -21,10 +21,6 @@ ######## Public functions ##################### -_syno_get_cookie_data() { - grep -i "\W$1=" "$HTTP_HEADER" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' -} - #domain keyfile certfile cafile fullchain synology_dsm_deploy() { @@ -84,7 +80,7 @@ synology_dsm_deploy() { encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)" encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)" - if [ ! -z "$SYNO_DID" ]; then + if [ -n "$SYNO_DID" ]; then _H1="Cookie: did=$SYNO_DID" export _H1 _debug3 H1 "${_H1}" From 15fb47cb3d0220de6db1c5cf41ecffd03f532275 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 10 Dec 2020 20:21:57 +0800 Subject: [PATCH 0166/1526] fix https://github.com/acmesh-official/acme.sh/issues/3300 --- deploy/docker.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/docker.sh b/deploy/docker.sh index 451d5d00..3aa1b2cd 100755 --- a/deploy/docker.sh +++ b/deploy/docker.sh @@ -275,6 +275,7 @@ _check_curl_version() { if [ "$_major$_minor" -lt "740" ]; then _err "curl v$_cversion doesn't support unit socket" + _err "Please upgrade to curl 7.40 or later." return 1 fi if [ "$_major$_minor" -lt "750" ]; then From cee20c4eb96ec8ec3ad789ae5e3902689598b0ee Mon Sep 17 00:00:00 2001 From: jimp100 <35727302+jimp100@users.noreply.github.com> Date: Wed, 16 Dec 2020 10:11:43 +0000 Subject: [PATCH 0167/1526] Corrected regex for subdomains A fix to handle subdomains of a duckdns domain. I.e. subdomain.mydomain.duckdns.org Handles n number of subdomains --- dnsapi/dns_duckdns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_duckdns.sh b/dnsapi/dns_duckdns.sh index 41685147..618e12c6 100755 --- a/dnsapi/dns_duckdns.sh +++ b/dnsapi/dns_duckdns.sh @@ -96,7 +96,7 @@ dns_duckdns_rm() { _duckdns_get_domain() { # We'll extract the domain/username from full domain - _duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '^(_acme-challenge\.)?[a-z0-9-]*\.duckdns\.org' | sed 's/^\(_acme-challenge\.\)\{0,1\}\([a-z0-9-]*\)\.duckdns\.org/\2/')" + _duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '^(_acme-challenge\.)?([a-z0-9-]+\.)+duckdns\.org' | sed -n 's/^\([^.]\{1,\}\.\)*\([a-z0-9-]\{1,\}\)\.duckdns\.org$/\2/p;')" if [ -z "$_duckdns_domain" ]; then _err "Error extracting the domain." From 48b2a271cc81a7ab8bf2bc229aa59d58f88c493e Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 20 Dec 2020 20:17:05 +0100 Subject: [PATCH 0168/1526] World4You Bugfix unable to parse paketnr --- dnsapi/dns_world4you.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 24b8dd68..9d36f84d 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -185,7 +185,8 @@ _get_paketnr() { fi TLD="$domain" + _debug domain "$domain" RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))") - PAKETNR=$(echo "$form" | grep "data-textfilter=\" $domain " | _head_n 1 | sed 's/^.* \([0-9]*\) .*$/\1/') + PAKETNR=$(echo "$form" | grep "data-textfilter=\".* $domain " | _head_n 1 | sed 's/^.* \([0-9]*\) .*$/\1/') return 0 } From ac4ae85a4a5c07b4124da3a2e3efce1747db45c7 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Mon, 21 Dec 2020 09:39:09 +0100 Subject: [PATCH 0169/1526] World4You code refactor --- dnsapi/dns_world4you.sh | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 9d36f84d..6baccbd0 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -52,17 +52,26 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded') _resethttp - if grep '302' >/dev/null <"$HTTP_HEADER"; then + if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then res=$(_get "$WORLD4YOU_API/$paketnr/dns") if _contains "$res" "successfully"; then return 0 else msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*

[^\t]*\t *\([^\t]*\)\t.*/\1/') + if _contains "$msg" '^<\!DOCTYPE html>'; then + msg='Unknown error' + fi _err "Unable to add record: $msg" + if _contains "$msg" '^<\!DOCTYPE html>'; then + echo "$ret" > 'error-01.html' + echo "$res" > 'error-02.html' + _err "View error-01.html and error-02.html for debugging" + fi return 1 fi else - _err "$(_head_n 1 <"$HTTP_HEADER")" + _err "$(_head_n 3 <"$HTTP_HEADER")" + _err "View $HTTP_HEADER for debugging" return 1 fi } @@ -111,17 +120,26 @@ DeleteDnsRecordForm[_token]=$form_token" ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/deleteRecord" '' POST 'application/x-www-form-urlencoded') _resethttp - if grep '302' >/dev/null <"$HTTP_HEADER"; then + if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then res=$(_get "$WORLD4YOU_API/$paketnr/dns") if _contains "$res" "successfully"; then return 0 else msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*

[^\t]*\t *\([^\t]*\)\t.*/\1/') + if _contains "$msg" '^<\!DOCTYPE html>'; then + msg='Unknown error' + fi _err "Unable to remove record: $msg" + if _contains "$msg" '^<\!DOCTYPE html>'; then + echo "$ret" > 'error-01.html' + echo "$res" > 'error-02.html' + _err "View error-01.html and error-02.html for debugging" + fi return 1 fi else - _err "$(_head_n 1 <"$HTTP_HEADER")" + _err "$(_head_n 3 <"$HTTP_HEADER")" + _err "View $HTTP_HEADER for debugging" return 1 fi } @@ -175,7 +193,7 @@ _get_paketnr() { domains=$(echo "$form" | grep '^ *[A-Za-z0-9_\.-]*\.[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') domain='' for domain in $domains; do - if echo "$fqdn" | grep "$domain\$" >/dev/null; then + if _contains "$fqdn" "$domain\$"; then break fi domain='' From cb90167c76fa2a88eea8d16c463b2e674d02c009 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Mon, 21 Dec 2020 09:41:05 +0100 Subject: [PATCH 0170/1526] World4You shellcheck --- dnsapi/dns_world4you.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 6baccbd0..9ab406f6 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -63,8 +63,8 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke fi _err "Unable to add record: $msg" if _contains "$msg" '^<\!DOCTYPE html>'; then - echo "$ret" > 'error-01.html' - echo "$res" > 'error-02.html' + echo "$ret" >'error-01.html' + echo "$res" >'error-02.html' _err "View error-01.html and error-02.html for debugging" fi return 1 @@ -131,8 +131,8 @@ DeleteDnsRecordForm[_token]=$form_token" fi _err "Unable to remove record: $msg" if _contains "$msg" '^<\!DOCTYPE html>'; then - echo "$ret" > 'error-01.html' - echo "$res" > 'error-02.html' + echo "$ret" >'error-01.html' + echo "$res" >'error-02.html' _err "View error-01.html and error-02.html for debugging" fi return 1 From 8a24275ba929d55ab3c3060b3c54239c2e2855ec Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 23 Dec 2020 20:45:43 +0800 Subject: [PATCH 0171/1526] add dns check wiki --- acme.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/acme.sh b/acme.sh index ae387535..e78744c9 100755 --- a/acme.sh +++ b/acme.sh @@ -160,6 +160,8 @@ _SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server" _PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain" +_DNSCHECK_WIKI="https://github.com/acmesh-official/acme.sh/wiki/dnscheck" + _DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead." _DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR" @@ -3958,6 +3960,8 @@ _check_dns_entries() { _end_time="$(_math "$_end_time" + 1200)" #let's check no more than 20 minutes. while [ "$(_time)" -le "$_end_time" ]; do + _info "You can use '--dnssleep' to disable public dns checks." + _info "See: $_DNSCHECK_WIKI" _left="" for entry in $dns_entries; do d=$(_getfield "$entry" 1) From a00046f9b299b1cff24dcdfeedfab2426100c144 Mon Sep 17 00:00:00 2001 From: Lukas Brocke Date: Thu, 24 Dec 2020 11:03:25 +0100 Subject: [PATCH 0172/1526] dnsapi/ionos: Add API support for IONOS DNS API The IONOS DNS API is in beta state, please read [1] on how to get started. PLEASE NOTE: The v2 wildcard certification creation [2] is not yet supported as the IONOS API doesn't allow the creation of multiple TXT records with the same domain name. [1] https://beta.developer.hosting.ionos.de/docs/getstarted [2] https://github.com/acmesh-official/acme.sh/issues/1261 --- dnsapi/dns_ionos.sh | 157 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 157 insertions(+) create mode 100755 dnsapi/dns_ionos.sh diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh new file mode 100755 index 00000000..4d33e019 --- /dev/null +++ b/dnsapi/dns_ionos.sh @@ -0,0 +1,157 @@ +#!/usr/bin/env sh + +# Supports IONOS DNS API Beta v1.0.0 +# +# Usage: +# Export IONOS_PREFIX and IONOS_SECRET before calling acme.sh: +# +# $ export IONOS_PREFIX="..." +# $ export IONOS_SECRET="..." +# +# $ acme.sh --issue --dns dns_ionos ... + +IONOS_API="https://api.hosting.ionos.com/dns" +IONOS_ROUTE_ZONES="/v1/zones" + +IONOS_TXT_TTL=60 # minumum accepted by API +IONOS_TXT_PRIO=10 + +dns_ionos_add() { + fulldomain=$1 + txtvalue=$2 + + _ionos_init + + _body="{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}" + + if _ionos_rest PATCH "$IONOS_ROUTE_ZONES/$_zone_id" "$_body" && [ -z "$response" ]; then + _info "TXT record for _sub_domain.$_domain has been created successfully." + return 0 + fi + + return 1 +} + +dns_ionos_rm() { + fulldomain=$1 + txtvalue=$2 + + _ionos_init + + if ! _ionos_get_record "$fulldomain" "$_zone_id"; then + _err "Could not find _acme-challenge TXT record." + return 1 + fi + + if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ -z "$response" ]; then + _info "TXT record for _sub_domain.$_domain has been deleted successfully." + return 0 + fi + + return 1 +} + +_ionos_init() { + IONOS_PREFIX="${IONOS_PREFIX:-$(_readaccountconf_mutable IONOS_PREFIX)}" + IONOS_SECRET="${IONOS_SECRET:-$(_readaccountconf_mutable IONOS_SECRET)}" + + if [ -z "$IONOS_PREFIX" ] || [ -z "$IONOS_SECRET" ]; then + _err "You didn't specify an IONOS api prefix and secret yet." + _err "Read https://beta.developer.hosting.ionos.de/docs/getstarted to learn how to get a prefix and secret." + _err "" + _err "Then set them before calling acme.sh:" + _err "\$ export IONOS_PREFIX=\"...\"" + _err "\$ export IONOS_SECRET=\"...\"" + _err "\$ acme.sh --issue -d ... --dns dns_ionos" + return 1 + fi + + _saveaccountconf_mutable IONOS_PREFIX "$IONOS_PREFIX" + _saveaccountconf_mutable IONOS_SECRET "$IONOS_SECRET" + + if ! _get_root "$fulldomain"; then + _err "Cannot find this domain in your IONOS account." + return 1 + fi +} + +_get_root() { + domain=$1 + i=2 + p=1 + + if _ionos_rest GET "$IONOS_ROUTE_ZONES"; then + response="$(echo "$response" | tr -d "\n" | sed 's/{/\n&/g')" + + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + if [ -z "$h" ]; then + return 1 + fi + + _zone="$(echo "$response" | _egrep_o "{.*\"name\":\s*\"$h\".*}")" + if [ "$_zone" ]; then + _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\s*\"[a-fA-F0-9-]+\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"' ) + if [ "$_zone_id" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain=$h + + return 0 + fi + + return 1 + fi + + p=$i + i=$(_math "$i" + 1) + done + fi + + return 1 +} + +_ionos_get_record() { + fulldomain=$1 + zone_id=$2 + + if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then + response="$(echo "$response" | tr -d "\n" )" + + _record="$(echo "$response" | _egrep_o "{\"name\":\s*\"$fulldomain\".*}")" + if [ "$_record" ]; then + _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\s*\"[a-fA-F0-9-]+\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"' ) + + return 0 + fi + fi + + return 1 +} + +_ionos_rest() { + method="$1" + route="$2" + data="$3" + + IONOS_API_KEY="$(printf "%s.%s" "$IONOS_PREFIX" "$IONOS_SECRET")" + + export _H1="X-API-Key: $IONOS_API_KEY" + + if [ "$method" != "GET" ]; then + export _H2="Accept: application/json" + export _H3="Content-Type: application/json" + + response="$(_post "$data" "$IONOS_API$route" "" "$method")" + else + export _H2="Accept: */*" + + response="$(_get "$IONOS_API$route")" + fi + + if [ "$?" != "0" ]; then + _err "Error $route" + return 1 + fi + + return 0 +} From 22f7ac22d528a0efbaa6326d9812ffde6884f4bc Mon Sep 17 00:00:00 2001 From: Lukas Brocke Date: Thu, 24 Dec 2020 13:06:07 +0100 Subject: [PATCH 0173/1526] dnsapi/ionos: Run shfmt --- dnsapi/dns_ionos.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index 4d33e019..fb6ba3f8 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -13,7 +13,7 @@ IONOS_API="https://api.hosting.ionos.com/dns" IONOS_ROUTE_ZONES="/v1/zones" -IONOS_TXT_TTL=60 # minumum accepted by API +IONOS_TXT_TTL=60 # minimum accepted by API IONOS_TXT_PRIO=10 dns_ionos_add() { @@ -25,7 +25,7 @@ dns_ionos_add() { _body="{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}" if _ionos_rest PATCH "$IONOS_ROUTE_ZONES/$_zone_id" "$_body" && [ -z "$response" ]; then - _info "TXT record for _sub_domain.$_domain has been created successfully." + _info "TXT record has been created successfully." return 0 fi @@ -44,7 +44,7 @@ dns_ionos_rm() { fi if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ -z "$response" ]; then - _info "TXT record for _sub_domain.$_domain has been deleted successfully." + _info "TXT record has been deleted successfully." return 0 fi @@ -54,7 +54,7 @@ dns_ionos_rm() { _ionos_init() { IONOS_PREFIX="${IONOS_PREFIX:-$(_readaccountconf_mutable IONOS_PREFIX)}" IONOS_SECRET="${IONOS_SECRET:-$(_readaccountconf_mutable IONOS_SECRET)}" - + if [ -z "$IONOS_PREFIX" ] || [ -z "$IONOS_SECRET" ]; then _err "You didn't specify an IONOS api prefix and secret yet." _err "Read https://beta.developer.hosting.ionos.de/docs/getstarted to learn how to get a prefix and secret." @@ -91,7 +91,7 @@ _get_root() { _zone="$(echo "$response" | _egrep_o "{.*\"name\":\s*\"$h\".*}")" if [ "$_zone" ]; then - _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\s*\"[a-fA-F0-9-]+\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"' ) + _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\s*\"[a-fA-F0-9-]+\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') if [ "$_zone_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h @@ -115,13 +115,13 @@ _ionos_get_record() { zone_id=$2 if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then - response="$(echo "$response" | tr -d "\n" )" + response="$(echo "$response" | tr -d "\n")" _record="$(echo "$response" | _egrep_o "{\"name\":\s*\"$fulldomain\".*}")" if [ "$_record" ]; then - _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\s*\"[a-fA-F0-9-]+\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"' ) - - return 0 + _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\s*\"[a-fA-F0-9-]+\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') + + return 0 fi fi From d6083c68fd3d174fb2ae6025d19965dcf332ac52 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 28 Dec 2020 21:10:22 +0800 Subject: [PATCH 0174/1526] add libidn --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 6b382242..4618efaf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,6 +12,7 @@ RUN apk update -f \ tzdata \ oath-toolkit-oathtool \ tar \ + libidn \ && rm -rf /var/cache/apk/* ENV LE_CONFIG_HOME /acme.sh From 10de4b6b7bc5f3c9d40214afb62d232b53ee7f89 Mon Sep 17 00:00:00 2001 From: Mike Beattie Date: Mon, 4 Jan 2021 18:41:02 +1300 Subject: [PATCH 0175/1526] Add Telegram notification script Requires: - API Token for a bot created with the Telegram Bot Father. - A Chat ID for a user/group that the bot has permission to post to. --- notify/telegram.sh | 49 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 notify/telegram.sh diff --git a/notify/telegram.sh b/notify/telegram.sh new file mode 100644 index 00000000..ee2d93e2 --- /dev/null +++ b/notify/telegram.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +#Support Telegram Bots + +#TELEGRAM_BOT_APITOKEN="" +#TELEGRAM_BOT_CHATID="" + +telegram_send() { + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_statusCode" "$_statusCode" + + TELEGRAM_BOT_APITOKEN="${TELEGRAM_BOT_APITOKEN:-$(_readaccountconf_mutable TELEGRAM_BOT_APITOKEN)}" + if [ -z "$TELEGRAM_BOT_APITOKEN" ]; then + TELEGRAM_BOT_APITOKEN="" + _err "You didn't specify a Telegram BOT API Token TELEGRAM_BOT_APITOKEN yet." + return 1 + fi + _saveaccountconf_mutable TELEGRAM_BOT_APITOKEN "$TELEGRAM_BOT_APITOKEN" + + TELEGRAM_BOT_CHATID="${TELEGRAM_BOT_CHATID:-$(_readaccountconf_mutable TELEGRAM_BOT_CHATID)}" + if [ -z "$TELEGRAM_BOT_CHATID" ]; then + TELEGRAM_BOT_CHATID="" + _err "You didn't specify a Telegram Chat id TELEGRAM_BOT_CHATID yet." + return 1 + fi + _saveaccountconf_mutable TELEGRAM_BOT_CHATID "$TELEGRAM_BOT_CHATID" + + _content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" + _data="{\"text\": \"$_content\", " + _data="$_data\"chat_id\": \"$TELEGRAM_BOT_CHATID\", " + _data="$_data\"parse_mode\": \"markdown\", " + _data="$_data\"disable_web_page_preview\": \"1\"}" + + export _H1="Content-Type: application/json" + _telegram_bot_url="https://api.telegram.org/bot${TELEGRAM_BOT_APITOKEN}/sendMessage" + if _post "$_data" "$_telegram_bot_url"; then + # shellcheck disable=SC2154 + _message=$(printf "%s\n" "$response" | sed -ne 's/.*"ok":\([^,]*\).*/\1/p') + if [ "$_message" = "true" ]; then + _info "telegram send success." + return 0 + fi + fi + _err "telegram send error." + _err "$response" + return 1 +} From c59a8c9644b366f9c8ca17d7bd28a25de66a1799 Mon Sep 17 00:00:00 2001 From: Vahid Fardi Date: Tue, 5 Jan 2021 15:29:08 +0330 Subject: [PATCH 0176/1526] change arvan api script --- dnsapi/dns_arvan.sh | 43 +++++++++++++++---------------------------- 1 file changed, 15 insertions(+), 28 deletions(-) diff --git a/dnsapi/dns_arvan.sh b/dnsapi/dns_arvan.sh index ca1f56c7..3c4ced15 100644 --- a/dnsapi/dns_arvan.sh +++ b/dnsapi/dns_arvan.sh @@ -3,7 +3,6 @@ #Arvan_Token="xxxx" ARVAN_API_URL="https://napi.arvancloud.com/cdn/4.0/domains" - #Author: Ehsan Aliakbar #Report Bugs here: https://github.com/Neilpang/acme.sh # @@ -38,6 +37,7 @@ dns_arvan_add() { _info "Adding record" if _arvan_rest POST "$_domain/dns-records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":{\"text\":\"$txtvalue\"},\"ttl\":120}"; then if _contains "$response" "$txtvalue"; then + _info "response id is $response" _info "Added, OK" return 0 elif _contains "$response" "Record Data is Duplicated"; then @@ -49,7 +49,7 @@ dns_arvan_add() { fi fi _err "Add txt record error." - return 1 + return 0 } #Usage: fulldomain txtvalue @@ -73,33 +73,21 @@ dns_arvan_rm() { _debug _domain "$_domain" _debug "Getting txt records" - shorted_txtvalue=$(printf "%s" "$txtvalue" | cut -d "-" -d "_" -f1) - _arvan_rest GET "${_domain}/dns-records?search=$shorted_txtvalue" - + _arvan_rest GET "${_domain}/dns-records" if ! printf "%s" "$response" | grep \"current_page\":1 >/dev/null; then _err "Error on Arvan Api" _err "Please create a github issue with debbug log" return 1 fi - count=$(printf "%s\n" "$response" | _egrep_o "\"total\":[^,]*" | cut -d : -f 2) - _debug count "$count" - if [ "$count" = "0" ]; then - _info "Don't need to remove." - else - record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1) - _debug "record_id" "$record_id" - if [ -z "$record_id" ]; then - _err "Can not get record id to remove." - return 1 - fi - if ! _arvan_rest "DELETE" "${_domain}/dns-records/$record_id"; then - _err "Delete record error." - return 1 - fi - _debug "$response" - _contains "$response" 'dns record deleted' + _record_id=$(echo "$response" | _egrep_o ".\"id\":\"[^\"]*\",\"type\":\"txt\",\"name\":\"_acme-challenge\",\"value\":{\"text\":\"$txtvalue\"}" | cut -d : -f 2 | cut -d , -f 1 | tr -d \") + if ! _arvan_rest "DELETE" "${_domain}/dns-records/${_record_id}"; then + _err "Error on Arvan Api" + return 1 fi + _debug "$response" + _contains "$response" 'dns record deleted' + return 0 } #################### Private functions below ################################## @@ -111,7 +99,7 @@ dns_arvan_rm() { # _domain_id=sdjkglgdfewsdfg _get_root() { domain=$1 - i=1 + i=2 p=1 while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) @@ -121,12 +109,11 @@ _get_root() { return 1 fi - if ! _arvan_rest GET "?search=$h"; then + if ! _arvan_rest GET "$h"; then return 1 fi - - if _contains "$response" "\"domain\":\"$h\"" || _contains "$response" '"total":1'; then - _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") + if _contains "$response" "\"domain\":\"$h\""; then + _domain_id=$(echo "$response" | cut -d : -f 3 | cut -d , -f 1 | tr -d \") if [ "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h @@ -146,7 +133,6 @@ _arvan_rest() { data="$3" token_trimmed=$(echo "$Arvan_Token" | tr -d '"') - export _H1="Authorization: $token_trimmed" if [ "$mtd" = "DELETE" ]; then @@ -160,4 +146,5 @@ _arvan_rest() { else response="$(_get "$ARVAN_API_URL/$ep$data")" fi + return 0 } From 2ec6215b1cbac352c006797ac8ed25f5cf7b50ac Mon Sep 17 00:00:00 2001 From: Vahid Fardi Date: Tue, 5 Jan 2021 17:10:41 +0330 Subject: [PATCH 0177/1526] change Author name --- dnsapi/dns_arvan.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_arvan.sh b/dnsapi/dns_arvan.sh index 3c4ced15..a33504d0 100644 --- a/dnsapi/dns_arvan.sh +++ b/dnsapi/dns_arvan.sh @@ -1,10 +1,10 @@ #!/usr/bin/env sh -#Arvan_Token="xxxx" +#Arvan_Token="Apikey xxxx" ARVAN_API_URL="https://napi.arvancloud.com/cdn/4.0/domains" -#Author: Ehsan Aliakbar -#Report Bugs here: https://github.com/Neilpang/acme.sh +#Author: Vahid Fardi +#Report Bugs here: https://github.com/fvahid/acme.sh # ######## Public functions ##################### From d9a8b057c39baeb89d257484d867112fc09db0b6 Mon Sep 17 00:00:00 2001 From: Vahid Fardi Date: Tue, 5 Jan 2021 21:31:31 +0330 Subject: [PATCH 0178/1526] change name actor --- dnsapi/dns_arvan.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_arvan.sh b/dnsapi/dns_arvan.sh index a33504d0..4c9217e5 100644 --- a/dnsapi/dns_arvan.sh +++ b/dnsapi/dns_arvan.sh @@ -4,7 +4,7 @@ ARVAN_API_URL="https://napi.arvancloud.com/cdn/4.0/domains" #Author: Vahid Fardi -#Report Bugs here: https://github.com/fvahid/acme.sh +#Report Bugs here: https://github.com/Neilpang/acme.sh # ######## Public functions ##################### From ab6b9006b7bdf42ee270646da58658a3762a617d Mon Sep 17 00:00:00 2001 From: James Edington Date: Fri, 8 Jan 2021 11:14:39 -0700 Subject: [PATCH 0179/1526] This is a general-purpose ACME client. We should be proud of this. --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index cd747666..f53578d4 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,7 @@ https://github.com/acmesh-official/acmetest - [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA) - [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA) - [Pebble strict Mode](https://github.com/letsencrypt/pebble) +- Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA # Supported modes From c3a3d02beaaec48cf3caa041659c2390613c7503 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 10 Jan 2021 11:47:54 +0800 Subject: [PATCH 0180/1526] fix https://github.com/acmesh-official/acme.sh/issues/3156 --- dnsapi/dns_linode_v4.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index c2bebc57..9504afbf 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -106,6 +106,7 @@ dns_linode_v4_rm() { #################### Private functions below ################################## _Linode_API() { + LINODE_V4_API_KEY="${LINODE_V4_API_KEY:-$(_readaccountconf_mutable LINODE_V4_API_KEY)}" if [ -z "$LINODE_V4_API_KEY" ]; then LINODE_V4_API_KEY="" @@ -115,7 +116,7 @@ _Linode_API() { return 1 fi - _saveaccountconf LINODE_V4_API_KEY "$LINODE_V4_API_KEY" + _saveaccountconf_mutable LINODE_V4_API_KEY "$LINODE_V4_API_KEY" } #################### Private functions below ################################## From 1fff8dd30691e4808cded2e84ce0a3f41e89281b Mon Sep 17 00:00:00 2001 From: tyahin Date: Sun, 10 Jan 2021 12:39:12 +0300 Subject: [PATCH 0181/1526] deploy gcore_cdn fix auth --- deploy/gcore_cdn.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/gcore_cdn.sh b/deploy/gcore_cdn.sh index a2a35f7b..738f8561 100644 --- a/deploy/gcore_cdn.sh +++ b/deploy/gcore_cdn.sh @@ -56,9 +56,9 @@ gcore_cdn_deploy() { _request="{\"username\":\"$Le_Deploy_gcore_cdn_username\",\"password\":\"$Le_Deploy_gcore_cdn_password\"}" _debug _request "$_request" export _H1="Content-Type:application/json" - _response=$(_post "$_request" "https://api.gcdn.co/auth/signin") + _response=$(_post "$_request" "https://api.gcdn.co/auth/jwt/login") _debug _response "$_response" - _regex=".*\"token\":\"\([-._0-9A-Za-z]*\)\".*$" + _regex=".*\"access\":\"\([-._0-9A-Za-z]*\)\".*$" _debug _regex "$_regex" _token=$(echo "$_response" | sed -n "s/$_regex/\1/p") _debug _token "$_token" From 1eaf7c89b7c11703c9f49df91c85fe0f3b537225 Mon Sep 17 00:00:00 2001 From: tyahin Date: Sun, 10 Jan 2021 12:39:20 +0300 Subject: [PATCH 0182/1526] deploy gcore_cdn fix api --- deploy/gcore_cdn.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/deploy/gcore_cdn.sh b/deploy/gcore_cdn.sh index 738f8561..929a4d53 100644 --- a/deploy/gcore_cdn.sh +++ b/deploy/gcore_cdn.sh @@ -72,12 +72,15 @@ gcore_cdn_deploy() { export _H2="Authorization:Token $_token" _response=$(_get "https://api.gcdn.co/resources") _debug _response "$_response" - _regex=".*(\"id\".*?\"cname\":\"$_cdomain\".*?})" + _regex="\"primary_resource\":null}," + _debug _regex "$_regex" + _response=$(echo "$_response" | sed 's/$_regex/$_regex\n/g') + _debug _response "$_response" _regex="^.*\"cname\":\"$_cdomain\".*$" _debug _regex "$_regex" - _resource=$(echo "$_response" | sed 's/},{/},\n{/g' | _egrep_o "$_regex") + _resource=$(echo "$_response" | _egrep_o "$_regex") _debug _resource "$_resource" - _regex=".*\"id\":\([0-9]*\).*\"rules\".*$" + _regex=".*\"id\":\([0-9]*\).*$" _debug _regex "$_regex" _resourceId=$(echo "$_resource" | sed -n "s/$_regex/\1/p") _debug _resourceId "$_resourceId" From 7ed7a57d926c913adc7f05905ffb5412d170e09b Mon Sep 17 00:00:00 2001 From: tyahin Date: Sun, 10 Jan 2021 12:44:56 +0300 Subject: [PATCH 0183/1526] deploy gcore_cdn fix syntax --- deploy/gcore_cdn.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/gcore_cdn.sh b/deploy/gcore_cdn.sh index 929a4d53..f573a3aa 100644 --- a/deploy/gcore_cdn.sh +++ b/deploy/gcore_cdn.sh @@ -74,7 +74,7 @@ gcore_cdn_deploy() { _debug _response "$_response" _regex="\"primary_resource\":null}," _debug _regex "$_regex" - _response=$(echo "$_response" | sed 's/$_regex/$_regex\n/g') + _response=$(echo "$_response" | sed "s/$_regex/$_regex\n/g") _debug _response "$_response" _regex="^.*\"cname\":\"$_cdomain\".*$" _debug _regex "$_regex" From b79f63db7841d7344a7360b1c7068d98b6419c9b Mon Sep 17 00:00:00 2001 From: Stephen Dendtler Date: Sun, 10 Jan 2021 11:19:16 +0000 Subject: [PATCH 0184/1526] Added RackCorp API Integration --- dnsapi/dns_rackcorp.sh | 156 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 dnsapi/dns_rackcorp.sh diff --git a/dnsapi/dns_rackcorp.sh b/dnsapi/dns_rackcorp.sh new file mode 100644 index 00000000..7323473d --- /dev/null +++ b/dnsapi/dns_rackcorp.sh @@ -0,0 +1,156 @@ +#!/usr/bin/env sh + +# Provider: RackCorp (www.rackcorp.com) +# Author: Stephen Dendtler (sdendtler@rackcorp.com) +# Report Bugs here: https://github.com/senjoo/acme.sh +# Alternate email contact: support@rackcorp.com +# +# You'll need an API key (Portal: ADMINISTRATION -> API) +# Set the environment variables as below: +# +# export RACKCORP_APIUUID="UUIDHERE" +# export RACKCORP_APISECRET="SECRETHERE" +# + +RACKCORP_API_ENDPOINT="https://api.rackcorp.net/api/rest/v2.4/json.php" + +######## Public functions ##################### + +dns_rackcorp_add() { + fulldomain="$1" + txtvalue="$2" + + _debug fulldomain="$fulldomain" + _debug txtvalue="$txtvalue" + + if ! _rackcorp_validate; then + return 1 + fi + + _debug "Searching for root zone" + if ! _get_root "$fulldomain"; then + return 1 + fi + _debug _lookup "$_lookup" + _debug _domain "$_domain" + + _info "Creating TXT record." + + if ! _rackcorp_api dns.record.create "\"name\":\"$_domain\",\"type\":\"TXT\",\"lookup\":\"$_lookup\",\"data\":\"$txtvalue\",\"ttl\":300"; then + return 1 + fi + + return 0 +} + +#Usage: fulldomain txtvalue +#Remove the txt record after validation. +dns_rackcorp_rm() { + fulldomain=$1 + txtvalue=$2 + + _debug fulldomain="$fulldomain" + _debug txtvalue="$txtvalue" + + if ! _rackcorp_validate; then + return 1 + fi + + _debug "Searching for root zone" + if ! _get_root "$fulldomain"; then + return 1 + fi + _debug _lookup "$_lookup" + _debug _domain "$_domain" + + _info "Creating TXT record." + + if ! _rackcorp_api dns.record.delete "\"name\":\"$_domain\",\"type\":\"TXT\",\"lookup\":\"$_lookup\",\"data\":\"$txtvalue\""; then + return 1 + fi + + return 0 +} + +#################### Private functions below ################################## +#_acme-challenge.domain.com +#returns +# _lookup=_acme-challenge +# _domain=domain.com +_get_root() { + domain=$1 + i=2 + p=1 + if ! _rackcorp_api dns.domain.getall "\"name\":\"$domain\""; then + return 1 + fi + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug searchhost "$h" + if [ -z "$h" ]; then + _err "Could not find domain for record $domain in RackCorp using the provided credentials" + #not valid + return 1 + fi + + _rackcorp_api dns.domain.getall "\"exactName\":\"$h\"" + + if _contains "$response" "\"matches\":1"; then + if _contains "$response" "\"name\":\"$h\""; then + _lookup=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + return 0 + fi + fi + p=$i + i=$(_math "$i" + 1) + done + + return 1 +} + +_rackcorp_validate() { + RACKCORP_APIUUID="${RACKCORP_APIUUID:-$(_readaccountconf_mutable RACKCORP_APIUUID)}" + if [ -z "$RACKCORP_APIUUID" ]; then + RACKCORP_APIUUID="" + _err "You require a RackCorp API UUID (export RACKCORP_APIUUID=\"\")" + _err "Please login to the portal and create an API key and try again." + return 1 + fi + + _saveaccountconf_mutable RACKCORP_APIUUID "$RACKCORP_APIUUID" + + RACKCORP_APISECRET="${RACKCORP_APISECRET:-$(_readaccountconf_mutable RACKCORP_APISECRET)}" + if [ -z "$RACKCORP_APISECRET" ]; then + RACKCORP_APISECRET="" + _err "You require a RackCorp API secret (export RACKCORP_APISECRET=\"\")" + _err "Please login to the portal and create an API key and try again." + return 1 + fi + + _saveaccountconf_mutable RACKCORP_APISECRET "$RACKCORP_APISECRET" + + return 0 +} +_rackcorp_api() { + _rackcorpcmd=$1 + _rackcorpinputdata=$2 + _debug cmd "$_rackcorpcmd $_rackcorpinputdata" + + export _H1="Accept: application/json" + response="$(_post "{\"APIUUID\":\"$RACKCORP_APIUUID\",\"APISECRET\":\"$RACKCORP_APISECRET\",\"cmd\":\"$_rackcorpcmd\",$_rackcorpinputdata}" "$RACKCORP_API_ENDPOINT" "" "POST")" + + if [ "$?" != "0" ]; then + _err "error $response" + return 1 + fi + _debug2 response "$response" + if _contains "$response" "\"code\":\"OK\""; then + _debug code "OK" + else + _debug code "FAILED" + response="" + return 1 + fi + return 0 +} From 2e5a6e21cf27533fc772ca525c8a900e0c20f04c Mon Sep 17 00:00:00 2001 From: Mike Beattie Date: Mon, 11 Jan 2021 11:21:46 +1300 Subject: [PATCH 0185/1526] Correct shebang --- notify/telegram.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/telegram.sh b/notify/telegram.sh index ee2d93e2..2806206d 100644 --- a/notify/telegram.sh +++ b/notify/telegram.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env sh #Support Telegram Bots From 584cc6de2e0b465749eaf477c2a33f6843e2840a Mon Sep 17 00:00:00 2001 From: Mike Beattie Date: Mon, 11 Jan 2021 11:27:39 +1300 Subject: [PATCH 0186/1526] Avoid usage of sed -e --- notify/telegram.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/telegram.sh b/notify/telegram.sh index 2806206d..b1306ee1 100644 --- a/notify/telegram.sh +++ b/notify/telegram.sh @@ -37,7 +37,7 @@ telegram_send() { _telegram_bot_url="https://api.telegram.org/bot${TELEGRAM_BOT_APITOKEN}/sendMessage" if _post "$_data" "$_telegram_bot_url"; then # shellcheck disable=SC2154 - _message=$(printf "%s\n" "$response" | sed -ne 's/.*"ok":\([^,]*\).*/\1/p') + _message=$(printf "%s\n" "$response" | sed -n 's/.*"ok":\([^,]*\).*/\1/p') if [ "$_message" = "true" ]; then _info "telegram send success." return 0 From 500a005aacdee63d7fec6b1b78e97493657fa9ba Mon Sep 17 00:00:00 2001 From: Stephen Dendtler Date: Mon, 11 Jan 2021 13:03:42 +0000 Subject: [PATCH 0187/1526] _get_root now does not skip the first label of the domain --- dnsapi/dns_rackcorp.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_rackcorp.sh b/dnsapi/dns_rackcorp.sh index 7323473d..6aabfddc 100644 --- a/dnsapi/dns_rackcorp.sh +++ b/dnsapi/dns_rackcorp.sh @@ -79,7 +79,7 @@ dns_rackcorp_rm() { # _domain=domain.com _get_root() { domain=$1 - i=2 + i=1 p=1 if ! _rackcorp_api dns.domain.getall "\"name\":\"$domain\""; then return 1 From 61549b4a745f45ec44335d9d2074b043acf8a559 Mon Sep 17 00:00:00 2001 From: Mark Challoner Date: Wed, 6 Jan 2021 20:20:21 +0000 Subject: [PATCH 0188/1526] Add Peplink deploy hook --- deploy/peplink.sh | 123 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 deploy/peplink.sh diff --git a/deploy/peplink.sh b/deploy/peplink.sh new file mode 100644 index 00000000..c4bd6242 --- /dev/null +++ b/deploy/peplink.sh @@ -0,0 +1,123 @@ +#!/usr/bin/env sh + +# Script to deploy cert to Peplink Routers +# +# The following environment variables must be set: +# +# PEPLINK_Hostname - Peplink hostname +# PEPLINK_Username - Peplink username to login +# PEPLINK_Password - Peplink password to login +# +# The following environmental variables may be set if you don't like their +# default values: +# +# PEPLINK_Certtype - Certificate type to target for replacement +# defaults to "webadmin", can be one of: +# * "chub" (ContentHub) +# * "openvpn" (OpenVPN CA) +# * "portal" (Captive Portal SSL) +# * "webadmin" (Web Admin SSL) +# * "webproxy" (Proxy Root CA) +# * "wwan_ca" (Wi-Fi WAN CA) +# * "wwan_client" (Wi-Fi WAN Client) +# PEPLINK_Scheme - defaults to "https" +# PEPLINK_Port - defaults to "443" +# +#returns 0 means success, otherwise error. + +######## Public functions ##################### + +_peplink_get_cookie_data() { + grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' +} + +#domain keyfile certfile cafile fullchain +peplink_deploy() { + + _cdomain="$1" + _ckey="$2" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _cfullchain "$_cfullchain" + _debug _ckey "$_ckey" + + # Get Hostname, Username and Password, but don't save until we successfully authenticate + _getdeployconf PEPLINK_Hostname + _getdeployconf PEPLINK_Username + _getdeployconf PEPLINK_Password + if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then + _err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set" + return 1 + fi + _debug2 PEPLINK_Hostname "$PEPLINK_Hostname" + _debug2 PEPLINK_Username "$PEPLINK_Username" + _secure_debug2 PEPLINK_Password "$PEPLINK_Password" + + # Optional certificate type, scheme, and port for Peplink + _getdeployconf PEPLINK_Certtype + _getdeployconf PEPLINK_Scheme + _getdeployconf PEPLINK_Port + + # Don't save the certificate type until we verify it exists and is supported + _savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme" + _savedeployconf PEPLINK_Port "$PEPLINK_Port" + + # Default vaules for certificate type, scheme, and port + [ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin" + [ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https" + [ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443" + + _debug2 PEPLINK_Certtype "$PEPLINK_Certtype" + _debug2 PEPLINK_Scheme "$PEPLINK_Scheme" + _debug2 PEPLINK_Port "$PEPLINK_Port" + + _base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port" + _debug _base_url "$_base_url" + + # Login, get the auth token from the cookie + _info "Logging into $PEPLINK_Hostname:$PEPLINK_Port" + encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)" + encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)" + response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi") + auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER") + _debug3 response "$response" + _debug auth_token "$auth_token" + + if [ -z "$auth_token" ]; then + _err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme." + _err "Check your username and password." + return 1 + fi + + _H1="Cookie: $auth_token" + export _H1 + _debug2 H1 "${_H1}" + + # Now that we know the hostnameusername and password are good, save them + _savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname" + _savedeployconf PEPLINK_Username "$PEPLINK_Username" + _savedeployconf PEPLINK_Password "$PEPLINK_Password" + + _info "Generate form POST request" + + encoded_key="$(_url_encode <"$_ckey")" + encoded_fullchain="$(_url_encode <"$_cfullchain")" + body="cert_type=$PEPLINK_Certtype&cert_uid=§ion=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain" + _debug3 body "$body" + + _info "Upload $PEPLINK_Certtype certificate to the Peplink" + + response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi") + _debug3 response "$response" + + if echo "$response" | grep 'Success' >/dev/null; then + # We've verified this certificate type is valid, so save it + _savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype" + _info "Certificate was updated" + return 0 + else + _err "Unable to update certificate, error code $response" + return 1 + fi +} From 464022bea23fd5d8bdd219f5e033a86ab918c966 Mon Sep 17 00:00:00 2001 From: pssara Date: Fri, 15 Jan 2021 15:12:53 +0100 Subject: [PATCH 0189/1526] Fixed issue with ISP config where the Client ID was asumed to be the same as the SYS User ID --- dnsapi/dns_ispconfig.sh | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/dnsapi/dns_ispconfig.sh b/dnsapi/dns_ispconfig.sh index bd1e0391..8be47f60 100755 --- a/dnsapi/dns_ispconfig.sh +++ b/dnsapi/dns_ispconfig.sh @@ -75,7 +75,7 @@ _ISPC_getZoneInfo() { # suffix . needed for zone -> domain.tld. curData="{\"session_id\":\"${sessionID}\",\"primary_id\":{\"origin\":\"${curZone}.\"}}" curResult="$(_post "${curData}" "${ISPC_Api}?dns_zone_get")" - _debug "Calling _ISPC_getZoneInfo: '${curData}' '${ISPC_Api}?login'" + _debug "Calling _ISPC_getZoneInfo: '${curData}' '${ISPC_Api}?dns_zone_get'" _debug "Result of _ISPC_getZoneInfo: '$curResult'" if _contains "${curResult}" '"id":"'; then zoneFound=true @@ -110,18 +110,32 @@ _ISPC_getZoneInfo() { ;; *) _info "Retrieved Zone ID" ;; esac - client_id=$(echo "${curResult}" | _egrep_o "sys_userid.*" | cut -d ':' -f 2 | cut -d '"' -f 2) - _debug "Client ID: '${client_id}'" - case "${client_id}" in + sys_userid=$(echo "${curResult}" | _egrep_o "sys_userid.*" | cut -d ':' -f 2 | cut -d '"' -f 2) + _debug "SYS User ID: '${sys_userid}'" + case "${sys_userid}" in '' | *[!0-9]*) - _err "Client ID is not numeric." + _err "SYS User ID is not numeric." return 1 ;; - *) _info "Retrieved Client ID." ;; + *) _info "Retrieved SYS User ID." ;; esac zoneFound="" zoneEnd="" fi + # Need to get client_id as it is different from sys_userid + curData="{\"session_id\":\"${sessionID}\",\"sys_userid\":\"${sys_userid}\"}" + curResult="$(_post "${curData}" "${ISPC_Api}?client_get_id")" + _debug "Calling _ISPC_ClientGetID: '${curData}' '${ISPC_Api}?client_get_id'" + _debug "Result of _ISPC_ClientGetID: '$curResult'" + client_id=$(echo "${curResult}" | _egrep_o "response.*" | cut -d ':' -f 2 | cut -d '"' -f 2 | tr -d '{}') + _debug "Client ID: '${client_id}'" + case "${client_id}" in + '' | *[!0-9]*) + _err "Client ID is not numeric." + return 1 + ;; + *) _info "Retrieved Client ID." ;; + esac } _ISPC_addTxt() { From 289f79bbb0dda768ec23e89e178adbf8af43112f Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 16 Jan 2021 23:50:57 +0800 Subject: [PATCH 0190/1526] fix format --- dnsapi/dns_ispconfig.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_ispconfig.sh b/dnsapi/dns_ispconfig.sh index 8be47f60..e68ddd49 100755 --- a/dnsapi/dns_ispconfig.sh +++ b/dnsapi/dns_ispconfig.sh @@ -130,11 +130,11 @@ _ISPC_getZoneInfo() { client_id=$(echo "${curResult}" | _egrep_o "response.*" | cut -d ':' -f 2 | cut -d '"' -f 2 | tr -d '{}') _debug "Client ID: '${client_id}'" case "${client_id}" in - '' | *[!0-9]*) + '' | *[!0-9]*) _err "Client ID is not numeric." return 1 ;; - *) _info "Retrieved Client ID." ;; + *) _info "Retrieved Client ID." ;; esac } From d21e6235ad9df9df9452c08617728aaf55fae559 Mon Sep 17 00:00:00 2001 From: Lukas Brocke Date: Mon, 18 Jan 2021 14:35:08 +0100 Subject: [PATCH 0191/1526] dnsapi/ionos: Add support for v2 wildcard certificates --- dnsapi/dns_ionos.sh | 45 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index fb6ba3f8..a8cc36cf 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -20,9 +20,22 @@ dns_ionos_add() { fulldomain=$1 txtvalue=$2 - _ionos_init + if ! _ionos_init; then + return 1 + fi + + _new_record="{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}" + + # As no POST route is supported by the API, check for existing records and include them in the PATCH request in order not delete them. + # This is required to support ACME v2 wildcard certificate creation, where two TXT records for the same domain name are created. + + _ionos_get_existing_records "$fulldomain" "$_zone_id" - _body="{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}" + if [ "$_existing_records" ]; then + _body="[$_new_record,$_existing_records]" + else + _body="[$_new_record]" + fi if _ionos_rest PATCH "$IONOS_ROUTE_ZONES/$_zone_id" "$_body" && [ -z "$response" ]; then _info "TXT record has been created successfully." @@ -36,9 +49,11 @@ dns_ionos_rm() { fulldomain=$1 txtvalue=$2 - _ionos_init + if ! _ionos_init; then + return 1 + fi - if ! _ionos_get_record "$fulldomain" "$_zone_id"; then + if ! _ionos_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then _err "Could not find _acme-challenge TXT record." return 1 fi @@ -81,7 +96,7 @@ _get_root() { p=1 if _ionos_rest GET "$IONOS_ROUTE_ZONES"; then - response="$(echo "$response" | tr -d "\n" | sed 's/{/\n&/g')" + response="$(echo "$response" | tr -d "\n")" while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) @@ -89,9 +104,9 @@ _get_root() { return 1 fi - _zone="$(echo "$response" | _egrep_o "{.*\"name\":\s*\"$h\".*}")" + _zone="$(echo "$response" | _egrep_o "\"name\":\"$h\".*?}")" if [ "$_zone" ]; then - _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\s*\"[a-fA-F0-9-]+\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') + _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9-]+\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') if [ "$_zone_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h @@ -110,16 +125,28 @@ _get_root() { return 1 } +_ionos_get_existing_records() { + fulldomain=$1 + zone_id=$2 + + if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then + response="$(echo "$response" | tr -d "\n")" + + _existing_records="$(printf "%s\n" "$response" | _egrep_o "\"records\":\[.*?\]" | _head_n 1 | cut -d '[' -f 2 | sed 's/]//')" + fi +} + _ionos_get_record() { fulldomain=$1 zone_id=$2 + txtrecord=$3 if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then response="$(echo "$response" | tr -d "\n")" - _record="$(echo "$response" | _egrep_o "{\"name\":\s*\"$fulldomain\".*}")" + _record="$(echo "$response" | _egrep_o "\{\"name\":\"$fulldomain\"[^\}]*?\"type\":\"TXT\"[^\}]*?\"content\":\"\\\\\"$txtrecord\\\\\"\".*?\}")" if [ "$_record" ]; then - _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\s*\"[a-fA-F0-9-]+\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') + _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9-]+\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') return 0 fi From a9d88301064698558ebecc7d45b6e7edad61945a Mon Sep 17 00:00:00 2001 From: Lukas Brocke Date: Wed, 20 Jan 2021 21:08:58 +0100 Subject: [PATCH 0192/1526] dnsapi/ionos: Fixes for Solaris --- dnsapi/dns_ionos.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index a8cc36cf..54696d5d 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -104,9 +104,9 @@ _get_root() { return 1 fi - _zone="$(echo "$response" | _egrep_o "\"name\":\"$h\".*?}")" + _zone="$(echo "$response" | _egrep_o "\"name\":\"$h\".*\}")" if [ "$_zone" ]; then - _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9-]+\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') + _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') if [ "$_zone_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h @@ -132,7 +132,7 @@ _ionos_get_existing_records() { if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then response="$(echo "$response" | tr -d "\n")" - _existing_records="$(printf "%s\n" "$response" | _egrep_o "\"records\":\[.*?\]" | _head_n 1 | cut -d '[' -f 2 | sed 's/]//')" + _existing_records="$(printf "%s\n" "$response" | _egrep_o "\"records\":\[.*\]" | _head_n 1 | cut -d '[' -f 2 | sed 's/]//')" fi } @@ -144,9 +144,9 @@ _ionos_get_record() { if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then response="$(echo "$response" | tr -d "\n")" - _record="$(echo "$response" | _egrep_o "\{\"name\":\"$fulldomain\"[^\}]*?\"type\":\"TXT\"[^\}]*?\"content\":\"\\\\\"$txtrecord\\\\\"\".*?\}")" + _record="$(echo "$response" | _egrep_o "\"name\":\"$fulldomain\"[^\}]*\"type\":\"TXT\"[^\}]*\"content\":\"\\\\\"$txtrecord\\\\\"\".*\}")" if [ "$_record" ]; then - _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9-]+\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') + _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') return 0 fi From 5fbbc17376e7a248f35e191cca8053ca521ce88c Mon Sep 17 00:00:00 2001 From: MaysWind Date: Thu, 21 Jan 2021 22:15:23 +0800 Subject: [PATCH 0193/1526] update dnspod.com api --- dnsapi/dns_dpi.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_dpi.sh b/dnsapi/dns_dpi.sh index 9cbf4d51..2955effd 100755 --- a/dnsapi/dns_dpi.sh +++ b/dnsapi/dns_dpi.sh @@ -53,7 +53,7 @@ dns_dpi_rm() { return 1 fi - if ! _rest POST "Record.List" "user_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain"; then + if ! _rest POST "Record.List" "login_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain"; then _err "Record.Lis error." return 1 fi @@ -63,14 +63,14 @@ dns_dpi_rm() { return 0 fi - record_id=$(echo "$response" | _egrep_o '{[^{]*"value":"'"$txtvalue"'"' | cut -d , -f 1 | cut -d : -f 2 | tr -d \") + record_id=$(echo "$response" | tr "{" "\n" | grep -- "$txtvalue" | grep '^"id"' | cut -d : -f 2 | cut -d '"' -f 2) _debug record_id "$record_id" if [ -z "$record_id" ]; then _err "Can not get record id." return 1 fi - if ! _rest POST "Record.Remove" "user_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&record_id=$record_id"; then + if ! _rest POST "Record.Remove" "login_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&record_id=$record_id"; then _err "Record.Remove error." return 1 fi @@ -89,7 +89,7 @@ add_record() { _info "Adding record" - if ! _rest POST "Record.Create" "user_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=default"; then + if ! _rest POST "Record.Create" "login_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=default"; then return 1 fi @@ -113,7 +113,7 @@ _get_root() { return 1 fi - if ! _rest POST "Domain.Info" "user_token=$DPI_Id,$DPI_Key&format=json&domain=$h"; then + if ! _rest POST "Domain.Info" "login_token=$DPI_Id,$DPI_Key&format=json&domain=$h"; then return 1 fi From f06aee21ebf9af3cfd49deb8a61f875eb3839738 Mon Sep 17 00:00:00 2001 From: Lukas Brocke Date: Thu, 21 Jan 2021 16:10:10 +0100 Subject: [PATCH 0194/1526] dnsapi/ionos: Change to root zone finding algorithm --- dnsapi/dns_ionos.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index 54696d5d..e6bd5000 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -92,7 +92,7 @@ _ionos_init() { _get_root() { domain=$1 - i=2 + i=1 p=1 if _ionos_rest GET "$IONOS_ROUTE_ZONES"; then From f49e8ec5adb392f5abf1b7f60039cc80eac3f8f8 Mon Sep 17 00:00:00 2001 From: dgasaway Date: Mon, 25 Jan 2021 11:46:52 -0800 Subject: [PATCH 0195/1526] Change ipconfig.co to ifconfig.co URL https://ipconfig.co/ip does not currently work, and since https://ifconfig.co/ip is mentioned on the DNS API wiki page, I assume these messages were a typo. --- dnsapi/dns_namecheap.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh index 2e389265..7ce39fa9 100755 --- a/dnsapi/dns_namecheap.sh +++ b/dnsapi/dns_namecheap.sh @@ -157,7 +157,7 @@ _namecheap_set_publicip() { if [ -z "$NAMECHEAP_SOURCEIP" ]; then _err "No Source IP specified for Namecheap API." - _err "Use your public ip address or an url to retrieve it (e.g. https://ipconfig.co/ip) and export it as NAMECHEAP_SOURCEIP" + _err "Use your public ip address or an url to retrieve it (e.g. https://ifconfig.co/ip) and export it as NAMECHEAP_SOURCEIP" return 1 else _saveaccountconf NAMECHEAP_SOURCEIP "$NAMECHEAP_SOURCEIP" @@ -175,7 +175,7 @@ _namecheap_set_publicip() { _publicip=$(_get "$addr") else _err "No Source IP specified for Namecheap API." - _err "Use your public ip address or an url to retrieve it (e.g. https://ipconfig.co/ip) and export it as NAMECHEAP_SOURCEIP" + _err "Use your public ip address or an url to retrieve it (e.g. https://ifconfig.co/ip) and export it as NAMECHEAP_SOURCEIP" return 1 fi fi From 9366f4b40e2d2d557e458e98ecd0407edc381678 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Mon, 25 Jan 2021 21:55:07 +0100 Subject: [PATCH 0196/1526] Test original implementation by trgosk --- dnsapi/dns_websupport.sh | 208 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 208 insertions(+) create mode 100644 dnsapi/dns_websupport.sh diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh new file mode 100644 index 00000000..1332a0aa --- /dev/null +++ b/dnsapi/dns_websupport.sh @@ -0,0 +1,208 @@ +#!/usr/bin/env sh + +#This is the websupport.sk api wrapper for acme.sh +# +#Author: trgo.sk +#Report Bugs here: https://github.com/trgosk/acme.sh + +#WS_ApiKey="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" +#WS_ApiSecret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" + +WS_Api="https://rest.websupport.sk" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_websupport_add() { + fulldomain=$1 + txtvalue=$2 + + WS_ApiKey="${WS_ApiKey:-$(_readaccountconf_mutable WS_ApiKey)}" + WS_ApiSecret="${WS_ApiSecret:-$(_readaccountconf_mutable WS_ApiSecret)}" + + if [ "$WS_ApiKey" ] && [ "$WS_ApiSecret" ]; then + _saveaccountconf_mutable WS_ApiKey "$WS_ApiKey" + _saveaccountconf_mutable WS_ApiSecret "$WS_ApiSecret" + else + WS_ApiKey="" + WS_ApiSecret="" + _err "You didn't specify a api key and/or api secret yet." + _err "You can get yours from here https://admin.websupport.sk/en/auth/apiKey" + return 1 + fi + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so + # we can not use updating anymore. + # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) + # _debug count "$count" + # if [ "$count" = "0" ]; then + _info "Adding record" + if _ws_rest POST "/v1/user/self/zone/$_domain/record" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then + if _contains "$response" "$txtvalue"; then + _info "Added, OK" + return 0 + elif _contains "$response" "The record already exists"; then + _info "Already exists, OK" + return 0 + else + _err "Add txt record error." + return 1 + fi + fi + _err "Add txt record error." + return 1 + +} + +#fulldomain txtvalue +dns_websupport_rm() { + fulldomain=$1 + txtvalue=$2 + + _debug2 fulldomain "$fulldomain" + _debug2 txtvalue "$txtvalue" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _ws_rest GET "/v1/user/self/zone/$_domain/record" + + if [ "$(printf "%s" "$response" | tr -d " " | grep -c \"items\")" -lt "1" ]; then + _err "Error: $response" + return 1 + fi + + record_line="$(_get_from_array "$response" "$txtvalue")" + _debug record_line "$record_line" + if [ -z "$record_line" ]; then + _info "Don't need to remove." + else + record_id=$(echo "$record_line" | _egrep_o "\"id\": *[^,]*" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ") + _debug "record_id" "$record_id" + if [ -z "$record_id" ]; then + _err "Can not get record id to remove." + return 1 + fi + if ! _ws_rest DELETE "/v1/user/self/zone/$_domain/record/$record_id"; then + _err "Delete record error." + return 1 + fi + if [ "$(printf "%s" "$response" | tr -d " " | grep -c \"success\")" -lt "1" ]; then + return 1 + else + return 0 + fi + fi + +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +_get_root() { + domain=$1 + i=1 + p=1 + + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if ! _ws_rest GET "/v1/user/self/zone"; then + return 1 + fi + + if _contains "$response" "\"name\":\"$h\""; then + _domain_id=$(echo "$response" | _egrep_o "\[.\"id\": *[^,]*" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ") + if [ "$_domain_id" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain=$h + return 0 + fi + return 1 + fi + p=$i + i=$(_math "$i" + 1) + done + return 1 +} + +_ws_rest() { + me=$1 + pa="$2" + da="$3" + + _debug2 api_key "$WS_ApiKey" + _debug2 api_secret "$WS_ApiSecret" + + timestamp="$(date +%s)" + datez=$(date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || date -u -d@"$timestamp" +%Y-%m-%dT%H:%M:%S%z) + canonical_request="${me} ${pa} ${timestamp}" + alg="sha1" + signature_hash=$( (printf "%s" "$canonical_request" | ${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -mac HMAC -macopt "key:$WS_ApiSecret" 2>/dev/null || printf "%s" "$canonical_request" | ${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -hmac "$(printf "%s" "$WS_ApiSecret" | _h2b)") | cut -d = -f 2 | tr -d ' ') + basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" + + _debug2 method "$me" + _debug2 path "$pa" + _debug2 data "$da" + _debug2 timestamp "$timestamp" + _debug2 datez "$datez" + _debug2 canonical_request "$canonical_request" + _debug2 alg "$alg" + _debug2 signature_hash "$signature_hash" + _debug2 basicauth "$basicauth" + + export _H1="Accept: application/json" + export _H2="Content-Type: application/json" + export _H3="Authorization: Basic ${basicauth}" + export _H4="Date: ${datez}" + + _debug2 H1 "$_H1" + _debug2 H2 "$_H2" + _debug2 H3 "$_H3" + _debug2 H4 "$_H4" + + if [ "$me" != "GET" ]; then + _debug2 "${me} $WS_Api${pa}" + _debug data "$da" + response="$(_post "$da" "${WS_Api}${pa}" "" "$me")" + else + _debug2 "GET $WS_Api${pa}" + response="$(_get "$WS_Api${pa}")" + fi + + _debug2 response "$response" + return "$?" +} + +_get_from_array() { + va="$1" + fi="$2" + for i in $(echo "$va" | sed "s/{/ /g"); do + if _contains "$i" "$fi"; then + echo "$i" + break + fi + done +} From 92332fc385e288cd478218b7969238151cf4bcec Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Mon, 25 Jan 2021 22:01:41 +0100 Subject: [PATCH 0197/1526] Update dns_websupport.sh --- dnsapi/dns_websupport.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 1332a0aa..407e3485 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -206,3 +206,4 @@ _get_from_array() { fi done } + From 4956a580266240090ee777f9ffc5fd7a07991dca Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Mon, 25 Jan 2021 22:10:27 +0100 Subject: [PATCH 0198/1526] Update dns_websupport.sh --- dnsapi/dns_websupport.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 407e3485..1332a0aa 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -206,4 +206,3 @@ _get_from_array() { fi done } - From 77e8008752b02c2bcb3b8387df7975aef0748207 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 26 Jan 2021 22:10:53 +0800 Subject: [PATCH 0199/1526] fix docker build (#3383) * fix dockerhub * fix Co-authored-by: neil --- .github/workflows/dockerhub.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml index 89915af7..238fde3a 100644 --- a/.github/workflows/dockerhub.yml +++ b/.github/workflows/dockerhub.yml @@ -33,12 +33,10 @@ jobs: steps: - name: checkout code uses: actions/checkout@v2 - - name: install buildx - id: buildx - uses: crazy-max/ghaction-docker-buildx@v3 - with: - buildx-version: latest - qemu-version: latest + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 - name: login to docker hub run: | echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin From 58c4eaaf861fe6909b2ed766a8cd1c2be2b6e8d4 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 30 Jan 2021 11:27:18 +0800 Subject: [PATCH 0200/1526] fix online install (#3385) --- acme.sh | 59 +++++++++++++++++++++++++++++++-------------------------- 1 file changed, 32 insertions(+), 27 deletions(-) diff --git a/acme.sh b/acme.sh index e78744c9..0d3a9e8c 100755 --- a/acme.sh +++ b/acme.sh @@ -6105,7 +6105,7 @@ _installalias() { } -# nocron confighome noprofile +# nocron confighome noprofile accountemail install() { if [ -z "$LE_WORKING_DIR" ]; then @@ -6115,6 +6115,8 @@ install() { _nocron="$1" _c_home="$2" _noprofile="$3" + _accountemail="$4" + if ! _initpath; then _err "Install failed." return 1 @@ -6233,6 +6235,10 @@ install() { fi fi + if [ "$_accountemail" ]; then + _saveaccountconf "ACCOUNT_EMAIL" "$_accountemail" + fi + _info OK } @@ -6511,7 +6517,7 @@ Parameters: --cert-home Specifies the home dir to save all the certs, only valid for '--install' command. --config-home Specifies the home dir to save all the configurations. --useragent Specifies the user agent string. it will be saved for future use too. - -m, --accountemail Specifies the account email, only valid for the '--install' and '--update-account' command. + -m, --email Specifies the account email, only valid for the '--install' and '--update-account' command. --accountkey Specifies the account key path, only valid for the '--install' command. --days Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days. --httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer. @@ -6522,9 +6528,9 @@ Parameters: --insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted. --ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate. --ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl. - --nocron Only valid for '--install' command, which means: do not install the default cron job. + --no-cron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically. - --noprofile Only valid for '--install' command, which means: do not install aliases to user profile. + --no-profile Only valid for '--install' command, which means: do not install aliases to user profile. --no-color Do not output color text. --force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails. --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--to-pkcs12' and '--create-csr' @@ -6562,18 +6568,18 @@ Parameters: " } -# nocron noprofile -_installOnline() { + +installOnline() { _info "Installing from online archive." - _nocron="$1" - _noprofile="$2" - if [ ! "$BRANCH" ]; then - BRANCH="master" + + _branch="$BRANCH" + if [ -z "$_branch" ]; then + _branch="master" fi - target="$PROJECT/archive/$BRANCH.tar.gz" + target="$PROJECT/archive/$_branch.tar.gz" _info "Downloading $target" - localname="$BRANCH.tar.gz" + localname="$_branch.tar.gz" if ! _get "$target" >$localname; then _err "Download error." return 1 @@ -6585,9 +6591,9 @@ _installOnline() { exit 1 fi - cd "$PROJECT_NAME-$BRANCH" + cd "$PROJECT_NAME-$_branch" chmod +x $PROJECT_ENTRY - if ./$PROJECT_ENTRY install "$_nocron" "" "$_noprofile"; then + if ./$PROJECT_ENTRY --install "$@"; then _info "Install success!" _initpath _saveaccountconf "UPGRADE_HASH" "$(_getUpgradeHash)" @@ -6595,7 +6601,7 @@ _installOnline() { cd .. - rm -rf "$PROJECT_NAME-$BRANCH" + rm -rf "$PROJECT_NAME-$_branch" rm -f "$localname" ) } @@ -6623,7 +6629,7 @@ upgrade() { [ -z "$FORCE" ] && [ "$(_getUpgradeHash)" = "$(_readaccountconf "UPGRADE_HASH")" ] && _info "Already uptodate!" && exit 0 export LE_WORKING_DIR cd "$LE_WORKING_DIR" - _installOnline "nocron" "noprofile" + installOnline "--nocron" "--noprofile" ); then _info "Upgrade success!" exit 0 @@ -6803,6 +6809,11 @@ _process() { --install) _CMD="install" ;; + --install-online) + shift + installOnline "$@" + return + ;; --uninstall) _CMD="uninstall" ;; @@ -7077,9 +7088,9 @@ _process() { USER_AGENT="$_useragent" shift ;; - -m | --accountemail) + -m | --email | --accountemail) _accountemail="$2" - ACCOUNT_EMAIL="$_accountemail" + export ACCOUNT_EMAIL="$_accountemail" shift ;; --accountkey) @@ -7122,10 +7133,10 @@ _process() { CA_PATH="$_ca_path" shift ;; - --nocron) + --no-cron | --nocron) _nocron="1" ;; - --noprofile) + --no-profile | --noprofile) _noprofile="1" ;; --no-color) @@ -7345,7 +7356,7 @@ _process() { fi _debug "Running cmd: ${_CMD}" case "${_CMD}" in - install) install "$_nocron" "$_confighome" "$_noprofile" ;; + install) install "$_nocron" "$_confighome" "$_noprofile" "$_accountemail" ;; uninstall) uninstall "$_nocron" ;; upgrade) upgrade ;; issue) @@ -7458,12 +7469,6 @@ _process() { } -if [ "$INSTALLONLINE" ]; then - INSTALLONLINE="" - _installOnline - exit -fi - main() { [ -z "$1" ] && showhelp && return if _startswith "$1" '-'; then _process "$@"; else "$@"; fi From 565ca81b30bd5a586f438035a0c7f2ff008714ce Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 30 Jan 2021 11:44:42 +0800 Subject: [PATCH 0201/1526] update readme --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f53578d4..edd6442f 100644 --- a/README.md +++ b/README.md @@ -110,13 +110,13 @@ https://github.com/acmesh-official/acmetest Check this project: https://github.com/acmesh-official/get.acme.sh ```bash -curl https://get.acme.sh | sh +curl https://get.acme.sh | sh -s email=my@example.com ``` Or: ```bash -wget -O - https://get.acme.sh | sh +wget -O - https://get.acme.sh | sh -s email=my@example.com ``` @@ -127,7 +127,7 @@ Clone this project and launch installation: ```bash git clone https://github.com/acmesh-official/acme.sh.git cd ./acme.sh -./acme.sh --install +./acme.sh --install -m my@example.com ``` You `don't have to be root` then, although `it is recommended`. From e6dea4c92c58886106661f0e56035560b1fccb19 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 30 Jan 2021 12:05:23 +0800 Subject: [PATCH 0202/1526] fix format --- acme.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/acme.sh b/acme.sh index 0d3a9e8c..a1ad4195 100755 --- a/acme.sh +++ b/acme.sh @@ -6568,7 +6568,6 @@ Parameters: " } - installOnline() { _info "Installing from online archive." From dadc70630b3b1fd1fc93805dde5b929e2e5b1f06 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Sun, 31 Jan 2021 22:02:11 +0100 Subject: [PATCH 0203/1526] Testing HMAC --- dnsapi/dns_websupport.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 1332a0aa..5136a8e1 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -156,11 +156,11 @@ _ws_rest() { _debug2 api_key "$WS_ApiKey" _debug2 api_secret "$WS_ApiSecret" - timestamp="$(date +%s)" + timestamp=$(_time) datez=$(date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || date -u -d@"$timestamp" +%Y-%m-%dT%H:%M:%S%z) canonical_request="${me} ${pa} ${timestamp}" alg="sha1" - signature_hash=$( (printf "%s" "$canonical_request" | ${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -mac HMAC -macopt "key:$WS_ApiSecret" 2>/dev/null || printf "%s" "$canonical_request" | ${ACME_OPENSSL_BIN:-openssl} dgst -"$alg" -hmac "$(printf "%s" "$WS_ApiSecret" | _h2b)") | cut -d = -f 2 | tr -d ' ') + signature_hash=$( (printf "%s" "$canonical_request" | _hmac "$alg" "$WS_ApiSecret" 2>/dev/null || printf "%s" "$canonical_request" | _hmac "$alg" "$WS_ApiSecret") basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" _debug2 method "$me" From 7924e01b155b4b0ee0170c209687c3c68cdfdb76 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Sun, 31 Jan 2021 22:04:53 +0100 Subject: [PATCH 0204/1526] Added a forgotten ")" --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 5136a8e1..ca6b8a06 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -160,7 +160,7 @@ _ws_rest() { datez=$(date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || date -u -d@"$timestamp" +%Y-%m-%dT%H:%M:%S%z) canonical_request="${me} ${pa} ${timestamp}" alg="sha1" - signature_hash=$( (printf "%s" "$canonical_request" | _hmac "$alg" "$WS_ApiSecret" 2>/dev/null || printf "%s" "$canonical_request" | _hmac "$alg" "$WS_ApiSecret") + signature_hash=$( (printf "%s" "$canonical_request" | _hmac "$alg" "$WS_ApiSecret" 2>/dev/null || printf "%s" "$canonical_request" | _hmac "$alg" "$WS_ApiSecret")) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" _debug2 method "$me" From 84dd864886c2bccacec04697abfe7a7d594b9705 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Sun, 31 Jan 2021 22:16:00 +0100 Subject: [PATCH 0205/1526] Simplified approach for the HMAC method --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index ca6b8a06..2ff93a5d 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -160,7 +160,7 @@ _ws_rest() { datez=$(date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || date -u -d@"$timestamp" +%Y-%m-%dT%H:%M:%S%z) canonical_request="${me} ${pa} ${timestamp}" alg="sha1" - signature_hash=$( (printf "%s" "$canonical_request" | _hmac "$alg" "$WS_ApiSecret" 2>/dev/null || printf "%s" "$canonical_request" | _hmac "$alg" "$WS_ApiSecret")) + signature_hash=$(printf "%s" "$canonical_request" | _hmac "$alg" "$WS_ApiSecret") basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" _debug2 method "$me" From 76309601eb20222cab6a48b3dacbb9c07e39c709 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Sun, 31 Jan 2021 22:25:13 +0100 Subject: [PATCH 0206/1526] Update dns_websupport.sh --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 2ff93a5d..4b0026f8 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -160,7 +160,7 @@ _ws_rest() { datez=$(date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || date -u -d@"$timestamp" +%Y-%m-%dT%H:%M:%S%z) canonical_request="${me} ${pa} ${timestamp}" alg="sha1" - signature_hash=$(printf "%s" "$canonical_request" | _hmac "$alg" "$WS_ApiSecret") + signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" _debug2 method "$me" From 0481f20c6b6acbe590f54194c4e709f3b159cb1a Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Mon, 1 Feb 2021 00:30:36 +0100 Subject: [PATCH 0207/1526] "datez" var and comments --- dnsapi/dns_websupport.sh | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 4b0026f8..731da0a6 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -1,18 +1,24 @@ #!/usr/bin/env sh -#This is the websupport.sk api wrapper for acme.sh +# This is the websupport.sk api wrapper for acme.sh # -#Author: trgo.sk -#Report Bugs here: https://github.com/trgosk/acme.sh - -#WS_ApiKey="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -#WS_ApiSecret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +# Original author: trgo.sk (https://github.com/trgosk) +# Tweaks by: akulumbeg (https://github.com/akulumbeg) +# +# Report Bugs here: https://github.com/akulumbeg/acme.sh +# +# Requirements: API Key and Secret from https://admin.websupport.sk/en/auth/apiKey +# +# WS_ApiKey="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" +# (called "Identifier" in the WS Admin) +# +# WS_ApiSecret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +# (called "Secret key" in the WS Admin) WS_Api="https://rest.websupport.sk" ######## Public functions ##################### -#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_websupport_add() { fulldomain=$1 txtvalue=$2 @@ -26,7 +32,7 @@ dns_websupport_add() { else WS_ApiKey="" WS_ApiSecret="" - _err "You didn't specify a api key and/or api secret yet." + _err "You did not specify the API Key and/or API Secret" _err "You can get yours from here https://admin.websupport.sk/en/auth/apiKey" return 1 fi @@ -62,7 +68,6 @@ dns_websupport_add() { } -#fulldomain txtvalue dns_websupport_rm() { fulldomain=$1 txtvalue=$2 @@ -111,11 +116,8 @@ dns_websupport_rm() { } -#################### Private functions below ################################## -#_acme-challenge.www.domain.com -#returns -# _sub_domain=_acme-challenge.www -# _domain=domain.com +#################### Private Functions ################################## + _get_root() { domain=$1 i=1 @@ -157,9 +159,8 @@ _ws_rest() { _debug2 api_secret "$WS_ApiSecret" timestamp=$(_time) - datez=$(date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || date -u -d@"$timestamp" +%Y-%m-%dT%H:%M:%S%z) + datez=$(printf "%s" "$(date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || date -u -d@"$timestamp" +%Y-%m-%dT%H:%M:%S%z)") canonical_request="${me} ${pa} ${timestamp}" - alg="sha1" signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" @@ -169,7 +170,6 @@ _ws_rest() { _debug2 timestamp "$timestamp" _debug2 datez "$datez" _debug2 canonical_request "$canonical_request" - _debug2 alg "$alg" _debug2 signature_hash "$signature_hash" _debug2 basicauth "$basicauth" From 3014955ecec9a71a0db59b83641484bea71e7c0e Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Mon, 1 Feb 2021 18:16:15 +0100 Subject: [PATCH 0208/1526] Fix comments, error msg and time formatting --- dnsapi/dns_websupport.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 731da0a6..8950970b 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -1,12 +1,11 @@ #!/usr/bin/env sh -# This is the websupport.sk api wrapper for acme.sh +# Acme.sh DNS API wrapper for websupport.sk # # Original author: trgo.sk (https://github.com/trgosk) # Tweaks by: akulumbeg (https://github.com/akulumbeg) -# # Report Bugs here: https://github.com/akulumbeg/acme.sh -# + # Requirements: API Key and Secret from https://admin.websupport.sk/en/auth/apiKey # # WS_ApiKey="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" @@ -33,7 +32,7 @@ dns_websupport_add() { WS_ApiKey="" WS_ApiSecret="" _err "You did not specify the API Key and/or API Secret" - _err "You can get yours from here https://admin.websupport.sk/en/auth/apiKey" + _err "You can get the credentials from here https://admin.websupport.sk/en/auth/apiKey" return 1 fi @@ -159,7 +158,7 @@ _ws_rest() { _debug2 api_secret "$WS_ApiSecret" timestamp=$(_time) - datez=$(printf "%s" "$(date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || date -u -d@"$timestamp" +%Y-%m-%dT%H:%M:%S%z)") + datez=$(printf "%s" "$(date -u -r "$timestamp" "+%Y-%m-%dT%H:%M:%S%z" 2>/dev/null || date -u -d@"$timestamp" "+%Y-%m-%dT%H:%M:%S%z")") canonical_request="${me} ${pa} ${timestamp}" signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" From 5d4d53c3a10c7fdfe76c01f1270d40550d260ebc Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Mon, 1 Feb 2021 18:37:17 +0100 Subject: [PATCH 0209/1526] Testing datez change for Solaris --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 8950970b..c3a43f1e 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -158,7 +158,7 @@ _ws_rest() { _debug2 api_secret "$WS_ApiSecret" timestamp=$(_time) - datez=$(printf "%s" "$(date -u -r "$timestamp" "+%Y-%m-%dT%H:%M:%S%z" 2>/dev/null || date -u -d@"$timestamp" "+%Y-%m-%dT%H:%M:%S%z")") + datez=$(printf "%s" "$(date -u -d@"$timestamp" "+%Y-%m-%dT%H:%M:%S%z" 2>/dev/null || date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z)") canonical_request="${me} ${pa} ${timestamp}" signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" From 783a6110eff2bbb85c4ad7082ec43490a32eaeb2 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Mon, 1 Feb 2021 20:31:05 +0100 Subject: [PATCH 0210/1526] Yet another Solaris test --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index c3a43f1e..73543ea5 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -158,7 +158,7 @@ _ws_rest() { _debug2 api_secret "$WS_ApiSecret" timestamp=$(_time) - datez=$(printf "%s" "$(date -u -d@"$timestamp" "+%Y-%m-%dT%H:%M:%S%z" 2>/dev/null || date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z)") + datez=$(date -u -d@"$timestamp" "+%Y-%m-%dT%H:%M:%S%z" 1>/dev/null 2>&1 || date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z) canonical_request="${me} ${pa} ${timestamp}" signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" From 7984d8cdfb41a65f37940c0fe14502660b2f33a1 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Mon, 1 Feb 2021 20:43:22 +0100 Subject: [PATCH 0211/1526] And again --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 73543ea5..b145dc3e 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -158,7 +158,7 @@ _ws_rest() { _debug2 api_secret "$WS_ApiSecret" timestamp=$(_time) - datez=$(date -u -d@"$timestamp" "+%Y-%m-%dT%H:%M:%S%z" 1>/dev/null 2>&1 || date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z) + datez=$(date -u -d@"$timestamp" "+%Y-%m-%dT%H:%M:%S%z" 2>/dev/null || date -u -r "$timestamp" "+%Y-%m-%dT%H:%M:%S%z") canonical_request="${me} ${pa} ${timestamp}" signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" From 631398f700dfc41414862b1bee4b33ff4c0b3d7a Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Thu, 4 Feb 2021 00:21:08 +0100 Subject: [PATCH 0212/1526] sed workaround for "datez" --- dnsapi/dns_websupport.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index b145dc3e..b30ac994 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -1,3 +1,4 @@ + #!/usr/bin/env sh # Acme.sh DNS API wrapper for websupport.sk @@ -158,7 +159,7 @@ _ws_rest() { _debug2 api_secret "$WS_ApiSecret" timestamp=$(_time) - datez=$(date -u -d@"$timestamp" "+%Y-%m-%dT%H:%M:%S%z" 2>/dev/null || date -u -r "$timestamp" "+%Y-%m-%dT%H:%M:%S%z") + datez="$(_utc_date | sed "s/ /T/" | sed "s/$/+0000/")" canonical_request="${me} ${pa} ${timestamp}" signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" From 3d338bba3c8e9b5f3fad16316264a8e91ac51d7d Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Thu, 4 Feb 2021 00:31:46 +0100 Subject: [PATCH 0213/1526] Fixing the shebang accident --- dnsapi/dns_websupport.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index b30ac994..922e6819 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -1,4 +1,3 @@ - #!/usr/bin/env sh # Acme.sh DNS API wrapper for websupport.sk From 8dc55f417d9244ff5a3b81cc396308d43a57528b Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Thu, 4 Feb 2021 10:13:36 +0100 Subject: [PATCH 0214/1526] Extra test - adding date -u -d Adding this to at least partially prevent the virtually nonexistent possibility of timestamp and _utc_date() mismatch. If the normal date -u -d does not get converted (looking at you Solaris!), the poor man's method with manipulating the _utc_date() string output kicks in. --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 922e6819..d69a6c00 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -158,7 +158,7 @@ _ws_rest() { _debug2 api_secret "$WS_ApiSecret" timestamp=$(_time) - datez="$(_utc_date | sed "s/ /T/" | sed "s/$/+0000/")" + datez="$(date -u -d @"$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null/ || _utc_date | sed "s/ /T/" | sed "s/$/+0000/")" canonical_request="${me} ${pa} ${timestamp}" signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" From ced6852735ffb77a215f94022f3835be9196b369 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Thu, 4 Feb 2021 11:15:13 +0100 Subject: [PATCH 0215/1526] 2>/dev/null/ to 2>/dev/null Silly mistake with a "/" -.- --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index d69a6c00..143b07b2 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -158,7 +158,7 @@ _ws_rest() { _debug2 api_secret "$WS_ApiSecret" timestamp=$(_time) - datez="$(date -u -d @"$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null/ || _utc_date | sed "s/ /T/" | sed "s/$/+0000/")" + datez="$(date -u -d @"$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || _utc_date | sed "s/ /T/" | sed "s/$/+0000/")" canonical_request="${me} ${pa} ${timestamp}" signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" From 94917e315e50e001d55c539d6d2e9f79669679f6 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Thu, 4 Feb 2021 11:18:22 +0100 Subject: [PATCH 0216/1526] Testing double 2>/dev/null into _utc_date with sed --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 143b07b2..797c1b57 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -158,7 +158,7 @@ _ws_rest() { _debug2 api_secret "$WS_ApiSecret" timestamp=$(_time) - datez="$(date -u -d @"$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || _utc_date | sed "s/ /T/" | sed "s/$/+0000/")" + datez="$(date -u -d @"$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || _utc_date | sed "s/ /T/" | sed "s/$/+0000/")" canonical_request="${me} ${pa} ${timestamp}" signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" From 433d9bfb020ad00c27e305e31499f718fe4ec9e4 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Thu, 4 Feb 2021 15:11:53 +0100 Subject: [PATCH 0217/1526] Implementing/testing Neil's suggestions --- dnsapi/dns_websupport.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 797c1b57..5089d7c3 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -158,9 +158,9 @@ _ws_rest() { _debug2 api_secret "$WS_ApiSecret" timestamp=$(_time) - datez="$(date -u -d @"$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || date -u -r "$timestamp" +%Y-%m-%dT%H:%M:%S%z 2>/dev/null || _utc_date | sed "s/ /T/" | sed "s/$/+0000/")" + datez="$(_utc_date | sed "s/ /T/" | sed "s/$/+0000/") canonical_request="${me} ${pa} ${timestamp}" - signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) + signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$WS_ApiSecret") basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" _debug2 method "$me" From 9e146a8a5a80004ca65d08b30e977d0c135ed25c Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Thu, 4 Feb 2021 15:15:17 +0100 Subject: [PATCH 0218/1526] Typo Forgot a quotation mark on line 161 --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 5089d7c3..de3d8b71 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -158,7 +158,7 @@ _ws_rest() { _debug2 api_secret "$WS_ApiSecret" timestamp=$(_time) - datez="$(_utc_date | sed "s/ /T/" | sed "s/$/+0000/") + datez="$(_utc_date | sed "s/ /T/" | sed "s/$/+0000/")" canonical_request="${me} ${pa} ${timestamp}" signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$WS_ApiSecret") basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" From 6c9845b9f3838d56aaa76bcab4e9986334ca1432 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Thu, 4 Feb 2021 15:18:39 +0100 Subject: [PATCH 0219/1526] adding the hex parameter to _hmac call --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index de3d8b71..e40a3729 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -160,7 +160,7 @@ _ws_rest() { timestamp=$(_time) datez="$(_utc_date | sed "s/ /T/" | sed "s/$/+0000/")" canonical_request="${me} ${pa} ${timestamp}" - signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$WS_ApiSecret") + signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$WS_ApiSecret" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" _debug2 method "$me" From 3a383589465cadb87e72ade8c0755a1deb483b4c Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Thu, 4 Feb 2021 15:22:53 +0100 Subject: [PATCH 0220/1526] Trying the original solution _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index e40a3729..922e6819 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -160,7 +160,7 @@ _ws_rest() { timestamp=$(_time) datez="$(_utc_date | sed "s/ /T/" | sed "s/$/+0000/")" canonical_request="${me} ${pa} ${timestamp}" - signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$WS_ApiSecret" hex) + signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" _debug2 method "$me" From 2eda03f5dea919930d156c2cc8d6e976d173ec78 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Thu, 4 Feb 2021 15:32:51 +0100 Subject: [PATCH 0221/1526] Changing the _hmac call into Neil's suggestion --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 922e6819..06ed9c78 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -160,7 +160,7 @@ _ws_rest() { timestamp=$(_time) datez="$(_utc_date | sed "s/ /T/" | sed "s/$/+0000/")" canonical_request="${me} ${pa} ${timestamp}" - signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) + signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$WS_ApiSecret" | _hex_dump | tr -d " ") basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" _debug2 method "$me" From b8494ab3cca644039bfda425e12d1f5079cfeace Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Thu, 4 Feb 2021 17:15:22 +0100 Subject: [PATCH 0222/1526] Update dns_websupport.sh --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 06ed9c78..ed14a279 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -160,7 +160,7 @@ _ws_rest() { timestamp=$(_time) datez="$(_utc_date | sed "s/ /T/" | sed "s/$/+0000/")" canonical_request="${me} ${pa} ${timestamp}" - signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$WS_ApiSecret" | _hex_dump | tr -d " ") + signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$("$WS_ApiSecret" | _hex_dump | tr -d " ")") basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" _debug2 method "$me" From c8c727e6c652d45c826b05d783d695f2d066857d Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Thu, 4 Feb 2021 17:21:33 +0100 Subject: [PATCH 0223/1526] added hex param to _hmac but removed "printf "s%" ... --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index ed14a279..773d693d 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -160,7 +160,7 @@ _ws_rest() { timestamp=$(_time) datez="$(_utc_date | sed "s/ /T/" | sed "s/$/+0000/")" canonical_request="${me} ${pa} ${timestamp}" - signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$("$WS_ApiSecret" | _hex_dump | tr -d " ")") + signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$("$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" _debug2 method "$me" From 0021fb8a33df61c7578df4ff61a836eee16283a4 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Thu, 4 Feb 2021 17:27:39 +0100 Subject: [PATCH 0224/1526] Changing the _hmac auth back It only works this way, apparently --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 773d693d..922e6819 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -160,7 +160,7 @@ _ws_rest() { timestamp=$(_time) datez="$(_utc_date | sed "s/ /T/" | sed "s/$/+0000/")" canonical_request="${me} ${pa} ${timestamp}" - signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$("$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) + signature_hash=$(printf "%s" "$canonical_request" | _hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex) basicauth="$(printf "%s:%s" "$WS_ApiKey" "$signature_hash" | _base64)" _debug2 method "$me" From 556c546b2ea6ee2d3db6fa41766c25653c02159b Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sat, 6 Feb 2021 22:48:25 +0100 Subject: [PATCH 0227/1526] Deploy Scipt for TrueNAs Server acme .sh deploy Scipt for TrueNAS Server that uses the REST API from TrueNAS. - Authentification with API Key - If HTTP redirect is configured, automatik switch to HTTPS - If WebDAV Certificate is the same as Web UI Certificate, Webdav Certificate get also an updated - If FTP Certificate is the same as Web UI Certificate, FTP Certificate get also an updated --- deploy/truenas.sh | 191 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 191 insertions(+) create mode 100644 deploy/truenas.sh diff --git a/deploy/truenas.sh b/deploy/truenas.sh new file mode 100644 index 00000000..43d39a3d --- /dev/null +++ b/deploy/truenas.sh @@ -0,0 +1,191 @@ +#!/usr/local/bin/bash + +#Here is a scipt to deploy the cert to your TrueNAS using the REST API. +# https://www.truenas.com/docs/hub/additional-topics/api/rest_api.html +# +# Written by Frank Plass github@f-plass.de +# +# +# Following environment variables must be set: +# +# export DEPLOY_TRUENAS_APIKEY=" Date: Sat, 6 Feb 2021 23:03:07 +0100 Subject: [PATCH 0228/1526] Danksagung an danb35 --- deploy/truenas.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 43d39a3d..6a52e166 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -1,10 +1,11 @@ #!/usr/local/bin/bash -#Here is a scipt to deploy the cert to your TrueNAS using the REST API. +# Here is a scipt to deploy the cert to your TrueNAS using the REST API. # https://www.truenas.com/docs/hub/additional-topics/api/rest_api.html # # Written by Frank Plass github@f-plass.de -# +# https://github.com/danb35/deploy-freenas/blob/master/deploy_freenas.py +# Thanks to danb35 for your template! # # Following environment variables must be set: # From 0e341726d29b82b448248945e8e30d8fc3963043 Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sat, 6 Feb 2021 23:20:52 +0100 Subject: [PATCH 0229/1526] Edits after DoShellcheck --- deploy/truenas.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 6a52e166..cfc3e7f7 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -121,7 +121,7 @@ truenas_deploy() { _activateData="{\"ui_certificate\": \"${_cert_id}\"}" _activate_result="$(_post "$_activateData" "$_api_url/system/general" "" "PUT" "application/json")" - _debug3 _activate_result $(echo "$_activate_result" ) + _debug3 _activate_result "$_activate_result" _info "Check if WebDAV certificate is the same as the WEB UI" @@ -133,7 +133,7 @@ truenas_deploy() { _debug _webdav_cert_id "$_webdav_cert_id" _webdav_data="{\"certssl\": \"${_cert_id}\"}" _activate_webdav_cert="$(_post "$_webdav_data" "$_api_url/webdav" "" "PUT" "application/json")" - _webdav_new_cert_id=$(echo $_activate_webdav_cert | _json_decode | sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p') + _webdav_new_cert_id=$(echo "$_activate_webdav_cert" | _json_decode | sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p') if [ "$_webdav_new_cert_id" -eq "$_cert_id" ]; then _info "WebDAV Certificate update successfully" else @@ -157,7 +157,7 @@ truenas_deploy() { _debug _ftp_cert_id "$_ftp_cert_id" _ftp_data="{\"ssltls_certificate\": \"${_cert_id}\"}" _activate_ftp_cert="$(_post "$_ftp_data" "$_api_url/ftp" "" "PUT" "application/json")" - _ftp_new_cert_id=$(echo $_activate_ftp_cert | _json_decode | sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p') + _ftp_new_cert_id=$(echo "$_activate_ftp_cert" | _json_decode | sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p') if [ "$_ftp_new_cert_id" -eq "$_cert_id" ]; then _info "FTP Certificate update successfully" else From 4f7c2bf8c31786d11f58e85130c8f95db1f01557 Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sun, 7 Feb 2021 16:12:24 +0100 Subject: [PATCH 0230/1526] Update truenas.sh --- deploy/truenas.sh | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index cfc3e7f7..f52ba89c 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -179,14 +179,9 @@ truenas_deploy() { _info "Reload WebUI from TrueNAS" - curl --silent -L --no-keepalive --user-agent "$USER_AGENT" "$_api_url/system/general/ui_restart" - ret=$? + _restart_UI=$(_get "$_api_url/system/general/ui_restart") - _debug CURL_RETURN "$ret" - if [ "$ret" != "0" ]; then - _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret" - return 1 - fi + _debug3 _restart_UI "$_restart_UI" - return 0 + return 0 } From ed46a078f9cec4c846f8ecdee414f8ff7d877d8f Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sun, 7 Feb 2021 16:35:51 +0100 Subject: [PATCH 0231/1526] Update truenas.sh --- deploy/truenas.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index f52ba89c..8ccf226a 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -183,5 +183,5 @@ truenas_deploy() { _debug3 _restart_UI "$_restart_UI" - return 0 + return 0 } From c8a2308739ec70d1ba70e1cc1ead721e91e4bdb0 Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sun, 7 Feb 2021 18:42:48 +0100 Subject: [PATCH 0232/1526] Update truenas.sh --- deploy/truenas.sh | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 8ccf226a..37ddb2b0 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -179,9 +179,18 @@ truenas_deploy() { _info "Reload WebUI from TrueNAS" - _restart_UI=$(_get "$_api_url/system/general/ui_restart") - - _debug3 _restart_UI "$_restart_UI" - - return 0 + # the command + # _restart_UI=$(_get "$_api_url/system/general/ui_restart") + # throws the Error 52 + # for this command direct curl command + curl --silent -L --no-keepalive --user-agent "$USER_AGENT" -H "$_H1" "$_api_url/system/general/ui_restart" + ret=$? + _debug2 CURL_RETURN "$ret" + + if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ] && [ "$ret" == "52" ]; then + return 0 + else + _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret" + return 1 + fi } From 05737b85eb263551234385bfd457fb204749063b Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sun, 7 Feb 2021 18:47:04 +0100 Subject: [PATCH 0233/1526] Update truenas.sh --- deploy/truenas.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 37ddb2b0..35631900 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -187,10 +187,10 @@ truenas_deploy() { ret=$? _debug2 CURL_RETURN "$ret" - if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ] && [ "$ret" == "52" ]; then - return 0 - else + if [ -z "$_add_cert_result" ] && [ -z "$_activate_result" ] && [ "$ret" != "52" ]; then _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret" return 1 + else + return 0 fi } From 854e52052825fcdff2fad52cb1e048faa99e2383 Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sun, 7 Feb 2021 19:02:03 +0100 Subject: [PATCH 0234/1526] Update truenas.sh --- deploy/truenas.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 35631900..ad83f760 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -184,13 +184,13 @@ truenas_deploy() { # throws the Error 52 # for this command direct curl command curl --silent -L --no-keepalive --user-agent "$USER_AGENT" -H "$_H1" "$_api_url/system/general/ui_restart" - ret=$? - _debug2 CURL_RETURN "$ret" + _ret=$? + _debug2 CURL_RETURN "$_ret" - if [ -z "$_add_cert_result" ] && [ -z "$_activate_result" ] && [ "$ret" != "52" ]; then - _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret" - return 1 - else + if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ] && [ "$ret" == "52" ]; then return 0 + else + _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" + return 1 fi } From 052c9be111fa1180479eb89a9e65ac69519d539e Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sun, 7 Feb 2021 19:12:39 +0100 Subject: [PATCH 0235/1526] Update truenas.sh --- deploy/truenas.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index ad83f760..f7d5c1cb 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -1,4 +1,4 @@ -#!/usr/local/bin/bash +#!/usr/bin/env sh # Here is a scipt to deploy the cert to your TrueNAS using the REST API. # https://www.truenas.com/docs/hub/additional-topics/api/rest_api.html @@ -187,7 +187,7 @@ truenas_deploy() { _ret=$? _debug2 CURL_RETURN "$_ret" - if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ] && [ "$ret" == "52" ]; then + if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ] && [ "$_ret" == "52" ]; then return 0 else _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" From f8c11a324a2bb4cd3ad19fd4bc9f6cda2156d412 Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sun, 7 Feb 2021 19:19:04 +0100 Subject: [PATCH 0236/1526] Update truenas.sh --- deploy/truenas.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index f7d5c1cb..5ca8f2af 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -187,7 +187,7 @@ truenas_deploy() { _ret=$? _debug2 CURL_RETURN "$_ret" - if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ] && [ "$_ret" == "52" ]; then + if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ] && [ "$_ret" = "52" ]; then return 0 else _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" From a836842a7eecf770e30bbe46243ff0c127d9ef56 Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sun, 7 Feb 2021 21:20:56 +0100 Subject: [PATCH 0237/1526] Update truenas.sh --- deploy/truenas.sh | 26 +++++++++----------------- 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 5ca8f2af..1b58cc90 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -43,11 +43,11 @@ truenas_deploy() { fi _secure_debug2 DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY" -# Optional hostname, scheme for TrueNAS + # Optional hostname, scheme for TrueNAS _getdeployconf DEPLOY_TRUENAS_HOSTNAME _getdeployconf DEPLOY_TRUENAS_SCHEME -# default values for hostname and scheme + # default values for hostname and scheme [ -n "${DEPLOY_TRUENAS_HOSTNAME}" ] || DEPLOY_TRUENAS_HOSTNAME="localhost" [ -n "${DEPLOY_TRUENAS_SCHEME}" ] || DEPLOY_TRUENAS_SCHEME="http" @@ -63,6 +63,7 @@ truenas_deploy() { _info "Testing Connection TrueNAS" _response=$(_get "$_api_url/system/state") _info "TrueNAS System State: $_response." + _debug _response "$_response" if [ -z "$_response" ]; then _err "Unable to authenticate to $_api_url." @@ -78,7 +79,6 @@ truenas_deploy() { _saveaccountconf DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME" _saveaccountconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" - _info "Getting active certificate from TrueNAS" _response=$(_get "$_api_url/system/general") _active_cert_id=$(echo "$_response" | grep -B2 '"name":' | grep 'id' | tr -d -- '"id: ,') @@ -88,7 +88,7 @@ truenas_deploy() { _debug Active_UI_Certificate_Name "$_active_cert_name" _debug Active_UI_http_redirect "$_param_httpsredirect" - if [ "$DEPLOY_TRUENAS_SCHEME" = "http" ] && [ "$_param_httpsredirect" = "true" ] ; then + if [ "$DEPLOY_TRUENAS_SCHEME" = "http" ] && [ "$_param_httpsredirect" = "true" ]; then _info "http Redirect active" _info "Setting DEPLOY_TRUENAS_SCHEME to 'https'" DEPLOY_TRUENAS_SCHEME="https" @@ -96,34 +96,29 @@ truenas_deploy() { _saveaccountconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" fi - _info "Upload new certifikate to TrueNAS" - _date_now() { - date -u "+%Y-%m-%d_%H%M%S" - } - _certname="Letsencrypt_$(_date_now)" + _certname="Letsencrypt_$(_utc_date | tr ' ' '_' | tr -d -- ':')" _debug3 _certname "$_certname" + return 0 + _certData="{\"create_type\": \"CERTIFICATE_CREATE_IMPORTED\", \"name\": \"${_certname}\", \"certificate\": \"$(_json_encode <"$_cfullchain")\", \"privatekey\": \"$(_json_encode <"$_ckey")\"}" _add_cert_result="$(_post "$_certData" "$_api_url/certificate" "" "POST" "application/json")" _debug3 _add_cert_result "$_add_cert_result" - _info "Getting Certificate list to get new Cert ID" _cert_list=$(_get "$_api_url/system/general/ui_certificate_choices") _cert_id=$(echo "$_cert_list" | grep "$_certname" | sed -n 's/.*"\([0-9]\{1,\}\)".*$/\1/p') _debug3 _cert_id "$_cert_id" - _info "Activate Certificate ID: $_cert_id" _activateData="{\"ui_certificate\": \"${_cert_id}\"}" _activate_result="$(_post "$_activateData" "$_api_url/system/general" "" "PUT" "application/json")" _debug3 _activate_result "$_activate_result" - _info "Check if WebDAV certificate is the same as the WEB UI" _webdav_list=$(_get "$_api_url/webdav") _webdav_cert_id=$(echo "$_webdav_list" | grep '"certssl":' | tr -d -- '"certsl: ,') @@ -147,7 +142,6 @@ truenas_deploy() { _info "WebDAV certificate not set or not the same as Web UI" fi - _info "Check if FTP certificate is the same as the WEB UI" _ftp_list=$(_get "$_api_url/ftp") _ftp_cert_id=$(echo "$_ftp_list" | grep '"ssltls_certificate":' | tr -d -- '"certislfa:_ ,') @@ -171,18 +165,16 @@ truenas_deploy() { _info "FTP certificate not set or not the same as Web UI" fi - _info "Delete old Certificate" _delete_result="$(_post "" "$_api_url/certificate/id/$_active_cert_id" "" "DELETE" "application/json")" _debug3 _delete_result "$_delete_result" - - _info "Reload WebUI from TrueNAS" # the command # _restart_UI=$(_get "$_api_url/system/general/ui_restart") # throws the Error 52 # for this command direct curl command + _info "Reload WebUI from TrueNAS" curl --silent -L --no-keepalive --user-agent "$USER_AGENT" -H "$_H1" "$_api_url/system/general/ui_restart" _ret=$? _debug2 CURL_RETURN "$_ret" @@ -193,4 +185,4 @@ truenas_deploy() { _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" return 1 fi -} +} \ No newline at end of file From a7ca010d4e3db0011d935cc710d7ba5e20352fc4 Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sun, 7 Feb 2021 21:24:06 +0100 Subject: [PATCH 0238/1526] Update truenas.sh --- deploy/truenas.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 1b58cc90..27b67dce 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -100,8 +100,6 @@ truenas_deploy() { _certname="Letsencrypt_$(_utc_date | tr ' ' '_' | tr -d -- ':')" _debug3 _certname "$_certname" - return 0 - _certData="{\"create_type\": \"CERTIFICATE_CREATE_IMPORTED\", \"name\": \"${_certname}\", \"certificate\": \"$(_json_encode <"$_cfullchain")\", \"privatekey\": \"$(_json_encode <"$_ckey")\"}" _add_cert_result="$(_post "$_certData" "$_api_url/certificate" "" "POST" "application/json")" From 6f4c5fcc8738aabc26a188ca94361dbc32cb7705 Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sun, 7 Feb 2021 21:25:49 +0100 Subject: [PATCH 0239/1526] Update truenas.sh --- deploy/truenas.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 27b67dce..e25523df 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -183,4 +183,4 @@ truenas_deploy() { _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" return 1 fi -} \ No newline at end of file +} From 987571ce91179ee33f5af0eac4bc49053312ce3b Mon Sep 17 00:00:00 2001 From: Gnought <1684105+gnought@users.noreply.github.com> Date: Thu, 11 Feb 2021 01:08:08 +0800 Subject: [PATCH 0240/1526] Updated --preferred-chain to issue ISRG properly To support different openssl crl2pkcs7 help cli format --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index a1ad4195..749400e2 100755 --- a/acme.sh +++ b/acme.sh @@ -4011,7 +4011,7 @@ _check_dns_entries() { #file _get_cert_issuers() { _cfile="$1" - if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then + if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -help 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 else ${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 From 8636d3139e34b245a512c56ff6a58a4e697241c3 Mon Sep 17 00:00:00 2001 From: manuel Date: Thu, 11 Feb 2021 11:20:18 +0100 Subject: [PATCH 0241/1526] dnsapi/pdns: also normalize json response in detecting root zone --- dnsapi/dns_pdns.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index 8f07e8c4..28b35492 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -175,13 +175,13 @@ _get_root() { i=1 if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then - _zones_response="$response" + _zones_response=$(echo "$response" | _normalizeJson) fi while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) - if _contains "$_zones_response" "\"name\": \"$h.\""; then + if _contains "$_zones_response" "\"name\":\"$h.\""; then _domain="$h." if [ -z "$h" ]; then _domain="=2E" From 12b1916599aa4e58fa4c74aa6d454a7f144eb1f5 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 13 Feb 2021 16:22:31 +0800 Subject: [PATCH 0242/1526] Chain (#3408) * fix https://github.com/acmesh-official/acme.sh/issues/3384 match the issuer to the root CA cert subject * fix format * fix https://github.com/acmesh-official/acme.sh/issues/3384 * remove the alt files. https://github.com/acmesh-official/acme.sh/issues/3384 --- acme.sh | 58 ++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 49 insertions(+), 9 deletions(-) diff --git a/acme.sh b/acme.sh index 749400e2..a9301e10 100755 --- a/acme.sh +++ b/acme.sh @@ -4009,12 +4009,42 @@ _check_dns_entries() { } #file -_get_cert_issuers() { +_get_chain_issuers() { _cfile="$1" if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -help 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then - ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 + ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep -i 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 else - ${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 + _cindex=1 + for _startn in $(grep -n -- "$BEGIN_CERT" "$_cfile" | cut -d : -f 1); do + _endn="$(grep -n -- "$END_CERT" "$_cfile" | cut -d : -f 1 | _head_n $_cindex | _tail_n 1)" + _debug2 "_startn" "$_startn" + _debug2 "_endn" "$_endn" + if [ "$DEBUG" ]; then + _debug2 "cert$_cindex" "$(sed -n "$_startn,${_endn}p" "$_cfile")" + fi + sed -n "$_startn,${_endn}p" "$_cfile" | ${ACME_OPENSSL_BIN:-openssl} x509 -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 | sed "s/ *\(.*\)/\1/" + _cindex=$(_math $_cindex + 1) + done + fi +} + +# +_get_chain_subjects() { + _cfile="$1" + if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -help 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then + ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep -i 'Subject:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 + else + _cindex=1 + for _startn in $(grep -n -- "$BEGIN_CERT" "$_cfile" | cut -d : -f 1); do + _endn="$(grep -n -- "$END_CERT" "$_cfile" | cut -d : -f 1 | _head_n $_cindex | _tail_n 1)" + _debug2 "_startn" "$_startn" + _debug2 "_endn" "$_endn" + if [ "$DEBUG" ]; then + _debug2 "cert$_cindex" "$(sed -n "$_startn,${_endn}p" "$_cfile")" + fi + sed -n "$_startn,${_endn}p" "$_cfile" | ${ACME_OPENSSL_BIN:-openssl} x509 -text -noout | grep -i 'Subject:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 | sed "s/ *\(.*\)/\1/" + _cindex=$(_math $_cindex + 1) + done fi } @@ -4022,14 +4052,12 @@ _get_cert_issuers() { _match_issuer() { _cfile="$1" _missuer="$2" - _fissuers="$(_get_cert_issuers $_cfile)" + _fissuers="$(_get_chain_issuers $_cfile)" _debug2 _fissuers "$_fissuers" - if _contains "$_fissuers" "$_missuer"; then - return 0 - fi - _fissuers="$(echo "$_fissuers" | _lower_case)" + _rootissuer="$(echo "$_fissuers" | _lower_case | _tail_n 1)" + _debug2 _rootissuer "$_rootissuer" _missuer="$(echo "$_missuer" | _lower_case)" - _contains "$_fissuers" "$_missuer" + _contains "$_rootissuer" "$_missuer" } #webroot, domain domainlist keylength @@ -4803,6 +4831,9 @@ $_authorizations_map" _split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH" if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then + if [ "$DEBUG" ]; then + _debug "default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")" + fi if ! _match_issuer "$CERT_FULLCHAIN_PATH" "$_preferred_chain"; then rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)" _debug2 "rels" "$rels" @@ -4818,13 +4849,22 @@ $_authorizations_map" _relca="$CA_CERT_PATH.alt" echo "$response" >"$_relcert" _split_cert_chain "$_relcert" "$_relfullchain" "$_relca" + if [ "$DEBUG" ]; then + _debug "rel chain issuers: " "$(_get_chain_issuers "$_relfullchain")" + fi if _match_issuer "$_relfullchain" "$_preferred_chain"; then _info "Matched issuer in: $rel" cat $_relcert >"$CERT_PATH" cat $_relfullchain >"$CERT_FULLCHAIN_PATH" cat $_relca >"$CA_CERT_PATH" + rm -f "$_relcert" + rm -f "$_relfullchain" + rm -f "$_relca" break fi + rm -f "$_relcert" + rm -f "$_relfullchain" + rm -f "$_relca" done fi fi From d8163e9835e2587793b51cc07b5e81aff3f2da8c Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 13 Feb 2021 17:27:22 +0800 Subject: [PATCH 0243/1526] upgrade freebsd and solaris --- .github/workflows/LetsEncrypt.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 8d0c4eb0..7c398c09 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -111,7 +111,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.0.7 + - uses: vmactions/freebsd-vm@v0.1.2 with: envs: 'NGROK_TOKEN TEST_LOCAL' prepare: pkg install -y socat curl @@ -136,7 +136,7 @@ jobs: run: echo "TestingDomain=${{steps.ngrok.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.1 + - uses: vmactions/solaris-vm@v0.0.3 with: envs: 'TEST_LOCAL TestingDomain' nat: | From b7c3e6099cf3cdf9ed7d0c46d3a1aa0858c7cf02 Mon Sep 17 00:00:00 2001 From: jerrm Date: Sat, 13 Feb 2021 05:58:44 -0500 Subject: [PATCH 0244/1526] duckdns - fix "integer expression expected" errors (#3397) * fix "integer expression expected" errors * duckdns fix * Update dns_duckdns.sh * Update dns_duckdns.sh --- dnsapi/dns_duckdns.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_duckdns.sh b/dnsapi/dns_duckdns.sh index 618e12c6..d6e1dbdc 100755 --- a/dnsapi/dns_duckdns.sh +++ b/dnsapi/dns_duckdns.sh @@ -12,7 +12,7 @@ DuckDNS_API="https://www.duckdns.org/update" -######## Public functions ##################### +######## Public functions ###################### #Usage: dns_duckdns_add _acme-challenge.domain.duckdns.org "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_duckdns_add() { @@ -112,7 +112,7 @@ _duckdns_rest() { param="$2" _debug param "$param" url="$DuckDNS_API?$param" - if [ "$DEBUG" -gt 0 ]; then + if [ -n "$DEBUG" ] && [ "$DEBUG" -gt 0 ]; then url="$url&verbose=true" fi _debug url "$url" @@ -121,7 +121,7 @@ _duckdns_rest() { if [ "$method" = "GET" ]; then response="$(_get "$url")" _debug2 response "$response" - if [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then + if [ -n "$DEBUG" ] && [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then response="OK" fi else From 93fd6170a360a41034ea8033f8147de1b378a417 Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sat, 13 Feb 2021 12:38:57 +0100 Subject: [PATCH 0245/1526] Update truenas.sh --- deploy/truenas.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index e25523df..be8fac12 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -75,9 +75,9 @@ truenas_deploy() { return 1 fi - _saveaccountconf DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY" - _saveaccountconf DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME" - _saveaccountconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" + _savedeployconf DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY" + _savedeployconf DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME" + _savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" _info "Getting active certificate from TrueNAS" _response=$(_get "$_api_url/system/general") @@ -93,7 +93,7 @@ truenas_deploy() { _info "Setting DEPLOY_TRUENAS_SCHEME to 'https'" DEPLOY_TRUENAS_SCHEME="https" _api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0" - _saveaccountconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" + _savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" fi _info "Upload new certifikate to TrueNAS" From 1de9ffacb0e38a6a26291b088645638d0a3a890c Mon Sep 17 00:00:00 2001 From: medmunds Date: Tue, 29 Dec 2020 16:28:38 -0800 Subject: [PATCH 0246/1526] Implement smtp notify hook Support notifications via direct SMTP server connection. Uses Python (2.7.x or 3.4+) to communicate with SMTP server. --- notify/smtp.sh | 185 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 183 insertions(+), 2 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 6aa37ca3..367021c8 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -2,7 +2,103 @@ # support smtp +# This implementation uses Python (2 or 3), which is available in many environments. +# If you don't have Python, try "mail" notification instead of "smtp". + +# SMTP_FROM="from@example.com" # required +# SMTP_TO="to@example.com" # required +# SMTP_HOST="smtp.example.com" # required +# SMTP_PORT="25" # defaults to 25, 465 or 587 depending on SMTP_SECURE +# SMTP_SECURE="none" # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS) +# SMTP_USERNAME="" # set if SMTP server requires login +# SMTP_PASSWORD="" # set if SMTP server requires login +# SMTP_TIMEOUT="15" # seconds for SMTP operations to timeout +# SMTP_PYTHON="/path/to/python" # defaults to system python3 or python + smtp_send() { + # Find a Python interpreter: + SMTP_PYTHON="${SMTP_PYTHON:-$(_readaccountconf_mutable SMTP_PYTHON)}" + if [ "$SMTP_PYTHON" ]; then + if _exists "$SMTP_PYTHON"; then + _saveaccountconf_mutable SMTP_PYTHON "$SMTP_PYTHON" + else + _err "SMTP_PYTHON '$SMTP_PYTHON' does not exist." + return 1 + fi + else + # No SMTP_PYTHON setting; try to run default Python. + # (This is not saved with the conf.) + if _exists python3; then + SMTP_PYTHON="python3" + elif _exists python; then + SMTP_PYTHON="python" + else + _err "Can't locate Python interpreter; please define SMTP_PYTHON." + return 1 + fi + fi + _debug "SMTP_PYTHON" "$SMTP_PYTHON" + _debug "Python version" "$($SMTP_PYTHON --version 2>&1)" + + # Validate other settings: + SMTP_FROM="${SMTP_FROM:-$(_readaccountconf_mutable SMTP_FROM)}" + if [ -z "$SMTP_FROM" ]; then + _err "You must define SMTP_FROM as the sender email address." + return 1 + fi + + SMTP_TO="${SMTP_TO:-$(_readaccountconf_mutable SMTP_TO)}" + if [ -z "$SMTP_TO" ]; then + _err "You must define SMTP_TO as the recipient email address." + return 1 + fi + + SMTP_HOST="${SMTP_HOST:-$(_readaccountconf_mutable SMTP_HOST)}" + if [ -z "$SMTP_HOST" ]; then + _err "You must define SMTP_HOST as the SMTP server hostname." + return 1 + fi + SMTP_PORT="${SMTP_PORT:-$(_readaccountconf_mutable SMTP_PORT)}" + + SMTP_SECURE="${SMTP_SECURE:-$(_readaccountconf_mutable SMTP_SECURE)}" + SMTP_SECURE="${SMTP_SECURE:-none}" + case "$SMTP_SECURE" in + "none") SMTP_DEFAULT_PORT="25";; + "ssl") SMTP_DEFAULT_PORT="465";; + "tls") SMTP_DEFAULT_PORT="587";; + *) + _err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'." + return 1 + ;; + esac + + SMTP_USERNAME="${SMTP_USERNAME:-$(_readaccountconf_mutable SMTP_USERNAME)}" + SMTP_PASSWORD="${SMTP_PASSWORD:-$(_readaccountconf_mutable SMTP_PASSWORD)}" + + SMTP_TIMEOUT="${SMTP_TIMEOUT:-$(_readaccountconf_mutable SMTP_TIMEOUT)}" + SMTP_DEFAULT_TIMEOUT="15" + + _saveaccountconf_mutable SMTP_FROM "$SMTP_FROM" + _saveaccountconf_mutable SMTP_TO "$SMTP_TO" + _saveaccountconf_mutable SMTP_HOST "$SMTP_HOST" + _saveaccountconf_mutable SMTP_PORT "$SMTP_PORT" + _saveaccountconf_mutable SMTP_SECURE "$SMTP_SECURE" + _saveaccountconf_mutable SMTP_USERNAME "$SMTP_USERNAME" + _saveaccountconf_mutable SMTP_PASSWORD "$SMTP_PASSWORD" + _saveaccountconf_mutable SMTP_TIMEOUT "$SMTP_TIMEOUT" + + # Send the message: + if ! _smtp_send "$@"; then + _err "$smtp_send_output" + return 1 + fi + + return 0 +} + +# _send subject content statuscode +# Send the message via Python using SMTP_* settings +_smtp_send() { _subject="$1" _content="$2" _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped @@ -10,6 +106,91 @@ smtp_send() { _debug "_content" "$_content" _debug "_statusCode" "$_statusCode" - _err "Not implemented yet." - return 1 + _debug "SMTP_FROM" "$SMTP_FROM" + _debug "SMTP_TO" "$SMTP_TO" + _debug "SMTP_HOST" "$SMTP_HOST" + _debug "SMTP_PORT" "$SMTP_PORT" + _debug "SMTP_DEFAULT_PORT" "$SMTP_DEFAULT_PORT" + _debug "SMTP_SECURE" "$SMTP_SECURE" + _debug "SMTP_USERNAME" "$SMTP_USERNAME" + _secure_debug "SMTP_PASSWORD" "$SMTP_PASSWORD" + _debug "SMTP_TIMEOUT" "$SMTP_TIMEOUT" + _debug "SMTP_DEFAULT_TIMEOUT" "$SMTP_DEFAULT_TIMEOUT" + + if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then + # Output the SMTP server dialogue. (Note this will include SMTP_PASSWORD!) + smtp_debug="True" + else + smtp_debug="" + fi + + # language=Python + smtp_send_output="$($SMTP_PYTHON < Date: Tue, 29 Dec 2020 17:10:36 -0800 Subject: [PATCH 0247/1526] Make shfmt happy (I'm open to better ways of formatting the heredoc that embeds the Python script.) --- notify/smtp.sh | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 367021c8..6171cb9b 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -63,13 +63,13 @@ smtp_send() { SMTP_SECURE="${SMTP_SECURE:-$(_readaccountconf_mutable SMTP_SECURE)}" SMTP_SECURE="${SMTP_SECURE:-none}" case "$SMTP_SECURE" in - "none") SMTP_DEFAULT_PORT="25";; - "ssl") SMTP_DEFAULT_PORT="465";; - "tls") SMTP_DEFAULT_PORT="587";; - *) - _err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'." - return 1 - ;; + "none") SMTP_DEFAULT_PORT="25" ;; + "ssl") SMTP_DEFAULT_PORT="465" ;; + "tls") SMTP_DEFAULT_PORT="587" ;; + *) + _err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'." + return 1 + ;; esac SMTP_USERNAME="${SMTP_USERNAME:-$(_readaccountconf_mutable SMTP_USERNAME)}" @@ -125,7 +125,8 @@ _smtp_send() { fi # language=Python - smtp_send_output="$($SMTP_PYTHON < Date: Mon, 11 Jan 2021 11:46:26 -0800 Subject: [PATCH 0248/1526] Only save config if send is successful --- notify/smtp.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 6171cb9b..092bb2b9 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -78,6 +78,13 @@ smtp_send() { SMTP_TIMEOUT="${SMTP_TIMEOUT:-$(_readaccountconf_mutable SMTP_TIMEOUT)}" SMTP_DEFAULT_TIMEOUT="15" + # Send the message: + if ! _smtp_send "$@"; then + _err "$smtp_send_output" + return 1 + fi + + # Save remaining config if successful. (SMTP_PYTHON is saved earlier.) _saveaccountconf_mutable SMTP_FROM "$SMTP_FROM" _saveaccountconf_mutable SMTP_TO "$SMTP_TO" _saveaccountconf_mutable SMTP_HOST "$SMTP_HOST" @@ -87,12 +94,6 @@ smtp_send() { _saveaccountconf_mutable SMTP_PASSWORD "$SMTP_PASSWORD" _saveaccountconf_mutable SMTP_TIMEOUT "$SMTP_TIMEOUT" - # Send the message: - if ! _smtp_send "$@"; then - _err "$smtp_send_output" - return 1 - fi - return 0 } From fe273b3829511febe42f9b854ba921213f7bedbb Mon Sep 17 00:00:00 2001 From: medmunds Date: Mon, 11 Jan 2021 12:59:51 -0800 Subject: [PATCH 0249/1526] Add instructions for reporting bugs --- notify/smtp.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/notify/smtp.sh b/notify/smtp.sh index 092bb2b9..a74ce092 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -2,6 +2,8 @@ # support smtp +# Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3358 + # This implementation uses Python (2 or 3), which is available in many environments. # If you don't have Python, try "mail" notification instead of "smtp". From 557a747d55a91eb7f1ac97028decc5d141fb2466 Mon Sep 17 00:00:00 2001 From: medmunds Date: Sun, 14 Feb 2021 15:47:51 -0800 Subject: [PATCH 0250/1526] Prep for curl or Python; clean up SMTP_* variable usage --- notify/smtp.sh | 203 ++++++++++++++++++++++++++++--------------------- 1 file changed, 118 insertions(+), 85 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index a74ce092..cb29d0f7 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -4,8 +4,8 @@ # Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3358 -# This implementation uses Python (2 or 3), which is available in many environments. -# If you don't have Python, try "mail" notification instead of "smtp". +# This implementation uses either curl or Python (3 or 2.7). +# (See also the "mail" notify hook, which supports other ways to send mail.) # SMTP_FROM="from@example.com" # required # SMTP_TO="to@example.com" # required @@ -14,79 +14,132 @@ # SMTP_SECURE="none" # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS) # SMTP_USERNAME="" # set if SMTP server requires login # SMTP_PASSWORD="" # set if SMTP server requires login -# SMTP_TIMEOUT="15" # seconds for SMTP operations to timeout -# SMTP_PYTHON="/path/to/python" # defaults to system python3 or python +# SMTP_TIMEOUT="30" # seconds for SMTP operations to timeout +# SMTP_BIN="/path/to/curl_or_python" # default finds first of curl, python3, or python on PATH +# subject content statuscode smtp_send() { - # Find a Python interpreter: - SMTP_PYTHON="${SMTP_PYTHON:-$(_readaccountconf_mutable SMTP_PYTHON)}" - if [ "$SMTP_PYTHON" ]; then - if _exists "$SMTP_PYTHON"; then - _saveaccountconf_mutable SMTP_PYTHON "$SMTP_PYTHON" - else - _err "SMTP_PYTHON '$SMTP_PYTHON' does not exist." - return 1 - fi - else - # No SMTP_PYTHON setting; try to run default Python. - # (This is not saved with the conf.) - if _exists python3; then - SMTP_PYTHON="python3" - elif _exists python; then - SMTP_PYTHON="python" - else - _err "Can't locate Python interpreter; please define SMTP_PYTHON." + _SMTP_SUBJECT="$1" + _SMTP_CONTENT="$2" + # UNUSED: _statusCode="$3" # 0: success, 1: error 2($RENEW_SKIP): skipped + + # Load config: + SMTP_FROM="${SMTP_FROM:-$(_readaccountconf_mutable SMTP_FROM)}" + SMTP_TO="${SMTP_TO:-$(_readaccountconf_mutable SMTP_TO)}" + SMTP_HOST="${SMTP_HOST:-$(_readaccountconf_mutable SMTP_HOST)}" + SMTP_PORT="${SMTP_PORT:-$(_readaccountconf_mutable SMTP_PORT)}" + SMTP_SECURE="${SMTP_SECURE:-$(_readaccountconf_mutable SMTP_SECURE)}" + SMTP_USERNAME="${SMTP_USERNAME:-$(_readaccountconf_mutable SMTP_USERNAME)}" + SMTP_PASSWORD="${SMTP_PASSWORD:-$(_readaccountconf_mutable SMTP_PASSWORD)}" + SMTP_TIMEOUT="${SMTP_TIMEOUT:-$(_readaccountconf_mutable SMTP_TIMEOUT)}" + SMTP_BIN="${SMTP_BIN:-$(_readaccountconf_mutable SMTP_BIN)}" + + _debug "SMTP_FROM" "$SMTP_FROM" + _debug "SMTP_TO" "$SMTP_TO" + _debug "SMTP_HOST" "$SMTP_HOST" + _debug "SMTP_PORT" "$SMTP_PORT" + _debug "SMTP_SECURE" "$SMTP_SECURE" + _debug "SMTP_USERNAME" "$SMTP_USERNAME" + _secure_debug "SMTP_PASSWORD" "$SMTP_PASSWORD" + _debug "SMTP_TIMEOUT" "$SMTP_TIMEOUT" + _debug "SMTP_BIN" "$SMTP_BIN" + + _debug "_SMTP_SUBJECT" "$_SMTP_SUBJECT" + _debug "_SMTP_CONTENT" "$_SMTP_CONTENT" + + # Validate config and apply defaults: + # _SMTP_* variables are the resolved (with defaults) versions of SMTP_*. + # (The _SMTP_* versions will not be stored in account conf.) + + if [ -n "$SMTP_BIN" ] && ! _exists "$SMTP_BIN"; then + _err "SMTP_BIN '$SMTP_BIN' does not exist." + return 1 + fi + _SMTP_BIN="$SMTP_BIN" + if [ -z "$_SMTP_BIN" ]; then + # Look for a command that can communicate with an SMTP server. + # (Please don't add sendmail, ssmtp, mutt, mail, or msmtp here. + # Those are already handled by the "mail" notify hook.) + for cmd in curl python3 python2.7 python pypy3 pypy; do + if _exists "$cmd"; then + _SMTP_BIN="$cmd" + break + fi + done + if [ -z "$_SMTP_BIN" ]; then + _err "The smtp notify-hook requires curl or Python, but can't find any." + _err 'If you have one of them, define SMTP_BIN="/path/to/curl_or_python".' + _err 'Otherwise, see if you can use the "mail" notify-hook instead.' return 1 fi + _debug "_SMTP_BIN" "$_SMTP_BIN" fi - _debug "SMTP_PYTHON" "$SMTP_PYTHON" - _debug "Python version" "$($SMTP_PYTHON --version 2>&1)" - # Validate other settings: - SMTP_FROM="${SMTP_FROM:-$(_readaccountconf_mutable SMTP_FROM)}" if [ -z "$SMTP_FROM" ]; then _err "You must define SMTP_FROM as the sender email address." return 1 fi + _SMTP_FROM="$SMTP_FROM" - SMTP_TO="${SMTP_TO:-$(_readaccountconf_mutable SMTP_TO)}" if [ -z "$SMTP_TO" ]; then _err "You must define SMTP_TO as the recipient email address." return 1 fi + _SMTP_TO="$SMTP_TO" - SMTP_HOST="${SMTP_HOST:-$(_readaccountconf_mutable SMTP_HOST)}" if [ -z "$SMTP_HOST" ]; then _err "You must define SMTP_HOST as the SMTP server hostname." return 1 fi - SMTP_PORT="${SMTP_PORT:-$(_readaccountconf_mutable SMTP_PORT)}" + _SMTP_HOST="$SMTP_HOST" - SMTP_SECURE="${SMTP_SECURE:-$(_readaccountconf_mutable SMTP_SECURE)}" - SMTP_SECURE="${SMTP_SECURE:-none}" - case "$SMTP_SECURE" in - "none") SMTP_DEFAULT_PORT="25" ;; - "ssl") SMTP_DEFAULT_PORT="465" ;; - "tls") SMTP_DEFAULT_PORT="587" ;; + _SMTP_SECURE="${SMTP_SECURE:-none}" + case "$_SMTP_SECURE" in + "none") smtp_default_port="25" ;; + "ssl") smtp_default_port="465" ;; + "tls") smtp_default_port="587" ;; *) _err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'." return 1 ;; esac - SMTP_USERNAME="${SMTP_USERNAME:-$(_readaccountconf_mutable SMTP_USERNAME)}" - SMTP_PASSWORD="${SMTP_PASSWORD:-$(_readaccountconf_mutable SMTP_PASSWORD)}" + _SMTP_PORT="${SMTP_PORT:-$smtp_default_port}" + if [ -z "$SMTP_PORT" ]; then + _debug "_SMTP_PORT" "$_SMTP_PORT" + fi - SMTP_TIMEOUT="${SMTP_TIMEOUT:-$(_readaccountconf_mutable SMTP_TIMEOUT)}" - SMTP_DEFAULT_TIMEOUT="15" + _SMTP_USERNAME="$SMTP_USERNAME" + _SMTP_PASSWORD="$SMTP_PASSWORD" + _SMTP_TIMEOUT="${SMTP_TIMEOUT:-30}" + + # Run with --debug 2 (or above) to echo the transcript of the SMTP session. + # Careful: this may include SMTP_PASSWORD in plaintext! + if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then + _SMTP_SHOW_TRANSCRIPT="True" + else + _SMTP_SHOW_TRANSCRIPT="" + fi # Send the message: - if ! _smtp_send "$@"; then - _err "$smtp_send_output" + case "$(basename "$_SMTP_BIN")" in + curl) _smtp_send=_smtp_send_curl ;; + py*) _smtp_send=_smtp_send_python ;; + *) + _err "Can't figure out how to invoke $_SMTP_BIN." + _err "Please re-run with --debug and report a bug." + return 1 + ;; + esac + + if ! smtp_output="$($_smtp_send)"; then + _err "Error sending message with $_SMTP_BIN." + _err "${smtp_output:-(No additional details; try --debug or --debug 2)}" return 1 fi - # Save remaining config if successful. (SMTP_PYTHON is saved earlier.) + # Save config only if send was successful: + _saveaccountconf_mutable SMTP_BIN "$SMTP_BIN" _saveaccountconf_mutable SMTP_FROM "$SMTP_FROM" _saveaccountconf_mutable SMTP_TO "$SMTP_TO" _saveaccountconf_mutable SMTP_HOST "$SMTP_HOST" @@ -99,37 +152,21 @@ smtp_send() { return 0 } -# _send subject content statuscode -# Send the message via Python using SMTP_* settings -_smtp_send() { - _subject="$1" - _content="$2" - _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped - _debug "_subject" "$_subject" - _debug "_content" "$_content" - _debug "_statusCode" "$_statusCode" - _debug "SMTP_FROM" "$SMTP_FROM" - _debug "SMTP_TO" "$SMTP_TO" - _debug "SMTP_HOST" "$SMTP_HOST" - _debug "SMTP_PORT" "$SMTP_PORT" - _debug "SMTP_DEFAULT_PORT" "$SMTP_DEFAULT_PORT" - _debug "SMTP_SECURE" "$SMTP_SECURE" - _debug "SMTP_USERNAME" "$SMTP_USERNAME" - _secure_debug "SMTP_PASSWORD" "$SMTP_PASSWORD" - _debug "SMTP_TIMEOUT" "$SMTP_TIMEOUT" - _debug "SMTP_DEFAULT_TIMEOUT" "$SMTP_DEFAULT_TIMEOUT" +# Send the message via curl using _SMTP_* variables +_smtp_send_curl() { + # TODO: implement + echo "_smtp_send_curl not implemented" + return 1 +} - if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then - # Output the SMTP server dialogue. (Note this will include SMTP_PASSWORD!) - smtp_debug="True" - else - smtp_debug="" - fi + +# Send the message via Python using _SMTP_* variables +_smtp_send_python() { + _debug "Python version" "$("$_SMTP_BIN" --version 2>&1)" # language=Python - smtp_send_output="$( - $SMTP_PYTHON < Date: Sun, 14 Feb 2021 19:56:23 -0800 Subject: [PATCH 0251/1526] Implement curl version of smtp notify-hook --- notify/smtp.sh | 111 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 105 insertions(+), 6 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index cb29d0f7..44a5821f 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -127,14 +127,16 @@ smtp_send() { py*) _smtp_send=_smtp_send_python ;; *) _err "Can't figure out how to invoke $_SMTP_BIN." - _err "Please re-run with --debug and report a bug." + _err "Check your SMTP_BIN setting." return 1 ;; esac if ! smtp_output="$($_smtp_send)"; then _err "Error sending message with $_SMTP_BIN." - _err "${smtp_output:-(No additional details; try --debug or --debug 2)}" + if [ -n "$smtp_output" ]; then + _err "$smtp_output" + fi return 1 fi @@ -152,12 +154,109 @@ smtp_send() { return 0 } - # Send the message via curl using _SMTP_* variables _smtp_send_curl() { - # TODO: implement - echo "_smtp_send_curl not implemented" - return 1 + # curl passes --mail-from and --mail-rcpt directly to the SMTP protocol without + # additional parsing, and SMTP requires addr-spec only (no display names). + # In the future, maybe try to parse the addr-spec out for curl args (non-trivial). + if _email_has_display_name "$_SMTP_FROM"; then + _err "curl smtp only allows a simple email address in SMTP_FROM." + _err "Change your SMTP_FROM='$SMTP_FROM' to remove the display name." + return 1 + fi + if _email_has_display_name "$_SMTP_TO"; then + _err "curl smtp only allows simple email addresses in SMTP_TO." + _err "Change your SMTP_TO='$SMTP_TO' to remove the display name(s)." + return 1 + fi + + # Build curl args in $@ + + case "$_SMTP_SECURE" in + none) + set -- --url "smtp://${_SMTP_HOST}:${_SMTP_PORT}" + ;; + ssl) + set -- --url "smtps://${_SMTP_HOST}:${_SMTP_PORT}" + ;; + tls) + set -- --url "smtp://${_SMTP_HOST}:${_SMTP_PORT}" --ssl-reqd + ;; + *) + # This will only occur if someone adds a new SMTP_SECURE option above + # without updating this code for it. + _err "Unhandled _SMTP_SECURE='$_SMTP_SECURE' in _smtp_send_curl" + _err "Please re-run with --debug and report a bug." + return 1 + ;; + esac + + set -- "$@" \ + --upload-file - \ + --mail-from "$_SMTP_FROM" \ + --max-time "$_SMTP_TIMEOUT" + + # Burst comma-separated $_SMTP_TO into individual --mail-rcpt args. + _to="${_SMTP_TO}," + while [ -n "$_to" ]; do + _rcpt="${_to%%,*}" + _to="${_to#*,}" + set -- "$@" --mail-rcpt "$_rcpt" + done + + _smtp_login="${_SMTP_USERNAME}:${_SMTP_PASSWORD}" + if [ "$_smtp_login" != ":" ]; then + set -- "$@" --user "$_smtp_login" + fi + + if [ "$_SMTP_SHOW_TRANSCRIPT" = "True" ]; then + set -- "$@" --verbose + else + set -- "$@" --silent --show-error + fi + + raw_message="$(_smtp_raw_message)" + + _debug2 "curl command:" "$_SMTP_BIN" "$*" + _debug2 "raw_message:\n$raw_message" + + echo "$raw_message" | "$_SMTP_BIN" "$@" +} + +# Output an RFC-822 / RFC-5322 email message using _SMTP_* variables +_smtp_raw_message() { + echo "From: $_SMTP_FROM" + echo "To: $_SMTP_TO" + echo "Subject: $(_mime_encoded_word "$_SMTP_SUBJECT")" + if _exists date; then + echo "Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')" + fi + echo "Content-Type: text/plain; charset=utf-8" + echo "X-Mailer: acme.sh --notify-hook smtp" + echo + echo "$_SMTP_CONTENT" +} + +# Convert text to RFC-2047 MIME "encoded word" format if it contains non-ASCII chars +# text +_mime_encoded_word() { + _text="$1" + # (regex character ranges like [a-z] can be locale-dependent; enumerate ASCII chars to avoid that) + _ascii='] $`"'"[!#%&'()*+,./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ~^_abcdefghijklmnopqrstuvwxyz{|}~-" + if expr "$_text" : "^.*[^$_ascii]" >/dev/null; then + # At least one non-ASCII char; convert entire thing to encoded word + printf "%s" "=?UTF-8?B?$(printf "%s" "$_text" | _base64)?=" + else + # Just printable ASCII, no conversion needed + printf "%s" "$_text" + fi +} + +# Simple check for display name in an email address (< > or ") +# email +_email_has_display_name() { + _email="$1" + expr "$_email" : '^.*[<>"]' > /dev/null } From ffe7ef476439df04e1878ea08f0c6b3eb91653c6 Mon Sep 17 00:00:00 2001 From: medmunds Date: Sun, 14 Feb 2021 20:06:07 -0800 Subject: [PATCH 0252/1526] More than one blank line is an abomination, apparently I will not try to use whitespace to group code visually --- notify/smtp.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 44a5821f..c9927e3e 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -256,10 +256,9 @@ _mime_encoded_word() { # email _email_has_display_name() { _email="$1" - expr "$_email" : '^.*[<>"]' > /dev/null + expr "$_email" : '^.*[<>"]' >/dev/null } - # Send the message via Python using _SMTP_* variables _smtp_send_python() { _debug "Python version" "$("$_SMTP_BIN" --version 2>&1)" From bf8c33703c3b69de79a992f1ca84748fa4bc1707 Mon Sep 17 00:00:00 2001 From: Mike Edmunds Date: Sun, 14 Feb 2021 23:01:21 -0800 Subject: [PATCH 0253/1526] Fix: Unifi deploy hook support Unifi Cloud Key (#3327) * fix: unifi deploy hook also update Cloud Key nginx certs When running on a Unifi Cloud Key device, also deploy to /etc/ssl/private/cloudkey.{crt,key} and reload nginx. This makes the new cert available for the Cloud Key management app running via nginx on port 443 (as well as the port 8443 Unifi Controller app the deploy hook already supported). Fixes #3326 * Improve settings documentation comments * Improve Cloud Key pre-flight error messaging * Fix typo * Add support for UnifiOS (Cloud Key Gen2) Since UnifiOS does not use the Java keystore (like a Unifi Controller or Cloud Key Gen1 deploy), this also reworks the settings validation and error messaging somewhat. * PR review fixes * Detect unsupported Cloud Key java keystore location * Don't try to restart inactive services (and remove extra spaces from reload command) * Clean up error messages and internal variables * Change to _getdeployconf/_savedeployconf * Switch from cp to cat to preserve file permissions --- deploy/unifi.sh | 220 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 167 insertions(+), 53 deletions(-) diff --git a/deploy/unifi.sh b/deploy/unifi.sh index 184aa62e..a864135e 100644 --- a/deploy/unifi.sh +++ b/deploy/unifi.sh @@ -1,12 +1,43 @@ #!/usr/bin/env sh -#Here is a script to deploy cert to unifi server. +# Here is a script to deploy cert on a Unifi Controller or Cloud Key device. +# It supports: +# - self-hosted Unifi Controller +# - Unifi Cloud Key (Gen1/2/2+) +# - Unifi Cloud Key running UnifiOS (v2.0.0+, Gen2/2+ only) +# Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3359 #returns 0 means success, otherwise error. +# The deploy-hook automatically detects standard Unifi installations +# for each of the supported environments. Most users should not need +# to set any of these variables, but if you are running a self-hosted +# Controller with custom locations, set these as necessary before running +# the deploy hook. (Defaults shown below.) +# +# Settings for Unifi Controller: +# Location of Java keystore or unifi.keystore.jks file: #DEPLOY_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore" +# Keystore password (built into Unifi Controller, not a user-set password): #DEPLOY_UNIFI_KEYPASS="aircontrolenterprise" +# Command to restart Unifi Controller: #DEPLOY_UNIFI_RELOAD="service unifi restart" +# +# Settings for Unifi Cloud Key Gen1 (nginx admin pages): +# Directory where cloudkey.crt and cloudkey.key live: +#DEPLOY_UNIFI_CLOUDKEY_CERTDIR="/etc/ssl/private" +# Command to restart maintenance pages and Controller +# (same setting as above, default is updated when running on Cloud Key Gen1): +#DEPLOY_UNIFI_RELOAD="service nginx restart && service unifi restart" +# +# Settings for UnifiOS (Cloud Key Gen2): +# Directory where unifi-core.crt and unifi-core.key live: +#DEPLOY_UNIFI_CORE_CONFIG="/data/unifi-core/config/" +# Command to restart unifi-core: +#DEPLOY_UNIFI_RELOAD="systemctl restart unifi-core" +# +# At least one of DEPLOY_UNIFI_KEYSTORE, DEPLOY_UNIFI_CLOUDKEY_CERTDIR, +# or DEPLOY_UNIFI_CORE_CONFIG must exist to receive the deployed certs. ######## Public functions ##################### @@ -24,77 +55,160 @@ unifi_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - if ! _exists keytool; then - _err "keytool not found" - return 1 - fi + _getdeployconf DEPLOY_UNIFI_KEYSTORE + _getdeployconf DEPLOY_UNIFI_KEYPASS + _getdeployconf DEPLOY_UNIFI_CLOUDKEY_CERTDIR + _getdeployconf DEPLOY_UNIFI_CORE_CONFIG + _getdeployconf DEPLOY_UNIFI_RELOAD + + _debug2 DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE" + _debug2 DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS" + _debug2 DEPLOY_UNIFI_CLOUDKEY_CERTDIR "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" + _debug2 DEPLOY_UNIFI_CORE_CONFIG "$DEPLOY_UNIFI_CORE_CONFIG" + _debug2 DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD" + + # Space-separated list of environments detected and installed: + _services_updated="" + + # Default reload commands accumulated as we auto-detect environments: + _reload_cmd="" + + # Unifi Controller environment (self hosted or any Cloud Key) -- + # auto-detect by file /usr/lib/unifi/data/keystore: + _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-/usr/lib/unifi/data/keystore}" + if [ -f "$_unifi_keystore" ]; then + _info "Installing certificate for Unifi Controller (Java keystore)" + _debug _unifi_keystore "$_unifi_keystore" + if ! _exists keytool; then + _err "keytool not found" + return 1 + fi + if [ ! -w "$_unifi_keystore" ]; then + _err "The file $_unifi_keystore is not writable, please change the permission." + return 1 + fi + + _unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-aircontrolenterprise}" - DEFAULT_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore" - _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-$DEFAULT_UNIFI_KEYSTORE}" - DEFAULT_UNIFI_KEYPASS="aircontrolenterprise" - _unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-$DEFAULT_UNIFI_KEYPASS}" - DEFAULT_UNIFI_RELOAD="service unifi restart" - _reload="${DEPLOY_UNIFI_RELOAD:-$DEFAULT_UNIFI_RELOAD}" - - _debug _unifi_keystore "$_unifi_keystore" - if [ ! -f "$_unifi_keystore" ]; then - if [ -z "$DEPLOY_UNIFI_KEYSTORE" ]; then - _err "unifi keystore is not found, please define DEPLOY_UNIFI_KEYSTORE" + _debug "Generate import pkcs12" + _import_pkcs12="$(_mktemp)" + _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root + # shellcheck disable=SC2181 + if [ "$?" != "0" ]; then + _err "Error generating pkcs12. Please re-run with --debug and report a bug." return 1 + fi + + _debug "Import into keystore: $_unifi_keystore" + if keytool -importkeystore \ + -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \ + -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \ + -alias unifi -noprompt; then + _debug "Import keystore success!" + rm "$_import_pkcs12" else - _err "It seems that the specified unifi keystore is not valid, please check." + _err "Error importing into Unifi Java keystore." + _err "Please re-run with --debug and report a bug." + rm "$_import_pkcs12" return 1 fi + + if systemctl -q is-active unifi; then + _reload_cmd="${_reload_cmd:+$_reload_cmd && }service unifi restart" + fi + _services_updated="${_services_updated} unifi" + _info "Install Unifi Controller certificate success!" + elif [ "$DEPLOY_UNIFI_KEYSTORE" ]; then + _err "The specified DEPLOY_UNIFI_KEYSTORE='$DEPLOY_UNIFI_KEYSTORE' is not valid, please check." + return 1 fi - if [ ! -w "$_unifi_keystore" ]; then - _err "The file $_unifi_keystore is not writable, please change the permission." + + # Cloud Key environment (non-UnifiOS -- nginx serves admin pages) -- + # auto-detect by file /etc/ssl/private/cloudkey.key: + _cloudkey_certdir="${DEPLOY_UNIFI_CLOUDKEY_CERTDIR:-/etc/ssl/private}" + if [ -f "${_cloudkey_certdir}/cloudkey.key" ]; then + _info "Installing certificate for Cloud Key Gen1 (nginx admin pages)" + _debug _cloudkey_certdir "$_cloudkey_certdir" + if [ ! -w "$_cloudkey_certdir" ]; then + _err "The directory $_cloudkey_certdir is not writable; please check permissions." + return 1 + fi + # Cloud Key expects to load the keystore from /etc/ssl/private/unifi.keystore.jks. + # Normally /usr/lib/unifi/data/keystore is a symlink there (so the keystore was + # updated above), but if not, we don't know how to handle this installation: + if ! cmp -s "$_unifi_keystore" "${_cloudkey_certdir}/unifi.keystore.jks"; then + _err "Unsupported Cloud Key configuration: keystore not found at '${_cloudkey_certdir}/unifi.keystore.jks'" + return 1 + fi + + cat "$_cfullchain" >"${_cloudkey_certdir}/cloudkey.crt" + cat "$_ckey" >"${_cloudkey_certdir}/cloudkey.key" + (cd "$_cloudkey_certdir" && tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks) + + if systemctl -q is-active nginx; then + _reload_cmd="${_reload_cmd:+$_reload_cmd && }service nginx restart" + fi + _info "Install Cloud Key Gen1 certificate success!" + _services_updated="${_services_updated} nginx" + elif [ "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" ]; then + _err "The specified DEPLOY_UNIFI_CLOUDKEY_CERTDIR='$DEPLOY_UNIFI_CLOUDKEY_CERTDIR' is not valid, please check." return 1 fi - _info "Generate import pkcs12" - _import_pkcs12="$(_mktemp)" - _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root - if [ "$?" != "0" ]; then - _err "Oops, error creating import pkcs12, please report bug to us." + # UnifiOS environment -- auto-detect by /data/unifi-core/config/unifi-core.key: + _unifi_core_config="${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}" + if [ -f "${_unifi_core_config}/unifi-core.key" ]; then + _info "Installing certificate for UnifiOS" + _debug _unifi_core_config "$_unifi_core_config" + if [ ! -w "$_unifi_core_config" ]; then + _err "The directory $_unifi_core_config is not writable; please check permissions." + return 1 + fi + + cat "$_cfullchain" >"${_unifi_core_config}/unifi-core.crt" + cat "$_ckey" >"${_unifi_core_config}/unifi-core.key" + + if systemctl -q is-active unifi-core; then + _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi-core" + fi + _info "Install UnifiOS certificate success!" + _services_updated="${_services_updated} unifi-core" + elif [ "$DEPLOY_UNIFI_CORE_CONFIG" ]; then + _err "The specified DEPLOY_UNIFI_CORE_CONFIG='$DEPLOY_UNIFI_CORE_CONFIG' is not valid, please check." return 1 fi - _info "Modify unifi keystore: $_unifi_keystore" - if keytool -importkeystore \ - -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \ - -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \ - -alias unifi -noprompt; then - _info "Import keystore success!" - rm "$_import_pkcs12" - else - _err "Import unifi keystore error, please report bug to us." - rm "$_import_pkcs12" + if [ -z "$_services_updated" ]; then + # None of the Unifi environments were auto-detected, so no deployment has occurred + # (and none of DEPLOY_UNIFI_{KEYSTORE,CLOUDKEY_CERTDIR,CORE_CONFIG} were set). + _err "Unable to detect Unifi environment in standard location." + _err "(This deploy hook must be run on the Unifi device, not a remote machine.)" + _err "For non-standard Unifi installations, set DEPLOY_UNIFI_KEYSTORE," + _err "DEPLOY_UNIFI_CLOUDKEY_CERTDIR, and/or DEPLOY_UNIFI_CORE_CONFIG as appropriate." return 1 fi - _info "Run reload: $_reload" - if eval "$_reload"; then + _reload_cmd="${DEPLOY_UNIFI_RELOAD:-$_reload_cmd}" + if [ -z "$_reload_cmd" ]; then + _err "Certificates were installed for services:${_services_updated}," + _err "but none appear to be active. Please set DEPLOY_UNIFI_RELOAD" + _err "to a command that will restart the necessary services." + return 1 + fi + _info "Reload services (this may take some time): $_reload_cmd" + if eval "$_reload_cmd"; then _info "Reload success!" - if [ "$DEPLOY_UNIFI_KEYSTORE" ]; then - _savedomainconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE" - else - _cleardomainconf DEPLOY_UNIFI_KEYSTORE - fi - if [ "$DEPLOY_UNIFI_KEYPASS" ]; then - _savedomainconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS" - else - _cleardomainconf DEPLOY_UNIFI_KEYPASS - fi - if [ "$DEPLOY_UNIFI_RELOAD" ]; then - _savedomainconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD" - else - _cleardomainconf DEPLOY_UNIFI_RELOAD - fi - return 0 else _err "Reload error" return 1 fi - return 0 + # Successful, so save all (non-default) config: + _savedeployconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE" + _savedeployconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS" + _savedeployconf DEPLOY_UNIFI_CLOUDKEY_CERTDIR "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" + _savedeployconf DEPLOY_UNIFI_CORE_CONFIG "$DEPLOY_UNIFI_CORE_CONFIG" + _savedeployconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD" + + return 0 } From 86639dbc026157aecf6652345b7461c5d18a4647 Mon Sep 17 00:00:00 2001 From: Easton Man Date: Mon, 15 Feb 2021 15:18:49 +0800 Subject: [PATCH 0254/1526] feat: add huaweicloud error handling --- dnsapi/dns_huaweicloud.sh | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index 74fec2a9..f7192725 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -5,7 +5,7 @@ # HUAWEICLOUD_ProjectID iam_api="https://iam.myhuaweicloud.com" -dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" +dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work ######## Public functions ##################### @@ -29,16 +29,27 @@ dns_huaweicloud_add() { return 1 fi + unset token # Clear token token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" - _debug2 "${token}" + if [ -z "${token}" ]; then # Check token + _err "dns_api(dns_huaweicloud): Error getting token." + return 1 + fi + _debug "Access token is: ${token}" + + unset zoneid zoneid="$(_get_zoneid "${token}" "${fulldomain}")" - _debug "${zoneid}" + if [ -z "${zoneid}" ]; then + _err "dns_api(dns_huaweicloud): Error getting zone id." + return 1 + fi + _debug "Zone ID is: ${zoneid}" _debug "Adding Record" _add_record "${token}" "${fulldomain}" "${txtvalue}" ret="$?" if [ "${ret}" != "0" ]; then - _err "dns_huaweicloud: Error adding record." + _err "dns_api(dns_huaweicloud): Error adding record." return 1 fi @@ -69,12 +80,21 @@ dns_huaweicloud_rm() { return 1 fi + unset token # Clear token token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" - _debug2 "${token}" + if [ -z "${token}" ]; then # Check token + _err "dns_api(dns_huaweicloud): Error getting token." + return 1 + fi + _debug "Access token is: ${token}" + + unset zoneid zoneid="$(_get_zoneid "${token}" "${fulldomain}")" - _debug "${zoneid}" - record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" - _debug "Record Set ID is: ${record_id}" + if [ -z "${zoneid}" ]; then + _err "dns_api(dns_huaweicloud): Error getting zone id." + return 1 + fi + _debug "Zone ID is: ${zoneid}" # Remove all records # Therotically HuaweiCloud does not allow more than one record set From 31f65b89bb5cfd3604ff2fd386e515e325560a0d Mon Sep 17 00:00:00 2001 From: Easton Man Date: Mon, 15 Feb 2021 15:19:18 +0800 Subject: [PATCH 0255/1526] fix: fix freebsd and solaris --- .github/workflows/DNS.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 5dc2d453..ed0426ad 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -184,7 +184,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.0.7 + - uses: vmactions/freebsd-vm@v0.1.2 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl @@ -223,7 +223,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.1 + - uses: vmactions/solaris-vm@v0.0.3 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkgutil -y -i socat curl From 4528957235ce99809841f078d997558bf4f339da Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 15 Feb 2021 21:25:27 +0800 Subject: [PATCH 0256/1526] support openssl 3.0 fix https://github.com/acmesh-official/acme.sh/issues/3399 --- acme.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index a9301e10..2cb9dd00 100755 --- a/acme.sh +++ b/acme.sh @@ -1122,9 +1122,14 @@ _createkey() { fi fi + __traditional="" + if _contains "$(${ACME_OPENSSL_BIN:-openssl} help genrsa 2>&1)" "-traditional"; then + __traditional="-traditional" + fi + if _isEccKey "$length"; then _debug "Using ec name: $eccname" - if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null)"; then + if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam $__traditional -name "$eccname" -genkey 2>/dev/null)"; then echo "$_opkey" >"$f" else _err "error ecc key name: $eccname" @@ -1132,7 +1137,7 @@ _createkey() { fi else _debug "Using RSA: $length" - if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa "$length" 2>/dev/null)"; then + if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa $__traditional "$length" 2>/dev/null)"; then echo "$_opkey" >"$f" else _err "error rsa key: $length" From 906ef43c00129d07540cb712f035b844ced69cfc Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 15 Feb 2021 21:35:59 +0800 Subject: [PATCH 0257/1526] make the fix for rsa key only --- acme.sh | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/acme.sh b/acme.sh index 2cb9dd00..5e9829a4 100755 --- a/acme.sh +++ b/acme.sh @@ -1122,14 +1122,9 @@ _createkey() { fi fi - __traditional="" - if _contains "$(${ACME_OPENSSL_BIN:-openssl} help genrsa 2>&1)" "-traditional"; then - __traditional="-traditional" - fi - if _isEccKey "$length"; then _debug "Using ec name: $eccname" - if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam $__traditional -name "$eccname" -genkey 2>/dev/null)"; then + if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null)"; then echo "$_opkey" >"$f" else _err "error ecc key name: $eccname" @@ -1137,6 +1132,10 @@ _createkey() { fi else _debug "Using RSA: $length" + __traditional="" + if _contains "$(${ACME_OPENSSL_BIN:-openssl} help genrsa 2>&1)" "-traditional"; then + __traditional="-traditional" + fi if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa $__traditional "$length" 2>/dev/null)"; then echo "$_opkey" >"$f" else From 6ff75f9a9fe906ed1c1b9cbf637b0e749ba9e127 Mon Sep 17 00:00:00 2001 From: medmunds Date: Mon, 15 Feb 2021 12:23:48 -0800 Subject: [PATCH 0258/1526] Use PROJECT_NAME and VER for X-Mailer header Also add X-Mailer header to Python version --- notify/smtp.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index c9927e3e..bb71a563 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -112,6 +112,7 @@ smtp_send() { _SMTP_USERNAME="$SMTP_USERNAME" _SMTP_PASSWORD="$SMTP_PASSWORD" _SMTP_TIMEOUT="${SMTP_TIMEOUT:-30}" + _SMTP_X_MAILER="${PROJECT_NAME} ${VER} --notify-hook smtp" # Run with --debug 2 (or above) to echo the transcript of the SMTP session. # Careful: this may include SMTP_PASSWORD in plaintext! @@ -232,7 +233,7 @@ _smtp_raw_message() { echo "Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')" fi echo "Content-Type: text/plain; charset=utf-8" - echo "X-Mailer: acme.sh --notify-hook smtp" + echo "X-Mailer: $_SMTP_X_MAILER" echo echo "$_SMTP_CONTENT" } @@ -286,6 +287,7 @@ smtp_secure = """$_SMTP_SECURE""" username = """$_SMTP_USERNAME""" password = """$_SMTP_PASSWORD""" timeout=int("""$_SMTP_TIMEOUT""") # seconds +x_mailer="""$_SMTP_X_MAILER""" from_email="""$_SMTP_FROM""" to_emails="""$_SMTP_TO""" # can be comma-separated @@ -301,6 +303,7 @@ except (AttributeError, TypeError): msg["Subject"] = subject msg["From"] = from_email msg["To"] = to_emails +msg["X-Mailer"] = x_mailer smtp = None try: From 585c0c381852ebc796018a79d02fdac3f5666773 Mon Sep 17 00:00:00 2001 From: medmunds Date: Tue, 16 Feb 2021 09:33:39 -0800 Subject: [PATCH 0259/1526] Add _clearaccountconf_mutable() --- acme.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/acme.sh b/acme.sh index a9301e10..bb4134de 100755 --- a/acme.sh +++ b/acme.sh @@ -2279,6 +2279,13 @@ _clearaccountconf() { _clear_conf "$ACCOUNT_CONF_PATH" "$1" } +#key +_clearaccountconf_mutable() { + _clearaccountconf "SAVED_$1" + #remove later + _clearaccountconf "$1" +} + #_savecaconf key value _savecaconf() { _save_conf "$CA_CONF" "$1" "$2" From 6e77756d6a0b3d71f0ecc014d6336a8e6b025db1 Mon Sep 17 00:00:00 2001 From: medmunds Date: Tue, 16 Feb 2021 12:49:27 -0800 Subject: [PATCH 0260/1526] Rework read/save config to not save default values Add and use _readaccountconf_mutable_default and _saveaccountconf_mutable_default helpers to capture common default value handling. New approach also eliminates need for separate underscore-prefixed version of each conf var. --- notify/smtp.sh | 255 +++++++++++++++++++++++++++++-------------------- 1 file changed, 149 insertions(+), 106 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index bb71a563..85801604 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -17,155 +17,150 @@ # SMTP_TIMEOUT="30" # seconds for SMTP operations to timeout # SMTP_BIN="/path/to/curl_or_python" # default finds first of curl, python3, or python on PATH +SMTP_SECURE_DEFAULT="none" +SMTP_TIMEOUT_DEFAULT="30" + # subject content statuscode smtp_send() { - _SMTP_SUBJECT="$1" - _SMTP_CONTENT="$2" + SMTP_SUBJECT="$1" + SMTP_CONTENT="$2" # UNUSED: _statusCode="$3" # 0: success, 1: error 2($RENEW_SKIP): skipped - # Load config: - SMTP_FROM="${SMTP_FROM:-$(_readaccountconf_mutable SMTP_FROM)}" - SMTP_TO="${SMTP_TO:-$(_readaccountconf_mutable SMTP_TO)}" - SMTP_HOST="${SMTP_HOST:-$(_readaccountconf_mutable SMTP_HOST)}" - SMTP_PORT="${SMTP_PORT:-$(_readaccountconf_mutable SMTP_PORT)}" - SMTP_SECURE="${SMTP_SECURE:-$(_readaccountconf_mutable SMTP_SECURE)}" - SMTP_USERNAME="${SMTP_USERNAME:-$(_readaccountconf_mutable SMTP_USERNAME)}" - SMTP_PASSWORD="${SMTP_PASSWORD:-$(_readaccountconf_mutable SMTP_PASSWORD)}" - SMTP_TIMEOUT="${SMTP_TIMEOUT:-$(_readaccountconf_mutable SMTP_TIMEOUT)}" - SMTP_BIN="${SMTP_BIN:-$(_readaccountconf_mutable SMTP_BIN)}" - - _debug "SMTP_FROM" "$SMTP_FROM" - _debug "SMTP_TO" "$SMTP_TO" - _debug "SMTP_HOST" "$SMTP_HOST" - _debug "SMTP_PORT" "$SMTP_PORT" - _debug "SMTP_SECURE" "$SMTP_SECURE" - _debug "SMTP_USERNAME" "$SMTP_USERNAME" - _secure_debug "SMTP_PASSWORD" "$SMTP_PASSWORD" - _debug "SMTP_TIMEOUT" "$SMTP_TIMEOUT" - _debug "SMTP_BIN" "$SMTP_BIN" - - _debug "_SMTP_SUBJECT" "$_SMTP_SUBJECT" - _debug "_SMTP_CONTENT" "$_SMTP_CONTENT" - - # Validate config and apply defaults: - # _SMTP_* variables are the resolved (with defaults) versions of SMTP_*. - # (The _SMTP_* versions will not be stored in account conf.) - + # Load and validate config: + SMTP_BIN="$(_readaccountconf_mutable_default SMTP_BIN)" if [ -n "$SMTP_BIN" ] && ! _exists "$SMTP_BIN"; then _err "SMTP_BIN '$SMTP_BIN' does not exist." return 1 fi - _SMTP_BIN="$SMTP_BIN" - if [ -z "$_SMTP_BIN" ]; then + if [ -z "$SMTP_BIN" ]; then # Look for a command that can communicate with an SMTP server. # (Please don't add sendmail, ssmtp, mutt, mail, or msmtp here. # Those are already handled by the "mail" notify hook.) for cmd in curl python3 python2.7 python pypy3 pypy; do if _exists "$cmd"; then - _SMTP_BIN="$cmd" + SMTP_BIN="$cmd" break fi done - if [ -z "$_SMTP_BIN" ]; then + if [ -z "$SMTP_BIN" ]; then _err "The smtp notify-hook requires curl or Python, but can't find any." _err 'If you have one of them, define SMTP_BIN="/path/to/curl_or_python".' _err 'Otherwise, see if you can use the "mail" notify-hook instead.' return 1 fi - _debug "_SMTP_BIN" "$_SMTP_BIN" fi + _debug SMTP_BIN "$SMTP_BIN" + _saveaccountconf_mutable_default SMTP_BIN "$SMTP_BIN" + SMTP_FROM="$(_readaccountconf_mutable_default SMTP_FROM)" if [ -z "$SMTP_FROM" ]; then _err "You must define SMTP_FROM as the sender email address." return 1 fi - _SMTP_FROM="$SMTP_FROM" + _debug SMTP_FROM "$SMTP_FROM" + _saveaccountconf_mutable_default SMTP_FROM "$SMTP_FROM" + SMTP_TO="$(_readaccountconf_mutable_default SMTP_TO)" if [ -z "$SMTP_TO" ]; then _err "You must define SMTP_TO as the recipient email address." return 1 fi - _SMTP_TO="$SMTP_TO" + _debug SMTP_TO "$SMTP_TO" + _saveaccountconf_mutable_default SMTP_TO "$SMTP_TO" + SMTP_HOST="$(_readaccountconf_mutable_default SMTP_HOST)" if [ -z "$SMTP_HOST" ]; then _err "You must define SMTP_HOST as the SMTP server hostname." return 1 fi - _SMTP_HOST="$SMTP_HOST" - - _SMTP_SECURE="${SMTP_SECURE:-none}" - case "$_SMTP_SECURE" in - "none") smtp_default_port="25" ;; - "ssl") smtp_default_port="465" ;; - "tls") smtp_default_port="587" ;; + _debug SMTP_HOST "$SMTP_HOST" + _saveaccountconf_mutable_default SMTP_HOST "$SMTP_HOST" + + SMTP_SECURE="$(_readaccountconf_mutable_default SMTP_SECURE "$SMTP_SECURE_DEFAULT")" + case "$SMTP_SECURE" in + "none") smtp_port_default="25" ;; + "ssl") smtp_port_default="465" ;; + "tls") smtp_port_default="587" ;; *) _err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'." return 1 ;; esac + _debug SMTP_SECURE "$SMTP_SECURE" + _saveaccountconf_mutable_default SMTP_SECURE "$SMTP_SECURE" "$SMTP_SECURE_DEFAULT" - _SMTP_PORT="${SMTP_PORT:-$smtp_default_port}" - if [ -z "$SMTP_PORT" ]; then - _debug "_SMTP_PORT" "$_SMTP_PORT" - fi + SMTP_PORT="$(_readaccountconf_mutable_default SMTP_PORT "$smtp_port_default")" + case "$SMTP_PORT" in + *[!0-9]*) + _err "Invalid SMTP_PORT='$SMTP_PORT'. It must be a port number." + return 1 + ;; + esac + _debug SMTP_PORT "$SMTP_PORT" + _saveaccountconf_mutable_default SMTP_PORT "$SMTP_PORT" "$smtp_port_default" + + SMTP_USERNAME="$(_readaccountconf_mutable_default SMTP_USERNAME)" + _debug SMTP_USERNAME "$SMTP_USERNAME" + _saveaccountconf_mutable_default SMTP_USERNAME "$SMTP_USERNAME" + + SMTP_PASSWORD="$(_readaccountconf_mutable_default SMTP_PASSWORD)" + _secure_debug SMTP_PASSWORD "$SMTP_PASSWORD" + _saveaccountconf_mutable_default SMTP_PASSWORD "$SMTP_PASSWORD" - _SMTP_USERNAME="$SMTP_USERNAME" - _SMTP_PASSWORD="$SMTP_PASSWORD" - _SMTP_TIMEOUT="${SMTP_TIMEOUT:-30}" - _SMTP_X_MAILER="${PROJECT_NAME} ${VER} --notify-hook smtp" + SMTP_TIMEOUT="$(_readaccountconf_mutable_default SMTP_TIMEOUT "$SMTP_TIMEOUT_DEFAULT")" + _debug SMTP_TIMEOUT "$SMTP_TIMEOUT" + _saveaccountconf_mutable_default SMTP_TIMEOUT "$SMTP_TIMEOUT" "$SMTP_TIMEOUT_DEFAULT" + + SMTP_X_MAILER="${PROJECT_NAME} ${VER} --notify-hook smtp" # Run with --debug 2 (or above) to echo the transcript of the SMTP session. # Careful: this may include SMTP_PASSWORD in plaintext! if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then - _SMTP_SHOW_TRANSCRIPT="True" + SMTP_SHOW_TRANSCRIPT="True" else - _SMTP_SHOW_TRANSCRIPT="" + SMTP_SHOW_TRANSCRIPT="" fi + _debug SMTP_SUBJECT "$SMTP_SUBJECT" + _debug SMTP_CONTENT "$SMTP_CONTENT" + # Send the message: - case "$(basename "$_SMTP_BIN")" in + case "$(basename "$SMTP_BIN")" in curl) _smtp_send=_smtp_send_curl ;; py*) _smtp_send=_smtp_send_python ;; *) - _err "Can't figure out how to invoke $_SMTP_BIN." + _err "Can't figure out how to invoke '$SMTP_BIN'." _err "Check your SMTP_BIN setting." return 1 ;; esac if ! smtp_output="$($_smtp_send)"; then - _err "Error sending message with $_SMTP_BIN." + _err "Error sending message with $SMTP_BIN." if [ -n "$smtp_output" ]; then _err "$smtp_output" fi return 1 fi - # Save config only if send was successful: - _saveaccountconf_mutable SMTP_BIN "$SMTP_BIN" - _saveaccountconf_mutable SMTP_FROM "$SMTP_FROM" - _saveaccountconf_mutable SMTP_TO "$SMTP_TO" - _saveaccountconf_mutable SMTP_HOST "$SMTP_HOST" - _saveaccountconf_mutable SMTP_PORT "$SMTP_PORT" - _saveaccountconf_mutable SMTP_SECURE "$SMTP_SECURE" - _saveaccountconf_mutable SMTP_USERNAME "$SMTP_USERNAME" - _saveaccountconf_mutable SMTP_PASSWORD "$SMTP_PASSWORD" - _saveaccountconf_mutable SMTP_TIMEOUT "$SMTP_TIMEOUT" - return 0 } -# Send the message via curl using _SMTP_* variables +## +## curl smtp sending +## + +# Send the message via curl using SMTP_* variables _smtp_send_curl() { # curl passes --mail-from and --mail-rcpt directly to the SMTP protocol without # additional parsing, and SMTP requires addr-spec only (no display names). # In the future, maybe try to parse the addr-spec out for curl args (non-trivial). - if _email_has_display_name "$_SMTP_FROM"; then + if _email_has_display_name "$SMTP_FROM"; then _err "curl smtp only allows a simple email address in SMTP_FROM." _err "Change your SMTP_FROM='$SMTP_FROM' to remove the display name." return 1 fi - if _email_has_display_name "$_SMTP_TO"; then + if _email_has_display_name "$SMTP_TO"; then _err "curl smtp only allows simple email addresses in SMTP_TO." _err "Change your SMTP_TO='$SMTP_TO' to remove the display name(s)." return 1 @@ -173,20 +168,20 @@ _smtp_send_curl() { # Build curl args in $@ - case "$_SMTP_SECURE" in + case "$SMTP_SECURE" in none) - set -- --url "smtp://${_SMTP_HOST}:${_SMTP_PORT}" + set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}" ;; ssl) - set -- --url "smtps://${_SMTP_HOST}:${_SMTP_PORT}" + set -- --url "smtps://${SMTP_HOST}:${SMTP_PORT}" ;; tls) - set -- --url "smtp://${_SMTP_HOST}:${_SMTP_PORT}" --ssl-reqd + set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}" --ssl-reqd ;; *) # This will only occur if someone adds a new SMTP_SECURE option above # without updating this code for it. - _err "Unhandled _SMTP_SECURE='$_SMTP_SECURE' in _smtp_send_curl" + _err "Unhandled SMTP_SECURE='$SMTP_SECURE' in _smtp_send_curl" _err "Please re-run with --debug and report a bug." return 1 ;; @@ -194,23 +189,23 @@ _smtp_send_curl() { set -- "$@" \ --upload-file - \ - --mail-from "$_SMTP_FROM" \ - --max-time "$_SMTP_TIMEOUT" + --mail-from "$SMTP_FROM" \ + --max-time "$SMTP_TIMEOUT" - # Burst comma-separated $_SMTP_TO into individual --mail-rcpt args. - _to="${_SMTP_TO}," + # Burst comma-separated $SMTP_TO into individual --mail-rcpt args. + _to="${SMTP_TO}," while [ -n "$_to" ]; do _rcpt="${_to%%,*}" _to="${_to#*,}" set -- "$@" --mail-rcpt "$_rcpt" done - _smtp_login="${_SMTP_USERNAME}:${_SMTP_PASSWORD}" + _smtp_login="${SMTP_USERNAME}:${SMTP_PASSWORD}" if [ "$_smtp_login" != ":" ]; then set -- "$@" --user "$_smtp_login" fi - if [ "$_SMTP_SHOW_TRANSCRIPT" = "True" ]; then + if [ "$SMTP_SHOW_TRANSCRIPT" = "True" ]; then set -- "$@" --verbose else set -- "$@" --silent --show-error @@ -218,24 +213,24 @@ _smtp_send_curl() { raw_message="$(_smtp_raw_message)" - _debug2 "curl command:" "$_SMTP_BIN" "$*" + _debug2 "curl command:" "$SMTP_BIN" "$*" _debug2 "raw_message:\n$raw_message" - echo "$raw_message" | "$_SMTP_BIN" "$@" + echo "$raw_message" | "$SMTP_BIN" "$@" } -# Output an RFC-822 / RFC-5322 email message using _SMTP_* variables +# Output an RFC-822 / RFC-5322 email message using SMTP_* variables _smtp_raw_message() { - echo "From: $_SMTP_FROM" - echo "To: $_SMTP_TO" - echo "Subject: $(_mime_encoded_word "$_SMTP_SUBJECT")" + echo "From: $SMTP_FROM" + echo "To: $SMTP_TO" + echo "Subject: $(_mime_encoded_word "$SMTP_SUBJECT")" if _exists date; then echo "Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')" fi echo "Content-Type: text/plain; charset=utf-8" - echo "X-Mailer: $_SMTP_X_MAILER" + echo "X-Mailer: $SMTP_X_MAILER" echo - echo "$_SMTP_CONTENT" + echo "$SMTP_CONTENT" } # Convert text to RFC-2047 MIME "encoded word" format if it contains non-ASCII chars @@ -260,12 +255,16 @@ _email_has_display_name() { expr "$_email" : '^.*[<>"]' >/dev/null } -# Send the message via Python using _SMTP_* variables +## +## Python smtp sending +## + +# Send the message via Python using SMTP_* variables _smtp_send_python() { - _debug "Python version" "$("$_SMTP_BIN" --version 2>&1)" + _debug "Python version" "$("$SMTP_BIN" --version 2>&1)" # language=Python - "$_SMTP_BIN" < Date: Tue, 16 Feb 2021 13:13:26 -0800 Subject: [PATCH 0261/1526] Implement _rfc2822_date helper --- notify/smtp.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 85801604..43536cd2 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -224,9 +224,7 @@ _smtp_raw_message() { echo "From: $SMTP_FROM" echo "To: $SMTP_TO" echo "Subject: $(_mime_encoded_word "$SMTP_SUBJECT")" - if _exists date; then - echo "Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')" - fi + echo "Date: $(_rfc2822_date)" echo "Content-Type: text/plain; charset=utf-8" echo "X-Mailer: $SMTP_X_MAILER" echo @@ -248,6 +246,19 @@ _mime_encoded_word() { fi } +# Output current date in RFC-2822 Section 3.3 format as required in email headers +# (e.g., "Mon, 15 Feb 2021 14:22:01 -0800") +_rfc2822_date() { + # Notes: + # - this is deliberately not UTC, because it "SHOULD express local time" per spec + # - the spec requires weekday and month in the C locale (English), not localized + # - this date format specifier has been tested on Linux, Mac, Solaris and FreeBSD + _old_lc_time="$LC_TIME" + LC_TIME=C + date +'%a, %-d %b %Y %H:%M:%S %z' + LC_TIME="$_old_lc_time" +} + # Simple check for display name in an email address (< > or ") # email _email_has_display_name() { From 4b615cb3a92fad0d65e8868408debbd82ca0f32e Mon Sep 17 00:00:00 2001 From: medmunds Date: Tue, 16 Feb 2021 14:02:09 -0800 Subject: [PATCH 0262/1526] Clean email headers and warn on unsupported address format Just in case, make sure CR or NL don't end up in an email header. --- notify/smtp.sh | 55 +++++++++++++++++++++++++++----------------------- 1 file changed, 30 insertions(+), 25 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 43536cd2..42c1487c 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -53,16 +53,28 @@ smtp_send() { _saveaccountconf_mutable_default SMTP_BIN "$SMTP_BIN" SMTP_FROM="$(_readaccountconf_mutable_default SMTP_FROM)" + SMTP_FROM="$(_clean_email_header "$SMTP_FROM")" if [ -z "$SMTP_FROM" ]; then _err "You must define SMTP_FROM as the sender email address." return 1 fi + if _email_has_display_name "$SMTP_FROM"; then + _err "SMTP_FROM must be only a simple email address (sender@example.com)." + _err "Change your SMTP_FROM='$SMTP_FROM' to remove the display name." + return 1 + fi _debug SMTP_FROM "$SMTP_FROM" _saveaccountconf_mutable_default SMTP_FROM "$SMTP_FROM" SMTP_TO="$(_readaccountconf_mutable_default SMTP_TO)" + SMTP_TO="$(_clean_email_header "$SMTP_TO")" if [ -z "$SMTP_TO" ]; then - _err "You must define SMTP_TO as the recipient email address." + _err "You must define SMTP_TO as the recipient email address(es)." + return 1 + fi + if _email_has_display_name "$SMTP_TO"; then + _err "SMTP_TO must be only simple email addresses (to@example.com,to2@example.com)." + _err "Change your SMTP_TO='$SMTP_TO' to remove the display name(s)." return 1 fi _debug SMTP_TO "$SMTP_TO" @@ -111,7 +123,7 @@ smtp_send() { _debug SMTP_TIMEOUT "$SMTP_TIMEOUT" _saveaccountconf_mutable_default SMTP_TIMEOUT "$SMTP_TIMEOUT" "$SMTP_TIMEOUT_DEFAULT" - SMTP_X_MAILER="${PROJECT_NAME} ${VER} --notify-hook smtp" + SMTP_X_MAILER="$(_clean_email_header "$PROJECT_NAME $VER --notify-hook smtp")" # Run with --debug 2 (or above) to echo the transcript of the SMTP session. # Careful: this may include SMTP_PASSWORD in plaintext! @@ -121,6 +133,7 @@ smtp_send() { SMTP_SHOW_TRANSCRIPT="" fi + SMTP_SUBJECT=$(_clean_email_header "$SMTP_SUBJECT") _debug SMTP_SUBJECT "$SMTP_SUBJECT" _debug SMTP_CONTENT "$SMTP_CONTENT" @@ -146,28 +159,26 @@ smtp_send() { return 0 } +# Strip CR and NL from text to prevent MIME header injection +# text +_clean_email_header() { + printf "%s" "$(echo "$1" | tr -d "\r\n")" +} + +# Simple check for display name in an email address (< > or ") +# email +_email_has_display_name() { + _email="$1" + expr "$_email" : '^.*[<>"]' >/dev/null +} + ## ## curl smtp sending ## # Send the message via curl using SMTP_* variables _smtp_send_curl() { - # curl passes --mail-from and --mail-rcpt directly to the SMTP protocol without - # additional parsing, and SMTP requires addr-spec only (no display names). - # In the future, maybe try to parse the addr-spec out for curl args (non-trivial). - if _email_has_display_name "$SMTP_FROM"; then - _err "curl smtp only allows a simple email address in SMTP_FROM." - _err "Change your SMTP_FROM='$SMTP_FROM' to remove the display name." - return 1 - fi - if _email_has_display_name "$SMTP_TO"; then - _err "curl smtp only allows simple email addresses in SMTP_TO." - _err "Change your SMTP_TO='$SMTP_TO' to remove the display name(s)." - return 1 - fi - # Build curl args in $@ - case "$SMTP_SECURE" in none) set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}" @@ -219,7 +230,8 @@ _smtp_send_curl() { echo "$raw_message" | "$SMTP_BIN" "$@" } -# Output an RFC-822 / RFC-5322 email message using SMTP_* variables +# Output an RFC-822 / RFC-5322 email message using SMTP_* variables. +# (This assumes variables have already been cleaned for use in email headers.) _smtp_raw_message() { echo "From: $SMTP_FROM" echo "To: $SMTP_TO" @@ -259,13 +271,6 @@ _rfc2822_date() { LC_TIME="$_old_lc_time" } -# Simple check for display name in an email address (< > or ") -# email -_email_has_display_name() { - _email="$1" - expr "$_email" : '^.*[<>"]' >/dev/null -} - ## ## Python smtp sending ## From 5a182eddbf4ffafcc1b8a1b3757a49378f46af5f Mon Sep 17 00:00:00 2001 From: medmunds Date: Tue, 16 Feb 2021 14:41:21 -0800 Subject: [PATCH 0263/1526] Clarify _readaccountconf_mutable_default --- notify/smtp.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 42c1487c..fabde79b 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -358,7 +358,7 @@ PYTHON # - if MY_CONF is set _empty_, output $default_value # (lets user `export MY_CONF=` to clear previous saved value # and return to default, without user having to know default) -# - otherwise if _readaccountconf_mutable $name is non-empty, return that +# - otherwise if _readaccountconf_mutable MY_CONF is non-empty, return that # (value of SAVED_MY_CONF from account.conf) # - otherwise output $default_value _readaccountconf_mutable_default() { @@ -366,8 +366,9 @@ _readaccountconf_mutable_default() { _default_value="$2" eval "_value=\"\$$_name\"" - eval "_explicit_empty_value=\"\${${_name}+empty}\"" - if [ -z "${_value}" ] && [ "${_explicit_empty_value:-}" != "empty" ]; then + eval "_name_is_set=\"\${${_name}+true}\"" + # ($_name_is_set is "true" if $$_name is set to anything, including empty) + if [ -z "${_value}" ] && [ "${_name_is_set:-}" != "true" ]; then _value="$(_readaccountconf_mutable "$_name")" fi if [ -z "${_value}" ]; then From 8f688e5e13b9cdc77134eb97dcc07435912dc4aa Mon Sep 17 00:00:00 2001 From: medmunds Date: Wed, 17 Feb 2021 09:46:13 -0800 Subject: [PATCH 0264/1526] Add Date email header in Python implementation --- notify/smtp.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/notify/smtp.sh b/notify/smtp.sh index fabde79b..0c698631 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -287,6 +287,7 @@ try: from email.message import EmailMessage except ImportError: from email.mime.text import MIMEText as EmailMessage # Python 2 + from email.utils import formatdate as rfc2822_date from smtplib import SMTP, SMTP_SSL, SMTPException from socket import error as SocketError except ImportError as err: @@ -318,6 +319,7 @@ except (AttributeError, TypeError): msg["Subject"] = subject msg["From"] = from_email msg["To"] = to_emails +msg["Date"] = rfc2822_date(localtime=True) msg["X-Mailer"] = x_mailer smtp = None From 28d9f00610b11254b43bf38d028524db859e588f Mon Sep 17 00:00:00 2001 From: medmunds Date: Wed, 17 Feb 2021 09:57:44 -0800 Subject: [PATCH 0265/1526] Use email.policy.default in Python 3 implementation Improves standards compatibility and utf-8 handling in Python 3.3-3.8. (email.policy.default becomes the default in Python 3.9.) --- notify/smtp.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 0c698631..69863206 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -285,8 +285,11 @@ _smtp_send_python() { try: try: from email.message import EmailMessage + from email.policy import default as email_policy_default except ImportError: - from email.mime.text import MIMEText as EmailMessage # Python 2 + # Python 2 (or < 3.3) + from email.mime.text import MIMEText as EmailMessage + email_policy_default = None from email.utils import formatdate as rfc2822_date from smtplib import SMTP, SMTP_SSL, SMTPException from socket import error as SocketError @@ -311,7 +314,7 @@ subject="""$SMTP_SUBJECT""" content="""$SMTP_CONTENT""" try: - msg = EmailMessage() + msg = EmailMessage(policy=email_policy_default) msg.set_content(content) except (AttributeError, TypeError): # Python 2 MIMEText From 6e49c4ffe006c45128c4ad8535e34e39b93901e2 Mon Sep 17 00:00:00 2001 From: medmunds Date: Wed, 17 Feb 2021 10:02:14 -0800 Subject: [PATCH 0266/1526] Prefer Python to curl when both available --- notify/smtp.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 69863206..71020818 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -15,7 +15,7 @@ # SMTP_USERNAME="" # set if SMTP server requires login # SMTP_PASSWORD="" # set if SMTP server requires login # SMTP_TIMEOUT="30" # seconds for SMTP operations to timeout -# SMTP_BIN="/path/to/curl_or_python" # default finds first of curl, python3, or python on PATH +# SMTP_BIN="/path/to/python_or_curl" # default finds first of python3, python2.7, python, pypy3, pypy, curl on PATH SMTP_SECURE_DEFAULT="none" SMTP_TIMEOUT_DEFAULT="30" @@ -36,7 +36,7 @@ smtp_send() { # Look for a command that can communicate with an SMTP server. # (Please don't add sendmail, ssmtp, mutt, mail, or msmtp here. # Those are already handled by the "mail" notify hook.) - for cmd in curl python3 python2.7 python pypy3 pypy; do + for cmd in python3 python2.7 python pypy3 pypy curl; do if _exists "$cmd"; then SMTP_BIN="$cmd" break From afe6f4030e9f7ec5c03146dd4dfe122d1ab7aab1 Mon Sep 17 00:00:00 2001 From: medmunds Date: Wed, 17 Feb 2021 11:39:16 -0800 Subject: [PATCH 0267/1526] Change default SMTP_SECURE to "tls" Secure by default. Also try to minimize configuration errors. (Many ESPs/ISPs require STARTTLS, and most support it.) --- notify/smtp.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 71020818..293c665e 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -11,13 +11,13 @@ # SMTP_TO="to@example.com" # required # SMTP_HOST="smtp.example.com" # required # SMTP_PORT="25" # defaults to 25, 465 or 587 depending on SMTP_SECURE -# SMTP_SECURE="none" # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS) +# SMTP_SECURE="tls" # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS) # SMTP_USERNAME="" # set if SMTP server requires login # SMTP_PASSWORD="" # set if SMTP server requires login # SMTP_TIMEOUT="30" # seconds for SMTP operations to timeout # SMTP_BIN="/path/to/python_or_curl" # default finds first of python3, python2.7, python, pypy3, pypy, curl on PATH -SMTP_SECURE_DEFAULT="none" +SMTP_SECURE_DEFAULT="tls" SMTP_TIMEOUT_DEFAULT="30" # subject content statuscode From 17f5e557ed07dfcc65d7ea808d2e27fbfc0acf7f Mon Sep 17 00:00:00 2001 From: czeming Date: Sat, 20 Feb 2021 17:16:33 +0800 Subject: [PATCH 0268/1526] Update dns_dp.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 没有encode中文字符会导致提交失败 --- dnsapi/dns_dp.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dp.sh b/dnsapi/dns_dp.sh index 033fa5aa..9b8b7a8b 100755 --- a/dnsapi/dns_dp.sh +++ b/dnsapi/dns_dp.sh @@ -89,7 +89,7 @@ add_record() { _info "Adding record" - if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认"; then + if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=%E9%BB%98%E8%AE%A4"; then return 1 fi From eacc00f7868dc01c8df4de43474910863fc12bed Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sun, 21 Feb 2021 22:42:24 +0100 Subject: [PATCH 0269/1526] Update truenas.sh - check if curl exists - check if wget exist, then errortext and exit scipt - _get command "restartUI" wirh info about curl error 52 --- deploy/truenas.sh | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index be8fac12..1be4aeb0 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -35,6 +35,19 @@ truenas_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" + if _exists "curl"; then + _debug "curl found, no Message to restartUI error" + else + if _exists "wget"; then + _err "Until Version of TrueNAS is older than TrueNAS-12.0-U2 there are problems with using wget" + _err "There is a bug when using the API Call restartUI with wget" + _err "The API call does not give any response, whit wget the api call restartUI would be called about 20 times" + _err "Please use curl!" + _err "Bug Report at https://jira.ixsystems.com/browse/NAS-109435" + return 1 + fi + fi + _getdeployconf DEPLOY_TRUENAS_APIKEY if [ -z "$DEPLOY_TRUENAS_APIKEY" ]; then @@ -63,7 +76,6 @@ truenas_deploy() { _info "Testing Connection TrueNAS" _response=$(_get "$_api_url/system/state") _info "TrueNAS System State: $_response." - _debug _response "$_response" if [ -z "$_response" ]; then _err "Unable to authenticate to $_api_url." @@ -168,14 +180,12 @@ truenas_deploy() { _debug3 _delete_result "$_delete_result" - # the command - # _restart_UI=$(_get "$_api_url/system/general/ui_restart") - # throws the Error 52 - # for this command direct curl command _info "Reload WebUI from TrueNAS" - curl --silent -L --no-keepalive --user-agent "$USER_AGENT" -H "$_H1" "$_api_url/system/general/ui_restart" - _ret=$? - _debug2 CURL_RETURN "$_ret" + _restart_UI=$(_get "$_api_url/system/general/ui_restart") + _info "Until Version of TrueNAS is older than TrueNAS-12.0-U3 curl returns error 52" + _info "This is not a problem for tis scipt" + _info "See Bugreport: https://jira.ixsystems.com/browse/NAS-109435" + _debug2 _restart_UI "$_restart_UI" if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ] && [ "$_ret" = "52" ]; then return 0 From 4bb8e3a121442c3bb9b12cd54467608c551eeb4a Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Sun, 21 Feb 2021 22:48:31 +0100 Subject: [PATCH 0270/1526] Update truenas.sh -error handling --- deploy/truenas.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 1be4aeb0..7d8f3238 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -187,10 +187,10 @@ truenas_deploy() { _info "See Bugreport: https://jira.ixsystems.com/browse/NAS-109435" _debug2 _restart_UI "$_restart_UI" - if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ] && [ "$_ret" = "52" ]; then + if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ]; then return 0 else - _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" + _err "Certupdate was not succesfull, please use --debug" return 1 fi } From a730a08161def8358a68a1662149e670e1af02f3 Mon Sep 17 00:00:00 2001 From: Geert Hendrickx Date: Tue, 23 Feb 2021 10:28:17 +0100 Subject: [PATCH 0271/1526] No need to include EC parameters explicitly with the private key. (they are embedded) --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 757ed7a5..3c66250e 100755 --- a/acme.sh +++ b/acme.sh @@ -1124,7 +1124,7 @@ _createkey() { if _isEccKey "$length"; then _debug "Using ec name: $eccname" - if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null)"; then + if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -noout -genkey 2>/dev/null)"; then echo "$_opkey" >"$f" else _err "error ecc key name: $eccname" From c5100219d15137f65799b1fb315affd1a6831218 Mon Sep 17 00:00:00 2001 From: Kristian Johansson Date: Wed, 24 Feb 2021 08:53:35 +0100 Subject: [PATCH 0272/1526] Fixes response handling and thereby allow issuing of subdomain certs --- dnsapi/dns_simply.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index d053dcf6..b38d0ed3 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -6,7 +6,7 @@ #SIMPLY_ApiKey="apikey" # #SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" - +SIMPLY_SUCCESS_CODE='"status": 200' SIMPLY_Api_Default="https://api.simply.com/1" ######## Public functions ##################### @@ -171,7 +171,7 @@ _get_root() { return 1 fi - if _contains "$response" '"code":"NOT_FOUND"'; then + if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then _debug "$h not found" else _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) @@ -196,6 +196,12 @@ _simply_add_record() { return 1 fi + if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then + _err "Call to API not sucessfull, see below message for more details" + _err "$response" + return 1 + fi + return 0 } @@ -211,6 +217,12 @@ _simply_delete_record() { return 1 fi + if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then + _err "Call to API not sucessfull, see below message for more details" + _err "$response" + return 1 + fi + return 0 } From 1917c4b04a17de47d5dc6e08946df6b5bf1b137f Mon Sep 17 00:00:00 2001 From: Kristian Johansson Date: Wed, 24 Feb 2021 17:34:28 +0100 Subject: [PATCH 0273/1526] Adds comment --- dnsapi/dns_simply.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index b38d0ed3..e0e05017 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -6,9 +6,11 @@ #SIMPLY_ApiKey="apikey" # #SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" -SIMPLY_SUCCESS_CODE='"status": 200' SIMPLY_Api_Default="https://api.simply.com/1" +#This is used for determining success of REST call +SIMPLY_SUCCESS_CODE='"status": 200' + ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_simply_add() { From 9a90fe37944ce23ecee6425a4b11f0594bb2165e Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 25 Feb 2021 07:45:22 +0800 Subject: [PATCH 0274/1526] fix https://github.com/acmesh-official/acme.sh/issues/3402 --- acme.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 3c66250e..24cda9c4 100755 --- a/acme.sh +++ b/acme.sh @@ -562,8 +562,16 @@ if _exists xargs && [ "$(printf %s '\\x41' | xargs printf)" = 'A' ]; then fi _h2b() { - if _exists xxd && xxd -r -p 2>/dev/null; then - return + if _exists xxd; then + if _contains "$(xxd --help 2>&1)" "assumes -c30"; then + if xxd -r -p -c 9999 2>/dev/null; then + return + fi + else + if xxd -r -p 2>/dev/null; then + return + fi + fi fi hex=$(cat) From 5eb1469dbfe6c9f998817a7947e90bb942d8f87d Mon Sep 17 00:00:00 2001 From: Lukas Brocke Date: Tue, 23 Feb 2021 19:49:58 +0100 Subject: [PATCH 0275/1526] dnsapi/ionos: Use POST instead of PATCH for adding TXT record The API now supports a POST route for adding records. Therefore checking for already existing records and including them in a PATCH request is no longer necessary. --- dnsapi/dns_ionos.sh | 28 +++------------------------- 1 file changed, 3 insertions(+), 25 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index e6bd5000..aaf8580f 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -24,20 +24,9 @@ dns_ionos_add() { return 1 fi - _new_record="{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}" + _body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" - # As no POST route is supported by the API, check for existing records and include them in the PATCH request in order not delete them. - # This is required to support ACME v2 wildcard certificate creation, where two TXT records for the same domain name are created. - - _ionos_get_existing_records "$fulldomain" "$_zone_id" - - if [ "$_existing_records" ]; then - _body="[$_new_record,$_existing_records]" - else - _body="[$_new_record]" - fi - - if _ionos_rest PATCH "$IONOS_ROUTE_ZONES/$_zone_id" "$_body" && [ -z "$response" ]; then + if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ -z "$response" ]; then _info "TXT record has been created successfully." return 0 fi @@ -125,17 +114,6 @@ _get_root() { return 1 } -_ionos_get_existing_records() { - fulldomain=$1 - zone_id=$2 - - if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then - response="$(echo "$response" | tr -d "\n")" - - _existing_records="$(printf "%s\n" "$response" | _egrep_o "\"records\":\[.*\]" | _head_n 1 | cut -d '[' -f 2 | sed 's/]//')" - fi -} - _ionos_get_record() { fulldomain=$1 zone_id=$2 @@ -168,7 +146,7 @@ _ionos_rest() { export _H2="Accept: application/json" export _H3="Content-Type: application/json" - response="$(_post "$data" "$IONOS_API$route" "" "$method")" + response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")" else export _H2="Accept: */*" From 0f494c9dd62fbbd27d03c6e6603cb96023910a01 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 1 Mar 2021 18:13:50 +0800 Subject: [PATCH 0276/1526] fix https://github.com/acmesh-official/acme.sh/issues/3433 --- acme.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/acme.sh b/acme.sh index 24cda9c4..748363e8 100755 --- a/acme.sh +++ b/acme.sh @@ -2133,6 +2133,12 @@ _send_signed_request() { _sleep $_sleep_retry_sec continue fi + if _contains "$_body" "The Replay Nonce is not recognized"; then + _info "The replay Nonce is not valid, let's get a new one, Sleeping $_sleep_retry_sec seconds." + _CACHED_NONCE="" + _sleep $_sleep_retry_sec + continue + fi fi return 0 done From 3817ddef412d31daf00170c8f3afeadc4aa08e68 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 4 Mar 2021 21:38:51 +0800 Subject: [PATCH 0277/1526] fix https://github.com/acmesh-official/acme.sh/issues/3019 --- dnsapi/dns_namecheap.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh index 7ce39fa9..5e1f4791 100755 --- a/dnsapi/dns_namecheap.sh +++ b/dnsapi/dns_namecheap.sh @@ -208,7 +208,7 @@ _namecheap_parse_host() { _hostid=$(echo "$_host" | _egrep_o ' HostId="[^"]*' | cut -d '"' -f 2) _hostname=$(echo "$_host" | _egrep_o ' Name="[^"]*' | cut -d '"' -f 2) _hosttype=$(echo "$_host" | _egrep_o ' Type="[^"]*' | cut -d '"' -f 2) - _hostaddress=$(echo "$_host" | _egrep_o ' Address="[^"]*' | cut -d '"' -f 2) + _hostaddress=$(echo "$_host" | _egrep_o ' Address="[^"]*' | cut -d '"' -f 2 | _xml_decode) _hostmxpref=$(echo "$_host" | _egrep_o ' MXPref="[^"]*' | cut -d '"' -f 2) _hostttl=$(echo "$_host" | _egrep_o ' TTL="[^"]*' | cut -d '"' -f 2) @@ -405,3 +405,11 @@ _namecheap_set_tld_sld() { done } + +_xml_decode() { + sed 's/"/"/g' +} + + + + From 52cfb9a041a4d00f0fe88a34f27e9c2e4b71715e Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 4 Mar 2021 21:50:54 +0800 Subject: [PATCH 0278/1526] fix format --- dnsapi/dns_namecheap.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh index 5e1f4791..e3dc7997 100755 --- a/dnsapi/dns_namecheap.sh +++ b/dnsapi/dns_namecheap.sh @@ -410,6 +410,3 @@ _xml_decode() { sed 's/"/"/g' } - - - From 89bb7e6b0ea5796da06ae47cefa847ff23e5523a Mon Sep 17 00:00:00 2001 From: wout Date: Wed, 10 Mar 2021 16:18:07 +0100 Subject: [PATCH 0279/1526] Add wildcard certificate support for dns_constellix --- dnsapi/dns_constellix.sh | 39 +++++++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_constellix.sh b/dnsapi/dns_constellix.sh index 42df710d..d0d3132a 100644 --- a/dnsapi/dns_constellix.sh +++ b/dnsapi/dns_constellix.sh @@ -30,16 +30,38 @@ dns_constellix_add() { return 1 fi - _info "Adding TXT record" - if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"add\":true,\"set\":{\"name\":\"${_sub_domain}\",\"ttl\":120,\"roundRobin\":[{\"value\":\"${txtvalue}\"}]}}]"; then - if printf -- "%s" "$response" | grep "{\"success\":\"1 record(s) added, 0 record(s) updated, 0 record(s) deleted\"}" >/dev/null; then - _info "Added" - return 0 + # To support wildcard certificates, try to find existig TXT record and update it. + _info "Search existing TXT record" + if _constellix_rest GET "domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}"; then + if printf -- "%s" "$response" | grep "{\"errors\":\[\"Requested record was not found\"\]}" >/dev/null; then + _info "Adding TXT record" + if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"add\":true,\"set\":{\"name\":\"${_sub_domain}\",\"ttl\":60,\"roundRobin\":[{\"value\":\"${txtvalue}\"}]}}]"; then + if printf -- "%s" "$response" | grep "{\"success\":\"1 record(s) added, 0 record(s) updated, 0 record(s) deleted\"}" >/dev/null; then + _info "Added" + return 0 + else + _err "Error adding TXT record" + fi + fi else - _err "Error adding TXT record" - return 1 + _record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]+" | cut -d ':' -f 2) + if _constellix_rest GET "domains/${_domain_id}/records/TXT/${_record_id}"; then + _new_rr_values=$(printf "%s\n" "$response" | _egrep_o "\"roundRobin\":\[.*?\]" | sed "s/\]$/,{\"value\":\"${txtvalue}\"}]/") + _debug _new_rr_values $_new_rr_values + _info "Updating TXT record" + if _constellix_rest PUT "domains/${_domain_id}/records/TXT/${_record_id}" "{\"name\":\"${_sub_domain}\",\"ttl\":60,${_new_rr_values}}"; then + if printf -- "%s" "$response" | grep "{\"success\":\"Record.*updated successfully\"}" >/dev/null; then + _info "Updated" + return 0 + else + _err "Error updating TXT record" + fi + fi + fi fi fi + + return 1 } # Usage: fulldomain txtvalue @@ -68,9 +90,10 @@ dns_constellix_rm() { return 0 else _err "Error removing TXT record" - return 1 fi fi + + return 1 } #################### Private functions below ################################## From 494a6e6090e4a8b3980f3c92d6d86ce3772e3da2 Mon Sep 17 00:00:00 2001 From: wout Date: Wed, 10 Mar 2021 16:32:09 +0100 Subject: [PATCH 0280/1526] Fix checks --- dnsapi/dns_constellix.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_constellix.sh b/dnsapi/dns_constellix.sh index d0d3132a..5c20a917 100644 --- a/dnsapi/dns_constellix.sh +++ b/dnsapi/dns_constellix.sh @@ -38,7 +38,7 @@ dns_constellix_add() { if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"add\":true,\"set\":{\"name\":\"${_sub_domain}\",\"ttl\":60,\"roundRobin\":[{\"value\":\"${txtvalue}\"}]}}]"; then if printf -- "%s" "$response" | grep "{\"success\":\"1 record(s) added, 0 record(s) updated, 0 record(s) deleted\"}" >/dev/null; then _info "Added" - return 0 + return 0 else _err "Error adding TXT record" fi @@ -47,7 +47,7 @@ dns_constellix_add() { _record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]+" | cut -d ':' -f 2) if _constellix_rest GET "domains/${_domain_id}/records/TXT/${_record_id}"; then _new_rr_values=$(printf "%s\n" "$response" | _egrep_o "\"roundRobin\":\[.*?\]" | sed "s/\]$/,{\"value\":\"${txtvalue}\"}]/") - _debug _new_rr_values $_new_rr_values + _debug _new_rr_values "$_new_rr_values" _info "Updating TXT record" if _constellix_rest PUT "domains/${_domain_id}/records/TXT/${_record_id}" "{\"name\":\"${_sub_domain}\",\"ttl\":60,${_new_rr_values}}"; then if printf -- "%s" "$response" | grep "{\"success\":\"Record.*updated successfully\"}" >/dev/null; then From 8fdfe673e8ccd69dfe8cfcd8acff641dd84dae24 Mon Sep 17 00:00:00 2001 From: wout Date: Wed, 10 Mar 2021 23:34:21 +0100 Subject: [PATCH 0281/1526] Improve the remove handling so it does not print errors --- dnsapi/dns_constellix.sh | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/dnsapi/dns_constellix.sh b/dnsapi/dns_constellix.sh index 5c20a917..fb4e278e 100644 --- a/dnsapi/dns_constellix.sh +++ b/dnsapi/dns_constellix.sh @@ -30,8 +30,8 @@ dns_constellix_add() { return 1 fi - # To support wildcard certificates, try to find existig TXT record and update it. - _info "Search existing TXT record" + # The TXT record might already exist when working with wilcard certificates. In that case, update the record by adding the new value. + _debug "Search TXT record" if _constellix_rest GET "domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}"; then if printf -- "%s" "$response" | grep "{\"errors\":\[\"Requested record was not found\"\]}" >/dev/null; then _info "Adding TXT record" @@ -83,13 +83,22 @@ dns_constellix_rm() { return 1 fi - _info "Removing TXT record" - if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"delete\":true,\"filter\":{\"field\":\"name\",\"op\":\"eq\",\"value\":\"${_sub_domain}\"}}]"; then - if printf -- "%s" "$response" | grep "{\"success\":\"0 record(s) added, 0 record(s) updated, 1 record(s) deleted\"}" >/dev/null; then + # The TXT record might have been removed already when working with some wildcard certificates. + _debug "Search TXT record" + if _constellix_rest GET "domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}"; then + if printf -- "%s" "$response" | grep "{\"errors\":\[\"Requested record was not found\"\]}" >/dev/null; then _info "Removed" return 0 else - _err "Error removing TXT record" + _info "Removing TXT record" + if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"delete\":true,\"filter\":{\"field\":\"name\",\"op\":\"eq\",\"value\":\"${_sub_domain}\"}}]"; then + if printf -- "%s" "$response" | grep "{\"success\":\"0 record(s) added, 0 record(s) updated, 1 record(s) deleted\"}" >/dev/null; then + _info "Removed" + return 0 + else + _err "Error removing TXT record" + fi + fi fi fi From 928aa74e89b7aac0f1cddcb3e103a1b151aa34d7 Mon Sep 17 00:00:00 2001 From: wout Date: Wed, 10 Mar 2021 23:36:34 +0100 Subject: [PATCH 0282/1526] Fix typo --- dnsapi/dns_constellix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_constellix.sh b/dnsapi/dns_constellix.sh index fb4e278e..75211a6f 100644 --- a/dnsapi/dns_constellix.sh +++ b/dnsapi/dns_constellix.sh @@ -30,7 +30,7 @@ dns_constellix_add() { return 1 fi - # The TXT record might already exist when working with wilcard certificates. In that case, update the record by adding the new value. + # The TXT record might already exist when working with wildcard certificates. In that case, update the record by adding the new value. _debug "Search TXT record" if _constellix_rest GET "domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}"; then if printf -- "%s" "$response" | grep "{\"errors\":\[\"Requested record was not found\"\]}" >/dev/null; then From 8733635638875adfa8b201d4d89990b507ba86e8 Mon Sep 17 00:00:00 2001 From: anom-human <80478363+anom-human@users.noreply.github.com> Date: Thu, 11 Mar 2021 19:11:02 +0100 Subject: [PATCH 0283/1526] Update dns_servercow.sh to support wildcard certs Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents. --- dnsapi/dns_servercow.sh | 42 +++++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_servercow.sh b/dnsapi/dns_servercow.sh index e73d85b0..39f16396 100755 --- a/dnsapi/dns_servercow.sh +++ b/dnsapi/dns_servercow.sh @@ -48,18 +48,44 @@ dns_servercow_add() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - - if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then - if printf -- "%s" "$response" | grep "ok" >/dev/null; then - _info "Added, OK" - return 0 + + # check whether a txt record already exists for the subdomain + if printf -- "%s" "$response" | grep "{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\"" >/dev/null; then + _info "A txt record with the same name already exists." + # trim the string on the left + txtvalue_old=${response#*{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\",\"content\":\"} + # trim the string on the right + txtvalue_old=${txtvalue_old%%\"*} + + _debug txtvalue_old "$txtvalue_old" + + _info "Add the new txtvalue to the existing txt record." + if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":[\"$txtvalue\",\"$txtvalue_old\"],\"ttl\":20}"; then + if printf -- "%s" "$response" | grep "ok" >/dev/null; then + _info "Added additional txtvalue, OK" + return 0 + else + _err "add txt record error." + return 1 + fi + fi + _err "add txt record error." + return 1 else + _info "There is no txt record with the name yet." + if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then + if printf -- "%s" "$response" | grep "ok" >/dev/null; then + _info "Added, OK" + return 0 + else + _err "add txt record error." + return 1 + fi + fi _err "add txt record error." return 1 - fi fi - _err "add txt record error." - + return 1 } From 5c4bfbbd950d47d3fe33d4aee75a70499fd117c0 Mon Sep 17 00:00:00 2001 From: anom-human <80478363+anom-human@users.noreply.github.com> Date: Thu, 11 Mar 2021 20:25:49 +0100 Subject: [PATCH 0284/1526] Update dns_servercow.sh to support wildcard certs Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents. --- dnsapi/dns_servercow.sh | 64 ++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/dnsapi/dns_servercow.sh b/dnsapi/dns_servercow.sh index 39f16396..f70a2294 100755 --- a/dnsapi/dns_servercow.sh +++ b/dnsapi/dns_servercow.sh @@ -48,44 +48,44 @@ dns_servercow_add() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - - # check whether a txt record already exists for the subdomain + + # check whether a txt record already exists for the subdomain if printf -- "%s" "$response" | grep "{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\"" >/dev/null; then - _info "A txt record with the same name already exists." - # trim the string on the left - txtvalue_old=${response#*{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\",\"content\":\"} - # trim the string on the right - txtvalue_old=${txtvalue_old%%\"*} - - _debug txtvalue_old "$txtvalue_old" - - _info "Add the new txtvalue to the existing txt record." - if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":[\"$txtvalue\",\"$txtvalue_old\"],\"ttl\":20}"; then - if printf -- "%s" "$response" | grep "ok" >/dev/null; then - _info "Added additional txtvalue, OK" - return 0 - else - _err "add txt record error." + _info "A txt record with the same name already exists." + # trim the string on the left + txtvalue_old=${response#*{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\",\"content\":\"} + # trim the string on the right + txtvalue_old=${txtvalue_old%%\"*} + + _debug txtvalue_old "$txtvalue_old" + + _info "Add the new txtvalue to the existing txt record." + if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":[\"$txtvalue\",\"$txtvalue_old\"],\"ttl\":20}"; then + if printf -- "%s" "$response" | grep "ok" >/dev/null; then + _info "Added additional txtvalue, OK" + return 0 + else + _err "add txt record error." return 1 - fi fi - _err "add txt record error." - return 1 - else - _info "There is no txt record with the name yet." - if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then - if printf -- "%s" "$response" | grep "ok" >/dev/null; then - _info "Added, OK" - return 0 - else - _err "add txt record error." + fi + _err "add txt record error." + return 1 + else + _info "There is no txt record with the name yet." + if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then + if printf -- "%s" "$response" | grep "ok" >/dev/null; then + _info "Added, OK" + return 0 + else + _err "add txt record error." return 1 - fi fi - _err "add txt record error." - return 1 + fi + _err "add txt record error." + return 1 fi - + return 1 } From 96a95ba9fefa05f88e11f500b98e00706d9c7419 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 13 Mar 2021 20:43:25 +0800 Subject: [PATCH 0285/1526] fix https://github.com/acmesh-official/acme.sh/issues/3312 --- acme.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 748363e8..8d422719 100755 --- a/acme.sh +++ b/acme.sh @@ -5287,6 +5287,7 @@ signcsr() { _renew_hook="${10}" _local_addr="${11}" _challenge_alias="${12}" + _preferred_chain="${13}" _csrsubj=$(_readSubjectFromCSR "$_csrfile") if [ "$?" != "0" ]; then @@ -5333,7 +5334,7 @@ signcsr() { _info "Copy csr to: $CSR_PATH" cp "$_csrfile" "$CSR_PATH" - issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" + issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" "$_preferred_chain" } @@ -7430,7 +7431,7 @@ _process() { deploy "$_domain" "$_deploy_hook" "$_ecc" ;; signcsr) - signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" + signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" ;; showcsr) showcsr "$_csr" "$_domain" From 3dbe5d872ba777d6fa5d9eb27d4a6cc7adbb5e0e Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 13 Mar 2021 20:46:12 +0800 Subject: [PATCH 0286/1526] fix format --- dnsapi/dns_namecheap.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh index e3dc7997..d15d6b0e 100755 --- a/dnsapi/dns_namecheap.sh +++ b/dnsapi/dns_namecheap.sh @@ -409,4 +409,3 @@ _namecheap_set_tld_sld() { _xml_decode() { sed 's/"/"/g' } - From 8eda5f36fb04df03b74e9c3330cd5e995b0ab840 Mon Sep 17 00:00:00 2001 From: Quentin Dreyer Date: Fri, 12 Mar 2021 12:03:36 +0100 Subject: [PATCH 0287/1526] feat: add dns_porkbun --- dnsapi/dns_porkbun.sh | 171 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 171 insertions(+) create mode 100644 dnsapi/dns_porkbun.sh diff --git a/dnsapi/dns_porkbun.sh b/dnsapi/dns_porkbun.sh new file mode 100644 index 00000000..05ecb781 --- /dev/null +++ b/dnsapi/dns_porkbun.sh @@ -0,0 +1,171 @@ +#!/usr/bin/env sh + +# +#PORKBUN_API_KEY="pk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +#PORKBUN_SECRET_API_KEY="sk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + +PORKBUN_Api="https://porkbun.com/api/json/v3" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_porkbun_add() { + fulldomain=$1 + txtvalue=$2 + + PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}" + PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}" + + if [ -z "$PORKBUN_API_KEY" ] || [ -z "$PORKBUN_SECRET_API_KEY" ]; then + PORKBUN_API_KEY='' + PORKBUN_SECRET_API_KEY='' + _err "You didn't specify a Porkbun api key and secret api key yet." + _err "You can get yours from here https://porkbun.com/account/api." + return 1 + fi + + #save the credentials to the account conf file. + _saveaccountconf_mutable PORKBUN_API_KEY "$PORKBUN_API_KEY" + _saveaccountconf_mutable PORKBUN_SECRET_API_KEY "$PORKBUN_SECRET_API_KEY" + + _debug 'First detect the root zone' + if ! _get_root "$fulldomain"; then + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _porkbun_rest POST "dns/retrieve/$_domain" + + if ! echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null; then + _err "Error $response" + return 1 + fi + + # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so + # we can not use updating anymore. + # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) + # _debug count "$count" + # if [ "$count" = "0" ]; then + _info "Adding record" + if _porkbun_rest POST "dns/create/$_domain" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":120}"; then + if _contains "$response" '\"status\":"SUCCESS"'; then + _info "Added, OK" + return 0 + elif _contains "$response" "The record already exists"; then + _info "Already exists, OK" + return 0 + else + _err "Add txt record error. ($response)" + return 1 + fi + fi + _err "Add txt record error." + return 1 + +} + +#fulldomain txtvalue +dns_porkbun_rm() { + fulldomain=$1 + txtvalue=$2 + + PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}" + PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}" + + _debug 'First detect the root zone' + if ! _get_root "$fulldomain"; then + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _porkbun_rest POST "dns/retrieve/$_domain" + + if ! echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null; then + _err "Error: $response" + return 1 + fi + + count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Don't need to remove." + else + record_id=$(echo "$response" | tr '{' '\n' | grep "$txtvalue" | cut -d, -f1 | cut -d: -f2 | tr -d \") + _debug "record_id" "$record_id" + if [ -z "$record_id" ]; then + _err "Can not get record id to remove." + return 1 + fi + if ! _porkbun_rest POST "dns/delete/$_domain/$record_id"; then + _err "Delete record error." + return 1 + fi + echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null + fi + +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +_get_root() { + domain=$1 + i=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + return 1 + fi + + if _porkbun_rest POST "dns/retrieve/$h"; then + if _contains "$response" "\"status\":\"SUCCESS\""; then + _sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" + _domain=$h + return 0 + else + _debug "Go to next level of $_domain" + fi + else + _debug "Go to next level of $_domain" + fi + i=$(_math "$i" + 1) + done + + return 1 +} + +_porkbun_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + api_key_trimmed=$(echo "$PORKBUN_API_KEY" | tr -d '"') + secret_api_key_trimmed=$(echo "$PORKBUN_SECRET_API_KEY" | tr -d '"') + + test -z "$data" && data="{" || data="$(echo $data | cut -d'}' -f1)," + data="$data\"apikey\":\"$api_key_trimmed\",\"secretapikey\":\"$secret_api_key_trimmed\"}" + + export _H1="Content-Type: application/json" + + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$PORKBUN_Api/$ep" "" "$m")" + else + response="$(_get "$PORKBUN_Api/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From 2e34e11b02bba4243fb6e4578c7f3d4ba364cd47 Mon Sep 17 00:00:00 2001 From: qkdreyer Date: Sat, 13 Mar 2021 14:53:43 +0100 Subject: [PATCH 0288/1526] fix: prevent rate limit --- dnsapi/dns_porkbun.sh | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/dnsapi/dns_porkbun.sh b/dnsapi/dns_porkbun.sh index 05ecb781..18da6b2f 100644 --- a/dnsapi/dns_porkbun.sh +++ b/dnsapi/dns_porkbun.sh @@ -35,14 +35,6 @@ dns_porkbun_add() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - _debug "Getting txt records" - _porkbun_rest POST "dns/retrieve/$_domain" - - if ! echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null; then - _err "Error $response" - return 1 - fi - # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so # we can not use updating anymore. # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) @@ -81,14 +73,6 @@ dns_porkbun_rm() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - _debug "Getting txt records" - _porkbun_rest POST "dns/retrieve/$_domain" - - if ! echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null; then - _err "Error: $response" - return 1 - fi - count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ") _debug count "$count" if [ "$count" = "0" ]; then @@ -162,6 +146,8 @@ _porkbun_rest() { response="$(_get "$PORKBUN_Api/$ep")" fi + _sleep 3 # prevent rate limit + if [ "$?" != "0" ]; then _err "error $ep" return 1 From 2386d2e299561378b11eb6a72dac05e7449e2222 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Sat, 20 Mar 2021 15:26:32 +0100 Subject: [PATCH 0291/1526] String change --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 922e6819..3b5a8847 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -32,7 +32,7 @@ dns_websupport_add() { WS_ApiKey="" WS_ApiSecret="" _err "You did not specify the API Key and/or API Secret" - _err "You can get the credentials from here https://admin.websupport.sk/en/auth/apiKey" + _err "You can get the API credentials from here https://admin.websupport.sk/en/auth/apiKey" return 1 fi From c384ed960c138f4449e79293644c4d0ec937cef1 Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Sat, 20 Mar 2021 16:01:09 +0100 Subject: [PATCH 0292/1526] Syncing with the original repo (#2) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * change arvan api script * change Author name * change name actor * Updated --preferred-chain to issue ISRG properly To support different openssl crl2pkcs7 help cli format * dnsapi/pdns: also normalize json response in detecting root zone * Chain (#3408) * fix https://github.com/acmesh-official/acme.sh/issues/3384 match the issuer to the root CA cert subject * fix format * fix https://github.com/acmesh-official/acme.sh/issues/3384 * remove the alt files. https://github.com/acmesh-official/acme.sh/issues/3384 * upgrade freebsd and solaris * duckdns - fix "integer expression expected" errors (#3397) * fix "integer expression expected" errors * duckdns fix * Update dns_duckdns.sh * Update dns_duckdns.sh * Implement smtp notify hook Support notifications via direct SMTP server connection. Uses Python (2.7.x or 3.4+) to communicate with SMTP server. * Make shfmt happy (I'm open to better ways of formatting the heredoc that embeds the Python script.) * Only save config if send is successful * Add instructions for reporting bugs * Prep for curl or Python; clean up SMTP_* variable usage * Implement curl version of smtp notify-hook * More than one blank line is an abomination, apparently I will not try to use whitespace to group code visually * Fix: Unifi deploy hook support Unifi Cloud Key (#3327) * fix: unifi deploy hook also update Cloud Key nginx certs When running on a Unifi Cloud Key device, also deploy to /etc/ssl/private/cloudkey.{crt,key} and reload nginx. This makes the new cert available for the Cloud Key management app running via nginx on port 443 (as well as the port 8443 Unifi Controller app the deploy hook already supported). Fixes #3326 * Improve settings documentation comments * Improve Cloud Key pre-flight error messaging * Fix typo * Add support for UnifiOS (Cloud Key Gen2) Since UnifiOS does not use the Java keystore (like a Unifi Controller or Cloud Key Gen1 deploy), this also reworks the settings validation and error messaging somewhat. * PR review fixes * Detect unsupported Cloud Key java keystore location * Don't try to restart inactive services (and remove extra spaces from reload command) * Clean up error messages and internal variables * Change to _getdeployconf/_savedeployconf * Switch from cp to cat to preserve file permissions * feat: add huaweicloud error handling * fix: fix freebsd and solaris * support openssl 3.0 fix https://github.com/acmesh-official/acme.sh/issues/3399 * make the fix for rsa key only * Use PROJECT_NAME and VER for X-Mailer header Also add X-Mailer header to Python version * Add _clearaccountconf_mutable() * Rework read/save config to not save default values Add and use _readaccountconf_mutable_default and _saveaccountconf_mutable_default helpers to capture common default value handling. New approach also eliminates need for separate underscore-prefixed version of each conf var. * Implement _rfc2822_date helper * Clean email headers and warn on unsupported address format Just in case, make sure CR or NL don't end up in an email header. * Clarify _readaccountconf_mutable_default * Add Date email header in Python implementation * Use email.policy.default in Python 3 implementation Improves standards compatibility and utf-8 handling in Python 3.3-3.8. (email.policy.default becomes the default in Python 3.9.) * Prefer Python to curl when both available * Change default SMTP_SECURE to "tls" Secure by default. Also try to minimize configuration errors. (Many ESPs/ISPs require STARTTLS, and most support it.) * Update dns_dp.sh 没有encode中文字符会导致提交失败 * No need to include EC parameters explicitly with the private key. (they are embedded) * Fixes response handling and thereby allow issuing of subdomain certs * Adds comment * fix https://github.com/acmesh-official/acme.sh/issues/3402 * dnsapi/ionos: Use POST instead of PATCH for adding TXT record The API now supports a POST route for adding records. Therefore checking for already existing records and including them in a PATCH request is no longer necessary. * fix https://github.com/acmesh-official/acme.sh/issues/3433 * fix https://github.com/acmesh-official/acme.sh/issues/3019 * fix format * Update dns_servercow.sh to support wildcard certs Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents. * Update dns_servercow.sh to support wildcard certs Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents. * fix https://github.com/acmesh-official/acme.sh/issues/3312 * fix format * feat: add dns_porkbun * fix: prevent rate limit Co-authored-by: Vahid Fardi Co-authored-by: neil Co-authored-by: Gnought <1684105+gnought@users.noreply.github.com> Co-authored-by: manuel Co-authored-by: jerrm Co-authored-by: medmunds Co-authored-by: Mike Edmunds Co-authored-by: Easton Man Co-authored-by: czeming Co-authored-by: Geert Hendrickx Co-authored-by: Kristian Johansson Co-authored-by: Lukas Brocke Co-authored-by: anom-human <80478363+anom-human@users.noreply.github.com> Co-authored-by: neil Co-authored-by: Quentin Dreyer --- .github/workflows/DNS.yml | 4 +- .github/workflows/LetsEncrypt.yml | 4 +- acme.sh | 98 ++++++-- deploy/unifi.sh | 220 ++++++++++++---- dnsapi/dns_arvan.sh | 47 ++-- dnsapi/dns_dp.sh | 2 +- dnsapi/dns_duckdns.sh | 6 +- dnsapi/dns_huaweicloud.sh | 36 ++- dnsapi/dns_ionos.sh | 28 +-- dnsapi/dns_namecheap.sh | 6 +- dnsapi/dns_pdns.sh | 4 +- dnsapi/dns_porkbun.sh | 157 ++++++++++++ dnsapi/dns_servercow.sh | 42 +++- dnsapi/dns_simply.sh | 18 +- notify/smtp.sh | 402 +++++++++++++++++++++++++++++- 15 files changed, 912 insertions(+), 162 deletions(-) create mode 100644 dnsapi/dns_porkbun.sh diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 5dc2d453..ed0426ad 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -184,7 +184,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.0.7 + - uses: vmactions/freebsd-vm@v0.1.2 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl @@ -223,7 +223,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.1 + - uses: vmactions/solaris-vm@v0.0.3 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkgutil -y -i socat curl diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 8d0c4eb0..7c398c09 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -111,7 +111,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.0.7 + - uses: vmactions/freebsd-vm@v0.1.2 with: envs: 'NGROK_TOKEN TEST_LOCAL' prepare: pkg install -y socat curl @@ -136,7 +136,7 @@ jobs: run: echo "TestingDomain=${{steps.ngrok.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.1 + - uses: vmactions/solaris-vm@v0.0.3 with: envs: 'TEST_LOCAL TestingDomain' nat: | diff --git a/acme.sh b/acme.sh index a1ad4195..8d422719 100755 --- a/acme.sh +++ b/acme.sh @@ -562,8 +562,16 @@ if _exists xargs && [ "$(printf %s '\\x41' | xargs printf)" = 'A' ]; then fi _h2b() { - if _exists xxd && xxd -r -p 2>/dev/null; then - return + if _exists xxd; then + if _contains "$(xxd --help 2>&1)" "assumes -c30"; then + if xxd -r -p -c 9999 2>/dev/null; then + return + fi + else + if xxd -r -p 2>/dev/null; then + return + fi + fi fi hex=$(cat) @@ -1124,7 +1132,7 @@ _createkey() { if _isEccKey "$length"; then _debug "Using ec name: $eccname" - if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null)"; then + if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -noout -genkey 2>/dev/null)"; then echo "$_opkey" >"$f" else _err "error ecc key name: $eccname" @@ -1132,7 +1140,11 @@ _createkey() { fi else _debug "Using RSA: $length" - if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa "$length" 2>/dev/null)"; then + __traditional="" + if _contains "$(${ACME_OPENSSL_BIN:-openssl} help genrsa 2>&1)" "-traditional"; then + __traditional="-traditional" + fi + if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa $__traditional "$length" 2>/dev/null)"; then echo "$_opkey" >"$f" else _err "error rsa key: $length" @@ -2121,6 +2133,12 @@ _send_signed_request() { _sleep $_sleep_retry_sec continue fi + if _contains "$_body" "The Replay Nonce is not recognized"; then + _info "The replay Nonce is not valid, let's get a new one, Sleeping $_sleep_retry_sec seconds." + _CACHED_NONCE="" + _sleep $_sleep_retry_sec + continue + fi fi return 0 done @@ -2279,6 +2297,13 @@ _clearaccountconf() { _clear_conf "$ACCOUNT_CONF_PATH" "$1" } +#key +_clearaccountconf_mutable() { + _clearaccountconf "SAVED_$1" + #remove later + _clearaccountconf "$1" +} + #_savecaconf key value _savecaconf() { _save_conf "$CA_CONF" "$1" "$2" @@ -4009,12 +4034,42 @@ _check_dns_entries() { } #file -_get_cert_issuers() { +_get_chain_issuers() { _cfile="$1" - if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then - ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 + if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -help 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then + ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep -i 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 else - ${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 + _cindex=1 + for _startn in $(grep -n -- "$BEGIN_CERT" "$_cfile" | cut -d : -f 1); do + _endn="$(grep -n -- "$END_CERT" "$_cfile" | cut -d : -f 1 | _head_n $_cindex | _tail_n 1)" + _debug2 "_startn" "$_startn" + _debug2 "_endn" "$_endn" + if [ "$DEBUG" ]; then + _debug2 "cert$_cindex" "$(sed -n "$_startn,${_endn}p" "$_cfile")" + fi + sed -n "$_startn,${_endn}p" "$_cfile" | ${ACME_OPENSSL_BIN:-openssl} x509 -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 | sed "s/ *\(.*\)/\1/" + _cindex=$(_math $_cindex + 1) + done + fi +} + +# +_get_chain_subjects() { + _cfile="$1" + if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -help 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then + ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep -i 'Subject:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 + else + _cindex=1 + for _startn in $(grep -n -- "$BEGIN_CERT" "$_cfile" | cut -d : -f 1); do + _endn="$(grep -n -- "$END_CERT" "$_cfile" | cut -d : -f 1 | _head_n $_cindex | _tail_n 1)" + _debug2 "_startn" "$_startn" + _debug2 "_endn" "$_endn" + if [ "$DEBUG" ]; then + _debug2 "cert$_cindex" "$(sed -n "$_startn,${_endn}p" "$_cfile")" + fi + sed -n "$_startn,${_endn}p" "$_cfile" | ${ACME_OPENSSL_BIN:-openssl} x509 -text -noout | grep -i 'Subject:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 | sed "s/ *\(.*\)/\1/" + _cindex=$(_math $_cindex + 1) + done fi } @@ -4022,14 +4077,12 @@ _get_cert_issuers() { _match_issuer() { _cfile="$1" _missuer="$2" - _fissuers="$(_get_cert_issuers $_cfile)" + _fissuers="$(_get_chain_issuers $_cfile)" _debug2 _fissuers "$_fissuers" - if _contains "$_fissuers" "$_missuer"; then - return 0 - fi - _fissuers="$(echo "$_fissuers" | _lower_case)" + _rootissuer="$(echo "$_fissuers" | _lower_case | _tail_n 1)" + _debug2 _rootissuer "$_rootissuer" _missuer="$(echo "$_missuer" | _lower_case)" - _contains "$_fissuers" "$_missuer" + _contains "$_rootissuer" "$_missuer" } #webroot, domain domainlist keylength @@ -4803,6 +4856,9 @@ $_authorizations_map" _split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH" if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then + if [ "$DEBUG" ]; then + _debug "default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")" + fi if ! _match_issuer "$CERT_FULLCHAIN_PATH" "$_preferred_chain"; then rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)" _debug2 "rels" "$rels" @@ -4818,13 +4874,22 @@ $_authorizations_map" _relca="$CA_CERT_PATH.alt" echo "$response" >"$_relcert" _split_cert_chain "$_relcert" "$_relfullchain" "$_relca" + if [ "$DEBUG" ]; then + _debug "rel chain issuers: " "$(_get_chain_issuers "$_relfullchain")" + fi if _match_issuer "$_relfullchain" "$_preferred_chain"; then _info "Matched issuer in: $rel" cat $_relcert >"$CERT_PATH" cat $_relfullchain >"$CERT_FULLCHAIN_PATH" cat $_relca >"$CA_CERT_PATH" + rm -f "$_relcert" + rm -f "$_relfullchain" + rm -f "$_relca" break fi + rm -f "$_relcert" + rm -f "$_relfullchain" + rm -f "$_relca" done fi fi @@ -5222,6 +5287,7 @@ signcsr() { _renew_hook="${10}" _local_addr="${11}" _challenge_alias="${12}" + _preferred_chain="${13}" _csrsubj=$(_readSubjectFromCSR "$_csrfile") if [ "$?" != "0" ]; then @@ -5268,7 +5334,7 @@ signcsr() { _info "Copy csr to: $CSR_PATH" cp "$_csrfile" "$CSR_PATH" - issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" + issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" "$_preferred_chain" } @@ -7365,7 +7431,7 @@ _process() { deploy "$_domain" "$_deploy_hook" "$_ecc" ;; signcsr) - signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" + signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" ;; showcsr) showcsr "$_csr" "$_domain" diff --git a/deploy/unifi.sh b/deploy/unifi.sh index 184aa62e..a864135e 100644 --- a/deploy/unifi.sh +++ b/deploy/unifi.sh @@ -1,12 +1,43 @@ #!/usr/bin/env sh -#Here is a script to deploy cert to unifi server. +# Here is a script to deploy cert on a Unifi Controller or Cloud Key device. +# It supports: +# - self-hosted Unifi Controller +# - Unifi Cloud Key (Gen1/2/2+) +# - Unifi Cloud Key running UnifiOS (v2.0.0+, Gen2/2+ only) +# Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3359 #returns 0 means success, otherwise error. +# The deploy-hook automatically detects standard Unifi installations +# for each of the supported environments. Most users should not need +# to set any of these variables, but if you are running a self-hosted +# Controller with custom locations, set these as necessary before running +# the deploy hook. (Defaults shown below.) +# +# Settings for Unifi Controller: +# Location of Java keystore or unifi.keystore.jks file: #DEPLOY_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore" +# Keystore password (built into Unifi Controller, not a user-set password): #DEPLOY_UNIFI_KEYPASS="aircontrolenterprise" +# Command to restart Unifi Controller: #DEPLOY_UNIFI_RELOAD="service unifi restart" +# +# Settings for Unifi Cloud Key Gen1 (nginx admin pages): +# Directory where cloudkey.crt and cloudkey.key live: +#DEPLOY_UNIFI_CLOUDKEY_CERTDIR="/etc/ssl/private" +# Command to restart maintenance pages and Controller +# (same setting as above, default is updated when running on Cloud Key Gen1): +#DEPLOY_UNIFI_RELOAD="service nginx restart && service unifi restart" +# +# Settings for UnifiOS (Cloud Key Gen2): +# Directory where unifi-core.crt and unifi-core.key live: +#DEPLOY_UNIFI_CORE_CONFIG="/data/unifi-core/config/" +# Command to restart unifi-core: +#DEPLOY_UNIFI_RELOAD="systemctl restart unifi-core" +# +# At least one of DEPLOY_UNIFI_KEYSTORE, DEPLOY_UNIFI_CLOUDKEY_CERTDIR, +# or DEPLOY_UNIFI_CORE_CONFIG must exist to receive the deployed certs. ######## Public functions ##################### @@ -24,77 +55,160 @@ unifi_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - if ! _exists keytool; then - _err "keytool not found" - return 1 - fi + _getdeployconf DEPLOY_UNIFI_KEYSTORE + _getdeployconf DEPLOY_UNIFI_KEYPASS + _getdeployconf DEPLOY_UNIFI_CLOUDKEY_CERTDIR + _getdeployconf DEPLOY_UNIFI_CORE_CONFIG + _getdeployconf DEPLOY_UNIFI_RELOAD + + _debug2 DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE" + _debug2 DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS" + _debug2 DEPLOY_UNIFI_CLOUDKEY_CERTDIR "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" + _debug2 DEPLOY_UNIFI_CORE_CONFIG "$DEPLOY_UNIFI_CORE_CONFIG" + _debug2 DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD" + + # Space-separated list of environments detected and installed: + _services_updated="" + + # Default reload commands accumulated as we auto-detect environments: + _reload_cmd="" + + # Unifi Controller environment (self hosted or any Cloud Key) -- + # auto-detect by file /usr/lib/unifi/data/keystore: + _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-/usr/lib/unifi/data/keystore}" + if [ -f "$_unifi_keystore" ]; then + _info "Installing certificate for Unifi Controller (Java keystore)" + _debug _unifi_keystore "$_unifi_keystore" + if ! _exists keytool; then + _err "keytool not found" + return 1 + fi + if [ ! -w "$_unifi_keystore" ]; then + _err "The file $_unifi_keystore is not writable, please change the permission." + return 1 + fi + + _unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-aircontrolenterprise}" - DEFAULT_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore" - _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-$DEFAULT_UNIFI_KEYSTORE}" - DEFAULT_UNIFI_KEYPASS="aircontrolenterprise" - _unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-$DEFAULT_UNIFI_KEYPASS}" - DEFAULT_UNIFI_RELOAD="service unifi restart" - _reload="${DEPLOY_UNIFI_RELOAD:-$DEFAULT_UNIFI_RELOAD}" - - _debug _unifi_keystore "$_unifi_keystore" - if [ ! -f "$_unifi_keystore" ]; then - if [ -z "$DEPLOY_UNIFI_KEYSTORE" ]; then - _err "unifi keystore is not found, please define DEPLOY_UNIFI_KEYSTORE" + _debug "Generate import pkcs12" + _import_pkcs12="$(_mktemp)" + _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root + # shellcheck disable=SC2181 + if [ "$?" != "0" ]; then + _err "Error generating pkcs12. Please re-run with --debug and report a bug." return 1 + fi + + _debug "Import into keystore: $_unifi_keystore" + if keytool -importkeystore \ + -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \ + -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \ + -alias unifi -noprompt; then + _debug "Import keystore success!" + rm "$_import_pkcs12" else - _err "It seems that the specified unifi keystore is not valid, please check." + _err "Error importing into Unifi Java keystore." + _err "Please re-run with --debug and report a bug." + rm "$_import_pkcs12" return 1 fi + + if systemctl -q is-active unifi; then + _reload_cmd="${_reload_cmd:+$_reload_cmd && }service unifi restart" + fi + _services_updated="${_services_updated} unifi" + _info "Install Unifi Controller certificate success!" + elif [ "$DEPLOY_UNIFI_KEYSTORE" ]; then + _err "The specified DEPLOY_UNIFI_KEYSTORE='$DEPLOY_UNIFI_KEYSTORE' is not valid, please check." + return 1 fi - if [ ! -w "$_unifi_keystore" ]; then - _err "The file $_unifi_keystore is not writable, please change the permission." + + # Cloud Key environment (non-UnifiOS -- nginx serves admin pages) -- + # auto-detect by file /etc/ssl/private/cloudkey.key: + _cloudkey_certdir="${DEPLOY_UNIFI_CLOUDKEY_CERTDIR:-/etc/ssl/private}" + if [ -f "${_cloudkey_certdir}/cloudkey.key" ]; then + _info "Installing certificate for Cloud Key Gen1 (nginx admin pages)" + _debug _cloudkey_certdir "$_cloudkey_certdir" + if [ ! -w "$_cloudkey_certdir" ]; then + _err "The directory $_cloudkey_certdir is not writable; please check permissions." + return 1 + fi + # Cloud Key expects to load the keystore from /etc/ssl/private/unifi.keystore.jks. + # Normally /usr/lib/unifi/data/keystore is a symlink there (so the keystore was + # updated above), but if not, we don't know how to handle this installation: + if ! cmp -s "$_unifi_keystore" "${_cloudkey_certdir}/unifi.keystore.jks"; then + _err "Unsupported Cloud Key configuration: keystore not found at '${_cloudkey_certdir}/unifi.keystore.jks'" + return 1 + fi + + cat "$_cfullchain" >"${_cloudkey_certdir}/cloudkey.crt" + cat "$_ckey" >"${_cloudkey_certdir}/cloudkey.key" + (cd "$_cloudkey_certdir" && tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks) + + if systemctl -q is-active nginx; then + _reload_cmd="${_reload_cmd:+$_reload_cmd && }service nginx restart" + fi + _info "Install Cloud Key Gen1 certificate success!" + _services_updated="${_services_updated} nginx" + elif [ "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" ]; then + _err "The specified DEPLOY_UNIFI_CLOUDKEY_CERTDIR='$DEPLOY_UNIFI_CLOUDKEY_CERTDIR' is not valid, please check." return 1 fi - _info "Generate import pkcs12" - _import_pkcs12="$(_mktemp)" - _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root - if [ "$?" != "0" ]; then - _err "Oops, error creating import pkcs12, please report bug to us." + # UnifiOS environment -- auto-detect by /data/unifi-core/config/unifi-core.key: + _unifi_core_config="${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}" + if [ -f "${_unifi_core_config}/unifi-core.key" ]; then + _info "Installing certificate for UnifiOS" + _debug _unifi_core_config "$_unifi_core_config" + if [ ! -w "$_unifi_core_config" ]; then + _err "The directory $_unifi_core_config is not writable; please check permissions." + return 1 + fi + + cat "$_cfullchain" >"${_unifi_core_config}/unifi-core.crt" + cat "$_ckey" >"${_unifi_core_config}/unifi-core.key" + + if systemctl -q is-active unifi-core; then + _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi-core" + fi + _info "Install UnifiOS certificate success!" + _services_updated="${_services_updated} unifi-core" + elif [ "$DEPLOY_UNIFI_CORE_CONFIG" ]; then + _err "The specified DEPLOY_UNIFI_CORE_CONFIG='$DEPLOY_UNIFI_CORE_CONFIG' is not valid, please check." return 1 fi - _info "Modify unifi keystore: $_unifi_keystore" - if keytool -importkeystore \ - -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \ - -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \ - -alias unifi -noprompt; then - _info "Import keystore success!" - rm "$_import_pkcs12" - else - _err "Import unifi keystore error, please report bug to us." - rm "$_import_pkcs12" + if [ -z "$_services_updated" ]; then + # None of the Unifi environments were auto-detected, so no deployment has occurred + # (and none of DEPLOY_UNIFI_{KEYSTORE,CLOUDKEY_CERTDIR,CORE_CONFIG} were set). + _err "Unable to detect Unifi environment in standard location." + _err "(This deploy hook must be run on the Unifi device, not a remote machine.)" + _err "For non-standard Unifi installations, set DEPLOY_UNIFI_KEYSTORE," + _err "DEPLOY_UNIFI_CLOUDKEY_CERTDIR, and/or DEPLOY_UNIFI_CORE_CONFIG as appropriate." return 1 fi - _info "Run reload: $_reload" - if eval "$_reload"; then + _reload_cmd="${DEPLOY_UNIFI_RELOAD:-$_reload_cmd}" + if [ -z "$_reload_cmd" ]; then + _err "Certificates were installed for services:${_services_updated}," + _err "but none appear to be active. Please set DEPLOY_UNIFI_RELOAD" + _err "to a command that will restart the necessary services." + return 1 + fi + _info "Reload services (this may take some time): $_reload_cmd" + if eval "$_reload_cmd"; then _info "Reload success!" - if [ "$DEPLOY_UNIFI_KEYSTORE" ]; then - _savedomainconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE" - else - _cleardomainconf DEPLOY_UNIFI_KEYSTORE - fi - if [ "$DEPLOY_UNIFI_KEYPASS" ]; then - _savedomainconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS" - else - _cleardomainconf DEPLOY_UNIFI_KEYPASS - fi - if [ "$DEPLOY_UNIFI_RELOAD" ]; then - _savedomainconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD" - else - _cleardomainconf DEPLOY_UNIFI_RELOAD - fi - return 0 else _err "Reload error" return 1 fi - return 0 + # Successful, so save all (non-default) config: + _savedeployconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE" + _savedeployconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS" + _savedeployconf DEPLOY_UNIFI_CLOUDKEY_CERTDIR "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" + _savedeployconf DEPLOY_UNIFI_CORE_CONFIG "$DEPLOY_UNIFI_CORE_CONFIG" + _savedeployconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD" + + return 0 } diff --git a/dnsapi/dns_arvan.sh b/dnsapi/dns_arvan.sh index ca1f56c7..4c9217e5 100644 --- a/dnsapi/dns_arvan.sh +++ b/dnsapi/dns_arvan.sh @@ -1,10 +1,9 @@ #!/usr/bin/env sh -#Arvan_Token="xxxx" +#Arvan_Token="Apikey xxxx" ARVAN_API_URL="https://napi.arvancloud.com/cdn/4.0/domains" - -#Author: Ehsan Aliakbar +#Author: Vahid Fardi #Report Bugs here: https://github.com/Neilpang/acme.sh # ######## Public functions ##################### @@ -38,6 +37,7 @@ dns_arvan_add() { _info "Adding record" if _arvan_rest POST "$_domain/dns-records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":{\"text\":\"$txtvalue\"},\"ttl\":120}"; then if _contains "$response" "$txtvalue"; then + _info "response id is $response" _info "Added, OK" return 0 elif _contains "$response" "Record Data is Duplicated"; then @@ -49,7 +49,7 @@ dns_arvan_add() { fi fi _err "Add txt record error." - return 1 + return 0 } #Usage: fulldomain txtvalue @@ -73,33 +73,21 @@ dns_arvan_rm() { _debug _domain "$_domain" _debug "Getting txt records" - shorted_txtvalue=$(printf "%s" "$txtvalue" | cut -d "-" -d "_" -f1) - _arvan_rest GET "${_domain}/dns-records?search=$shorted_txtvalue" - + _arvan_rest GET "${_domain}/dns-records" if ! printf "%s" "$response" | grep \"current_page\":1 >/dev/null; then _err "Error on Arvan Api" _err "Please create a github issue with debbug log" return 1 fi - count=$(printf "%s\n" "$response" | _egrep_o "\"total\":[^,]*" | cut -d : -f 2) - _debug count "$count" - if [ "$count" = "0" ]; then - _info "Don't need to remove." - else - record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1) - _debug "record_id" "$record_id" - if [ -z "$record_id" ]; then - _err "Can not get record id to remove." - return 1 - fi - if ! _arvan_rest "DELETE" "${_domain}/dns-records/$record_id"; then - _err "Delete record error." - return 1 - fi - _debug "$response" - _contains "$response" 'dns record deleted' + _record_id=$(echo "$response" | _egrep_o ".\"id\":\"[^\"]*\",\"type\":\"txt\",\"name\":\"_acme-challenge\",\"value\":{\"text\":\"$txtvalue\"}" | cut -d : -f 2 | cut -d , -f 1 | tr -d \") + if ! _arvan_rest "DELETE" "${_domain}/dns-records/${_record_id}"; then + _err "Error on Arvan Api" + return 1 fi + _debug "$response" + _contains "$response" 'dns record deleted' + return 0 } #################### Private functions below ################################## @@ -111,7 +99,7 @@ dns_arvan_rm() { # _domain_id=sdjkglgdfewsdfg _get_root() { domain=$1 - i=1 + i=2 p=1 while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) @@ -121,12 +109,11 @@ _get_root() { return 1 fi - if ! _arvan_rest GET "?search=$h"; then + if ! _arvan_rest GET "$h"; then return 1 fi - - if _contains "$response" "\"domain\":\"$h\"" || _contains "$response" '"total":1'; then - _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") + if _contains "$response" "\"domain\":\"$h\""; then + _domain_id=$(echo "$response" | cut -d : -f 3 | cut -d , -f 1 | tr -d \") if [ "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h @@ -146,7 +133,6 @@ _arvan_rest() { data="$3" token_trimmed=$(echo "$Arvan_Token" | tr -d '"') - export _H1="Authorization: $token_trimmed" if [ "$mtd" = "DELETE" ]; then @@ -160,4 +146,5 @@ _arvan_rest() { else response="$(_get "$ARVAN_API_URL/$ep$data")" fi + return 0 } diff --git a/dnsapi/dns_dp.sh b/dnsapi/dns_dp.sh index 033fa5aa..9b8b7a8b 100755 --- a/dnsapi/dns_dp.sh +++ b/dnsapi/dns_dp.sh @@ -89,7 +89,7 @@ add_record() { _info "Adding record" - if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认"; then + if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=%E9%BB%98%E8%AE%A4"; then return 1 fi diff --git a/dnsapi/dns_duckdns.sh b/dnsapi/dns_duckdns.sh index 618e12c6..d6e1dbdc 100755 --- a/dnsapi/dns_duckdns.sh +++ b/dnsapi/dns_duckdns.sh @@ -12,7 +12,7 @@ DuckDNS_API="https://www.duckdns.org/update" -######## Public functions ##################### +######## Public functions ###################### #Usage: dns_duckdns_add _acme-challenge.domain.duckdns.org "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_duckdns_add() { @@ -112,7 +112,7 @@ _duckdns_rest() { param="$2" _debug param "$param" url="$DuckDNS_API?$param" - if [ "$DEBUG" -gt 0 ]; then + if [ -n "$DEBUG" ] && [ "$DEBUG" -gt 0 ]; then url="$url&verbose=true" fi _debug url "$url" @@ -121,7 +121,7 @@ _duckdns_rest() { if [ "$method" = "GET" ]; then response="$(_get "$url")" _debug2 response "$response" - if [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then + if [ -n "$DEBUG" ] && [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then response="OK" fi else diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index 74fec2a9..f7192725 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -5,7 +5,7 @@ # HUAWEICLOUD_ProjectID iam_api="https://iam.myhuaweicloud.com" -dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" +dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work ######## Public functions ##################### @@ -29,16 +29,27 @@ dns_huaweicloud_add() { return 1 fi + unset token # Clear token token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" - _debug2 "${token}" + if [ -z "${token}" ]; then # Check token + _err "dns_api(dns_huaweicloud): Error getting token." + return 1 + fi + _debug "Access token is: ${token}" + + unset zoneid zoneid="$(_get_zoneid "${token}" "${fulldomain}")" - _debug "${zoneid}" + if [ -z "${zoneid}" ]; then + _err "dns_api(dns_huaweicloud): Error getting zone id." + return 1 + fi + _debug "Zone ID is: ${zoneid}" _debug "Adding Record" _add_record "${token}" "${fulldomain}" "${txtvalue}" ret="$?" if [ "${ret}" != "0" ]; then - _err "dns_huaweicloud: Error adding record." + _err "dns_api(dns_huaweicloud): Error adding record." return 1 fi @@ -69,12 +80,21 @@ dns_huaweicloud_rm() { return 1 fi + unset token # Clear token token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" - _debug2 "${token}" + if [ -z "${token}" ]; then # Check token + _err "dns_api(dns_huaweicloud): Error getting token." + return 1 + fi + _debug "Access token is: ${token}" + + unset zoneid zoneid="$(_get_zoneid "${token}" "${fulldomain}")" - _debug "${zoneid}" - record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" - _debug "Record Set ID is: ${record_id}" + if [ -z "${zoneid}" ]; then + _err "dns_api(dns_huaweicloud): Error getting zone id." + return 1 + fi + _debug "Zone ID is: ${zoneid}" # Remove all records # Therotically HuaweiCloud does not allow more than one record set diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index e6bd5000..aaf8580f 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -24,20 +24,9 @@ dns_ionos_add() { return 1 fi - _new_record="{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}" + _body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" - # As no POST route is supported by the API, check for existing records and include them in the PATCH request in order not delete them. - # This is required to support ACME v2 wildcard certificate creation, where two TXT records for the same domain name are created. - - _ionos_get_existing_records "$fulldomain" "$_zone_id" - - if [ "$_existing_records" ]; then - _body="[$_new_record,$_existing_records]" - else - _body="[$_new_record]" - fi - - if _ionos_rest PATCH "$IONOS_ROUTE_ZONES/$_zone_id" "$_body" && [ -z "$response" ]; then + if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ -z "$response" ]; then _info "TXT record has been created successfully." return 0 fi @@ -125,17 +114,6 @@ _get_root() { return 1 } -_ionos_get_existing_records() { - fulldomain=$1 - zone_id=$2 - - if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then - response="$(echo "$response" | tr -d "\n")" - - _existing_records="$(printf "%s\n" "$response" | _egrep_o "\"records\":\[.*\]" | _head_n 1 | cut -d '[' -f 2 | sed 's/]//')" - fi -} - _ionos_get_record() { fulldomain=$1 zone_id=$2 @@ -168,7 +146,7 @@ _ionos_rest() { export _H2="Accept: application/json" export _H3="Content-Type: application/json" - response="$(_post "$data" "$IONOS_API$route" "" "$method")" + response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")" else export _H2="Accept: */*" diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh index 7ce39fa9..d15d6b0e 100755 --- a/dnsapi/dns_namecheap.sh +++ b/dnsapi/dns_namecheap.sh @@ -208,7 +208,7 @@ _namecheap_parse_host() { _hostid=$(echo "$_host" | _egrep_o ' HostId="[^"]*' | cut -d '"' -f 2) _hostname=$(echo "$_host" | _egrep_o ' Name="[^"]*' | cut -d '"' -f 2) _hosttype=$(echo "$_host" | _egrep_o ' Type="[^"]*' | cut -d '"' -f 2) - _hostaddress=$(echo "$_host" | _egrep_o ' Address="[^"]*' | cut -d '"' -f 2) + _hostaddress=$(echo "$_host" | _egrep_o ' Address="[^"]*' | cut -d '"' -f 2 | _xml_decode) _hostmxpref=$(echo "$_host" | _egrep_o ' MXPref="[^"]*' | cut -d '"' -f 2) _hostttl=$(echo "$_host" | _egrep_o ' TTL="[^"]*' | cut -d '"' -f 2) @@ -405,3 +405,7 @@ _namecheap_set_tld_sld() { done } + +_xml_decode() { + sed 's/"/"/g' +} diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index 8f07e8c4..28b35492 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -175,13 +175,13 @@ _get_root() { i=1 if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then - _zones_response="$response" + _zones_response=$(echo "$response" | _normalizeJson) fi while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) - if _contains "$_zones_response" "\"name\": \"$h.\""; then + if _contains "$_zones_response" "\"name\":\"$h.\""; then _domain="$h." if [ -z "$h" ]; then _domain="=2E" diff --git a/dnsapi/dns_porkbun.sh b/dnsapi/dns_porkbun.sh new file mode 100644 index 00000000..18da6b2f --- /dev/null +++ b/dnsapi/dns_porkbun.sh @@ -0,0 +1,157 @@ +#!/usr/bin/env sh + +# +#PORKBUN_API_KEY="pk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +#PORKBUN_SECRET_API_KEY="sk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + +PORKBUN_Api="https://porkbun.com/api/json/v3" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_porkbun_add() { + fulldomain=$1 + txtvalue=$2 + + PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}" + PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}" + + if [ -z "$PORKBUN_API_KEY" ] || [ -z "$PORKBUN_SECRET_API_KEY" ]; then + PORKBUN_API_KEY='' + PORKBUN_SECRET_API_KEY='' + _err "You didn't specify a Porkbun api key and secret api key yet." + _err "You can get yours from here https://porkbun.com/account/api." + return 1 + fi + + #save the credentials to the account conf file. + _saveaccountconf_mutable PORKBUN_API_KEY "$PORKBUN_API_KEY" + _saveaccountconf_mutable PORKBUN_SECRET_API_KEY "$PORKBUN_SECRET_API_KEY" + + _debug 'First detect the root zone' + if ! _get_root "$fulldomain"; then + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so + # we can not use updating anymore. + # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) + # _debug count "$count" + # if [ "$count" = "0" ]; then + _info "Adding record" + if _porkbun_rest POST "dns/create/$_domain" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":120}"; then + if _contains "$response" '\"status\":"SUCCESS"'; then + _info "Added, OK" + return 0 + elif _contains "$response" "The record already exists"; then + _info "Already exists, OK" + return 0 + else + _err "Add txt record error. ($response)" + return 1 + fi + fi + _err "Add txt record error." + return 1 + +} + +#fulldomain txtvalue +dns_porkbun_rm() { + fulldomain=$1 + txtvalue=$2 + + PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}" + PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}" + + _debug 'First detect the root zone' + if ! _get_root "$fulldomain"; then + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Don't need to remove." + else + record_id=$(echo "$response" | tr '{' '\n' | grep "$txtvalue" | cut -d, -f1 | cut -d: -f2 | tr -d \") + _debug "record_id" "$record_id" + if [ -z "$record_id" ]; then + _err "Can not get record id to remove." + return 1 + fi + if ! _porkbun_rest POST "dns/delete/$_domain/$record_id"; then + _err "Delete record error." + return 1 + fi + echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null + fi + +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +_get_root() { + domain=$1 + i=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + return 1 + fi + + if _porkbun_rest POST "dns/retrieve/$h"; then + if _contains "$response" "\"status\":\"SUCCESS\""; then + _sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" + _domain=$h + return 0 + else + _debug "Go to next level of $_domain" + fi + else + _debug "Go to next level of $_domain" + fi + i=$(_math "$i" + 1) + done + + return 1 +} + +_porkbun_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + api_key_trimmed=$(echo "$PORKBUN_API_KEY" | tr -d '"') + secret_api_key_trimmed=$(echo "$PORKBUN_SECRET_API_KEY" | tr -d '"') + + test -z "$data" && data="{" || data="$(echo $data | cut -d'}' -f1)," + data="$data\"apikey\":\"$api_key_trimmed\",\"secretapikey\":\"$secret_api_key_trimmed\"}" + + export _H1="Content-Type: application/json" + + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$PORKBUN_Api/$ep" "" "$m")" + else + response="$(_get "$PORKBUN_Api/$ep")" + fi + + _sleep 3 # prevent rate limit + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} diff --git a/dnsapi/dns_servercow.sh b/dnsapi/dns_servercow.sh index e73d85b0..f70a2294 100755 --- a/dnsapi/dns_servercow.sh +++ b/dnsapi/dns_servercow.sh @@ -49,16 +49,42 @@ dns_servercow_add() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then - if printf -- "%s" "$response" | grep "ok" >/dev/null; then - _info "Added, OK" - return 0 - else - _err "add txt record error." - return 1 + # check whether a txt record already exists for the subdomain + if printf -- "%s" "$response" | grep "{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\"" >/dev/null; then + _info "A txt record with the same name already exists." + # trim the string on the left + txtvalue_old=${response#*{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\",\"content\":\"} + # trim the string on the right + txtvalue_old=${txtvalue_old%%\"*} + + _debug txtvalue_old "$txtvalue_old" + + _info "Add the new txtvalue to the existing txt record." + if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":[\"$txtvalue\",\"$txtvalue_old\"],\"ttl\":20}"; then + if printf -- "%s" "$response" | grep "ok" >/dev/null; then + _info "Added additional txtvalue, OK" + return 0 + else + _err "add txt record error." + return 1 + fi fi + _err "add txt record error." + return 1 + else + _info "There is no txt record with the name yet." + if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then + if printf -- "%s" "$response" | grep "ok" >/dev/null; then + _info "Added, OK" + return 0 + else + _err "add txt record error." + return 1 + fi + fi + _err "add txt record error." + return 1 fi - _err "add txt record error." return 1 } diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index d053dcf6..e0e05017 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -6,9 +6,11 @@ #SIMPLY_ApiKey="apikey" # #SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" - SIMPLY_Api_Default="https://api.simply.com/1" +#This is used for determining success of REST call +SIMPLY_SUCCESS_CODE='"status": 200' + ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_simply_add() { @@ -171,7 +173,7 @@ _get_root() { return 1 fi - if _contains "$response" '"code":"NOT_FOUND"'; then + if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then _debug "$h not found" else _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) @@ -196,6 +198,12 @@ _simply_add_record() { return 1 fi + if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then + _err "Call to API not sucessfull, see below message for more details" + _err "$response" + return 1 + fi + return 0 } @@ -211,6 +219,12 @@ _simply_delete_record() { return 1 fi + if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then + _err "Call to API not sucessfull, see below message for more details" + _err "$response" + return 1 + fi + return 0 } diff --git a/notify/smtp.sh b/notify/smtp.sh index 6aa37ca3..293c665e 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -2,14 +2,398 @@ # support smtp +# Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3358 + +# This implementation uses either curl or Python (3 or 2.7). +# (See also the "mail" notify hook, which supports other ways to send mail.) + +# SMTP_FROM="from@example.com" # required +# SMTP_TO="to@example.com" # required +# SMTP_HOST="smtp.example.com" # required +# SMTP_PORT="25" # defaults to 25, 465 or 587 depending on SMTP_SECURE +# SMTP_SECURE="tls" # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS) +# SMTP_USERNAME="" # set if SMTP server requires login +# SMTP_PASSWORD="" # set if SMTP server requires login +# SMTP_TIMEOUT="30" # seconds for SMTP operations to timeout +# SMTP_BIN="/path/to/python_or_curl" # default finds first of python3, python2.7, python, pypy3, pypy, curl on PATH + +SMTP_SECURE_DEFAULT="tls" +SMTP_TIMEOUT_DEFAULT="30" + +# subject content statuscode smtp_send() { - _subject="$1" - _content="$2" - _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped - _debug "_subject" "$_subject" - _debug "_content" "$_content" - _debug "_statusCode" "$_statusCode" - - _err "Not implemented yet." - return 1 + SMTP_SUBJECT="$1" + SMTP_CONTENT="$2" + # UNUSED: _statusCode="$3" # 0: success, 1: error 2($RENEW_SKIP): skipped + + # Load and validate config: + SMTP_BIN="$(_readaccountconf_mutable_default SMTP_BIN)" + if [ -n "$SMTP_BIN" ] && ! _exists "$SMTP_BIN"; then + _err "SMTP_BIN '$SMTP_BIN' does not exist." + return 1 + fi + if [ -z "$SMTP_BIN" ]; then + # Look for a command that can communicate with an SMTP server. + # (Please don't add sendmail, ssmtp, mutt, mail, or msmtp here. + # Those are already handled by the "mail" notify hook.) + for cmd in python3 python2.7 python pypy3 pypy curl; do + if _exists "$cmd"; then + SMTP_BIN="$cmd" + break + fi + done + if [ -z "$SMTP_BIN" ]; then + _err "The smtp notify-hook requires curl or Python, but can't find any." + _err 'If you have one of them, define SMTP_BIN="/path/to/curl_or_python".' + _err 'Otherwise, see if you can use the "mail" notify-hook instead.' + return 1 + fi + fi + _debug SMTP_BIN "$SMTP_BIN" + _saveaccountconf_mutable_default SMTP_BIN "$SMTP_BIN" + + SMTP_FROM="$(_readaccountconf_mutable_default SMTP_FROM)" + SMTP_FROM="$(_clean_email_header "$SMTP_FROM")" + if [ -z "$SMTP_FROM" ]; then + _err "You must define SMTP_FROM as the sender email address." + return 1 + fi + if _email_has_display_name "$SMTP_FROM"; then + _err "SMTP_FROM must be only a simple email address (sender@example.com)." + _err "Change your SMTP_FROM='$SMTP_FROM' to remove the display name." + return 1 + fi + _debug SMTP_FROM "$SMTP_FROM" + _saveaccountconf_mutable_default SMTP_FROM "$SMTP_FROM" + + SMTP_TO="$(_readaccountconf_mutable_default SMTP_TO)" + SMTP_TO="$(_clean_email_header "$SMTP_TO")" + if [ -z "$SMTP_TO" ]; then + _err "You must define SMTP_TO as the recipient email address(es)." + return 1 + fi + if _email_has_display_name "$SMTP_TO"; then + _err "SMTP_TO must be only simple email addresses (to@example.com,to2@example.com)." + _err "Change your SMTP_TO='$SMTP_TO' to remove the display name(s)." + return 1 + fi + _debug SMTP_TO "$SMTP_TO" + _saveaccountconf_mutable_default SMTP_TO "$SMTP_TO" + + SMTP_HOST="$(_readaccountconf_mutable_default SMTP_HOST)" + if [ -z "$SMTP_HOST" ]; then + _err "You must define SMTP_HOST as the SMTP server hostname." + return 1 + fi + _debug SMTP_HOST "$SMTP_HOST" + _saveaccountconf_mutable_default SMTP_HOST "$SMTP_HOST" + + SMTP_SECURE="$(_readaccountconf_mutable_default SMTP_SECURE "$SMTP_SECURE_DEFAULT")" + case "$SMTP_SECURE" in + "none") smtp_port_default="25" ;; + "ssl") smtp_port_default="465" ;; + "tls") smtp_port_default="587" ;; + *) + _err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'." + return 1 + ;; + esac + _debug SMTP_SECURE "$SMTP_SECURE" + _saveaccountconf_mutable_default SMTP_SECURE "$SMTP_SECURE" "$SMTP_SECURE_DEFAULT" + + SMTP_PORT="$(_readaccountconf_mutable_default SMTP_PORT "$smtp_port_default")" + case "$SMTP_PORT" in + *[!0-9]*) + _err "Invalid SMTP_PORT='$SMTP_PORT'. It must be a port number." + return 1 + ;; + esac + _debug SMTP_PORT "$SMTP_PORT" + _saveaccountconf_mutable_default SMTP_PORT "$SMTP_PORT" "$smtp_port_default" + + SMTP_USERNAME="$(_readaccountconf_mutable_default SMTP_USERNAME)" + _debug SMTP_USERNAME "$SMTP_USERNAME" + _saveaccountconf_mutable_default SMTP_USERNAME "$SMTP_USERNAME" + + SMTP_PASSWORD="$(_readaccountconf_mutable_default SMTP_PASSWORD)" + _secure_debug SMTP_PASSWORD "$SMTP_PASSWORD" + _saveaccountconf_mutable_default SMTP_PASSWORD "$SMTP_PASSWORD" + + SMTP_TIMEOUT="$(_readaccountconf_mutable_default SMTP_TIMEOUT "$SMTP_TIMEOUT_DEFAULT")" + _debug SMTP_TIMEOUT "$SMTP_TIMEOUT" + _saveaccountconf_mutable_default SMTP_TIMEOUT "$SMTP_TIMEOUT" "$SMTP_TIMEOUT_DEFAULT" + + SMTP_X_MAILER="$(_clean_email_header "$PROJECT_NAME $VER --notify-hook smtp")" + + # Run with --debug 2 (or above) to echo the transcript of the SMTP session. + # Careful: this may include SMTP_PASSWORD in plaintext! + if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then + SMTP_SHOW_TRANSCRIPT="True" + else + SMTP_SHOW_TRANSCRIPT="" + fi + + SMTP_SUBJECT=$(_clean_email_header "$SMTP_SUBJECT") + _debug SMTP_SUBJECT "$SMTP_SUBJECT" + _debug SMTP_CONTENT "$SMTP_CONTENT" + + # Send the message: + case "$(basename "$SMTP_BIN")" in + curl) _smtp_send=_smtp_send_curl ;; + py*) _smtp_send=_smtp_send_python ;; + *) + _err "Can't figure out how to invoke '$SMTP_BIN'." + _err "Check your SMTP_BIN setting." + return 1 + ;; + esac + + if ! smtp_output="$($_smtp_send)"; then + _err "Error sending message with $SMTP_BIN." + if [ -n "$smtp_output" ]; then + _err "$smtp_output" + fi + return 1 + fi + + return 0 +} + +# Strip CR and NL from text to prevent MIME header injection +# text +_clean_email_header() { + printf "%s" "$(echo "$1" | tr -d "\r\n")" +} + +# Simple check for display name in an email address (< > or ") +# email +_email_has_display_name() { + _email="$1" + expr "$_email" : '^.*[<>"]' >/dev/null +} + +## +## curl smtp sending +## + +# Send the message via curl using SMTP_* variables +_smtp_send_curl() { + # Build curl args in $@ + case "$SMTP_SECURE" in + none) + set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}" + ;; + ssl) + set -- --url "smtps://${SMTP_HOST}:${SMTP_PORT}" + ;; + tls) + set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}" --ssl-reqd + ;; + *) + # This will only occur if someone adds a new SMTP_SECURE option above + # without updating this code for it. + _err "Unhandled SMTP_SECURE='$SMTP_SECURE' in _smtp_send_curl" + _err "Please re-run with --debug and report a bug." + return 1 + ;; + esac + + set -- "$@" \ + --upload-file - \ + --mail-from "$SMTP_FROM" \ + --max-time "$SMTP_TIMEOUT" + + # Burst comma-separated $SMTP_TO into individual --mail-rcpt args. + _to="${SMTP_TO}," + while [ -n "$_to" ]; do + _rcpt="${_to%%,*}" + _to="${_to#*,}" + set -- "$@" --mail-rcpt "$_rcpt" + done + + _smtp_login="${SMTP_USERNAME}:${SMTP_PASSWORD}" + if [ "$_smtp_login" != ":" ]; then + set -- "$@" --user "$_smtp_login" + fi + + if [ "$SMTP_SHOW_TRANSCRIPT" = "True" ]; then + set -- "$@" --verbose + else + set -- "$@" --silent --show-error + fi + + raw_message="$(_smtp_raw_message)" + + _debug2 "curl command:" "$SMTP_BIN" "$*" + _debug2 "raw_message:\n$raw_message" + + echo "$raw_message" | "$SMTP_BIN" "$@" +} + +# Output an RFC-822 / RFC-5322 email message using SMTP_* variables. +# (This assumes variables have already been cleaned for use in email headers.) +_smtp_raw_message() { + echo "From: $SMTP_FROM" + echo "To: $SMTP_TO" + echo "Subject: $(_mime_encoded_word "$SMTP_SUBJECT")" + echo "Date: $(_rfc2822_date)" + echo "Content-Type: text/plain; charset=utf-8" + echo "X-Mailer: $SMTP_X_MAILER" + echo + echo "$SMTP_CONTENT" +} + +# Convert text to RFC-2047 MIME "encoded word" format if it contains non-ASCII chars +# text +_mime_encoded_word() { + _text="$1" + # (regex character ranges like [a-z] can be locale-dependent; enumerate ASCII chars to avoid that) + _ascii='] $`"'"[!#%&'()*+,./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ~^_abcdefghijklmnopqrstuvwxyz{|}~-" + if expr "$_text" : "^.*[^$_ascii]" >/dev/null; then + # At least one non-ASCII char; convert entire thing to encoded word + printf "%s" "=?UTF-8?B?$(printf "%s" "$_text" | _base64)?=" + else + # Just printable ASCII, no conversion needed + printf "%s" "$_text" + fi +} + +# Output current date in RFC-2822 Section 3.3 format as required in email headers +# (e.g., "Mon, 15 Feb 2021 14:22:01 -0800") +_rfc2822_date() { + # Notes: + # - this is deliberately not UTC, because it "SHOULD express local time" per spec + # - the spec requires weekday and month in the C locale (English), not localized + # - this date format specifier has been tested on Linux, Mac, Solaris and FreeBSD + _old_lc_time="$LC_TIME" + LC_TIME=C + date +'%a, %-d %b %Y %H:%M:%S %z' + LC_TIME="$_old_lc_time" +} + +## +## Python smtp sending +## + +# Send the message via Python using SMTP_* variables +_smtp_send_python() { + _debug "Python version" "$("$SMTP_BIN" --version 2>&1)" + + # language=Python + "$SMTP_BIN" < Date: Sun, 21 Mar 2021 22:46:35 +0800 Subject: [PATCH 0293/1526] fix freebsd --- .github/workflows/DNS.yml | 2 +- .github/workflows/LetsEncrypt.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index ed0426ad..5ff1f8ab 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -184,7 +184,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.2 + - uses: vmactions/freebsd-vm@v0.1.3 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 7c398c09..7193d88d 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -111,7 +111,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.2 + - uses: vmactions/freebsd-vm@v0.1.3 with: envs: 'NGROK_TOKEN TEST_LOCAL' prepare: pkg install -y socat curl From 8de3698b230da82f4eac2d5e04a8a754d8d92faa Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Sun, 21 Mar 2021 16:16:38 +0100 Subject: [PATCH 0294/1526] Revert "Syncing with the original repo (#2)" This reverts commit c384ed960c138f4449e79293644c4d0ec937cef1. --- .github/workflows/DNS.yml | 4 +- .github/workflows/LetsEncrypt.yml | 4 +- acme.sh | 98 ++------ deploy/unifi.sh | 220 ++++------------ dnsapi/dns_arvan.sh | 47 ++-- dnsapi/dns_dp.sh | 2 +- dnsapi/dns_duckdns.sh | 6 +- dnsapi/dns_huaweicloud.sh | 36 +-- dnsapi/dns_ionos.sh | 28 ++- dnsapi/dns_namecheap.sh | 6 +- dnsapi/dns_pdns.sh | 4 +- dnsapi/dns_porkbun.sh | 157 ------------ dnsapi/dns_servercow.sh | 42 +--- dnsapi/dns_simply.sh | 18 +- notify/smtp.sh | 402 +----------------------------- 15 files changed, 162 insertions(+), 912 deletions(-) delete mode 100644 dnsapi/dns_porkbun.sh diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index ed0426ad..5dc2d453 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -184,7 +184,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.2 + - uses: vmactions/freebsd-vm@v0.0.7 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl @@ -223,7 +223,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.3 + - uses: vmactions/solaris-vm@v0.0.1 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkgutil -y -i socat curl diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 7c398c09..8d0c4eb0 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -111,7 +111,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.2 + - uses: vmactions/freebsd-vm@v0.0.7 with: envs: 'NGROK_TOKEN TEST_LOCAL' prepare: pkg install -y socat curl @@ -136,7 +136,7 @@ jobs: run: echo "TestingDomain=${{steps.ngrok.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.3 + - uses: vmactions/solaris-vm@v0.0.1 with: envs: 'TEST_LOCAL TestingDomain' nat: | diff --git a/acme.sh b/acme.sh index 8d422719..a1ad4195 100755 --- a/acme.sh +++ b/acme.sh @@ -562,16 +562,8 @@ if _exists xargs && [ "$(printf %s '\\x41' | xargs printf)" = 'A' ]; then fi _h2b() { - if _exists xxd; then - if _contains "$(xxd --help 2>&1)" "assumes -c30"; then - if xxd -r -p -c 9999 2>/dev/null; then - return - fi - else - if xxd -r -p 2>/dev/null; then - return - fi - fi + if _exists xxd && xxd -r -p 2>/dev/null; then + return fi hex=$(cat) @@ -1132,7 +1124,7 @@ _createkey() { if _isEccKey "$length"; then _debug "Using ec name: $eccname" - if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -noout -genkey 2>/dev/null)"; then + if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null)"; then echo "$_opkey" >"$f" else _err "error ecc key name: $eccname" @@ -1140,11 +1132,7 @@ _createkey() { fi else _debug "Using RSA: $length" - __traditional="" - if _contains "$(${ACME_OPENSSL_BIN:-openssl} help genrsa 2>&1)" "-traditional"; then - __traditional="-traditional" - fi - if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa $__traditional "$length" 2>/dev/null)"; then + if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa "$length" 2>/dev/null)"; then echo "$_opkey" >"$f" else _err "error rsa key: $length" @@ -2133,12 +2121,6 @@ _send_signed_request() { _sleep $_sleep_retry_sec continue fi - if _contains "$_body" "The Replay Nonce is not recognized"; then - _info "The replay Nonce is not valid, let's get a new one, Sleeping $_sleep_retry_sec seconds." - _CACHED_NONCE="" - _sleep $_sleep_retry_sec - continue - fi fi return 0 done @@ -2297,13 +2279,6 @@ _clearaccountconf() { _clear_conf "$ACCOUNT_CONF_PATH" "$1" } -#key -_clearaccountconf_mutable() { - _clearaccountconf "SAVED_$1" - #remove later - _clearaccountconf "$1" -} - #_savecaconf key value _savecaconf() { _save_conf "$CA_CONF" "$1" "$2" @@ -4034,42 +4009,12 @@ _check_dns_entries() { } #file -_get_chain_issuers() { +_get_cert_issuers() { _cfile="$1" - if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -help 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then - ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep -i 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 + if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then + ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 else - _cindex=1 - for _startn in $(grep -n -- "$BEGIN_CERT" "$_cfile" | cut -d : -f 1); do - _endn="$(grep -n -- "$END_CERT" "$_cfile" | cut -d : -f 1 | _head_n $_cindex | _tail_n 1)" - _debug2 "_startn" "$_startn" - _debug2 "_endn" "$_endn" - if [ "$DEBUG" ]; then - _debug2 "cert$_cindex" "$(sed -n "$_startn,${_endn}p" "$_cfile")" - fi - sed -n "$_startn,${_endn}p" "$_cfile" | ${ACME_OPENSSL_BIN:-openssl} x509 -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 | sed "s/ *\(.*\)/\1/" - _cindex=$(_math $_cindex + 1) - done - fi -} - -# -_get_chain_subjects() { - _cfile="$1" - if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -help 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then - ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep -i 'Subject:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 - else - _cindex=1 - for _startn in $(grep -n -- "$BEGIN_CERT" "$_cfile" | cut -d : -f 1); do - _endn="$(grep -n -- "$END_CERT" "$_cfile" | cut -d : -f 1 | _head_n $_cindex | _tail_n 1)" - _debug2 "_startn" "$_startn" - _debug2 "_endn" "$_endn" - if [ "$DEBUG" ]; then - _debug2 "cert$_cindex" "$(sed -n "$_startn,${_endn}p" "$_cfile")" - fi - sed -n "$_startn,${_endn}p" "$_cfile" | ${ACME_OPENSSL_BIN:-openssl} x509 -text -noout | grep -i 'Subject:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 | sed "s/ *\(.*\)/\1/" - _cindex=$(_math $_cindex + 1) - done + ${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 fi } @@ -4077,12 +4022,14 @@ _get_chain_subjects() { _match_issuer() { _cfile="$1" _missuer="$2" - _fissuers="$(_get_chain_issuers $_cfile)" + _fissuers="$(_get_cert_issuers $_cfile)" _debug2 _fissuers "$_fissuers" - _rootissuer="$(echo "$_fissuers" | _lower_case | _tail_n 1)" - _debug2 _rootissuer "$_rootissuer" + if _contains "$_fissuers" "$_missuer"; then + return 0 + fi + _fissuers="$(echo "$_fissuers" | _lower_case)" _missuer="$(echo "$_missuer" | _lower_case)" - _contains "$_rootissuer" "$_missuer" + _contains "$_fissuers" "$_missuer" } #webroot, domain domainlist keylength @@ -4856,9 +4803,6 @@ $_authorizations_map" _split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH" if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then - if [ "$DEBUG" ]; then - _debug "default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")" - fi if ! _match_issuer "$CERT_FULLCHAIN_PATH" "$_preferred_chain"; then rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)" _debug2 "rels" "$rels" @@ -4874,22 +4818,13 @@ $_authorizations_map" _relca="$CA_CERT_PATH.alt" echo "$response" >"$_relcert" _split_cert_chain "$_relcert" "$_relfullchain" "$_relca" - if [ "$DEBUG" ]; then - _debug "rel chain issuers: " "$(_get_chain_issuers "$_relfullchain")" - fi if _match_issuer "$_relfullchain" "$_preferred_chain"; then _info "Matched issuer in: $rel" cat $_relcert >"$CERT_PATH" cat $_relfullchain >"$CERT_FULLCHAIN_PATH" cat $_relca >"$CA_CERT_PATH" - rm -f "$_relcert" - rm -f "$_relfullchain" - rm -f "$_relca" break fi - rm -f "$_relcert" - rm -f "$_relfullchain" - rm -f "$_relca" done fi fi @@ -5287,7 +5222,6 @@ signcsr() { _renew_hook="${10}" _local_addr="${11}" _challenge_alias="${12}" - _preferred_chain="${13}" _csrsubj=$(_readSubjectFromCSR "$_csrfile") if [ "$?" != "0" ]; then @@ -5334,7 +5268,7 @@ signcsr() { _info "Copy csr to: $CSR_PATH" cp "$_csrfile" "$CSR_PATH" - issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" "$_preferred_chain" + issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" } @@ -7431,7 +7365,7 @@ _process() { deploy "$_domain" "$_deploy_hook" "$_ecc" ;; signcsr) - signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" + signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" ;; showcsr) showcsr "$_csr" "$_domain" diff --git a/deploy/unifi.sh b/deploy/unifi.sh index a864135e..184aa62e 100644 --- a/deploy/unifi.sh +++ b/deploy/unifi.sh @@ -1,43 +1,12 @@ #!/usr/bin/env sh -# Here is a script to deploy cert on a Unifi Controller or Cloud Key device. -# It supports: -# - self-hosted Unifi Controller -# - Unifi Cloud Key (Gen1/2/2+) -# - Unifi Cloud Key running UnifiOS (v2.0.0+, Gen2/2+ only) -# Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3359 +#Here is a script to deploy cert to unifi server. #returns 0 means success, otherwise error. -# The deploy-hook automatically detects standard Unifi installations -# for each of the supported environments. Most users should not need -# to set any of these variables, but if you are running a self-hosted -# Controller with custom locations, set these as necessary before running -# the deploy hook. (Defaults shown below.) -# -# Settings for Unifi Controller: -# Location of Java keystore or unifi.keystore.jks file: #DEPLOY_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore" -# Keystore password (built into Unifi Controller, not a user-set password): #DEPLOY_UNIFI_KEYPASS="aircontrolenterprise" -# Command to restart Unifi Controller: #DEPLOY_UNIFI_RELOAD="service unifi restart" -# -# Settings for Unifi Cloud Key Gen1 (nginx admin pages): -# Directory where cloudkey.crt and cloudkey.key live: -#DEPLOY_UNIFI_CLOUDKEY_CERTDIR="/etc/ssl/private" -# Command to restart maintenance pages and Controller -# (same setting as above, default is updated when running on Cloud Key Gen1): -#DEPLOY_UNIFI_RELOAD="service nginx restart && service unifi restart" -# -# Settings for UnifiOS (Cloud Key Gen2): -# Directory where unifi-core.crt and unifi-core.key live: -#DEPLOY_UNIFI_CORE_CONFIG="/data/unifi-core/config/" -# Command to restart unifi-core: -#DEPLOY_UNIFI_RELOAD="systemctl restart unifi-core" -# -# At least one of DEPLOY_UNIFI_KEYSTORE, DEPLOY_UNIFI_CLOUDKEY_CERTDIR, -# or DEPLOY_UNIFI_CORE_CONFIG must exist to receive the deployed certs. ######## Public functions ##################### @@ -55,160 +24,77 @@ unifi_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - _getdeployconf DEPLOY_UNIFI_KEYSTORE - _getdeployconf DEPLOY_UNIFI_KEYPASS - _getdeployconf DEPLOY_UNIFI_CLOUDKEY_CERTDIR - _getdeployconf DEPLOY_UNIFI_CORE_CONFIG - _getdeployconf DEPLOY_UNIFI_RELOAD - - _debug2 DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE" - _debug2 DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS" - _debug2 DEPLOY_UNIFI_CLOUDKEY_CERTDIR "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" - _debug2 DEPLOY_UNIFI_CORE_CONFIG "$DEPLOY_UNIFI_CORE_CONFIG" - _debug2 DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD" - - # Space-separated list of environments detected and installed: - _services_updated="" - - # Default reload commands accumulated as we auto-detect environments: - _reload_cmd="" - - # Unifi Controller environment (self hosted or any Cloud Key) -- - # auto-detect by file /usr/lib/unifi/data/keystore: - _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-/usr/lib/unifi/data/keystore}" - if [ -f "$_unifi_keystore" ]; then - _info "Installing certificate for Unifi Controller (Java keystore)" - _debug _unifi_keystore "$_unifi_keystore" - if ! _exists keytool; then - _err "keytool not found" - return 1 - fi - if [ ! -w "$_unifi_keystore" ]; then - _err "The file $_unifi_keystore is not writable, please change the permission." - return 1 - fi - - _unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-aircontrolenterprise}" - - _debug "Generate import pkcs12" - _import_pkcs12="$(_mktemp)" - _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root - # shellcheck disable=SC2181 - if [ "$?" != "0" ]; then - _err "Error generating pkcs12. Please re-run with --debug and report a bug." - return 1 - fi - - _debug "Import into keystore: $_unifi_keystore" - if keytool -importkeystore \ - -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \ - -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \ - -alias unifi -noprompt; then - _debug "Import keystore success!" - rm "$_import_pkcs12" - else - _err "Error importing into Unifi Java keystore." - _err "Please re-run with --debug and report a bug." - rm "$_import_pkcs12" - return 1 - fi - - if systemctl -q is-active unifi; then - _reload_cmd="${_reload_cmd:+$_reload_cmd && }service unifi restart" - fi - _services_updated="${_services_updated} unifi" - _info "Install Unifi Controller certificate success!" - elif [ "$DEPLOY_UNIFI_KEYSTORE" ]; then - _err "The specified DEPLOY_UNIFI_KEYSTORE='$DEPLOY_UNIFI_KEYSTORE' is not valid, please check." + if ! _exists keytool; then + _err "keytool not found" return 1 fi - # Cloud Key environment (non-UnifiOS -- nginx serves admin pages) -- - # auto-detect by file /etc/ssl/private/cloudkey.key: - _cloudkey_certdir="${DEPLOY_UNIFI_CLOUDKEY_CERTDIR:-/etc/ssl/private}" - if [ -f "${_cloudkey_certdir}/cloudkey.key" ]; then - _info "Installing certificate for Cloud Key Gen1 (nginx admin pages)" - _debug _cloudkey_certdir "$_cloudkey_certdir" - if [ ! -w "$_cloudkey_certdir" ]; then - _err "The directory $_cloudkey_certdir is not writable; please check permissions." + DEFAULT_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore" + _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-$DEFAULT_UNIFI_KEYSTORE}" + DEFAULT_UNIFI_KEYPASS="aircontrolenterprise" + _unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-$DEFAULT_UNIFI_KEYPASS}" + DEFAULT_UNIFI_RELOAD="service unifi restart" + _reload="${DEPLOY_UNIFI_RELOAD:-$DEFAULT_UNIFI_RELOAD}" + + _debug _unifi_keystore "$_unifi_keystore" + if [ ! -f "$_unifi_keystore" ]; then + if [ -z "$DEPLOY_UNIFI_KEYSTORE" ]; then + _err "unifi keystore is not found, please define DEPLOY_UNIFI_KEYSTORE" return 1 - fi - # Cloud Key expects to load the keystore from /etc/ssl/private/unifi.keystore.jks. - # Normally /usr/lib/unifi/data/keystore is a symlink there (so the keystore was - # updated above), but if not, we don't know how to handle this installation: - if ! cmp -s "$_unifi_keystore" "${_cloudkey_certdir}/unifi.keystore.jks"; then - _err "Unsupported Cloud Key configuration: keystore not found at '${_cloudkey_certdir}/unifi.keystore.jks'" + else + _err "It seems that the specified unifi keystore is not valid, please check." return 1 fi - - cat "$_cfullchain" >"${_cloudkey_certdir}/cloudkey.crt" - cat "$_ckey" >"${_cloudkey_certdir}/cloudkey.key" - (cd "$_cloudkey_certdir" && tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks) - - if systemctl -q is-active nginx; then - _reload_cmd="${_reload_cmd:+$_reload_cmd && }service nginx restart" - fi - _info "Install Cloud Key Gen1 certificate success!" - _services_updated="${_services_updated} nginx" - elif [ "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" ]; then - _err "The specified DEPLOY_UNIFI_CLOUDKEY_CERTDIR='$DEPLOY_UNIFI_CLOUDKEY_CERTDIR' is not valid, please check." - return 1 fi - - # UnifiOS environment -- auto-detect by /data/unifi-core/config/unifi-core.key: - _unifi_core_config="${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}" - if [ -f "${_unifi_core_config}/unifi-core.key" ]; then - _info "Installing certificate for UnifiOS" - _debug _unifi_core_config "$_unifi_core_config" - if [ ! -w "$_unifi_core_config" ]; then - _err "The directory $_unifi_core_config is not writable; please check permissions." - return 1 - fi - - cat "$_cfullchain" >"${_unifi_core_config}/unifi-core.crt" - cat "$_ckey" >"${_unifi_core_config}/unifi-core.key" - - if systemctl -q is-active unifi-core; then - _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi-core" - fi - _info "Install UnifiOS certificate success!" - _services_updated="${_services_updated} unifi-core" - elif [ "$DEPLOY_UNIFI_CORE_CONFIG" ]; then - _err "The specified DEPLOY_UNIFI_CORE_CONFIG='$DEPLOY_UNIFI_CORE_CONFIG' is not valid, please check." + if [ ! -w "$_unifi_keystore" ]; then + _err "The file $_unifi_keystore is not writable, please change the permission." return 1 fi - if [ -z "$_services_updated" ]; then - # None of the Unifi environments were auto-detected, so no deployment has occurred - # (and none of DEPLOY_UNIFI_{KEYSTORE,CLOUDKEY_CERTDIR,CORE_CONFIG} were set). - _err "Unable to detect Unifi environment in standard location." - _err "(This deploy hook must be run on the Unifi device, not a remote machine.)" - _err "For non-standard Unifi installations, set DEPLOY_UNIFI_KEYSTORE," - _err "DEPLOY_UNIFI_CLOUDKEY_CERTDIR, and/or DEPLOY_UNIFI_CORE_CONFIG as appropriate." + _info "Generate import pkcs12" + _import_pkcs12="$(_mktemp)" + _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root + if [ "$?" != "0" ]; then + _err "Oops, error creating import pkcs12, please report bug to us." return 1 fi - _reload_cmd="${DEPLOY_UNIFI_RELOAD:-$_reload_cmd}" - if [ -z "$_reload_cmd" ]; then - _err "Certificates were installed for services:${_services_updated}," - _err "but none appear to be active. Please set DEPLOY_UNIFI_RELOAD" - _err "to a command that will restart the necessary services." + _info "Modify unifi keystore: $_unifi_keystore" + if keytool -importkeystore \ + -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \ + -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \ + -alias unifi -noprompt; then + _info "Import keystore success!" + rm "$_import_pkcs12" + else + _err "Import unifi keystore error, please report bug to us." + rm "$_import_pkcs12" return 1 fi - _info "Reload services (this may take some time): $_reload_cmd" - if eval "$_reload_cmd"; then + + _info "Run reload: $_reload" + if eval "$_reload"; then _info "Reload success!" + if [ "$DEPLOY_UNIFI_KEYSTORE" ]; then + _savedomainconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE" + else + _cleardomainconf DEPLOY_UNIFI_KEYSTORE + fi + if [ "$DEPLOY_UNIFI_KEYPASS" ]; then + _savedomainconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS" + else + _cleardomainconf DEPLOY_UNIFI_KEYPASS + fi + if [ "$DEPLOY_UNIFI_RELOAD" ]; then + _savedomainconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD" + else + _cleardomainconf DEPLOY_UNIFI_RELOAD + fi + return 0 else _err "Reload error" return 1 fi - - # Successful, so save all (non-default) config: - _savedeployconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE" - _savedeployconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS" - _savedeployconf DEPLOY_UNIFI_CLOUDKEY_CERTDIR "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" - _savedeployconf DEPLOY_UNIFI_CORE_CONFIG "$DEPLOY_UNIFI_CORE_CONFIG" - _savedeployconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD" - return 0 + } diff --git a/dnsapi/dns_arvan.sh b/dnsapi/dns_arvan.sh index 4c9217e5..ca1f56c7 100644 --- a/dnsapi/dns_arvan.sh +++ b/dnsapi/dns_arvan.sh @@ -1,9 +1,10 @@ #!/usr/bin/env sh -#Arvan_Token="Apikey xxxx" +#Arvan_Token="xxxx" ARVAN_API_URL="https://napi.arvancloud.com/cdn/4.0/domains" -#Author: Vahid Fardi + +#Author: Ehsan Aliakbar #Report Bugs here: https://github.com/Neilpang/acme.sh # ######## Public functions ##################### @@ -37,7 +38,6 @@ dns_arvan_add() { _info "Adding record" if _arvan_rest POST "$_domain/dns-records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":{\"text\":\"$txtvalue\"},\"ttl\":120}"; then if _contains "$response" "$txtvalue"; then - _info "response id is $response" _info "Added, OK" return 0 elif _contains "$response" "Record Data is Duplicated"; then @@ -49,7 +49,7 @@ dns_arvan_add() { fi fi _err "Add txt record error." - return 0 + return 1 } #Usage: fulldomain txtvalue @@ -73,21 +73,33 @@ dns_arvan_rm() { _debug _domain "$_domain" _debug "Getting txt records" - _arvan_rest GET "${_domain}/dns-records" + shorted_txtvalue=$(printf "%s" "$txtvalue" | cut -d "-" -d "_" -f1) + _arvan_rest GET "${_domain}/dns-records?search=$shorted_txtvalue" + if ! printf "%s" "$response" | grep \"current_page\":1 >/dev/null; then _err "Error on Arvan Api" _err "Please create a github issue with debbug log" return 1 fi - _record_id=$(echo "$response" | _egrep_o ".\"id\":\"[^\"]*\",\"type\":\"txt\",\"name\":\"_acme-challenge\",\"value\":{\"text\":\"$txtvalue\"}" | cut -d : -f 2 | cut -d , -f 1 | tr -d \") - if ! _arvan_rest "DELETE" "${_domain}/dns-records/${_record_id}"; then - _err "Error on Arvan Api" - return 1 + count=$(printf "%s\n" "$response" | _egrep_o "\"total\":[^,]*" | cut -d : -f 2) + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Don't need to remove." + else + record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1) + _debug "record_id" "$record_id" + if [ -z "$record_id" ]; then + _err "Can not get record id to remove." + return 1 + fi + if ! _arvan_rest "DELETE" "${_domain}/dns-records/$record_id"; then + _err "Delete record error." + return 1 + fi + _debug "$response" + _contains "$response" 'dns record deleted' fi - _debug "$response" - _contains "$response" 'dns record deleted' - return 0 } #################### Private functions below ################################## @@ -99,7 +111,7 @@ dns_arvan_rm() { # _domain_id=sdjkglgdfewsdfg _get_root() { domain=$1 - i=2 + i=1 p=1 while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) @@ -109,11 +121,12 @@ _get_root() { return 1 fi - if ! _arvan_rest GET "$h"; then + if ! _arvan_rest GET "?search=$h"; then return 1 fi - if _contains "$response" "\"domain\":\"$h\""; then - _domain_id=$(echo "$response" | cut -d : -f 3 | cut -d , -f 1 | tr -d \") + + if _contains "$response" "\"domain\":\"$h\"" || _contains "$response" '"total":1'; then + _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") if [ "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h @@ -133,6 +146,7 @@ _arvan_rest() { data="$3" token_trimmed=$(echo "$Arvan_Token" | tr -d '"') + export _H1="Authorization: $token_trimmed" if [ "$mtd" = "DELETE" ]; then @@ -146,5 +160,4 @@ _arvan_rest() { else response="$(_get "$ARVAN_API_URL/$ep$data")" fi - return 0 } diff --git a/dnsapi/dns_dp.sh b/dnsapi/dns_dp.sh index 9b8b7a8b..033fa5aa 100755 --- a/dnsapi/dns_dp.sh +++ b/dnsapi/dns_dp.sh @@ -89,7 +89,7 @@ add_record() { _info "Adding record" - if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=%E9%BB%98%E8%AE%A4"; then + if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认"; then return 1 fi diff --git a/dnsapi/dns_duckdns.sh b/dnsapi/dns_duckdns.sh index d6e1dbdc..618e12c6 100755 --- a/dnsapi/dns_duckdns.sh +++ b/dnsapi/dns_duckdns.sh @@ -12,7 +12,7 @@ DuckDNS_API="https://www.duckdns.org/update" -######## Public functions ###################### +######## Public functions ##################### #Usage: dns_duckdns_add _acme-challenge.domain.duckdns.org "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_duckdns_add() { @@ -112,7 +112,7 @@ _duckdns_rest() { param="$2" _debug param "$param" url="$DuckDNS_API?$param" - if [ -n "$DEBUG" ] && [ "$DEBUG" -gt 0 ]; then + if [ "$DEBUG" -gt 0 ]; then url="$url&verbose=true" fi _debug url "$url" @@ -121,7 +121,7 @@ _duckdns_rest() { if [ "$method" = "GET" ]; then response="$(_get "$url")" _debug2 response "$response" - if [ -n "$DEBUG" ] && [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then + if [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then response="OK" fi else diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index f7192725..74fec2a9 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -5,7 +5,7 @@ # HUAWEICLOUD_ProjectID iam_api="https://iam.myhuaweicloud.com" -dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work +dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" ######## Public functions ##################### @@ -29,27 +29,16 @@ dns_huaweicloud_add() { return 1 fi - unset token # Clear token token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" - if [ -z "${token}" ]; then # Check token - _err "dns_api(dns_huaweicloud): Error getting token." - return 1 - fi - _debug "Access token is: ${token}" - - unset zoneid + _debug2 "${token}" zoneid="$(_get_zoneid "${token}" "${fulldomain}")" - if [ -z "${zoneid}" ]; then - _err "dns_api(dns_huaweicloud): Error getting zone id." - return 1 - fi - _debug "Zone ID is: ${zoneid}" + _debug "${zoneid}" _debug "Adding Record" _add_record "${token}" "${fulldomain}" "${txtvalue}" ret="$?" if [ "${ret}" != "0" ]; then - _err "dns_api(dns_huaweicloud): Error adding record." + _err "dns_huaweicloud: Error adding record." return 1 fi @@ -80,21 +69,12 @@ dns_huaweicloud_rm() { return 1 fi - unset token # Clear token token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" - if [ -z "${token}" ]; then # Check token - _err "dns_api(dns_huaweicloud): Error getting token." - return 1 - fi - _debug "Access token is: ${token}" - - unset zoneid + _debug2 "${token}" zoneid="$(_get_zoneid "${token}" "${fulldomain}")" - if [ -z "${zoneid}" ]; then - _err "dns_api(dns_huaweicloud): Error getting zone id." - return 1 - fi - _debug "Zone ID is: ${zoneid}" + _debug "${zoneid}" + record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" + _debug "Record Set ID is: ${record_id}" # Remove all records # Therotically HuaweiCloud does not allow more than one record set diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index aaf8580f..e6bd5000 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -24,9 +24,20 @@ dns_ionos_add() { return 1 fi - _body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" + _new_record="{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}" - if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ -z "$response" ]; then + # As no POST route is supported by the API, check for existing records and include them in the PATCH request in order not delete them. + # This is required to support ACME v2 wildcard certificate creation, where two TXT records for the same domain name are created. + + _ionos_get_existing_records "$fulldomain" "$_zone_id" + + if [ "$_existing_records" ]; then + _body="[$_new_record,$_existing_records]" + else + _body="[$_new_record]" + fi + + if _ionos_rest PATCH "$IONOS_ROUTE_ZONES/$_zone_id" "$_body" && [ -z "$response" ]; then _info "TXT record has been created successfully." return 0 fi @@ -114,6 +125,17 @@ _get_root() { return 1 } +_ionos_get_existing_records() { + fulldomain=$1 + zone_id=$2 + + if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then + response="$(echo "$response" | tr -d "\n")" + + _existing_records="$(printf "%s\n" "$response" | _egrep_o "\"records\":\[.*\]" | _head_n 1 | cut -d '[' -f 2 | sed 's/]//')" + fi +} + _ionos_get_record() { fulldomain=$1 zone_id=$2 @@ -146,7 +168,7 @@ _ionos_rest() { export _H2="Accept: application/json" export _H3="Content-Type: application/json" - response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")" + response="$(_post "$data" "$IONOS_API$route" "" "$method")" else export _H2="Accept: */*" diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh index d15d6b0e..7ce39fa9 100755 --- a/dnsapi/dns_namecheap.sh +++ b/dnsapi/dns_namecheap.sh @@ -208,7 +208,7 @@ _namecheap_parse_host() { _hostid=$(echo "$_host" | _egrep_o ' HostId="[^"]*' | cut -d '"' -f 2) _hostname=$(echo "$_host" | _egrep_o ' Name="[^"]*' | cut -d '"' -f 2) _hosttype=$(echo "$_host" | _egrep_o ' Type="[^"]*' | cut -d '"' -f 2) - _hostaddress=$(echo "$_host" | _egrep_o ' Address="[^"]*' | cut -d '"' -f 2 | _xml_decode) + _hostaddress=$(echo "$_host" | _egrep_o ' Address="[^"]*' | cut -d '"' -f 2) _hostmxpref=$(echo "$_host" | _egrep_o ' MXPref="[^"]*' | cut -d '"' -f 2) _hostttl=$(echo "$_host" | _egrep_o ' TTL="[^"]*' | cut -d '"' -f 2) @@ -405,7 +405,3 @@ _namecheap_set_tld_sld() { done } - -_xml_decode() { - sed 's/"/"/g' -} diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index 28b35492..8f07e8c4 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -175,13 +175,13 @@ _get_root() { i=1 if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then - _zones_response=$(echo "$response" | _normalizeJson) + _zones_response="$response" fi while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) - if _contains "$_zones_response" "\"name\":\"$h.\""; then + if _contains "$_zones_response" "\"name\": \"$h.\""; then _domain="$h." if [ -z "$h" ]; then _domain="=2E" diff --git a/dnsapi/dns_porkbun.sh b/dnsapi/dns_porkbun.sh deleted file mode 100644 index 18da6b2f..00000000 --- a/dnsapi/dns_porkbun.sh +++ /dev/null @@ -1,157 +0,0 @@ -#!/usr/bin/env sh - -# -#PORKBUN_API_KEY="pk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" -#PORKBUN_SECRET_API_KEY="sk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" - -PORKBUN_Api="https://porkbun.com/api/json/v3" - -######## Public functions ##################### - -#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_porkbun_add() { - fulldomain=$1 - txtvalue=$2 - - PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}" - PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}" - - if [ -z "$PORKBUN_API_KEY" ] || [ -z "$PORKBUN_SECRET_API_KEY" ]; then - PORKBUN_API_KEY='' - PORKBUN_SECRET_API_KEY='' - _err "You didn't specify a Porkbun api key and secret api key yet." - _err "You can get yours from here https://porkbun.com/account/api." - return 1 - fi - - #save the credentials to the account conf file. - _saveaccountconf_mutable PORKBUN_API_KEY "$PORKBUN_API_KEY" - _saveaccountconf_mutable PORKBUN_SECRET_API_KEY "$PORKBUN_SECRET_API_KEY" - - _debug 'First detect the root zone' - if ! _get_root "$fulldomain"; then - return 1 - fi - _debug _sub_domain "$_sub_domain" - _debug _domain "$_domain" - - # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so - # we can not use updating anymore. - # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) - # _debug count "$count" - # if [ "$count" = "0" ]; then - _info "Adding record" - if _porkbun_rest POST "dns/create/$_domain" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":120}"; then - if _contains "$response" '\"status\":"SUCCESS"'; then - _info "Added, OK" - return 0 - elif _contains "$response" "The record already exists"; then - _info "Already exists, OK" - return 0 - else - _err "Add txt record error. ($response)" - return 1 - fi - fi - _err "Add txt record error." - return 1 - -} - -#fulldomain txtvalue -dns_porkbun_rm() { - fulldomain=$1 - txtvalue=$2 - - PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}" - PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}" - - _debug 'First detect the root zone' - if ! _get_root "$fulldomain"; then - return 1 - fi - _debug _sub_domain "$_sub_domain" - _debug _domain "$_domain" - - count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ") - _debug count "$count" - if [ "$count" = "0" ]; then - _info "Don't need to remove." - else - record_id=$(echo "$response" | tr '{' '\n' | grep "$txtvalue" | cut -d, -f1 | cut -d: -f2 | tr -d \") - _debug "record_id" "$record_id" - if [ -z "$record_id" ]; then - _err "Can not get record id to remove." - return 1 - fi - if ! _porkbun_rest POST "dns/delete/$_domain/$record_id"; then - _err "Delete record error." - return 1 - fi - echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null - fi - -} - -#################### Private functions below ################################## -#_acme-challenge.www.domain.com -#returns -# _sub_domain=_acme-challenge.www -# _domain=domain.com -_get_root() { - domain=$1 - i=1 - while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) - _debug h "$h" - if [ -z "$h" ]; then - return 1 - fi - - if _porkbun_rest POST "dns/retrieve/$h"; then - if _contains "$response" "\"status\":\"SUCCESS\""; then - _sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" - _domain=$h - return 0 - else - _debug "Go to next level of $_domain" - fi - else - _debug "Go to next level of $_domain" - fi - i=$(_math "$i" + 1) - done - - return 1 -} - -_porkbun_rest() { - m=$1 - ep="$2" - data="$3" - _debug "$ep" - - api_key_trimmed=$(echo "$PORKBUN_API_KEY" | tr -d '"') - secret_api_key_trimmed=$(echo "$PORKBUN_SECRET_API_KEY" | tr -d '"') - - test -z "$data" && data="{" || data="$(echo $data | cut -d'}' -f1)," - data="$data\"apikey\":\"$api_key_trimmed\",\"secretapikey\":\"$secret_api_key_trimmed\"}" - - export _H1="Content-Type: application/json" - - if [ "$m" != "GET" ]; then - _debug data "$data" - response="$(_post "$data" "$PORKBUN_Api/$ep" "" "$m")" - else - response="$(_get "$PORKBUN_Api/$ep")" - fi - - _sleep 3 # prevent rate limit - - if [ "$?" != "0" ]; then - _err "error $ep" - return 1 - fi - _debug2 response "$response" - return 0 -} diff --git a/dnsapi/dns_servercow.sh b/dnsapi/dns_servercow.sh index f70a2294..e73d85b0 100755 --- a/dnsapi/dns_servercow.sh +++ b/dnsapi/dns_servercow.sh @@ -49,42 +49,16 @@ dns_servercow_add() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - # check whether a txt record already exists for the subdomain - if printf -- "%s" "$response" | grep "{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\"" >/dev/null; then - _info "A txt record with the same name already exists." - # trim the string on the left - txtvalue_old=${response#*{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\",\"content\":\"} - # trim the string on the right - txtvalue_old=${txtvalue_old%%\"*} - - _debug txtvalue_old "$txtvalue_old" - - _info "Add the new txtvalue to the existing txt record." - if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":[\"$txtvalue\",\"$txtvalue_old\"],\"ttl\":20}"; then - if printf -- "%s" "$response" | grep "ok" >/dev/null; then - _info "Added additional txtvalue, OK" - return 0 - else - _err "add txt record error." - return 1 - fi - fi - _err "add txt record error." - return 1 - else - _info "There is no txt record with the name yet." - if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then - if printf -- "%s" "$response" | grep "ok" >/dev/null; then - _info "Added, OK" - return 0 - else - _err "add txt record error." - return 1 - fi + if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then + if printf -- "%s" "$response" | grep "ok" >/dev/null; then + _info "Added, OK" + return 0 + else + _err "add txt record error." + return 1 fi - _err "add txt record error." - return 1 fi + _err "add txt record error." return 1 } diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index e0e05017..d053dcf6 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -6,10 +6,8 @@ #SIMPLY_ApiKey="apikey" # #SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" -SIMPLY_Api_Default="https://api.simply.com/1" -#This is used for determining success of REST call -SIMPLY_SUCCESS_CODE='"status": 200' +SIMPLY_Api_Default="https://api.simply.com/1" ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" @@ -173,7 +171,7 @@ _get_root() { return 1 fi - if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then + if _contains "$response" '"code":"NOT_FOUND"'; then _debug "$h not found" else _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) @@ -198,12 +196,6 @@ _simply_add_record() { return 1 fi - if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then - _err "Call to API not sucessfull, see below message for more details" - _err "$response" - return 1 - fi - return 0 } @@ -219,12 +211,6 @@ _simply_delete_record() { return 1 fi - if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then - _err "Call to API not sucessfull, see below message for more details" - _err "$response" - return 1 - fi - return 0 } diff --git a/notify/smtp.sh b/notify/smtp.sh index 293c665e..6aa37ca3 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -2,398 +2,14 @@ # support smtp -# Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3358 - -# This implementation uses either curl or Python (3 or 2.7). -# (See also the "mail" notify hook, which supports other ways to send mail.) - -# SMTP_FROM="from@example.com" # required -# SMTP_TO="to@example.com" # required -# SMTP_HOST="smtp.example.com" # required -# SMTP_PORT="25" # defaults to 25, 465 or 587 depending on SMTP_SECURE -# SMTP_SECURE="tls" # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS) -# SMTP_USERNAME="" # set if SMTP server requires login -# SMTP_PASSWORD="" # set if SMTP server requires login -# SMTP_TIMEOUT="30" # seconds for SMTP operations to timeout -# SMTP_BIN="/path/to/python_or_curl" # default finds first of python3, python2.7, python, pypy3, pypy, curl on PATH - -SMTP_SECURE_DEFAULT="tls" -SMTP_TIMEOUT_DEFAULT="30" - -# subject content statuscode smtp_send() { - SMTP_SUBJECT="$1" - SMTP_CONTENT="$2" - # UNUSED: _statusCode="$3" # 0: success, 1: error 2($RENEW_SKIP): skipped - - # Load and validate config: - SMTP_BIN="$(_readaccountconf_mutable_default SMTP_BIN)" - if [ -n "$SMTP_BIN" ] && ! _exists "$SMTP_BIN"; then - _err "SMTP_BIN '$SMTP_BIN' does not exist." - return 1 - fi - if [ -z "$SMTP_BIN" ]; then - # Look for a command that can communicate with an SMTP server. - # (Please don't add sendmail, ssmtp, mutt, mail, or msmtp here. - # Those are already handled by the "mail" notify hook.) - for cmd in python3 python2.7 python pypy3 pypy curl; do - if _exists "$cmd"; then - SMTP_BIN="$cmd" - break - fi - done - if [ -z "$SMTP_BIN" ]; then - _err "The smtp notify-hook requires curl or Python, but can't find any." - _err 'If you have one of them, define SMTP_BIN="/path/to/curl_or_python".' - _err 'Otherwise, see if you can use the "mail" notify-hook instead.' - return 1 - fi - fi - _debug SMTP_BIN "$SMTP_BIN" - _saveaccountconf_mutable_default SMTP_BIN "$SMTP_BIN" - - SMTP_FROM="$(_readaccountconf_mutable_default SMTP_FROM)" - SMTP_FROM="$(_clean_email_header "$SMTP_FROM")" - if [ -z "$SMTP_FROM" ]; then - _err "You must define SMTP_FROM as the sender email address." - return 1 - fi - if _email_has_display_name "$SMTP_FROM"; then - _err "SMTP_FROM must be only a simple email address (sender@example.com)." - _err "Change your SMTP_FROM='$SMTP_FROM' to remove the display name." - return 1 - fi - _debug SMTP_FROM "$SMTP_FROM" - _saveaccountconf_mutable_default SMTP_FROM "$SMTP_FROM" - - SMTP_TO="$(_readaccountconf_mutable_default SMTP_TO)" - SMTP_TO="$(_clean_email_header "$SMTP_TO")" - if [ -z "$SMTP_TO" ]; then - _err "You must define SMTP_TO as the recipient email address(es)." - return 1 - fi - if _email_has_display_name "$SMTP_TO"; then - _err "SMTP_TO must be only simple email addresses (to@example.com,to2@example.com)." - _err "Change your SMTP_TO='$SMTP_TO' to remove the display name(s)." - return 1 - fi - _debug SMTP_TO "$SMTP_TO" - _saveaccountconf_mutable_default SMTP_TO "$SMTP_TO" - - SMTP_HOST="$(_readaccountconf_mutable_default SMTP_HOST)" - if [ -z "$SMTP_HOST" ]; then - _err "You must define SMTP_HOST as the SMTP server hostname." - return 1 - fi - _debug SMTP_HOST "$SMTP_HOST" - _saveaccountconf_mutable_default SMTP_HOST "$SMTP_HOST" - - SMTP_SECURE="$(_readaccountconf_mutable_default SMTP_SECURE "$SMTP_SECURE_DEFAULT")" - case "$SMTP_SECURE" in - "none") smtp_port_default="25" ;; - "ssl") smtp_port_default="465" ;; - "tls") smtp_port_default="587" ;; - *) - _err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'." - return 1 - ;; - esac - _debug SMTP_SECURE "$SMTP_SECURE" - _saveaccountconf_mutable_default SMTP_SECURE "$SMTP_SECURE" "$SMTP_SECURE_DEFAULT" - - SMTP_PORT="$(_readaccountconf_mutable_default SMTP_PORT "$smtp_port_default")" - case "$SMTP_PORT" in - *[!0-9]*) - _err "Invalid SMTP_PORT='$SMTP_PORT'. It must be a port number." - return 1 - ;; - esac - _debug SMTP_PORT "$SMTP_PORT" - _saveaccountconf_mutable_default SMTP_PORT "$SMTP_PORT" "$smtp_port_default" - - SMTP_USERNAME="$(_readaccountconf_mutable_default SMTP_USERNAME)" - _debug SMTP_USERNAME "$SMTP_USERNAME" - _saveaccountconf_mutable_default SMTP_USERNAME "$SMTP_USERNAME" - - SMTP_PASSWORD="$(_readaccountconf_mutable_default SMTP_PASSWORD)" - _secure_debug SMTP_PASSWORD "$SMTP_PASSWORD" - _saveaccountconf_mutable_default SMTP_PASSWORD "$SMTP_PASSWORD" - - SMTP_TIMEOUT="$(_readaccountconf_mutable_default SMTP_TIMEOUT "$SMTP_TIMEOUT_DEFAULT")" - _debug SMTP_TIMEOUT "$SMTP_TIMEOUT" - _saveaccountconf_mutable_default SMTP_TIMEOUT "$SMTP_TIMEOUT" "$SMTP_TIMEOUT_DEFAULT" - - SMTP_X_MAILER="$(_clean_email_header "$PROJECT_NAME $VER --notify-hook smtp")" - - # Run with --debug 2 (or above) to echo the transcript of the SMTP session. - # Careful: this may include SMTP_PASSWORD in plaintext! - if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then - SMTP_SHOW_TRANSCRIPT="True" - else - SMTP_SHOW_TRANSCRIPT="" - fi - - SMTP_SUBJECT=$(_clean_email_header "$SMTP_SUBJECT") - _debug SMTP_SUBJECT "$SMTP_SUBJECT" - _debug SMTP_CONTENT "$SMTP_CONTENT" - - # Send the message: - case "$(basename "$SMTP_BIN")" in - curl) _smtp_send=_smtp_send_curl ;; - py*) _smtp_send=_smtp_send_python ;; - *) - _err "Can't figure out how to invoke '$SMTP_BIN'." - _err "Check your SMTP_BIN setting." - return 1 - ;; - esac - - if ! smtp_output="$($_smtp_send)"; then - _err "Error sending message with $SMTP_BIN." - if [ -n "$smtp_output" ]; then - _err "$smtp_output" - fi - return 1 - fi - - return 0 -} - -# Strip CR and NL from text to prevent MIME header injection -# text -_clean_email_header() { - printf "%s" "$(echo "$1" | tr -d "\r\n")" -} - -# Simple check for display name in an email address (< > or ") -# email -_email_has_display_name() { - _email="$1" - expr "$_email" : '^.*[<>"]' >/dev/null -} - -## -## curl smtp sending -## - -# Send the message via curl using SMTP_* variables -_smtp_send_curl() { - # Build curl args in $@ - case "$SMTP_SECURE" in - none) - set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}" - ;; - ssl) - set -- --url "smtps://${SMTP_HOST}:${SMTP_PORT}" - ;; - tls) - set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}" --ssl-reqd - ;; - *) - # This will only occur if someone adds a new SMTP_SECURE option above - # without updating this code for it. - _err "Unhandled SMTP_SECURE='$SMTP_SECURE' in _smtp_send_curl" - _err "Please re-run with --debug and report a bug." - return 1 - ;; - esac - - set -- "$@" \ - --upload-file - \ - --mail-from "$SMTP_FROM" \ - --max-time "$SMTP_TIMEOUT" - - # Burst comma-separated $SMTP_TO into individual --mail-rcpt args. - _to="${SMTP_TO}," - while [ -n "$_to" ]; do - _rcpt="${_to%%,*}" - _to="${_to#*,}" - set -- "$@" --mail-rcpt "$_rcpt" - done - - _smtp_login="${SMTP_USERNAME}:${SMTP_PASSWORD}" - if [ "$_smtp_login" != ":" ]; then - set -- "$@" --user "$_smtp_login" - fi - - if [ "$SMTP_SHOW_TRANSCRIPT" = "True" ]; then - set -- "$@" --verbose - else - set -- "$@" --silent --show-error - fi - - raw_message="$(_smtp_raw_message)" - - _debug2 "curl command:" "$SMTP_BIN" "$*" - _debug2 "raw_message:\n$raw_message" - - echo "$raw_message" | "$SMTP_BIN" "$@" -} - -# Output an RFC-822 / RFC-5322 email message using SMTP_* variables. -# (This assumes variables have already been cleaned for use in email headers.) -_smtp_raw_message() { - echo "From: $SMTP_FROM" - echo "To: $SMTP_TO" - echo "Subject: $(_mime_encoded_word "$SMTP_SUBJECT")" - echo "Date: $(_rfc2822_date)" - echo "Content-Type: text/plain; charset=utf-8" - echo "X-Mailer: $SMTP_X_MAILER" - echo - echo "$SMTP_CONTENT" -} - -# Convert text to RFC-2047 MIME "encoded word" format if it contains non-ASCII chars -# text -_mime_encoded_word() { - _text="$1" - # (regex character ranges like [a-z] can be locale-dependent; enumerate ASCII chars to avoid that) - _ascii='] $`"'"[!#%&'()*+,./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ~^_abcdefghijklmnopqrstuvwxyz{|}~-" - if expr "$_text" : "^.*[^$_ascii]" >/dev/null; then - # At least one non-ASCII char; convert entire thing to encoded word - printf "%s" "=?UTF-8?B?$(printf "%s" "$_text" | _base64)?=" - else - # Just printable ASCII, no conversion needed - printf "%s" "$_text" - fi -} - -# Output current date in RFC-2822 Section 3.3 format as required in email headers -# (e.g., "Mon, 15 Feb 2021 14:22:01 -0800") -_rfc2822_date() { - # Notes: - # - this is deliberately not UTC, because it "SHOULD express local time" per spec - # - the spec requires weekday and month in the C locale (English), not localized - # - this date format specifier has been tested on Linux, Mac, Solaris and FreeBSD - _old_lc_time="$LC_TIME" - LC_TIME=C - date +'%a, %-d %b %Y %H:%M:%S %z' - LC_TIME="$_old_lc_time" -} - -## -## Python smtp sending -## - -# Send the message via Python using SMTP_* variables -_smtp_send_python() { - _debug "Python version" "$("$SMTP_BIN" --version 2>&1)" - - # language=Python - "$SMTP_BIN" < Date: Tue, 5 Jan 2021 15:29:08 +0330 Subject: [PATCH 0295/1526] change arvan api script --- dnsapi/dns_arvan.sh | 43 +++++++++++++++---------------------------- 1 file changed, 15 insertions(+), 28 deletions(-) diff --git a/dnsapi/dns_arvan.sh b/dnsapi/dns_arvan.sh index ca1f56c7..3c4ced15 100644 --- a/dnsapi/dns_arvan.sh +++ b/dnsapi/dns_arvan.sh @@ -3,7 +3,6 @@ #Arvan_Token="xxxx" ARVAN_API_URL="https://napi.arvancloud.com/cdn/4.0/domains" - #Author: Ehsan Aliakbar #Report Bugs here: https://github.com/Neilpang/acme.sh # @@ -38,6 +37,7 @@ dns_arvan_add() { _info "Adding record" if _arvan_rest POST "$_domain/dns-records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":{\"text\":\"$txtvalue\"},\"ttl\":120}"; then if _contains "$response" "$txtvalue"; then + _info "response id is $response" _info "Added, OK" return 0 elif _contains "$response" "Record Data is Duplicated"; then @@ -49,7 +49,7 @@ dns_arvan_add() { fi fi _err "Add txt record error." - return 1 + return 0 } #Usage: fulldomain txtvalue @@ -73,33 +73,21 @@ dns_arvan_rm() { _debug _domain "$_domain" _debug "Getting txt records" - shorted_txtvalue=$(printf "%s" "$txtvalue" | cut -d "-" -d "_" -f1) - _arvan_rest GET "${_domain}/dns-records?search=$shorted_txtvalue" - + _arvan_rest GET "${_domain}/dns-records" if ! printf "%s" "$response" | grep \"current_page\":1 >/dev/null; then _err "Error on Arvan Api" _err "Please create a github issue with debbug log" return 1 fi - count=$(printf "%s\n" "$response" | _egrep_o "\"total\":[^,]*" | cut -d : -f 2) - _debug count "$count" - if [ "$count" = "0" ]; then - _info "Don't need to remove." - else - record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1) - _debug "record_id" "$record_id" - if [ -z "$record_id" ]; then - _err "Can not get record id to remove." - return 1 - fi - if ! _arvan_rest "DELETE" "${_domain}/dns-records/$record_id"; then - _err "Delete record error." - return 1 - fi - _debug "$response" - _contains "$response" 'dns record deleted' + _record_id=$(echo "$response" | _egrep_o ".\"id\":\"[^\"]*\",\"type\":\"txt\",\"name\":\"_acme-challenge\",\"value\":{\"text\":\"$txtvalue\"}" | cut -d : -f 2 | cut -d , -f 1 | tr -d \") + if ! _arvan_rest "DELETE" "${_domain}/dns-records/${_record_id}"; then + _err "Error on Arvan Api" + return 1 fi + _debug "$response" + _contains "$response" 'dns record deleted' + return 0 } #################### Private functions below ################################## @@ -111,7 +99,7 @@ dns_arvan_rm() { # _domain_id=sdjkglgdfewsdfg _get_root() { domain=$1 - i=1 + i=2 p=1 while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) @@ -121,12 +109,11 @@ _get_root() { return 1 fi - if ! _arvan_rest GET "?search=$h"; then + if ! _arvan_rest GET "$h"; then return 1 fi - - if _contains "$response" "\"domain\":\"$h\"" || _contains "$response" '"total":1'; then - _domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") + if _contains "$response" "\"domain\":\"$h\""; then + _domain_id=$(echo "$response" | cut -d : -f 3 | cut -d , -f 1 | tr -d \") if [ "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h @@ -146,7 +133,6 @@ _arvan_rest() { data="$3" token_trimmed=$(echo "$Arvan_Token" | tr -d '"') - export _H1="Authorization: $token_trimmed" if [ "$mtd" = "DELETE" ]; then @@ -160,4 +146,5 @@ _arvan_rest() { else response="$(_get "$ARVAN_API_URL/$ep$data")" fi + return 0 } From e232565971b6090b6a23e47ce530d730bb1c22ef Mon Sep 17 00:00:00 2001 From: Vahid Fardi Date: Tue, 5 Jan 2021 17:10:41 +0330 Subject: [PATCH 0296/1526] change Author name --- dnsapi/dns_arvan.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_arvan.sh b/dnsapi/dns_arvan.sh index 3c4ced15..a33504d0 100644 --- a/dnsapi/dns_arvan.sh +++ b/dnsapi/dns_arvan.sh @@ -1,10 +1,10 @@ #!/usr/bin/env sh -#Arvan_Token="xxxx" +#Arvan_Token="Apikey xxxx" ARVAN_API_URL="https://napi.arvancloud.com/cdn/4.0/domains" -#Author: Ehsan Aliakbar -#Report Bugs here: https://github.com/Neilpang/acme.sh +#Author: Vahid Fardi +#Report Bugs here: https://github.com/fvahid/acme.sh # ######## Public functions ##################### From 91a739af6e3d7d0aa4624343d83c53d4faea03a6 Mon Sep 17 00:00:00 2001 From: Vahid Fardi Date: Tue, 5 Jan 2021 21:31:31 +0330 Subject: [PATCH 0297/1526] change name actor --- dnsapi/dns_arvan.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_arvan.sh b/dnsapi/dns_arvan.sh index a33504d0..4c9217e5 100644 --- a/dnsapi/dns_arvan.sh +++ b/dnsapi/dns_arvan.sh @@ -4,7 +4,7 @@ ARVAN_API_URL="https://napi.arvancloud.com/cdn/4.0/domains" #Author: Vahid Fardi -#Report Bugs here: https://github.com/fvahid/acme.sh +#Report Bugs here: https://github.com/Neilpang/acme.sh # ######## Public functions ##################### From 6502bdecbe0e556eda5d7a41dd7d4d7e677c885c Mon Sep 17 00:00:00 2001 From: Gnought <1684105+gnought@users.noreply.github.com> Date: Thu, 11 Feb 2021 01:08:08 +0800 Subject: [PATCH 0298/1526] Updated --preferred-chain to issue ISRG properly To support different openssl crl2pkcs7 help cli format --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index a1ad4195..749400e2 100755 --- a/acme.sh +++ b/acme.sh @@ -4011,7 +4011,7 @@ _check_dns_entries() { #file _get_cert_issuers() { _cfile="$1" - if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then + if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -help 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 else ${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 From 016dca654e959656242b392fcc3e26263e5f8241 Mon Sep 17 00:00:00 2001 From: manuel Date: Thu, 11 Feb 2021 11:20:18 +0100 Subject: [PATCH 0299/1526] dnsapi/pdns: also normalize json response in detecting root zone --- dnsapi/dns_pdns.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index 8f07e8c4..28b35492 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -175,13 +175,13 @@ _get_root() { i=1 if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then - _zones_response="$response" + _zones_response=$(echo "$response" | _normalizeJson) fi while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) - if _contains "$_zones_response" "\"name\": \"$h.\""; then + if _contains "$_zones_response" "\"name\":\"$h.\""; then _domain="$h." if [ -z "$h" ]; then _domain="=2E" From ac148ce0e979aa7c7eb3ade1add0cd69e9981dd0 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 13 Feb 2021 16:22:31 +0800 Subject: [PATCH 0300/1526] Chain (#3408) * fix https://github.com/acmesh-official/acme.sh/issues/3384 match the issuer to the root CA cert subject * fix format * fix https://github.com/acmesh-official/acme.sh/issues/3384 * remove the alt files. https://github.com/acmesh-official/acme.sh/issues/3384 --- acme.sh | 58 ++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 49 insertions(+), 9 deletions(-) diff --git a/acme.sh b/acme.sh index 749400e2..a9301e10 100755 --- a/acme.sh +++ b/acme.sh @@ -4009,12 +4009,42 @@ _check_dns_entries() { } #file -_get_cert_issuers() { +_get_chain_issuers() { _cfile="$1" if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -help 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then - ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 + ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep -i 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 else - ${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 + _cindex=1 + for _startn in $(grep -n -- "$BEGIN_CERT" "$_cfile" | cut -d : -f 1); do + _endn="$(grep -n -- "$END_CERT" "$_cfile" | cut -d : -f 1 | _head_n $_cindex | _tail_n 1)" + _debug2 "_startn" "$_startn" + _debug2 "_endn" "$_endn" + if [ "$DEBUG" ]; then + _debug2 "cert$_cindex" "$(sed -n "$_startn,${_endn}p" "$_cfile")" + fi + sed -n "$_startn,${_endn}p" "$_cfile" | ${ACME_OPENSSL_BIN:-openssl} x509 -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 | sed "s/ *\(.*\)/\1/" + _cindex=$(_math $_cindex + 1) + done + fi +} + +# +_get_chain_subjects() { + _cfile="$1" + if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -help 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then + ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep -i 'Subject:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 + else + _cindex=1 + for _startn in $(grep -n -- "$BEGIN_CERT" "$_cfile" | cut -d : -f 1); do + _endn="$(grep -n -- "$END_CERT" "$_cfile" | cut -d : -f 1 | _head_n $_cindex | _tail_n 1)" + _debug2 "_startn" "$_startn" + _debug2 "_endn" "$_endn" + if [ "$DEBUG" ]; then + _debug2 "cert$_cindex" "$(sed -n "$_startn,${_endn}p" "$_cfile")" + fi + sed -n "$_startn,${_endn}p" "$_cfile" | ${ACME_OPENSSL_BIN:-openssl} x509 -text -noout | grep -i 'Subject:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 | sed "s/ *\(.*\)/\1/" + _cindex=$(_math $_cindex + 1) + done fi } @@ -4022,14 +4052,12 @@ _get_cert_issuers() { _match_issuer() { _cfile="$1" _missuer="$2" - _fissuers="$(_get_cert_issuers $_cfile)" + _fissuers="$(_get_chain_issuers $_cfile)" _debug2 _fissuers "$_fissuers" - if _contains "$_fissuers" "$_missuer"; then - return 0 - fi - _fissuers="$(echo "$_fissuers" | _lower_case)" + _rootissuer="$(echo "$_fissuers" | _lower_case | _tail_n 1)" + _debug2 _rootissuer "$_rootissuer" _missuer="$(echo "$_missuer" | _lower_case)" - _contains "$_fissuers" "$_missuer" + _contains "$_rootissuer" "$_missuer" } #webroot, domain domainlist keylength @@ -4803,6 +4831,9 @@ $_authorizations_map" _split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH" if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then + if [ "$DEBUG" ]; then + _debug "default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")" + fi if ! _match_issuer "$CERT_FULLCHAIN_PATH" "$_preferred_chain"; then rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)" _debug2 "rels" "$rels" @@ -4818,13 +4849,22 @@ $_authorizations_map" _relca="$CA_CERT_PATH.alt" echo "$response" >"$_relcert" _split_cert_chain "$_relcert" "$_relfullchain" "$_relca" + if [ "$DEBUG" ]; then + _debug "rel chain issuers: " "$(_get_chain_issuers "$_relfullchain")" + fi if _match_issuer "$_relfullchain" "$_preferred_chain"; then _info "Matched issuer in: $rel" cat $_relcert >"$CERT_PATH" cat $_relfullchain >"$CERT_FULLCHAIN_PATH" cat $_relca >"$CA_CERT_PATH" + rm -f "$_relcert" + rm -f "$_relfullchain" + rm -f "$_relca" break fi + rm -f "$_relcert" + rm -f "$_relfullchain" + rm -f "$_relca" done fi fi From fb5d72c29be41398d38c2f43032d3c13ac8d458a Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 13 Feb 2021 17:27:22 +0800 Subject: [PATCH 0301/1526] upgrade freebsd and solaris --- .github/workflows/LetsEncrypt.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 8d0c4eb0..7c398c09 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -111,7 +111,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.0.7 + - uses: vmactions/freebsd-vm@v0.1.2 with: envs: 'NGROK_TOKEN TEST_LOCAL' prepare: pkg install -y socat curl @@ -136,7 +136,7 @@ jobs: run: echo "TestingDomain=${{steps.ngrok.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.1 + - uses: vmactions/solaris-vm@v0.0.3 with: envs: 'TEST_LOCAL TestingDomain' nat: | From b1988c7b67b7e077a68555594d174c4856b9c1f1 Mon Sep 17 00:00:00 2001 From: jerrm Date: Sat, 13 Feb 2021 05:58:44 -0500 Subject: [PATCH 0302/1526] duckdns - fix "integer expression expected" errors (#3397) * fix "integer expression expected" errors * duckdns fix * Update dns_duckdns.sh * Update dns_duckdns.sh --- dnsapi/dns_duckdns.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_duckdns.sh b/dnsapi/dns_duckdns.sh index 618e12c6..d6e1dbdc 100755 --- a/dnsapi/dns_duckdns.sh +++ b/dnsapi/dns_duckdns.sh @@ -12,7 +12,7 @@ DuckDNS_API="https://www.duckdns.org/update" -######## Public functions ##################### +######## Public functions ###################### #Usage: dns_duckdns_add _acme-challenge.domain.duckdns.org "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_duckdns_add() { @@ -112,7 +112,7 @@ _duckdns_rest() { param="$2" _debug param "$param" url="$DuckDNS_API?$param" - if [ "$DEBUG" -gt 0 ]; then + if [ -n "$DEBUG" ] && [ "$DEBUG" -gt 0 ]; then url="$url&verbose=true" fi _debug url "$url" @@ -121,7 +121,7 @@ _duckdns_rest() { if [ "$method" = "GET" ]; then response="$(_get "$url")" _debug2 response "$response" - if [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then + if [ -n "$DEBUG" ] && [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then response="OK" fi else From 2d9506eb546f66947bf7e86d6bc6ccd9f5ddb621 Mon Sep 17 00:00:00 2001 From: medmunds Date: Tue, 29 Dec 2020 16:28:38 -0800 Subject: [PATCH 0303/1526] Implement smtp notify hook Support notifications via direct SMTP server connection. Uses Python (2.7.x or 3.4+) to communicate with SMTP server. --- notify/smtp.sh | 185 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 183 insertions(+), 2 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 6aa37ca3..367021c8 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -2,7 +2,103 @@ # support smtp +# This implementation uses Python (2 or 3), which is available in many environments. +# If you don't have Python, try "mail" notification instead of "smtp". + +# SMTP_FROM="from@example.com" # required +# SMTP_TO="to@example.com" # required +# SMTP_HOST="smtp.example.com" # required +# SMTP_PORT="25" # defaults to 25, 465 or 587 depending on SMTP_SECURE +# SMTP_SECURE="none" # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS) +# SMTP_USERNAME="" # set if SMTP server requires login +# SMTP_PASSWORD="" # set if SMTP server requires login +# SMTP_TIMEOUT="15" # seconds for SMTP operations to timeout +# SMTP_PYTHON="/path/to/python" # defaults to system python3 or python + smtp_send() { + # Find a Python interpreter: + SMTP_PYTHON="${SMTP_PYTHON:-$(_readaccountconf_mutable SMTP_PYTHON)}" + if [ "$SMTP_PYTHON" ]; then + if _exists "$SMTP_PYTHON"; then + _saveaccountconf_mutable SMTP_PYTHON "$SMTP_PYTHON" + else + _err "SMTP_PYTHON '$SMTP_PYTHON' does not exist." + return 1 + fi + else + # No SMTP_PYTHON setting; try to run default Python. + # (This is not saved with the conf.) + if _exists python3; then + SMTP_PYTHON="python3" + elif _exists python; then + SMTP_PYTHON="python" + else + _err "Can't locate Python interpreter; please define SMTP_PYTHON." + return 1 + fi + fi + _debug "SMTP_PYTHON" "$SMTP_PYTHON" + _debug "Python version" "$($SMTP_PYTHON --version 2>&1)" + + # Validate other settings: + SMTP_FROM="${SMTP_FROM:-$(_readaccountconf_mutable SMTP_FROM)}" + if [ -z "$SMTP_FROM" ]; then + _err "You must define SMTP_FROM as the sender email address." + return 1 + fi + + SMTP_TO="${SMTP_TO:-$(_readaccountconf_mutable SMTP_TO)}" + if [ -z "$SMTP_TO" ]; then + _err "You must define SMTP_TO as the recipient email address." + return 1 + fi + + SMTP_HOST="${SMTP_HOST:-$(_readaccountconf_mutable SMTP_HOST)}" + if [ -z "$SMTP_HOST" ]; then + _err "You must define SMTP_HOST as the SMTP server hostname." + return 1 + fi + SMTP_PORT="${SMTP_PORT:-$(_readaccountconf_mutable SMTP_PORT)}" + + SMTP_SECURE="${SMTP_SECURE:-$(_readaccountconf_mutable SMTP_SECURE)}" + SMTP_SECURE="${SMTP_SECURE:-none}" + case "$SMTP_SECURE" in + "none") SMTP_DEFAULT_PORT="25";; + "ssl") SMTP_DEFAULT_PORT="465";; + "tls") SMTP_DEFAULT_PORT="587";; + *) + _err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'." + return 1 + ;; + esac + + SMTP_USERNAME="${SMTP_USERNAME:-$(_readaccountconf_mutable SMTP_USERNAME)}" + SMTP_PASSWORD="${SMTP_PASSWORD:-$(_readaccountconf_mutable SMTP_PASSWORD)}" + + SMTP_TIMEOUT="${SMTP_TIMEOUT:-$(_readaccountconf_mutable SMTP_TIMEOUT)}" + SMTP_DEFAULT_TIMEOUT="15" + + _saveaccountconf_mutable SMTP_FROM "$SMTP_FROM" + _saveaccountconf_mutable SMTP_TO "$SMTP_TO" + _saveaccountconf_mutable SMTP_HOST "$SMTP_HOST" + _saveaccountconf_mutable SMTP_PORT "$SMTP_PORT" + _saveaccountconf_mutable SMTP_SECURE "$SMTP_SECURE" + _saveaccountconf_mutable SMTP_USERNAME "$SMTP_USERNAME" + _saveaccountconf_mutable SMTP_PASSWORD "$SMTP_PASSWORD" + _saveaccountconf_mutable SMTP_TIMEOUT "$SMTP_TIMEOUT" + + # Send the message: + if ! _smtp_send "$@"; then + _err "$smtp_send_output" + return 1 + fi + + return 0 +} + +# _send subject content statuscode +# Send the message via Python using SMTP_* settings +_smtp_send() { _subject="$1" _content="$2" _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped @@ -10,6 +106,91 @@ smtp_send() { _debug "_content" "$_content" _debug "_statusCode" "$_statusCode" - _err "Not implemented yet." - return 1 + _debug "SMTP_FROM" "$SMTP_FROM" + _debug "SMTP_TO" "$SMTP_TO" + _debug "SMTP_HOST" "$SMTP_HOST" + _debug "SMTP_PORT" "$SMTP_PORT" + _debug "SMTP_DEFAULT_PORT" "$SMTP_DEFAULT_PORT" + _debug "SMTP_SECURE" "$SMTP_SECURE" + _debug "SMTP_USERNAME" "$SMTP_USERNAME" + _secure_debug "SMTP_PASSWORD" "$SMTP_PASSWORD" + _debug "SMTP_TIMEOUT" "$SMTP_TIMEOUT" + _debug "SMTP_DEFAULT_TIMEOUT" "$SMTP_DEFAULT_TIMEOUT" + + if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then + # Output the SMTP server dialogue. (Note this will include SMTP_PASSWORD!) + smtp_debug="True" + else + smtp_debug="" + fi + + # language=Python + smtp_send_output="$($SMTP_PYTHON < Date: Tue, 29 Dec 2020 17:10:36 -0800 Subject: [PATCH 0304/1526] Make shfmt happy (I'm open to better ways of formatting the heredoc that embeds the Python script.) --- notify/smtp.sh | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 367021c8..6171cb9b 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -63,13 +63,13 @@ smtp_send() { SMTP_SECURE="${SMTP_SECURE:-$(_readaccountconf_mutable SMTP_SECURE)}" SMTP_SECURE="${SMTP_SECURE:-none}" case "$SMTP_SECURE" in - "none") SMTP_DEFAULT_PORT="25";; - "ssl") SMTP_DEFAULT_PORT="465";; - "tls") SMTP_DEFAULT_PORT="587";; - *) - _err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'." - return 1 - ;; + "none") SMTP_DEFAULT_PORT="25" ;; + "ssl") SMTP_DEFAULT_PORT="465" ;; + "tls") SMTP_DEFAULT_PORT="587" ;; + *) + _err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'." + return 1 + ;; esac SMTP_USERNAME="${SMTP_USERNAME:-$(_readaccountconf_mutable SMTP_USERNAME)}" @@ -125,7 +125,8 @@ _smtp_send() { fi # language=Python - smtp_send_output="$($SMTP_PYTHON < Date: Mon, 11 Jan 2021 11:46:26 -0800 Subject: [PATCH 0305/1526] Only save config if send is successful --- notify/smtp.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 6171cb9b..092bb2b9 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -78,6 +78,13 @@ smtp_send() { SMTP_TIMEOUT="${SMTP_TIMEOUT:-$(_readaccountconf_mutable SMTP_TIMEOUT)}" SMTP_DEFAULT_TIMEOUT="15" + # Send the message: + if ! _smtp_send "$@"; then + _err "$smtp_send_output" + return 1 + fi + + # Save remaining config if successful. (SMTP_PYTHON is saved earlier.) _saveaccountconf_mutable SMTP_FROM "$SMTP_FROM" _saveaccountconf_mutable SMTP_TO "$SMTP_TO" _saveaccountconf_mutable SMTP_HOST "$SMTP_HOST" @@ -87,12 +94,6 @@ smtp_send() { _saveaccountconf_mutable SMTP_PASSWORD "$SMTP_PASSWORD" _saveaccountconf_mutable SMTP_TIMEOUT "$SMTP_TIMEOUT" - # Send the message: - if ! _smtp_send "$@"; then - _err "$smtp_send_output" - return 1 - fi - return 0 } From e272fde95e260727de8ceaea05c2767a3eb6114f Mon Sep 17 00:00:00 2001 From: medmunds Date: Mon, 11 Jan 2021 12:59:51 -0800 Subject: [PATCH 0306/1526] Add instructions for reporting bugs --- notify/smtp.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/notify/smtp.sh b/notify/smtp.sh index 092bb2b9..a74ce092 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -2,6 +2,8 @@ # support smtp +# Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3358 + # This implementation uses Python (2 or 3), which is available in many environments. # If you don't have Python, try "mail" notification instead of "smtp". From 65a1b892e31ae3b5c2600965615d124c47b47955 Mon Sep 17 00:00:00 2001 From: medmunds Date: Sun, 14 Feb 2021 15:47:51 -0800 Subject: [PATCH 0307/1526] Prep for curl or Python; clean up SMTP_* variable usage --- notify/smtp.sh | 203 ++++++++++++++++++++++++++++--------------------- 1 file changed, 118 insertions(+), 85 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index a74ce092..cb29d0f7 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -4,8 +4,8 @@ # Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3358 -# This implementation uses Python (2 or 3), which is available in many environments. -# If you don't have Python, try "mail" notification instead of "smtp". +# This implementation uses either curl or Python (3 or 2.7). +# (See also the "mail" notify hook, which supports other ways to send mail.) # SMTP_FROM="from@example.com" # required # SMTP_TO="to@example.com" # required @@ -14,79 +14,132 @@ # SMTP_SECURE="none" # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS) # SMTP_USERNAME="" # set if SMTP server requires login # SMTP_PASSWORD="" # set if SMTP server requires login -# SMTP_TIMEOUT="15" # seconds for SMTP operations to timeout -# SMTP_PYTHON="/path/to/python" # defaults to system python3 or python +# SMTP_TIMEOUT="30" # seconds for SMTP operations to timeout +# SMTP_BIN="/path/to/curl_or_python" # default finds first of curl, python3, or python on PATH +# subject content statuscode smtp_send() { - # Find a Python interpreter: - SMTP_PYTHON="${SMTP_PYTHON:-$(_readaccountconf_mutable SMTP_PYTHON)}" - if [ "$SMTP_PYTHON" ]; then - if _exists "$SMTP_PYTHON"; then - _saveaccountconf_mutable SMTP_PYTHON "$SMTP_PYTHON" - else - _err "SMTP_PYTHON '$SMTP_PYTHON' does not exist." - return 1 - fi - else - # No SMTP_PYTHON setting; try to run default Python. - # (This is not saved with the conf.) - if _exists python3; then - SMTP_PYTHON="python3" - elif _exists python; then - SMTP_PYTHON="python" - else - _err "Can't locate Python interpreter; please define SMTP_PYTHON." + _SMTP_SUBJECT="$1" + _SMTP_CONTENT="$2" + # UNUSED: _statusCode="$3" # 0: success, 1: error 2($RENEW_SKIP): skipped + + # Load config: + SMTP_FROM="${SMTP_FROM:-$(_readaccountconf_mutable SMTP_FROM)}" + SMTP_TO="${SMTP_TO:-$(_readaccountconf_mutable SMTP_TO)}" + SMTP_HOST="${SMTP_HOST:-$(_readaccountconf_mutable SMTP_HOST)}" + SMTP_PORT="${SMTP_PORT:-$(_readaccountconf_mutable SMTP_PORT)}" + SMTP_SECURE="${SMTP_SECURE:-$(_readaccountconf_mutable SMTP_SECURE)}" + SMTP_USERNAME="${SMTP_USERNAME:-$(_readaccountconf_mutable SMTP_USERNAME)}" + SMTP_PASSWORD="${SMTP_PASSWORD:-$(_readaccountconf_mutable SMTP_PASSWORD)}" + SMTP_TIMEOUT="${SMTP_TIMEOUT:-$(_readaccountconf_mutable SMTP_TIMEOUT)}" + SMTP_BIN="${SMTP_BIN:-$(_readaccountconf_mutable SMTP_BIN)}" + + _debug "SMTP_FROM" "$SMTP_FROM" + _debug "SMTP_TO" "$SMTP_TO" + _debug "SMTP_HOST" "$SMTP_HOST" + _debug "SMTP_PORT" "$SMTP_PORT" + _debug "SMTP_SECURE" "$SMTP_SECURE" + _debug "SMTP_USERNAME" "$SMTP_USERNAME" + _secure_debug "SMTP_PASSWORD" "$SMTP_PASSWORD" + _debug "SMTP_TIMEOUT" "$SMTP_TIMEOUT" + _debug "SMTP_BIN" "$SMTP_BIN" + + _debug "_SMTP_SUBJECT" "$_SMTP_SUBJECT" + _debug "_SMTP_CONTENT" "$_SMTP_CONTENT" + + # Validate config and apply defaults: + # _SMTP_* variables are the resolved (with defaults) versions of SMTP_*. + # (The _SMTP_* versions will not be stored in account conf.) + + if [ -n "$SMTP_BIN" ] && ! _exists "$SMTP_BIN"; then + _err "SMTP_BIN '$SMTP_BIN' does not exist." + return 1 + fi + _SMTP_BIN="$SMTP_BIN" + if [ -z "$_SMTP_BIN" ]; then + # Look for a command that can communicate with an SMTP server. + # (Please don't add sendmail, ssmtp, mutt, mail, or msmtp here. + # Those are already handled by the "mail" notify hook.) + for cmd in curl python3 python2.7 python pypy3 pypy; do + if _exists "$cmd"; then + _SMTP_BIN="$cmd" + break + fi + done + if [ -z "$_SMTP_BIN" ]; then + _err "The smtp notify-hook requires curl or Python, but can't find any." + _err 'If you have one of them, define SMTP_BIN="/path/to/curl_or_python".' + _err 'Otherwise, see if you can use the "mail" notify-hook instead.' return 1 fi + _debug "_SMTP_BIN" "$_SMTP_BIN" fi - _debug "SMTP_PYTHON" "$SMTP_PYTHON" - _debug "Python version" "$($SMTP_PYTHON --version 2>&1)" - # Validate other settings: - SMTP_FROM="${SMTP_FROM:-$(_readaccountconf_mutable SMTP_FROM)}" if [ -z "$SMTP_FROM" ]; then _err "You must define SMTP_FROM as the sender email address." return 1 fi + _SMTP_FROM="$SMTP_FROM" - SMTP_TO="${SMTP_TO:-$(_readaccountconf_mutable SMTP_TO)}" if [ -z "$SMTP_TO" ]; then _err "You must define SMTP_TO as the recipient email address." return 1 fi + _SMTP_TO="$SMTP_TO" - SMTP_HOST="${SMTP_HOST:-$(_readaccountconf_mutable SMTP_HOST)}" if [ -z "$SMTP_HOST" ]; then _err "You must define SMTP_HOST as the SMTP server hostname." return 1 fi - SMTP_PORT="${SMTP_PORT:-$(_readaccountconf_mutable SMTP_PORT)}" + _SMTP_HOST="$SMTP_HOST" - SMTP_SECURE="${SMTP_SECURE:-$(_readaccountconf_mutable SMTP_SECURE)}" - SMTP_SECURE="${SMTP_SECURE:-none}" - case "$SMTP_SECURE" in - "none") SMTP_DEFAULT_PORT="25" ;; - "ssl") SMTP_DEFAULT_PORT="465" ;; - "tls") SMTP_DEFAULT_PORT="587" ;; + _SMTP_SECURE="${SMTP_SECURE:-none}" + case "$_SMTP_SECURE" in + "none") smtp_default_port="25" ;; + "ssl") smtp_default_port="465" ;; + "tls") smtp_default_port="587" ;; *) _err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'." return 1 ;; esac - SMTP_USERNAME="${SMTP_USERNAME:-$(_readaccountconf_mutable SMTP_USERNAME)}" - SMTP_PASSWORD="${SMTP_PASSWORD:-$(_readaccountconf_mutable SMTP_PASSWORD)}" + _SMTP_PORT="${SMTP_PORT:-$smtp_default_port}" + if [ -z "$SMTP_PORT" ]; then + _debug "_SMTP_PORT" "$_SMTP_PORT" + fi - SMTP_TIMEOUT="${SMTP_TIMEOUT:-$(_readaccountconf_mutable SMTP_TIMEOUT)}" - SMTP_DEFAULT_TIMEOUT="15" + _SMTP_USERNAME="$SMTP_USERNAME" + _SMTP_PASSWORD="$SMTP_PASSWORD" + _SMTP_TIMEOUT="${SMTP_TIMEOUT:-30}" + + # Run with --debug 2 (or above) to echo the transcript of the SMTP session. + # Careful: this may include SMTP_PASSWORD in plaintext! + if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then + _SMTP_SHOW_TRANSCRIPT="True" + else + _SMTP_SHOW_TRANSCRIPT="" + fi # Send the message: - if ! _smtp_send "$@"; then - _err "$smtp_send_output" + case "$(basename "$_SMTP_BIN")" in + curl) _smtp_send=_smtp_send_curl ;; + py*) _smtp_send=_smtp_send_python ;; + *) + _err "Can't figure out how to invoke $_SMTP_BIN." + _err "Please re-run with --debug and report a bug." + return 1 + ;; + esac + + if ! smtp_output="$($_smtp_send)"; then + _err "Error sending message with $_SMTP_BIN." + _err "${smtp_output:-(No additional details; try --debug or --debug 2)}" return 1 fi - # Save remaining config if successful. (SMTP_PYTHON is saved earlier.) + # Save config only if send was successful: + _saveaccountconf_mutable SMTP_BIN "$SMTP_BIN" _saveaccountconf_mutable SMTP_FROM "$SMTP_FROM" _saveaccountconf_mutable SMTP_TO "$SMTP_TO" _saveaccountconf_mutable SMTP_HOST "$SMTP_HOST" @@ -99,37 +152,21 @@ smtp_send() { return 0 } -# _send subject content statuscode -# Send the message via Python using SMTP_* settings -_smtp_send() { - _subject="$1" - _content="$2" - _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped - _debug "_subject" "$_subject" - _debug "_content" "$_content" - _debug "_statusCode" "$_statusCode" - _debug "SMTP_FROM" "$SMTP_FROM" - _debug "SMTP_TO" "$SMTP_TO" - _debug "SMTP_HOST" "$SMTP_HOST" - _debug "SMTP_PORT" "$SMTP_PORT" - _debug "SMTP_DEFAULT_PORT" "$SMTP_DEFAULT_PORT" - _debug "SMTP_SECURE" "$SMTP_SECURE" - _debug "SMTP_USERNAME" "$SMTP_USERNAME" - _secure_debug "SMTP_PASSWORD" "$SMTP_PASSWORD" - _debug "SMTP_TIMEOUT" "$SMTP_TIMEOUT" - _debug "SMTP_DEFAULT_TIMEOUT" "$SMTP_DEFAULT_TIMEOUT" +# Send the message via curl using _SMTP_* variables +_smtp_send_curl() { + # TODO: implement + echo "_smtp_send_curl not implemented" + return 1 +} - if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then - # Output the SMTP server dialogue. (Note this will include SMTP_PASSWORD!) - smtp_debug="True" - else - smtp_debug="" - fi + +# Send the message via Python using _SMTP_* variables +_smtp_send_python() { + _debug "Python version" "$("$_SMTP_BIN" --version 2>&1)" # language=Python - smtp_send_output="$( - $SMTP_PYTHON < Date: Sun, 14 Feb 2021 19:56:23 -0800 Subject: [PATCH 0308/1526] Implement curl version of smtp notify-hook --- notify/smtp.sh | 111 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 105 insertions(+), 6 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index cb29d0f7..44a5821f 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -127,14 +127,16 @@ smtp_send() { py*) _smtp_send=_smtp_send_python ;; *) _err "Can't figure out how to invoke $_SMTP_BIN." - _err "Please re-run with --debug and report a bug." + _err "Check your SMTP_BIN setting." return 1 ;; esac if ! smtp_output="$($_smtp_send)"; then _err "Error sending message with $_SMTP_BIN." - _err "${smtp_output:-(No additional details; try --debug or --debug 2)}" + if [ -n "$smtp_output" ]; then + _err "$smtp_output" + fi return 1 fi @@ -152,12 +154,109 @@ smtp_send() { return 0 } - # Send the message via curl using _SMTP_* variables _smtp_send_curl() { - # TODO: implement - echo "_smtp_send_curl not implemented" - return 1 + # curl passes --mail-from and --mail-rcpt directly to the SMTP protocol without + # additional parsing, and SMTP requires addr-spec only (no display names). + # In the future, maybe try to parse the addr-spec out for curl args (non-trivial). + if _email_has_display_name "$_SMTP_FROM"; then + _err "curl smtp only allows a simple email address in SMTP_FROM." + _err "Change your SMTP_FROM='$SMTP_FROM' to remove the display name." + return 1 + fi + if _email_has_display_name "$_SMTP_TO"; then + _err "curl smtp only allows simple email addresses in SMTP_TO." + _err "Change your SMTP_TO='$SMTP_TO' to remove the display name(s)." + return 1 + fi + + # Build curl args in $@ + + case "$_SMTP_SECURE" in + none) + set -- --url "smtp://${_SMTP_HOST}:${_SMTP_PORT}" + ;; + ssl) + set -- --url "smtps://${_SMTP_HOST}:${_SMTP_PORT}" + ;; + tls) + set -- --url "smtp://${_SMTP_HOST}:${_SMTP_PORT}" --ssl-reqd + ;; + *) + # This will only occur if someone adds a new SMTP_SECURE option above + # without updating this code for it. + _err "Unhandled _SMTP_SECURE='$_SMTP_SECURE' in _smtp_send_curl" + _err "Please re-run with --debug and report a bug." + return 1 + ;; + esac + + set -- "$@" \ + --upload-file - \ + --mail-from "$_SMTP_FROM" \ + --max-time "$_SMTP_TIMEOUT" + + # Burst comma-separated $_SMTP_TO into individual --mail-rcpt args. + _to="${_SMTP_TO}," + while [ -n "$_to" ]; do + _rcpt="${_to%%,*}" + _to="${_to#*,}" + set -- "$@" --mail-rcpt "$_rcpt" + done + + _smtp_login="${_SMTP_USERNAME}:${_SMTP_PASSWORD}" + if [ "$_smtp_login" != ":" ]; then + set -- "$@" --user "$_smtp_login" + fi + + if [ "$_SMTP_SHOW_TRANSCRIPT" = "True" ]; then + set -- "$@" --verbose + else + set -- "$@" --silent --show-error + fi + + raw_message="$(_smtp_raw_message)" + + _debug2 "curl command:" "$_SMTP_BIN" "$*" + _debug2 "raw_message:\n$raw_message" + + echo "$raw_message" | "$_SMTP_BIN" "$@" +} + +# Output an RFC-822 / RFC-5322 email message using _SMTP_* variables +_smtp_raw_message() { + echo "From: $_SMTP_FROM" + echo "To: $_SMTP_TO" + echo "Subject: $(_mime_encoded_word "$_SMTP_SUBJECT")" + if _exists date; then + echo "Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')" + fi + echo "Content-Type: text/plain; charset=utf-8" + echo "X-Mailer: acme.sh --notify-hook smtp" + echo + echo "$_SMTP_CONTENT" +} + +# Convert text to RFC-2047 MIME "encoded word" format if it contains non-ASCII chars +# text +_mime_encoded_word() { + _text="$1" + # (regex character ranges like [a-z] can be locale-dependent; enumerate ASCII chars to avoid that) + _ascii='] $`"'"[!#%&'()*+,./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ~^_abcdefghijklmnopqrstuvwxyz{|}~-" + if expr "$_text" : "^.*[^$_ascii]" >/dev/null; then + # At least one non-ASCII char; convert entire thing to encoded word + printf "%s" "=?UTF-8?B?$(printf "%s" "$_text" | _base64)?=" + else + # Just printable ASCII, no conversion needed + printf "%s" "$_text" + fi +} + +# Simple check for display name in an email address (< > or ") +# email +_email_has_display_name() { + _email="$1" + expr "$_email" : '^.*[<>"]' > /dev/null } From fe3e8a7bb6fc93daf938f965fbf0b260803c7b19 Mon Sep 17 00:00:00 2001 From: medmunds Date: Sun, 14 Feb 2021 20:06:07 -0800 Subject: [PATCH 0309/1526] More than one blank line is an abomination, apparently I will not try to use whitespace to group code visually --- notify/smtp.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 44a5821f..c9927e3e 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -256,10 +256,9 @@ _mime_encoded_word() { # email _email_has_display_name() { _email="$1" - expr "$_email" : '^.*[<>"]' > /dev/null + expr "$_email" : '^.*[<>"]' >/dev/null } - # Send the message via Python using _SMTP_* variables _smtp_send_python() { _debug "Python version" "$("$_SMTP_BIN" --version 2>&1)" From 06fb3d94767e475df2c4c0bcb418994f6554674e Mon Sep 17 00:00:00 2001 From: Mike Edmunds Date: Sun, 14 Feb 2021 23:01:21 -0800 Subject: [PATCH 0310/1526] Fix: Unifi deploy hook support Unifi Cloud Key (#3327) * fix: unifi deploy hook also update Cloud Key nginx certs When running on a Unifi Cloud Key device, also deploy to /etc/ssl/private/cloudkey.{crt,key} and reload nginx. This makes the new cert available for the Cloud Key management app running via nginx on port 443 (as well as the port 8443 Unifi Controller app the deploy hook already supported). Fixes #3326 * Improve settings documentation comments * Improve Cloud Key pre-flight error messaging * Fix typo * Add support for UnifiOS (Cloud Key Gen2) Since UnifiOS does not use the Java keystore (like a Unifi Controller or Cloud Key Gen1 deploy), this also reworks the settings validation and error messaging somewhat. * PR review fixes * Detect unsupported Cloud Key java keystore location * Don't try to restart inactive services (and remove extra spaces from reload command) * Clean up error messages and internal variables * Change to _getdeployconf/_savedeployconf * Switch from cp to cat to preserve file permissions --- deploy/unifi.sh | 220 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 167 insertions(+), 53 deletions(-) diff --git a/deploy/unifi.sh b/deploy/unifi.sh index 184aa62e..a864135e 100644 --- a/deploy/unifi.sh +++ b/deploy/unifi.sh @@ -1,12 +1,43 @@ #!/usr/bin/env sh -#Here is a script to deploy cert to unifi server. +# Here is a script to deploy cert on a Unifi Controller or Cloud Key device. +# It supports: +# - self-hosted Unifi Controller +# - Unifi Cloud Key (Gen1/2/2+) +# - Unifi Cloud Key running UnifiOS (v2.0.0+, Gen2/2+ only) +# Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3359 #returns 0 means success, otherwise error. +# The deploy-hook automatically detects standard Unifi installations +# for each of the supported environments. Most users should not need +# to set any of these variables, but if you are running a self-hosted +# Controller with custom locations, set these as necessary before running +# the deploy hook. (Defaults shown below.) +# +# Settings for Unifi Controller: +# Location of Java keystore or unifi.keystore.jks file: #DEPLOY_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore" +# Keystore password (built into Unifi Controller, not a user-set password): #DEPLOY_UNIFI_KEYPASS="aircontrolenterprise" +# Command to restart Unifi Controller: #DEPLOY_UNIFI_RELOAD="service unifi restart" +# +# Settings for Unifi Cloud Key Gen1 (nginx admin pages): +# Directory where cloudkey.crt and cloudkey.key live: +#DEPLOY_UNIFI_CLOUDKEY_CERTDIR="/etc/ssl/private" +# Command to restart maintenance pages and Controller +# (same setting as above, default is updated when running on Cloud Key Gen1): +#DEPLOY_UNIFI_RELOAD="service nginx restart && service unifi restart" +# +# Settings for UnifiOS (Cloud Key Gen2): +# Directory where unifi-core.crt and unifi-core.key live: +#DEPLOY_UNIFI_CORE_CONFIG="/data/unifi-core/config/" +# Command to restart unifi-core: +#DEPLOY_UNIFI_RELOAD="systemctl restart unifi-core" +# +# At least one of DEPLOY_UNIFI_KEYSTORE, DEPLOY_UNIFI_CLOUDKEY_CERTDIR, +# or DEPLOY_UNIFI_CORE_CONFIG must exist to receive the deployed certs. ######## Public functions ##################### @@ -24,77 +55,160 @@ unifi_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - if ! _exists keytool; then - _err "keytool not found" - return 1 - fi + _getdeployconf DEPLOY_UNIFI_KEYSTORE + _getdeployconf DEPLOY_UNIFI_KEYPASS + _getdeployconf DEPLOY_UNIFI_CLOUDKEY_CERTDIR + _getdeployconf DEPLOY_UNIFI_CORE_CONFIG + _getdeployconf DEPLOY_UNIFI_RELOAD + + _debug2 DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE" + _debug2 DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS" + _debug2 DEPLOY_UNIFI_CLOUDKEY_CERTDIR "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" + _debug2 DEPLOY_UNIFI_CORE_CONFIG "$DEPLOY_UNIFI_CORE_CONFIG" + _debug2 DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD" + + # Space-separated list of environments detected and installed: + _services_updated="" + + # Default reload commands accumulated as we auto-detect environments: + _reload_cmd="" + + # Unifi Controller environment (self hosted or any Cloud Key) -- + # auto-detect by file /usr/lib/unifi/data/keystore: + _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-/usr/lib/unifi/data/keystore}" + if [ -f "$_unifi_keystore" ]; then + _info "Installing certificate for Unifi Controller (Java keystore)" + _debug _unifi_keystore "$_unifi_keystore" + if ! _exists keytool; then + _err "keytool not found" + return 1 + fi + if [ ! -w "$_unifi_keystore" ]; then + _err "The file $_unifi_keystore is not writable, please change the permission." + return 1 + fi + + _unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-aircontrolenterprise}" - DEFAULT_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore" - _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-$DEFAULT_UNIFI_KEYSTORE}" - DEFAULT_UNIFI_KEYPASS="aircontrolenterprise" - _unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-$DEFAULT_UNIFI_KEYPASS}" - DEFAULT_UNIFI_RELOAD="service unifi restart" - _reload="${DEPLOY_UNIFI_RELOAD:-$DEFAULT_UNIFI_RELOAD}" - - _debug _unifi_keystore "$_unifi_keystore" - if [ ! -f "$_unifi_keystore" ]; then - if [ -z "$DEPLOY_UNIFI_KEYSTORE" ]; then - _err "unifi keystore is not found, please define DEPLOY_UNIFI_KEYSTORE" + _debug "Generate import pkcs12" + _import_pkcs12="$(_mktemp)" + _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root + # shellcheck disable=SC2181 + if [ "$?" != "0" ]; then + _err "Error generating pkcs12. Please re-run with --debug and report a bug." return 1 + fi + + _debug "Import into keystore: $_unifi_keystore" + if keytool -importkeystore \ + -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \ + -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \ + -alias unifi -noprompt; then + _debug "Import keystore success!" + rm "$_import_pkcs12" else - _err "It seems that the specified unifi keystore is not valid, please check." + _err "Error importing into Unifi Java keystore." + _err "Please re-run with --debug and report a bug." + rm "$_import_pkcs12" return 1 fi + + if systemctl -q is-active unifi; then + _reload_cmd="${_reload_cmd:+$_reload_cmd && }service unifi restart" + fi + _services_updated="${_services_updated} unifi" + _info "Install Unifi Controller certificate success!" + elif [ "$DEPLOY_UNIFI_KEYSTORE" ]; then + _err "The specified DEPLOY_UNIFI_KEYSTORE='$DEPLOY_UNIFI_KEYSTORE' is not valid, please check." + return 1 fi - if [ ! -w "$_unifi_keystore" ]; then - _err "The file $_unifi_keystore is not writable, please change the permission." + + # Cloud Key environment (non-UnifiOS -- nginx serves admin pages) -- + # auto-detect by file /etc/ssl/private/cloudkey.key: + _cloudkey_certdir="${DEPLOY_UNIFI_CLOUDKEY_CERTDIR:-/etc/ssl/private}" + if [ -f "${_cloudkey_certdir}/cloudkey.key" ]; then + _info "Installing certificate for Cloud Key Gen1 (nginx admin pages)" + _debug _cloudkey_certdir "$_cloudkey_certdir" + if [ ! -w "$_cloudkey_certdir" ]; then + _err "The directory $_cloudkey_certdir is not writable; please check permissions." + return 1 + fi + # Cloud Key expects to load the keystore from /etc/ssl/private/unifi.keystore.jks. + # Normally /usr/lib/unifi/data/keystore is a symlink there (so the keystore was + # updated above), but if not, we don't know how to handle this installation: + if ! cmp -s "$_unifi_keystore" "${_cloudkey_certdir}/unifi.keystore.jks"; then + _err "Unsupported Cloud Key configuration: keystore not found at '${_cloudkey_certdir}/unifi.keystore.jks'" + return 1 + fi + + cat "$_cfullchain" >"${_cloudkey_certdir}/cloudkey.crt" + cat "$_ckey" >"${_cloudkey_certdir}/cloudkey.key" + (cd "$_cloudkey_certdir" && tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks) + + if systemctl -q is-active nginx; then + _reload_cmd="${_reload_cmd:+$_reload_cmd && }service nginx restart" + fi + _info "Install Cloud Key Gen1 certificate success!" + _services_updated="${_services_updated} nginx" + elif [ "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" ]; then + _err "The specified DEPLOY_UNIFI_CLOUDKEY_CERTDIR='$DEPLOY_UNIFI_CLOUDKEY_CERTDIR' is not valid, please check." return 1 fi - _info "Generate import pkcs12" - _import_pkcs12="$(_mktemp)" - _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root - if [ "$?" != "0" ]; then - _err "Oops, error creating import pkcs12, please report bug to us." + # UnifiOS environment -- auto-detect by /data/unifi-core/config/unifi-core.key: + _unifi_core_config="${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}" + if [ -f "${_unifi_core_config}/unifi-core.key" ]; then + _info "Installing certificate for UnifiOS" + _debug _unifi_core_config "$_unifi_core_config" + if [ ! -w "$_unifi_core_config" ]; then + _err "The directory $_unifi_core_config is not writable; please check permissions." + return 1 + fi + + cat "$_cfullchain" >"${_unifi_core_config}/unifi-core.crt" + cat "$_ckey" >"${_unifi_core_config}/unifi-core.key" + + if systemctl -q is-active unifi-core; then + _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi-core" + fi + _info "Install UnifiOS certificate success!" + _services_updated="${_services_updated} unifi-core" + elif [ "$DEPLOY_UNIFI_CORE_CONFIG" ]; then + _err "The specified DEPLOY_UNIFI_CORE_CONFIG='$DEPLOY_UNIFI_CORE_CONFIG' is not valid, please check." return 1 fi - _info "Modify unifi keystore: $_unifi_keystore" - if keytool -importkeystore \ - -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \ - -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \ - -alias unifi -noprompt; then - _info "Import keystore success!" - rm "$_import_pkcs12" - else - _err "Import unifi keystore error, please report bug to us." - rm "$_import_pkcs12" + if [ -z "$_services_updated" ]; then + # None of the Unifi environments were auto-detected, so no deployment has occurred + # (and none of DEPLOY_UNIFI_{KEYSTORE,CLOUDKEY_CERTDIR,CORE_CONFIG} were set). + _err "Unable to detect Unifi environment in standard location." + _err "(This deploy hook must be run on the Unifi device, not a remote machine.)" + _err "For non-standard Unifi installations, set DEPLOY_UNIFI_KEYSTORE," + _err "DEPLOY_UNIFI_CLOUDKEY_CERTDIR, and/or DEPLOY_UNIFI_CORE_CONFIG as appropriate." return 1 fi - _info "Run reload: $_reload" - if eval "$_reload"; then + _reload_cmd="${DEPLOY_UNIFI_RELOAD:-$_reload_cmd}" + if [ -z "$_reload_cmd" ]; then + _err "Certificates were installed for services:${_services_updated}," + _err "but none appear to be active. Please set DEPLOY_UNIFI_RELOAD" + _err "to a command that will restart the necessary services." + return 1 + fi + _info "Reload services (this may take some time): $_reload_cmd" + if eval "$_reload_cmd"; then _info "Reload success!" - if [ "$DEPLOY_UNIFI_KEYSTORE" ]; then - _savedomainconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE" - else - _cleardomainconf DEPLOY_UNIFI_KEYSTORE - fi - if [ "$DEPLOY_UNIFI_KEYPASS" ]; then - _savedomainconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS" - else - _cleardomainconf DEPLOY_UNIFI_KEYPASS - fi - if [ "$DEPLOY_UNIFI_RELOAD" ]; then - _savedomainconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD" - else - _cleardomainconf DEPLOY_UNIFI_RELOAD - fi - return 0 else _err "Reload error" return 1 fi - return 0 + # Successful, so save all (non-default) config: + _savedeployconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE" + _savedeployconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS" + _savedeployconf DEPLOY_UNIFI_CLOUDKEY_CERTDIR "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" + _savedeployconf DEPLOY_UNIFI_CORE_CONFIG "$DEPLOY_UNIFI_CORE_CONFIG" + _savedeployconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD" + + return 0 } From 8fbec785e826370974a3ccf68a9136fb617dcd7f Mon Sep 17 00:00:00 2001 From: Easton Man Date: Mon, 15 Feb 2021 15:18:49 +0800 Subject: [PATCH 0311/1526] feat: add huaweicloud error handling --- dnsapi/dns_huaweicloud.sh | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index 74fec2a9..f7192725 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -5,7 +5,7 @@ # HUAWEICLOUD_ProjectID iam_api="https://iam.myhuaweicloud.com" -dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" +dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work ######## Public functions ##################### @@ -29,16 +29,27 @@ dns_huaweicloud_add() { return 1 fi + unset token # Clear token token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" - _debug2 "${token}" + if [ -z "${token}" ]; then # Check token + _err "dns_api(dns_huaweicloud): Error getting token." + return 1 + fi + _debug "Access token is: ${token}" + + unset zoneid zoneid="$(_get_zoneid "${token}" "${fulldomain}")" - _debug "${zoneid}" + if [ -z "${zoneid}" ]; then + _err "dns_api(dns_huaweicloud): Error getting zone id." + return 1 + fi + _debug "Zone ID is: ${zoneid}" _debug "Adding Record" _add_record "${token}" "${fulldomain}" "${txtvalue}" ret="$?" if [ "${ret}" != "0" ]; then - _err "dns_huaweicloud: Error adding record." + _err "dns_api(dns_huaweicloud): Error adding record." return 1 fi @@ -69,12 +80,21 @@ dns_huaweicloud_rm() { return 1 fi + unset token # Clear token token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" - _debug2 "${token}" + if [ -z "${token}" ]; then # Check token + _err "dns_api(dns_huaweicloud): Error getting token." + return 1 + fi + _debug "Access token is: ${token}" + + unset zoneid zoneid="$(_get_zoneid "${token}" "${fulldomain}")" - _debug "${zoneid}" - record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" - _debug "Record Set ID is: ${record_id}" + if [ -z "${zoneid}" ]; then + _err "dns_api(dns_huaweicloud): Error getting zone id." + return 1 + fi + _debug "Zone ID is: ${zoneid}" # Remove all records # Therotically HuaweiCloud does not allow more than one record set From c090c19bfee692b69a31984c5eb40d367f38592d Mon Sep 17 00:00:00 2001 From: Easton Man Date: Mon, 15 Feb 2021 15:19:18 +0800 Subject: [PATCH 0312/1526] fix: fix freebsd and solaris --- .github/workflows/DNS.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 5dc2d453..ed0426ad 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -184,7 +184,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.0.7 + - uses: vmactions/freebsd-vm@v0.1.2 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl @@ -223,7 +223,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.1 + - uses: vmactions/solaris-vm@v0.0.3 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkgutil -y -i socat curl From fe0bee21b0a1a545e939357438f9c46d0cc13a7e Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 15 Feb 2021 21:25:27 +0800 Subject: [PATCH 0313/1526] support openssl 3.0 fix https://github.com/acmesh-official/acme.sh/issues/3399 --- acme.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index a9301e10..2cb9dd00 100755 --- a/acme.sh +++ b/acme.sh @@ -1122,9 +1122,14 @@ _createkey() { fi fi + __traditional="" + if _contains "$(${ACME_OPENSSL_BIN:-openssl} help genrsa 2>&1)" "-traditional"; then + __traditional="-traditional" + fi + if _isEccKey "$length"; then _debug "Using ec name: $eccname" - if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null)"; then + if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam $__traditional -name "$eccname" -genkey 2>/dev/null)"; then echo "$_opkey" >"$f" else _err "error ecc key name: $eccname" @@ -1132,7 +1137,7 @@ _createkey() { fi else _debug "Using RSA: $length" - if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa "$length" 2>/dev/null)"; then + if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa $__traditional "$length" 2>/dev/null)"; then echo "$_opkey" >"$f" else _err "error rsa key: $length" From ae5a6d330d139c150b6011664a9e55d7d5e899ed Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 15 Feb 2021 21:35:59 +0800 Subject: [PATCH 0314/1526] make the fix for rsa key only --- acme.sh | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/acme.sh b/acme.sh index 2cb9dd00..5e9829a4 100755 --- a/acme.sh +++ b/acme.sh @@ -1122,14 +1122,9 @@ _createkey() { fi fi - __traditional="" - if _contains "$(${ACME_OPENSSL_BIN:-openssl} help genrsa 2>&1)" "-traditional"; then - __traditional="-traditional" - fi - if _isEccKey "$length"; then _debug "Using ec name: $eccname" - if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam $__traditional -name "$eccname" -genkey 2>/dev/null)"; then + if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null)"; then echo "$_opkey" >"$f" else _err "error ecc key name: $eccname" @@ -1137,6 +1132,10 @@ _createkey() { fi else _debug "Using RSA: $length" + __traditional="" + if _contains "$(${ACME_OPENSSL_BIN:-openssl} help genrsa 2>&1)" "-traditional"; then + __traditional="-traditional" + fi if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa $__traditional "$length" 2>/dev/null)"; then echo "$_opkey" >"$f" else From dc8d91ea39e897679cf02ecb416758afa8df2ba3 Mon Sep 17 00:00:00 2001 From: medmunds Date: Mon, 15 Feb 2021 12:23:48 -0800 Subject: [PATCH 0315/1526] Use PROJECT_NAME and VER for X-Mailer header Also add X-Mailer header to Python version --- notify/smtp.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index c9927e3e..bb71a563 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -112,6 +112,7 @@ smtp_send() { _SMTP_USERNAME="$SMTP_USERNAME" _SMTP_PASSWORD="$SMTP_PASSWORD" _SMTP_TIMEOUT="${SMTP_TIMEOUT:-30}" + _SMTP_X_MAILER="${PROJECT_NAME} ${VER} --notify-hook smtp" # Run with --debug 2 (or above) to echo the transcript of the SMTP session. # Careful: this may include SMTP_PASSWORD in plaintext! @@ -232,7 +233,7 @@ _smtp_raw_message() { echo "Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')" fi echo "Content-Type: text/plain; charset=utf-8" - echo "X-Mailer: acme.sh --notify-hook smtp" + echo "X-Mailer: $_SMTP_X_MAILER" echo echo "$_SMTP_CONTENT" } @@ -286,6 +287,7 @@ smtp_secure = """$_SMTP_SECURE""" username = """$_SMTP_USERNAME""" password = """$_SMTP_PASSWORD""" timeout=int("""$_SMTP_TIMEOUT""") # seconds +x_mailer="""$_SMTP_X_MAILER""" from_email="""$_SMTP_FROM""" to_emails="""$_SMTP_TO""" # can be comma-separated @@ -301,6 +303,7 @@ except (AttributeError, TypeError): msg["Subject"] = subject msg["From"] = from_email msg["To"] = to_emails +msg["X-Mailer"] = x_mailer smtp = None try: From d1cdc1c6a0e81fc1201b38869d52e67d192e94a2 Mon Sep 17 00:00:00 2001 From: medmunds Date: Tue, 16 Feb 2021 09:33:39 -0800 Subject: [PATCH 0316/1526] Add _clearaccountconf_mutable() --- acme.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/acme.sh b/acme.sh index 5e9829a4..757ed7a5 100755 --- a/acme.sh +++ b/acme.sh @@ -2283,6 +2283,13 @@ _clearaccountconf() { _clear_conf "$ACCOUNT_CONF_PATH" "$1" } +#key +_clearaccountconf_mutable() { + _clearaccountconf "SAVED_$1" + #remove later + _clearaccountconf "$1" +} + #_savecaconf key value _savecaconf() { _save_conf "$CA_CONF" "$1" "$2" From d0445455200076f2470752fad648c61c2c48780c Mon Sep 17 00:00:00 2001 From: medmunds Date: Tue, 16 Feb 2021 12:49:27 -0800 Subject: [PATCH 0317/1526] Rework read/save config to not save default values Add and use _readaccountconf_mutable_default and _saveaccountconf_mutable_default helpers to capture common default value handling. New approach also eliminates need for separate underscore-prefixed version of each conf var. --- notify/smtp.sh | 255 +++++++++++++++++++++++++++++-------------------- 1 file changed, 149 insertions(+), 106 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index bb71a563..85801604 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -17,155 +17,150 @@ # SMTP_TIMEOUT="30" # seconds for SMTP operations to timeout # SMTP_BIN="/path/to/curl_or_python" # default finds first of curl, python3, or python on PATH +SMTP_SECURE_DEFAULT="none" +SMTP_TIMEOUT_DEFAULT="30" + # subject content statuscode smtp_send() { - _SMTP_SUBJECT="$1" - _SMTP_CONTENT="$2" + SMTP_SUBJECT="$1" + SMTP_CONTENT="$2" # UNUSED: _statusCode="$3" # 0: success, 1: error 2($RENEW_SKIP): skipped - # Load config: - SMTP_FROM="${SMTP_FROM:-$(_readaccountconf_mutable SMTP_FROM)}" - SMTP_TO="${SMTP_TO:-$(_readaccountconf_mutable SMTP_TO)}" - SMTP_HOST="${SMTP_HOST:-$(_readaccountconf_mutable SMTP_HOST)}" - SMTP_PORT="${SMTP_PORT:-$(_readaccountconf_mutable SMTP_PORT)}" - SMTP_SECURE="${SMTP_SECURE:-$(_readaccountconf_mutable SMTP_SECURE)}" - SMTP_USERNAME="${SMTP_USERNAME:-$(_readaccountconf_mutable SMTP_USERNAME)}" - SMTP_PASSWORD="${SMTP_PASSWORD:-$(_readaccountconf_mutable SMTP_PASSWORD)}" - SMTP_TIMEOUT="${SMTP_TIMEOUT:-$(_readaccountconf_mutable SMTP_TIMEOUT)}" - SMTP_BIN="${SMTP_BIN:-$(_readaccountconf_mutable SMTP_BIN)}" - - _debug "SMTP_FROM" "$SMTP_FROM" - _debug "SMTP_TO" "$SMTP_TO" - _debug "SMTP_HOST" "$SMTP_HOST" - _debug "SMTP_PORT" "$SMTP_PORT" - _debug "SMTP_SECURE" "$SMTP_SECURE" - _debug "SMTP_USERNAME" "$SMTP_USERNAME" - _secure_debug "SMTP_PASSWORD" "$SMTP_PASSWORD" - _debug "SMTP_TIMEOUT" "$SMTP_TIMEOUT" - _debug "SMTP_BIN" "$SMTP_BIN" - - _debug "_SMTP_SUBJECT" "$_SMTP_SUBJECT" - _debug "_SMTP_CONTENT" "$_SMTP_CONTENT" - - # Validate config and apply defaults: - # _SMTP_* variables are the resolved (with defaults) versions of SMTP_*. - # (The _SMTP_* versions will not be stored in account conf.) - + # Load and validate config: + SMTP_BIN="$(_readaccountconf_mutable_default SMTP_BIN)" if [ -n "$SMTP_BIN" ] && ! _exists "$SMTP_BIN"; then _err "SMTP_BIN '$SMTP_BIN' does not exist." return 1 fi - _SMTP_BIN="$SMTP_BIN" - if [ -z "$_SMTP_BIN" ]; then + if [ -z "$SMTP_BIN" ]; then # Look for a command that can communicate with an SMTP server. # (Please don't add sendmail, ssmtp, mutt, mail, or msmtp here. # Those are already handled by the "mail" notify hook.) for cmd in curl python3 python2.7 python pypy3 pypy; do if _exists "$cmd"; then - _SMTP_BIN="$cmd" + SMTP_BIN="$cmd" break fi done - if [ -z "$_SMTP_BIN" ]; then + if [ -z "$SMTP_BIN" ]; then _err "The smtp notify-hook requires curl or Python, but can't find any." _err 'If you have one of them, define SMTP_BIN="/path/to/curl_or_python".' _err 'Otherwise, see if you can use the "mail" notify-hook instead.' return 1 fi - _debug "_SMTP_BIN" "$_SMTP_BIN" fi + _debug SMTP_BIN "$SMTP_BIN" + _saveaccountconf_mutable_default SMTP_BIN "$SMTP_BIN" + SMTP_FROM="$(_readaccountconf_mutable_default SMTP_FROM)" if [ -z "$SMTP_FROM" ]; then _err "You must define SMTP_FROM as the sender email address." return 1 fi - _SMTP_FROM="$SMTP_FROM" + _debug SMTP_FROM "$SMTP_FROM" + _saveaccountconf_mutable_default SMTP_FROM "$SMTP_FROM" + SMTP_TO="$(_readaccountconf_mutable_default SMTP_TO)" if [ -z "$SMTP_TO" ]; then _err "You must define SMTP_TO as the recipient email address." return 1 fi - _SMTP_TO="$SMTP_TO" + _debug SMTP_TO "$SMTP_TO" + _saveaccountconf_mutable_default SMTP_TO "$SMTP_TO" + SMTP_HOST="$(_readaccountconf_mutable_default SMTP_HOST)" if [ -z "$SMTP_HOST" ]; then _err "You must define SMTP_HOST as the SMTP server hostname." return 1 fi - _SMTP_HOST="$SMTP_HOST" - - _SMTP_SECURE="${SMTP_SECURE:-none}" - case "$_SMTP_SECURE" in - "none") smtp_default_port="25" ;; - "ssl") smtp_default_port="465" ;; - "tls") smtp_default_port="587" ;; + _debug SMTP_HOST "$SMTP_HOST" + _saveaccountconf_mutable_default SMTP_HOST "$SMTP_HOST" + + SMTP_SECURE="$(_readaccountconf_mutable_default SMTP_SECURE "$SMTP_SECURE_DEFAULT")" + case "$SMTP_SECURE" in + "none") smtp_port_default="25" ;; + "ssl") smtp_port_default="465" ;; + "tls") smtp_port_default="587" ;; *) _err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'." return 1 ;; esac + _debug SMTP_SECURE "$SMTP_SECURE" + _saveaccountconf_mutable_default SMTP_SECURE "$SMTP_SECURE" "$SMTP_SECURE_DEFAULT" - _SMTP_PORT="${SMTP_PORT:-$smtp_default_port}" - if [ -z "$SMTP_PORT" ]; then - _debug "_SMTP_PORT" "$_SMTP_PORT" - fi + SMTP_PORT="$(_readaccountconf_mutable_default SMTP_PORT "$smtp_port_default")" + case "$SMTP_PORT" in + *[!0-9]*) + _err "Invalid SMTP_PORT='$SMTP_PORT'. It must be a port number." + return 1 + ;; + esac + _debug SMTP_PORT "$SMTP_PORT" + _saveaccountconf_mutable_default SMTP_PORT "$SMTP_PORT" "$smtp_port_default" + + SMTP_USERNAME="$(_readaccountconf_mutable_default SMTP_USERNAME)" + _debug SMTP_USERNAME "$SMTP_USERNAME" + _saveaccountconf_mutable_default SMTP_USERNAME "$SMTP_USERNAME" + + SMTP_PASSWORD="$(_readaccountconf_mutable_default SMTP_PASSWORD)" + _secure_debug SMTP_PASSWORD "$SMTP_PASSWORD" + _saveaccountconf_mutable_default SMTP_PASSWORD "$SMTP_PASSWORD" - _SMTP_USERNAME="$SMTP_USERNAME" - _SMTP_PASSWORD="$SMTP_PASSWORD" - _SMTP_TIMEOUT="${SMTP_TIMEOUT:-30}" - _SMTP_X_MAILER="${PROJECT_NAME} ${VER} --notify-hook smtp" + SMTP_TIMEOUT="$(_readaccountconf_mutable_default SMTP_TIMEOUT "$SMTP_TIMEOUT_DEFAULT")" + _debug SMTP_TIMEOUT "$SMTP_TIMEOUT" + _saveaccountconf_mutable_default SMTP_TIMEOUT "$SMTP_TIMEOUT" "$SMTP_TIMEOUT_DEFAULT" + + SMTP_X_MAILER="${PROJECT_NAME} ${VER} --notify-hook smtp" # Run with --debug 2 (or above) to echo the transcript of the SMTP session. # Careful: this may include SMTP_PASSWORD in plaintext! if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then - _SMTP_SHOW_TRANSCRIPT="True" + SMTP_SHOW_TRANSCRIPT="True" else - _SMTP_SHOW_TRANSCRIPT="" + SMTP_SHOW_TRANSCRIPT="" fi + _debug SMTP_SUBJECT "$SMTP_SUBJECT" + _debug SMTP_CONTENT "$SMTP_CONTENT" + # Send the message: - case "$(basename "$_SMTP_BIN")" in + case "$(basename "$SMTP_BIN")" in curl) _smtp_send=_smtp_send_curl ;; py*) _smtp_send=_smtp_send_python ;; *) - _err "Can't figure out how to invoke $_SMTP_BIN." + _err "Can't figure out how to invoke '$SMTP_BIN'." _err "Check your SMTP_BIN setting." return 1 ;; esac if ! smtp_output="$($_smtp_send)"; then - _err "Error sending message with $_SMTP_BIN." + _err "Error sending message with $SMTP_BIN." if [ -n "$smtp_output" ]; then _err "$smtp_output" fi return 1 fi - # Save config only if send was successful: - _saveaccountconf_mutable SMTP_BIN "$SMTP_BIN" - _saveaccountconf_mutable SMTP_FROM "$SMTP_FROM" - _saveaccountconf_mutable SMTP_TO "$SMTP_TO" - _saveaccountconf_mutable SMTP_HOST "$SMTP_HOST" - _saveaccountconf_mutable SMTP_PORT "$SMTP_PORT" - _saveaccountconf_mutable SMTP_SECURE "$SMTP_SECURE" - _saveaccountconf_mutable SMTP_USERNAME "$SMTP_USERNAME" - _saveaccountconf_mutable SMTP_PASSWORD "$SMTP_PASSWORD" - _saveaccountconf_mutable SMTP_TIMEOUT "$SMTP_TIMEOUT" - return 0 } -# Send the message via curl using _SMTP_* variables +## +## curl smtp sending +## + +# Send the message via curl using SMTP_* variables _smtp_send_curl() { # curl passes --mail-from and --mail-rcpt directly to the SMTP protocol without # additional parsing, and SMTP requires addr-spec only (no display names). # In the future, maybe try to parse the addr-spec out for curl args (non-trivial). - if _email_has_display_name "$_SMTP_FROM"; then + if _email_has_display_name "$SMTP_FROM"; then _err "curl smtp only allows a simple email address in SMTP_FROM." _err "Change your SMTP_FROM='$SMTP_FROM' to remove the display name." return 1 fi - if _email_has_display_name "$_SMTP_TO"; then + if _email_has_display_name "$SMTP_TO"; then _err "curl smtp only allows simple email addresses in SMTP_TO." _err "Change your SMTP_TO='$SMTP_TO' to remove the display name(s)." return 1 @@ -173,20 +168,20 @@ _smtp_send_curl() { # Build curl args in $@ - case "$_SMTP_SECURE" in + case "$SMTP_SECURE" in none) - set -- --url "smtp://${_SMTP_HOST}:${_SMTP_PORT}" + set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}" ;; ssl) - set -- --url "smtps://${_SMTP_HOST}:${_SMTP_PORT}" + set -- --url "smtps://${SMTP_HOST}:${SMTP_PORT}" ;; tls) - set -- --url "smtp://${_SMTP_HOST}:${_SMTP_PORT}" --ssl-reqd + set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}" --ssl-reqd ;; *) # This will only occur if someone adds a new SMTP_SECURE option above # without updating this code for it. - _err "Unhandled _SMTP_SECURE='$_SMTP_SECURE' in _smtp_send_curl" + _err "Unhandled SMTP_SECURE='$SMTP_SECURE' in _smtp_send_curl" _err "Please re-run with --debug and report a bug." return 1 ;; @@ -194,23 +189,23 @@ _smtp_send_curl() { set -- "$@" \ --upload-file - \ - --mail-from "$_SMTP_FROM" \ - --max-time "$_SMTP_TIMEOUT" + --mail-from "$SMTP_FROM" \ + --max-time "$SMTP_TIMEOUT" - # Burst comma-separated $_SMTP_TO into individual --mail-rcpt args. - _to="${_SMTP_TO}," + # Burst comma-separated $SMTP_TO into individual --mail-rcpt args. + _to="${SMTP_TO}," while [ -n "$_to" ]; do _rcpt="${_to%%,*}" _to="${_to#*,}" set -- "$@" --mail-rcpt "$_rcpt" done - _smtp_login="${_SMTP_USERNAME}:${_SMTP_PASSWORD}" + _smtp_login="${SMTP_USERNAME}:${SMTP_PASSWORD}" if [ "$_smtp_login" != ":" ]; then set -- "$@" --user "$_smtp_login" fi - if [ "$_SMTP_SHOW_TRANSCRIPT" = "True" ]; then + if [ "$SMTP_SHOW_TRANSCRIPT" = "True" ]; then set -- "$@" --verbose else set -- "$@" --silent --show-error @@ -218,24 +213,24 @@ _smtp_send_curl() { raw_message="$(_smtp_raw_message)" - _debug2 "curl command:" "$_SMTP_BIN" "$*" + _debug2 "curl command:" "$SMTP_BIN" "$*" _debug2 "raw_message:\n$raw_message" - echo "$raw_message" | "$_SMTP_BIN" "$@" + echo "$raw_message" | "$SMTP_BIN" "$@" } -# Output an RFC-822 / RFC-5322 email message using _SMTP_* variables +# Output an RFC-822 / RFC-5322 email message using SMTP_* variables _smtp_raw_message() { - echo "From: $_SMTP_FROM" - echo "To: $_SMTP_TO" - echo "Subject: $(_mime_encoded_word "$_SMTP_SUBJECT")" + echo "From: $SMTP_FROM" + echo "To: $SMTP_TO" + echo "Subject: $(_mime_encoded_word "$SMTP_SUBJECT")" if _exists date; then echo "Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')" fi echo "Content-Type: text/plain; charset=utf-8" - echo "X-Mailer: $_SMTP_X_MAILER" + echo "X-Mailer: $SMTP_X_MAILER" echo - echo "$_SMTP_CONTENT" + echo "$SMTP_CONTENT" } # Convert text to RFC-2047 MIME "encoded word" format if it contains non-ASCII chars @@ -260,12 +255,16 @@ _email_has_display_name() { expr "$_email" : '^.*[<>"]' >/dev/null } -# Send the message via Python using _SMTP_* variables +## +## Python smtp sending +## + +# Send the message via Python using SMTP_* variables _smtp_send_python() { - _debug "Python version" "$("$_SMTP_BIN" --version 2>&1)" + _debug "Python version" "$("$SMTP_BIN" --version 2>&1)" # language=Python - "$_SMTP_BIN" < Date: Tue, 16 Feb 2021 13:13:26 -0800 Subject: [PATCH 0318/1526] Implement _rfc2822_date helper --- notify/smtp.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 85801604..43536cd2 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -224,9 +224,7 @@ _smtp_raw_message() { echo "From: $SMTP_FROM" echo "To: $SMTP_TO" echo "Subject: $(_mime_encoded_word "$SMTP_SUBJECT")" - if _exists date; then - echo "Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')" - fi + echo "Date: $(_rfc2822_date)" echo "Content-Type: text/plain; charset=utf-8" echo "X-Mailer: $SMTP_X_MAILER" echo @@ -248,6 +246,19 @@ _mime_encoded_word() { fi } +# Output current date in RFC-2822 Section 3.3 format as required in email headers +# (e.g., "Mon, 15 Feb 2021 14:22:01 -0800") +_rfc2822_date() { + # Notes: + # - this is deliberately not UTC, because it "SHOULD express local time" per spec + # - the spec requires weekday and month in the C locale (English), not localized + # - this date format specifier has been tested on Linux, Mac, Solaris and FreeBSD + _old_lc_time="$LC_TIME" + LC_TIME=C + date +'%a, %-d %b %Y %H:%M:%S %z' + LC_TIME="$_old_lc_time" +} + # Simple check for display name in an email address (< > or ") # email _email_has_display_name() { From 1330a092fae83fbd831fb51f648209d1ed3b7bff Mon Sep 17 00:00:00 2001 From: medmunds Date: Tue, 16 Feb 2021 14:02:09 -0800 Subject: [PATCH 0319/1526] Clean email headers and warn on unsupported address format Just in case, make sure CR or NL don't end up in an email header. --- notify/smtp.sh | 55 +++++++++++++++++++++++++++----------------------- 1 file changed, 30 insertions(+), 25 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 43536cd2..42c1487c 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -53,16 +53,28 @@ smtp_send() { _saveaccountconf_mutable_default SMTP_BIN "$SMTP_BIN" SMTP_FROM="$(_readaccountconf_mutable_default SMTP_FROM)" + SMTP_FROM="$(_clean_email_header "$SMTP_FROM")" if [ -z "$SMTP_FROM" ]; then _err "You must define SMTP_FROM as the sender email address." return 1 fi + if _email_has_display_name "$SMTP_FROM"; then + _err "SMTP_FROM must be only a simple email address (sender@example.com)." + _err "Change your SMTP_FROM='$SMTP_FROM' to remove the display name." + return 1 + fi _debug SMTP_FROM "$SMTP_FROM" _saveaccountconf_mutable_default SMTP_FROM "$SMTP_FROM" SMTP_TO="$(_readaccountconf_mutable_default SMTP_TO)" + SMTP_TO="$(_clean_email_header "$SMTP_TO")" if [ -z "$SMTP_TO" ]; then - _err "You must define SMTP_TO as the recipient email address." + _err "You must define SMTP_TO as the recipient email address(es)." + return 1 + fi + if _email_has_display_name "$SMTP_TO"; then + _err "SMTP_TO must be only simple email addresses (to@example.com,to2@example.com)." + _err "Change your SMTP_TO='$SMTP_TO' to remove the display name(s)." return 1 fi _debug SMTP_TO "$SMTP_TO" @@ -111,7 +123,7 @@ smtp_send() { _debug SMTP_TIMEOUT "$SMTP_TIMEOUT" _saveaccountconf_mutable_default SMTP_TIMEOUT "$SMTP_TIMEOUT" "$SMTP_TIMEOUT_DEFAULT" - SMTP_X_MAILER="${PROJECT_NAME} ${VER} --notify-hook smtp" + SMTP_X_MAILER="$(_clean_email_header "$PROJECT_NAME $VER --notify-hook smtp")" # Run with --debug 2 (or above) to echo the transcript of the SMTP session. # Careful: this may include SMTP_PASSWORD in plaintext! @@ -121,6 +133,7 @@ smtp_send() { SMTP_SHOW_TRANSCRIPT="" fi + SMTP_SUBJECT=$(_clean_email_header "$SMTP_SUBJECT") _debug SMTP_SUBJECT "$SMTP_SUBJECT" _debug SMTP_CONTENT "$SMTP_CONTENT" @@ -146,28 +159,26 @@ smtp_send() { return 0 } +# Strip CR and NL from text to prevent MIME header injection +# text +_clean_email_header() { + printf "%s" "$(echo "$1" | tr -d "\r\n")" +} + +# Simple check for display name in an email address (< > or ") +# email +_email_has_display_name() { + _email="$1" + expr "$_email" : '^.*[<>"]' >/dev/null +} + ## ## curl smtp sending ## # Send the message via curl using SMTP_* variables _smtp_send_curl() { - # curl passes --mail-from and --mail-rcpt directly to the SMTP protocol without - # additional parsing, and SMTP requires addr-spec only (no display names). - # In the future, maybe try to parse the addr-spec out for curl args (non-trivial). - if _email_has_display_name "$SMTP_FROM"; then - _err "curl smtp only allows a simple email address in SMTP_FROM." - _err "Change your SMTP_FROM='$SMTP_FROM' to remove the display name." - return 1 - fi - if _email_has_display_name "$SMTP_TO"; then - _err "curl smtp only allows simple email addresses in SMTP_TO." - _err "Change your SMTP_TO='$SMTP_TO' to remove the display name(s)." - return 1 - fi - # Build curl args in $@ - case "$SMTP_SECURE" in none) set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}" @@ -219,7 +230,8 @@ _smtp_send_curl() { echo "$raw_message" | "$SMTP_BIN" "$@" } -# Output an RFC-822 / RFC-5322 email message using SMTP_* variables +# Output an RFC-822 / RFC-5322 email message using SMTP_* variables. +# (This assumes variables have already been cleaned for use in email headers.) _smtp_raw_message() { echo "From: $SMTP_FROM" echo "To: $SMTP_TO" @@ -259,13 +271,6 @@ _rfc2822_date() { LC_TIME="$_old_lc_time" } -# Simple check for display name in an email address (< > or ") -# email -_email_has_display_name() { - _email="$1" - expr "$_email" : '^.*[<>"]' >/dev/null -} - ## ## Python smtp sending ## From eb1606b086959eae973365fea6ba0fcad380f908 Mon Sep 17 00:00:00 2001 From: medmunds Date: Tue, 16 Feb 2021 14:41:21 -0800 Subject: [PATCH 0320/1526] Clarify _readaccountconf_mutable_default --- notify/smtp.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 42c1487c..fabde79b 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -358,7 +358,7 @@ PYTHON # - if MY_CONF is set _empty_, output $default_value # (lets user `export MY_CONF=` to clear previous saved value # and return to default, without user having to know default) -# - otherwise if _readaccountconf_mutable $name is non-empty, return that +# - otherwise if _readaccountconf_mutable MY_CONF is non-empty, return that # (value of SAVED_MY_CONF from account.conf) # - otherwise output $default_value _readaccountconf_mutable_default() { @@ -366,8 +366,9 @@ _readaccountconf_mutable_default() { _default_value="$2" eval "_value=\"\$$_name\"" - eval "_explicit_empty_value=\"\${${_name}+empty}\"" - if [ -z "${_value}" ] && [ "${_explicit_empty_value:-}" != "empty" ]; then + eval "_name_is_set=\"\${${_name}+true}\"" + # ($_name_is_set is "true" if $$_name is set to anything, including empty) + if [ -z "${_value}" ] && [ "${_name_is_set:-}" != "true" ]; then _value="$(_readaccountconf_mutable "$_name")" fi if [ -z "${_value}" ]; then From 3503474bb8e7d5647d20ceda988b398cab21cbca Mon Sep 17 00:00:00 2001 From: medmunds Date: Wed, 17 Feb 2021 09:46:13 -0800 Subject: [PATCH 0321/1526] Add Date email header in Python implementation --- notify/smtp.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/notify/smtp.sh b/notify/smtp.sh index fabde79b..0c698631 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -287,6 +287,7 @@ try: from email.message import EmailMessage except ImportError: from email.mime.text import MIMEText as EmailMessage # Python 2 + from email.utils import formatdate as rfc2822_date from smtplib import SMTP, SMTP_SSL, SMTPException from socket import error as SocketError except ImportError as err: @@ -318,6 +319,7 @@ except (AttributeError, TypeError): msg["Subject"] = subject msg["From"] = from_email msg["To"] = to_emails +msg["Date"] = rfc2822_date(localtime=True) msg["X-Mailer"] = x_mailer smtp = None From d8918ea1565b9ae6a575b78f0e6c14092710e8f2 Mon Sep 17 00:00:00 2001 From: medmunds Date: Wed, 17 Feb 2021 09:57:44 -0800 Subject: [PATCH 0322/1526] Use email.policy.default in Python 3 implementation Improves standards compatibility and utf-8 handling in Python 3.3-3.8. (email.policy.default becomes the default in Python 3.9.) --- notify/smtp.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 0c698631..69863206 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -285,8 +285,11 @@ _smtp_send_python() { try: try: from email.message import EmailMessage + from email.policy import default as email_policy_default except ImportError: - from email.mime.text import MIMEText as EmailMessage # Python 2 + # Python 2 (or < 3.3) + from email.mime.text import MIMEText as EmailMessage + email_policy_default = None from email.utils import formatdate as rfc2822_date from smtplib import SMTP, SMTP_SSL, SMTPException from socket import error as SocketError @@ -311,7 +314,7 @@ subject="""$SMTP_SUBJECT""" content="""$SMTP_CONTENT""" try: - msg = EmailMessage() + msg = EmailMessage(policy=email_policy_default) msg.set_content(content) except (AttributeError, TypeError): # Python 2 MIMEText From db967780641780ddaf35e01b0aaee50ffd160a50 Mon Sep 17 00:00:00 2001 From: medmunds Date: Wed, 17 Feb 2021 10:02:14 -0800 Subject: [PATCH 0323/1526] Prefer Python to curl when both available --- notify/smtp.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 69863206..71020818 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -15,7 +15,7 @@ # SMTP_USERNAME="" # set if SMTP server requires login # SMTP_PASSWORD="" # set if SMTP server requires login # SMTP_TIMEOUT="30" # seconds for SMTP operations to timeout -# SMTP_BIN="/path/to/curl_or_python" # default finds first of curl, python3, or python on PATH +# SMTP_BIN="/path/to/python_or_curl" # default finds first of python3, python2.7, python, pypy3, pypy, curl on PATH SMTP_SECURE_DEFAULT="none" SMTP_TIMEOUT_DEFAULT="30" @@ -36,7 +36,7 @@ smtp_send() { # Look for a command that can communicate with an SMTP server. # (Please don't add sendmail, ssmtp, mutt, mail, or msmtp here. # Those are already handled by the "mail" notify hook.) - for cmd in curl python3 python2.7 python pypy3 pypy; do + for cmd in python3 python2.7 python pypy3 pypy curl; do if _exists "$cmd"; then SMTP_BIN="$cmd" break From 06f51a5c34b418d991a672c8bbcd56b76f7b86ec Mon Sep 17 00:00:00 2001 From: medmunds Date: Wed, 17 Feb 2021 11:39:16 -0800 Subject: [PATCH 0324/1526] Change default SMTP_SECURE to "tls" Secure by default. Also try to minimize configuration errors. (Many ESPs/ISPs require STARTTLS, and most support it.) --- notify/smtp.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/notify/smtp.sh b/notify/smtp.sh index 71020818..293c665e 100644 --- a/notify/smtp.sh +++ b/notify/smtp.sh @@ -11,13 +11,13 @@ # SMTP_TO="to@example.com" # required # SMTP_HOST="smtp.example.com" # required # SMTP_PORT="25" # defaults to 25, 465 or 587 depending on SMTP_SECURE -# SMTP_SECURE="none" # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS) +# SMTP_SECURE="tls" # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS) # SMTP_USERNAME="" # set if SMTP server requires login # SMTP_PASSWORD="" # set if SMTP server requires login # SMTP_TIMEOUT="30" # seconds for SMTP operations to timeout # SMTP_BIN="/path/to/python_or_curl" # default finds first of python3, python2.7, python, pypy3, pypy, curl on PATH -SMTP_SECURE_DEFAULT="none" +SMTP_SECURE_DEFAULT="tls" SMTP_TIMEOUT_DEFAULT="30" # subject content statuscode From d078ce794ee73b4c98d9d520e339c48de6bb7f30 Mon Sep 17 00:00:00 2001 From: czeming Date: Sat, 20 Feb 2021 17:16:33 +0800 Subject: [PATCH 0325/1526] Update dns_dp.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 没有encode中文字符会导致提交失败 --- dnsapi/dns_dp.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dp.sh b/dnsapi/dns_dp.sh index 033fa5aa..9b8b7a8b 100755 --- a/dnsapi/dns_dp.sh +++ b/dnsapi/dns_dp.sh @@ -89,7 +89,7 @@ add_record() { _info "Adding record" - if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认"; then + if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=%E9%BB%98%E8%AE%A4"; then return 1 fi From a290f63a15d9e8f8784e735da17c617476e89c51 Mon Sep 17 00:00:00 2001 From: Geert Hendrickx Date: Tue, 23 Feb 2021 10:28:17 +0100 Subject: [PATCH 0326/1526] No need to include EC parameters explicitly with the private key. (they are embedded) --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 757ed7a5..3c66250e 100755 --- a/acme.sh +++ b/acme.sh @@ -1124,7 +1124,7 @@ _createkey() { if _isEccKey "$length"; then _debug "Using ec name: $eccname" - if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null)"; then + if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -noout -genkey 2>/dev/null)"; then echo "$_opkey" >"$f" else _err "error ecc key name: $eccname" From b0f5ad75aee5fa70f7f4a83e9eb1a9ed6c025c77 Mon Sep 17 00:00:00 2001 From: Kristian Johansson Date: Wed, 24 Feb 2021 08:53:35 +0100 Subject: [PATCH 0327/1526] Fixes response handling and thereby allow issuing of subdomain certs --- dnsapi/dns_simply.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index d053dcf6..b38d0ed3 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -6,7 +6,7 @@ #SIMPLY_ApiKey="apikey" # #SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" - +SIMPLY_SUCCESS_CODE='"status": 200' SIMPLY_Api_Default="https://api.simply.com/1" ######## Public functions ##################### @@ -171,7 +171,7 @@ _get_root() { return 1 fi - if _contains "$response" '"code":"NOT_FOUND"'; then + if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then _debug "$h not found" else _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) @@ -196,6 +196,12 @@ _simply_add_record() { return 1 fi + if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then + _err "Call to API not sucessfull, see below message for more details" + _err "$response" + return 1 + fi + return 0 } @@ -211,6 +217,12 @@ _simply_delete_record() { return 1 fi + if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then + _err "Call to API not sucessfull, see below message for more details" + _err "$response" + return 1 + fi + return 0 } From 0fe3538331e8380cbab6d9707144a88ada534456 Mon Sep 17 00:00:00 2001 From: Kristian Johansson Date: Wed, 24 Feb 2021 17:34:28 +0100 Subject: [PATCH 0328/1526] Adds comment --- dnsapi/dns_simply.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index b38d0ed3..e0e05017 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -6,9 +6,11 @@ #SIMPLY_ApiKey="apikey" # #SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" -SIMPLY_SUCCESS_CODE='"status": 200' SIMPLY_Api_Default="https://api.simply.com/1" +#This is used for determining success of REST call +SIMPLY_SUCCESS_CODE='"status": 200' + ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_simply_add() { From 9e5ae30372a273fc5a3e279e370c637609c39a99 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 25 Feb 2021 07:45:22 +0800 Subject: [PATCH 0329/1526] fix https://github.com/acmesh-official/acme.sh/issues/3402 --- acme.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 3c66250e..24cda9c4 100755 --- a/acme.sh +++ b/acme.sh @@ -562,8 +562,16 @@ if _exists xargs && [ "$(printf %s '\\x41' | xargs printf)" = 'A' ]; then fi _h2b() { - if _exists xxd && xxd -r -p 2>/dev/null; then - return + if _exists xxd; then + if _contains "$(xxd --help 2>&1)" "assumes -c30"; then + if xxd -r -p -c 9999 2>/dev/null; then + return + fi + else + if xxd -r -p 2>/dev/null; then + return + fi + fi fi hex=$(cat) From fd406af9623e8e67b710d8b0787b25850225ac3b Mon Sep 17 00:00:00 2001 From: Lukas Brocke Date: Tue, 23 Feb 2021 19:49:58 +0100 Subject: [PATCH 0330/1526] dnsapi/ionos: Use POST instead of PATCH for adding TXT record The API now supports a POST route for adding records. Therefore checking for already existing records and including them in a PATCH request is no longer necessary. --- dnsapi/dns_ionos.sh | 28 +++------------------------- 1 file changed, 3 insertions(+), 25 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index e6bd5000..aaf8580f 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -24,20 +24,9 @@ dns_ionos_add() { return 1 fi - _new_record="{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}" + _body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" - # As no POST route is supported by the API, check for existing records and include them in the PATCH request in order not delete them. - # This is required to support ACME v2 wildcard certificate creation, where two TXT records for the same domain name are created. - - _ionos_get_existing_records "$fulldomain" "$_zone_id" - - if [ "$_existing_records" ]; then - _body="[$_new_record,$_existing_records]" - else - _body="[$_new_record]" - fi - - if _ionos_rest PATCH "$IONOS_ROUTE_ZONES/$_zone_id" "$_body" && [ -z "$response" ]; then + if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ -z "$response" ]; then _info "TXT record has been created successfully." return 0 fi @@ -125,17 +114,6 @@ _get_root() { return 1 } -_ionos_get_existing_records() { - fulldomain=$1 - zone_id=$2 - - if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then - response="$(echo "$response" | tr -d "\n")" - - _existing_records="$(printf "%s\n" "$response" | _egrep_o "\"records\":\[.*\]" | _head_n 1 | cut -d '[' -f 2 | sed 's/]//')" - fi -} - _ionos_get_record() { fulldomain=$1 zone_id=$2 @@ -168,7 +146,7 @@ _ionos_rest() { export _H2="Accept: application/json" export _H3="Content-Type: application/json" - response="$(_post "$data" "$IONOS_API$route" "" "$method")" + response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")" else export _H2="Accept: */*" From 5a30f5c00ef3e1a5a1d5c6284056abfcafe420f3 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 1 Mar 2021 18:13:50 +0800 Subject: [PATCH 0331/1526] fix https://github.com/acmesh-official/acme.sh/issues/3433 --- acme.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/acme.sh b/acme.sh index 24cda9c4..748363e8 100755 --- a/acme.sh +++ b/acme.sh @@ -2133,6 +2133,12 @@ _send_signed_request() { _sleep $_sleep_retry_sec continue fi + if _contains "$_body" "The Replay Nonce is not recognized"; then + _info "The replay Nonce is not valid, let's get a new one, Sleeping $_sleep_retry_sec seconds." + _CACHED_NONCE="" + _sleep $_sleep_retry_sec + continue + fi fi return 0 done From 7dce465c0662db6f5b55e5bbc8441e1f4ef13a84 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 4 Mar 2021 21:38:51 +0800 Subject: [PATCH 0332/1526] fix https://github.com/acmesh-official/acme.sh/issues/3019 --- dnsapi/dns_namecheap.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh index 7ce39fa9..5e1f4791 100755 --- a/dnsapi/dns_namecheap.sh +++ b/dnsapi/dns_namecheap.sh @@ -208,7 +208,7 @@ _namecheap_parse_host() { _hostid=$(echo "$_host" | _egrep_o ' HostId="[^"]*' | cut -d '"' -f 2) _hostname=$(echo "$_host" | _egrep_o ' Name="[^"]*' | cut -d '"' -f 2) _hosttype=$(echo "$_host" | _egrep_o ' Type="[^"]*' | cut -d '"' -f 2) - _hostaddress=$(echo "$_host" | _egrep_o ' Address="[^"]*' | cut -d '"' -f 2) + _hostaddress=$(echo "$_host" | _egrep_o ' Address="[^"]*' | cut -d '"' -f 2 | _xml_decode) _hostmxpref=$(echo "$_host" | _egrep_o ' MXPref="[^"]*' | cut -d '"' -f 2) _hostttl=$(echo "$_host" | _egrep_o ' TTL="[^"]*' | cut -d '"' -f 2) @@ -405,3 +405,11 @@ _namecheap_set_tld_sld() { done } + +_xml_decode() { + sed 's/"/"/g' +} + + + + From d4fb313ff0363fd31f308a301ea7fbfccdb79f84 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 4 Mar 2021 21:50:54 +0800 Subject: [PATCH 0333/1526] fix format --- dnsapi/dns_namecheap.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh index 5e1f4791..e3dc7997 100755 --- a/dnsapi/dns_namecheap.sh +++ b/dnsapi/dns_namecheap.sh @@ -410,6 +410,3 @@ _xml_decode() { sed 's/"/"/g' } - - - From 923eece3f50f455c076da8e101a1c15ba3031653 Mon Sep 17 00:00:00 2001 From: anom-human <80478363+anom-human@users.noreply.github.com> Date: Thu, 11 Mar 2021 19:11:02 +0100 Subject: [PATCH 0334/1526] Update dns_servercow.sh to support wildcard certs Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents. --- dnsapi/dns_servercow.sh | 42 +++++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_servercow.sh b/dnsapi/dns_servercow.sh index e73d85b0..39f16396 100755 --- a/dnsapi/dns_servercow.sh +++ b/dnsapi/dns_servercow.sh @@ -48,18 +48,44 @@ dns_servercow_add() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - - if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then - if printf -- "%s" "$response" | grep "ok" >/dev/null; then - _info "Added, OK" - return 0 + + # check whether a txt record already exists for the subdomain + if printf -- "%s" "$response" | grep "{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\"" >/dev/null; then + _info "A txt record with the same name already exists." + # trim the string on the left + txtvalue_old=${response#*{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\",\"content\":\"} + # trim the string on the right + txtvalue_old=${txtvalue_old%%\"*} + + _debug txtvalue_old "$txtvalue_old" + + _info "Add the new txtvalue to the existing txt record." + if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":[\"$txtvalue\",\"$txtvalue_old\"],\"ttl\":20}"; then + if printf -- "%s" "$response" | grep "ok" >/dev/null; then + _info "Added additional txtvalue, OK" + return 0 + else + _err "add txt record error." + return 1 + fi + fi + _err "add txt record error." + return 1 else + _info "There is no txt record with the name yet." + if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then + if printf -- "%s" "$response" | grep "ok" >/dev/null; then + _info "Added, OK" + return 0 + else + _err "add txt record error." + return 1 + fi + fi _err "add txt record error." return 1 - fi fi - _err "add txt record error." - + return 1 } From 2cbf3f7e158567848e8451ff80754c32f3841b9c Mon Sep 17 00:00:00 2001 From: anom-human <80478363+anom-human@users.noreply.github.com> Date: Thu, 11 Mar 2021 20:25:49 +0100 Subject: [PATCH 0335/1526] Update dns_servercow.sh to support wildcard certs Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents. --- dnsapi/dns_servercow.sh | 64 ++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/dnsapi/dns_servercow.sh b/dnsapi/dns_servercow.sh index 39f16396..f70a2294 100755 --- a/dnsapi/dns_servercow.sh +++ b/dnsapi/dns_servercow.sh @@ -48,44 +48,44 @@ dns_servercow_add() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - - # check whether a txt record already exists for the subdomain + + # check whether a txt record already exists for the subdomain if printf -- "%s" "$response" | grep "{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\"" >/dev/null; then - _info "A txt record with the same name already exists." - # trim the string on the left - txtvalue_old=${response#*{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\",\"content\":\"} - # trim the string on the right - txtvalue_old=${txtvalue_old%%\"*} - - _debug txtvalue_old "$txtvalue_old" - - _info "Add the new txtvalue to the existing txt record." - if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":[\"$txtvalue\",\"$txtvalue_old\"],\"ttl\":20}"; then - if printf -- "%s" "$response" | grep "ok" >/dev/null; then - _info "Added additional txtvalue, OK" - return 0 - else - _err "add txt record error." + _info "A txt record with the same name already exists." + # trim the string on the left + txtvalue_old=${response#*{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\",\"content\":\"} + # trim the string on the right + txtvalue_old=${txtvalue_old%%\"*} + + _debug txtvalue_old "$txtvalue_old" + + _info "Add the new txtvalue to the existing txt record." + if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":[\"$txtvalue\",\"$txtvalue_old\"],\"ttl\":20}"; then + if printf -- "%s" "$response" | grep "ok" >/dev/null; then + _info "Added additional txtvalue, OK" + return 0 + else + _err "add txt record error." return 1 - fi fi - _err "add txt record error." - return 1 - else - _info "There is no txt record with the name yet." - if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then - if printf -- "%s" "$response" | grep "ok" >/dev/null; then - _info "Added, OK" - return 0 - else - _err "add txt record error." + fi + _err "add txt record error." + return 1 + else + _info "There is no txt record with the name yet." + if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then + if printf -- "%s" "$response" | grep "ok" >/dev/null; then + _info "Added, OK" + return 0 + else + _err "add txt record error." return 1 - fi fi - _err "add txt record error." - return 1 + fi + _err "add txt record error." + return 1 fi - + return 1 } From 69ee81654149962691513c3586254ce8bea4d890 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 13 Mar 2021 20:43:25 +0800 Subject: [PATCH 0336/1526] fix https://github.com/acmesh-official/acme.sh/issues/3312 --- acme.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 748363e8..8d422719 100755 --- a/acme.sh +++ b/acme.sh @@ -5287,6 +5287,7 @@ signcsr() { _renew_hook="${10}" _local_addr="${11}" _challenge_alias="${12}" + _preferred_chain="${13}" _csrsubj=$(_readSubjectFromCSR "$_csrfile") if [ "$?" != "0" ]; then @@ -5333,7 +5334,7 @@ signcsr() { _info "Copy csr to: $CSR_PATH" cp "$_csrfile" "$CSR_PATH" - issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" + issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" "$_preferred_chain" } @@ -7430,7 +7431,7 @@ _process() { deploy "$_domain" "$_deploy_hook" "$_ecc" ;; signcsr) - signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" + signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" ;; showcsr) showcsr "$_csr" "$_domain" From 2b2bce64579908642c340e9bebdbc526a03347ea Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 13 Mar 2021 20:46:12 +0800 Subject: [PATCH 0337/1526] fix format --- dnsapi/dns_namecheap.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh index e3dc7997..d15d6b0e 100755 --- a/dnsapi/dns_namecheap.sh +++ b/dnsapi/dns_namecheap.sh @@ -409,4 +409,3 @@ _namecheap_set_tld_sld() { _xml_decode() { sed 's/"/"/g' } - From 42ab98b83087cdf459520c895d567a7c81a17203 Mon Sep 17 00:00:00 2001 From: Quentin Dreyer Date: Fri, 12 Mar 2021 12:03:36 +0100 Subject: [PATCH 0338/1526] feat: add dns_porkbun --- dnsapi/dns_porkbun.sh | 171 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 171 insertions(+) create mode 100644 dnsapi/dns_porkbun.sh diff --git a/dnsapi/dns_porkbun.sh b/dnsapi/dns_porkbun.sh new file mode 100644 index 00000000..05ecb781 --- /dev/null +++ b/dnsapi/dns_porkbun.sh @@ -0,0 +1,171 @@ +#!/usr/bin/env sh + +# +#PORKBUN_API_KEY="pk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +#PORKBUN_SECRET_API_KEY="sk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + +PORKBUN_Api="https://porkbun.com/api/json/v3" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_porkbun_add() { + fulldomain=$1 + txtvalue=$2 + + PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}" + PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}" + + if [ -z "$PORKBUN_API_KEY" ] || [ -z "$PORKBUN_SECRET_API_KEY" ]; then + PORKBUN_API_KEY='' + PORKBUN_SECRET_API_KEY='' + _err "You didn't specify a Porkbun api key and secret api key yet." + _err "You can get yours from here https://porkbun.com/account/api." + return 1 + fi + + #save the credentials to the account conf file. + _saveaccountconf_mutable PORKBUN_API_KEY "$PORKBUN_API_KEY" + _saveaccountconf_mutable PORKBUN_SECRET_API_KEY "$PORKBUN_SECRET_API_KEY" + + _debug 'First detect the root zone' + if ! _get_root "$fulldomain"; then + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _porkbun_rest POST "dns/retrieve/$_domain" + + if ! echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null; then + _err "Error $response" + return 1 + fi + + # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so + # we can not use updating anymore. + # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) + # _debug count "$count" + # if [ "$count" = "0" ]; then + _info "Adding record" + if _porkbun_rest POST "dns/create/$_domain" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":120}"; then + if _contains "$response" '\"status\":"SUCCESS"'; then + _info "Added, OK" + return 0 + elif _contains "$response" "The record already exists"; then + _info "Already exists, OK" + return 0 + else + _err "Add txt record error. ($response)" + return 1 + fi + fi + _err "Add txt record error." + return 1 + +} + +#fulldomain txtvalue +dns_porkbun_rm() { + fulldomain=$1 + txtvalue=$2 + + PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}" + PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}" + + _debug 'First detect the root zone' + if ! _get_root "$fulldomain"; then + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _porkbun_rest POST "dns/retrieve/$_domain" + + if ! echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null; then + _err "Error: $response" + return 1 + fi + + count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Don't need to remove." + else + record_id=$(echo "$response" | tr '{' '\n' | grep "$txtvalue" | cut -d, -f1 | cut -d: -f2 | tr -d \") + _debug "record_id" "$record_id" + if [ -z "$record_id" ]; then + _err "Can not get record id to remove." + return 1 + fi + if ! _porkbun_rest POST "dns/delete/$_domain/$record_id"; then + _err "Delete record error." + return 1 + fi + echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null + fi + +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +_get_root() { + domain=$1 + i=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + return 1 + fi + + if _porkbun_rest POST "dns/retrieve/$h"; then + if _contains "$response" "\"status\":\"SUCCESS\""; then + _sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" + _domain=$h + return 0 + else + _debug "Go to next level of $_domain" + fi + else + _debug "Go to next level of $_domain" + fi + i=$(_math "$i" + 1) + done + + return 1 +} + +_porkbun_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + api_key_trimmed=$(echo "$PORKBUN_API_KEY" | tr -d '"') + secret_api_key_trimmed=$(echo "$PORKBUN_SECRET_API_KEY" | tr -d '"') + + test -z "$data" && data="{" || data="$(echo $data | cut -d'}' -f1)," + data="$data\"apikey\":\"$api_key_trimmed\",\"secretapikey\":\"$secret_api_key_trimmed\"}" + + export _H1="Content-Type: application/json" + + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$PORKBUN_Api/$ep" "" "$m")" + else + response="$(_get "$PORKBUN_Api/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From 4dd202742869c6cb840d7d76fa9ae03530b8fe1a Mon Sep 17 00:00:00 2001 From: qkdreyer Date: Sat, 13 Mar 2021 14:53:43 +0100 Subject: [PATCH 0339/1526] fix: prevent rate limit --- dnsapi/dns_porkbun.sh | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/dnsapi/dns_porkbun.sh b/dnsapi/dns_porkbun.sh index 05ecb781..18da6b2f 100644 --- a/dnsapi/dns_porkbun.sh +++ b/dnsapi/dns_porkbun.sh @@ -35,14 +35,6 @@ dns_porkbun_add() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - _debug "Getting txt records" - _porkbun_rest POST "dns/retrieve/$_domain" - - if ! echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null; then - _err "Error $response" - return 1 - fi - # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so # we can not use updating anymore. # count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) @@ -81,14 +73,6 @@ dns_porkbun_rm() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - _debug "Getting txt records" - _porkbun_rest POST "dns/retrieve/$_domain" - - if ! echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null; then - _err "Error: $response" - return 1 - fi - count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ") _debug count "$count" if [ "$count" = "0" ]; then @@ -162,6 +146,8 @@ _porkbun_rest() { response="$(_get "$PORKBUN_Api/$ep")" fi + _sleep 3 # prevent rate limit + if [ "$?" != "0" ]; then _err "error $ep" return 1 From e0d5b91388ad5b83d59454aa8db2bc50d3e2b301 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 21 Mar 2021 22:46:35 +0800 Subject: [PATCH 0340/1526] fix freebsd --- .github/workflows/DNS.yml | 2 +- .github/workflows/LetsEncrypt.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index ed0426ad..5ff1f8ab 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -184,7 +184,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.2 + - uses: vmactions/freebsd-vm@v0.1.3 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 7c398c09..7193d88d 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -111,7 +111,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.2 + - uses: vmactions/freebsd-vm@v0.1.3 with: envs: 'NGROK_TOKEN TEST_LOCAL' prepare: pkg install -y socat curl From 051775b9b453b491418f8b23703bf0bc541f076e Mon Sep 17 00:00:00 2001 From: Alexander Kulumbeg Date: Sun, 21 Mar 2021 16:25:04 +0100 Subject: [PATCH 0341/1526] String update Hopefully the last one --- dnsapi/dns_websupport.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index 3b5a8847..e824c9c0 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -32,7 +32,7 @@ dns_websupport_add() { WS_ApiKey="" WS_ApiSecret="" _err "You did not specify the API Key and/or API Secret" - _err "You can get the API credentials from here https://admin.websupport.sk/en/auth/apiKey" + _err "You can get the API login credentials from https://admin.websupport.sk/en/auth/apiKey" return 1 fi From 3c7be32ef50f6df4ced3a75f92305ba9555b7da9 Mon Sep 17 00:00:00 2001 From: emueller Date: Mon, 22 Mar 2021 15:12:27 +0100 Subject: [PATCH 0342/1526] fix _exists error message when MAIL_BIN env variable is not set --- notify/mail.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/notify/mail.sh b/notify/mail.sh index d33fd0d2..10e93f9a 100644 --- a/notify/mail.sh +++ b/notify/mail.sh @@ -78,8 +78,13 @@ mail_send() { _mail_bin() { _MAIL_BIN="" + _MAIL_BINS="sendmail ssmtp mutt mail msmtp" - for b in "$MAIL_BIN" sendmail ssmtp mutt mail msmtp; do + if [ -n "$MAIL_BIN" ]; then + _MAIL_BINS="$MAIL_BIN $_MAIL_BINS" + fi + + for b in $_MAIL_BINS; do if _exists "$b"; then _MAIL_BIN="$b" break From 37e3e2f9c2b829d0691e9d958d764bfc4eb7d03e Mon Sep 17 00:00:00 2001 From: emueller Date: Mon, 22 Mar 2021 15:32:02 +0100 Subject: [PATCH 0343/1526] fixed formating --- notify/mail.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/mail.sh b/notify/mail.sh index 10e93f9a..2be93cd8 100644 --- a/notify/mail.sh +++ b/notify/mail.sh @@ -78,7 +78,7 @@ mail_send() { _mail_bin() { _MAIL_BIN="" - _MAIL_BINS="sendmail ssmtp mutt mail msmtp" + _MAIL_BINS="sendmail ssmtp mutt mail msmtp" if [ -n "$MAIL_BIN" ]; then _MAIL_BINS="$MAIL_BIN $_MAIL_BINS" From 8adb8a69866a5a540ce3ee470872188e7c7c58dd Mon Sep 17 00:00:00 2001 From: wout Date: Tue, 23 Mar 2021 21:20:27 +0100 Subject: [PATCH 0344/1526] While [0-9]+ is a bit more correct than [0-9]*, the former does not seem to work on Solaris. --- dnsapi/dns_constellix.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_constellix.sh b/dnsapi/dns_constellix.sh index 75211a6f..2c3b3265 100644 --- a/dnsapi/dns_constellix.sh +++ b/dnsapi/dns_constellix.sh @@ -44,7 +44,7 @@ dns_constellix_add() { fi fi else - _record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]+" | cut -d ':' -f 2) + _record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]*" | cut -d ':' -f 2) if _constellix_rest GET "domains/${_domain_id}/records/TXT/${_record_id}"; then _new_rr_values=$(printf "%s\n" "$response" | _egrep_o "\"roundRobin\":\[.*?\]" | sed "s/\]$/,{\"value\":\"${txtvalue}\"}]/") _debug _new_rr_values "$_new_rr_values" @@ -123,7 +123,7 @@ _get_root() { fi if _contains "$response" "\"name\":\"$h\""; then - _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]+" | cut -d ':' -f 2) + _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]*" | cut -d ':' -f 2) if [ "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-$p) _domain="$h" From 6b7db22981085eb2e0b4473f72261f1a575f6899 Mon Sep 17 00:00:00 2001 From: wout Date: Wed, 24 Mar 2021 09:01:54 +0100 Subject: [PATCH 0345/1526] Catch the situation when the TXT record is updated with the same value --- dnsapi/dns_constellix.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dnsapi/dns_constellix.sh b/dnsapi/dns_constellix.sh index 2c3b3265..914f79df 100644 --- a/dnsapi/dns_constellix.sh +++ b/dnsapi/dns_constellix.sh @@ -53,6 +53,9 @@ dns_constellix_add() { if printf -- "%s" "$response" | grep "{\"success\":\"Record.*updated successfully\"}" >/dev/null; then _info "Updated" return 0 + elif printf -- "%s" "$response" | grep "{\"errors\":\[\"Contents are identical\"\]}" >/dev/null; then + _info "Already exists, no need to update" + return 0 else _err "Error updating TXT record" fi From 3bfcd18a03e532d150b0076643d457aa7d244368 Mon Sep 17 00:00:00 2001 From: wout Date: Wed, 24 Mar 2021 13:56:14 +0100 Subject: [PATCH 0346/1526] Workaround for Solaris, as it does not support non-greedy regex --- dnsapi/dns_constellix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_constellix.sh b/dnsapi/dns_constellix.sh index 914f79df..69d216f0 100644 --- a/dnsapi/dns_constellix.sh +++ b/dnsapi/dns_constellix.sh @@ -46,7 +46,7 @@ dns_constellix_add() { else _record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]*" | cut -d ':' -f 2) if _constellix_rest GET "domains/${_domain_id}/records/TXT/${_record_id}"; then - _new_rr_values=$(printf "%s\n" "$response" | _egrep_o "\"roundRobin\":\[.*?\]" | sed "s/\]$/,{\"value\":\"${txtvalue}\"}]/") + _new_rr_values=$(printf "%s\n" "$response" | _egrep_o '"roundRobin":\[[^]]*\]' | sed "s/\]$/,{\"value\":\"${txtvalue}\"}]/") _debug _new_rr_values "$_new_rr_values" _info "Updating TXT record" if _constellix_rest PUT "domains/${_domain_id}/records/TXT/${_record_id}" "{\"name\":\"${_sub_domain}\",\"ttl\":60,${_new_rr_values}}"; then From 1530abbd1aacf5877a7317f24f60d8fab96d9735 Mon Sep 17 00:00:00 2001 From: Jan-Philipp Benecke Date: Fri, 26 Mar 2021 15:37:12 +0100 Subject: [PATCH 0347/1526] Make uploading cert to subaccount possible --- deploy/cleverreach.sh | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/deploy/cleverreach.sh b/deploy/cleverreach.sh index 552d8149..10670f34 100644 --- a/deploy/cleverreach.sh +++ b/deploy/cleverreach.sh @@ -25,6 +25,7 @@ cleverreach_deploy() { _getdeployconf DEPLOY_CLEVERREACH_CLIENT_ID _getdeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET + _getdeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID if [ -z "${DEPLOY_CLEVERREACH_CLIENT_ID}" ]; then _err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID." @@ -37,6 +38,7 @@ cleverreach_deploy() { _savedeployconf DEPLOY_CLEVERREACH_CLIENT_ID "${DEPLOY_CLEVERREACH_CLIENT_ID}" _savedeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" + _savedeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" _info "Obtaining a CleverReach access token" @@ -50,14 +52,26 @@ cleverreach_deploy() { _debug _regex "$_regex" _access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p") + if ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}; then + _info "Obtaining token for sub-client" + export _H1="Authorization: Bearer ${_access_token}" + _subclient_token_result="$(_get "https://rest.cleverreach.com/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID}/token")" + _access_token=$(echo "$_subclient_token_result" | _json_decode | sed -n "s/$_regex/\1/p") + + _debug "Destroying parent token at CleverReach" + _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json" + fi + _info "Uploading certificate and key to CleverReach" _certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}" export _H1="Authorization: Bearer ${_access_token}" _add_cert_result="$(_post "$_certData" "https://rest.cleverreach.com/v3/ssl" "" "POST" "application/json")" - _debug "Destroying token at CleverReach" - _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json" + if ! ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}; then + _debug "Destroying token at CleverReach" + _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json" + fi if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then _info "Uploaded certificate successfully" From cc90f8346351f3d38617e4186e8edf9b9f17a490 Mon Sep 17 00:00:00 2001 From: Christophe Le Guern Date: Mon, 29 Mar 2021 15:10:14 +0200 Subject: [PATCH 0348/1526] Use 'vault kv put' instead of 'vault write' When using vault_cli with a kv2 path, it isn't working. I have the following error: ``` WARNING! The following warnings were returned from Vault: * Invalid path for a versioned K/V secrets engine. See the API docs for the appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put' for this operation. ``` The new way to write data is to use `vault kv put`, it is compatible with kv1 and kv2. Ref: https://www.vaultproject.io/docs/commands#reading-and-writing-data ``` The original version of K/V used the common read and write operations. A more advanced K/V Version 2 engine was released in Vault 0.10 and introduced the kv get and kv put commands. ``` --- deploy/vault_cli.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/deploy/vault_cli.sh b/deploy/vault_cli.sh index 8b854137..cbb8cc59 100644 --- a/deploy/vault_cli.sh +++ b/deploy/vault_cli.sh @@ -50,12 +50,12 @@ vault_cli_deploy() { fi if [ -n "$FABIO" ]; then - $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}" cert=@"$_cfullchain" key=@"$_ckey" || return 1 + $VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}" cert=@"$_cfullchain" key=@"$_ckey" || return 1 else - $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1 - $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1 - $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1 - $VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1 + $VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1 + $VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1 + $VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1 + $VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1 fi } From d853a9ebbed913d752faceb86be29edaf82806a0 Mon Sep 17 00:00:00 2001 From: Jan-Philipp Benecke Date: Tue, 30 Mar 2021 09:13:32 +0200 Subject: [PATCH 0349/1526] Make uploading cert to subaccount possible --- deploy/cleverreach.sh | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/deploy/cleverreach.sh b/deploy/cleverreach.sh index 10670f34..03fccc74 100644 --- a/deploy/cleverreach.sh +++ b/deploy/cleverreach.sh @@ -17,6 +17,8 @@ cleverreach_deploy() { _cca="$4" _cfullchain="$5" + _rest_endpoint="https://rest.cleverreach.com" + _debug _cdomain "$_cdomain" _debug _ckey "$_ckey" _debug _ccert "$_ccert" @@ -43,7 +45,7 @@ cleverreach_deploy() { _info "Obtaining a CleverReach access token" _data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${DEPLOY_CLEVERREACH_CLIENT_ID}\", \"client_secret\": \"${DEPLOY_CLEVERREACH_CLIENT_SECRET}\"}" - _auth_result="$(_post "$_data" "https://rest.cleverreach.com/oauth/token.php" "" "POST" "application/json")" + _auth_result="$(_post "$_data" "$_rest_endpoint/oauth/token.php" "" "POST" "application/json")" _debug _data "$_data" _debug _auth_result "$_auth_result" @@ -52,25 +54,31 @@ cleverreach_deploy() { _debug _regex "$_regex" _access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p") - if ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}; then - _info "Obtaining token for sub-client" + _debug _subclient "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" + + if ! [ -z "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then + _info "Obtaining token for sub-client ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" export _H1="Authorization: Bearer ${_access_token}" - _subclient_token_result="$(_get "https://rest.cleverreach.com/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID}/token")" - _access_token=$(echo "$_subclient_token_result" | _json_decode | sed -n "s/$_regex/\1/p") + _subclient_token_result="$(_get "$_rest_endpoint/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID/token")" + _access_token=$(echo "$_subclient_token_result" | sed -n "s/\"//p") + + _debug _subclient_token_result "$_access_token" - _debug "Destroying parent token at CleverReach" - _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json" + _info "Destroying parent token at CleverReach, as it not needed anymore" + _destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")" + _debug _destroy_result "$_destroy_result" fi _info "Uploading certificate and key to CleverReach" _certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}" export _H1="Authorization: Bearer ${_access_token}" - _add_cert_result="$(_post "$_certData" "https://rest.cleverreach.com/v3/ssl" "" "POST" "application/json")" + _add_cert_result="$(_post "$_certData" "$_rest_endpoint/v3/ssl" "" "POST" "application/json")" - if ! ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}; then - _debug "Destroying token at CleverReach" - _post "" "https://rest.cleverreach.com/v3/oauth/token.json" "" "DELETE" "application/json" + if [ -z "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then + _info "Destroying token at CleverReach, as it not needed anymore" + _destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")" + _debug _destroy_result "$_destroy_result" fi if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then From 2867ec509efae5136bf9cb4572bfd46eb7eba7fa Mon Sep 17 00:00:00 2001 From: Jan-Philipp Benecke Date: Tue, 30 Mar 2021 09:18:33 +0200 Subject: [PATCH 0350/1526] Make CI happy --- deploy/cleverreach.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/cleverreach.sh b/deploy/cleverreach.sh index 03fccc74..a460a139 100644 --- a/deploy/cleverreach.sh +++ b/deploy/cleverreach.sh @@ -56,7 +56,7 @@ cleverreach_deploy() { _debug _subclient "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" - if ! [ -z "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then + if [ -n "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then _info "Obtaining token for sub-client ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" export _H1="Authorization: Bearer ${_access_token}" _subclient_token_result="$(_get "$_rest_endpoint/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID/token")" From e21f3e6c73253c5f8ddc57f640d055237c550552 Mon Sep 17 00:00:00 2001 From: Mike Beattie Date: Thu, 8 Apr 2021 16:36:42 +1200 Subject: [PATCH 0351/1526] Escape asterisks in notification content This messes with markdown parsing Signed-off-by: Mike Beattie --- notify/telegram.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/notify/telegram.sh b/notify/telegram.sh index b1306ee1..d9b375d0 100644 --- a/notify/telegram.sh +++ b/notify/telegram.sh @@ -27,6 +27,7 @@ telegram_send() { fi _saveaccountconf_mutable TELEGRAM_BOT_CHATID "$TELEGRAM_BOT_CHATID" + _content="$(printf "%s" "$_content" | sed -e 's/*/\\\\*/')" _content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" _data="{\"text\": \"$_content\", " _data="$_data\"chat_id\": \"$TELEGRAM_BOT_CHATID\", " From 53d26e5c5c5a5ca5f650784dfe22be49d65b06cd Mon Sep 17 00:00:00 2001 From: Mike Beattie Date: Thu, 8 Apr 2021 16:37:27 +1200 Subject: [PATCH 0352/1526] Add debug output of $_data variable to aid diagnosis Signed-off-by: Mike Beattie --- notify/telegram.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/notify/telegram.sh b/notify/telegram.sh index d9b375d0..3e266040 100644 --- a/notify/telegram.sh +++ b/notify/telegram.sh @@ -34,6 +34,8 @@ telegram_send() { _data="$_data\"parse_mode\": \"markdown\", " _data="$_data\"disable_web_page_preview\": \"1\"}" + _debug "$_data" + export _H1="Content-Type: application/json" _telegram_bot_url="https://api.telegram.org/bot${TELEGRAM_BOT_APITOKEN}/sendMessage" if _post "$_data" "$_telegram_bot_url"; then From 39b09f8f87a45656b98d1e8e704783bff2d666ca Mon Sep 17 00:00:00 2001 From: Mike Beattie Date: Thu, 8 Apr 2021 16:38:00 +1200 Subject: [PATCH 0353/1526] Dump _post() call output to /dev/null Signed-off-by: Mike Beattie --- notify/telegram.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/telegram.sh b/notify/telegram.sh index 3e266040..c46bc1e2 100644 --- a/notify/telegram.sh +++ b/notify/telegram.sh @@ -38,7 +38,7 @@ telegram_send() { export _H1="Content-Type: application/json" _telegram_bot_url="https://api.telegram.org/bot${TELEGRAM_BOT_APITOKEN}/sendMessage" - if _post "$_data" "$_telegram_bot_url"; then + if _post "$_data" "$_telegram_bot_url" > /dev/null; then # shellcheck disable=SC2154 _message=$(printf "%s\n" "$response" | sed -n 's/.*"ok":\([^,]*\).*/\1/p') if [ "$_message" = "true" ]; then From fb079f9e50f4de51f44773ac1e24ea3ba81a8a50 Mon Sep 17 00:00:00 2001 From: Mike Beattie Date: Thu, 8 Apr 2021 16:44:22 +1200 Subject: [PATCH 0354/1526] Update telegram.sh (fix shellcheck failure) --- notify/telegram.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/telegram.sh b/notify/telegram.sh index c46bc1e2..d16f3a98 100644 --- a/notify/telegram.sh +++ b/notify/telegram.sh @@ -38,7 +38,7 @@ telegram_send() { export _H1="Content-Type: application/json" _telegram_bot_url="https://api.telegram.org/bot${TELEGRAM_BOT_APITOKEN}/sendMessage" - if _post "$_data" "$_telegram_bot_url" > /dev/null; then + if _post "$_data" "$_telegram_bot_url" >/dev/null; then # shellcheck disable=SC2154 _message=$(printf "%s\n" "$response" | sed -n 's/.*"ok":\([^,]*\).*/\1/p') if [ "$_message" = "true" ]; then From cfbc294832508d9ed18ef17f8517cc337141431d Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 14 Apr 2021 22:18:01 +0800 Subject: [PATCH 0355/1526] fix onecom api --- dnsapi/dns_one.sh | 55 +++-------------------------------------------- 1 file changed, 3 insertions(+), 52 deletions(-) diff --git a/dnsapi/dns_one.sh b/dnsapi/dns_one.sh index 890cc804..0a4b2a14 100644 --- a/dnsapi/dns_one.sh +++ b/dnsapi/dns_one.sh @@ -1,22 +1,10 @@ #!/usr/bin/env sh -# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*- - # one.com ui wrapper for acme.sh -# Author: github: @diseq -# Created: 2019-02-17 -# Fixed by: @der-berni -# Modified: 2020-04-07 -# -# Use ONECOM_KeepCnameProxy to keep the CNAME DNS record -# export ONECOM_KeepCnameProxy="1" + # # export ONECOM_User="username" # export ONECOM_Password="password" -# -# Usage: -# acme.sh --issue --dns dns_one -d example.com -# -# only single domain supported atm + dns_one_add() { fulldomain=$1 @@ -36,26 +24,10 @@ dns_one_add() { subdomain="${_sub_domain}" maindomain=${_domain} - useProxy=0 - if [ "${_sub_domain}" = "_acme-challenge" ]; then - subdomain="proxy${_sub_domain}" - useProxy=1 - fi _debug subdomain "$subdomain" _debug maindomain "$maindomain" - if [ $useProxy -eq 1 ]; then - #Check if the CNAME exists - _dns_one_getrecord "CNAME" "$_sub_domain" "$subdomain.$maindomain" - if [ -z "$id" ]; then - _info "$(__red "Add CNAME Proxy record: '$(__green "\"$_sub_domain\" => \"$subdomain.$maindomain\"")'")" - _dns_one_addrecord "CNAME" "$_sub_domain" "$subdomain.$maindomain" - - _info "Not valid yet, let's wait 1 hour to take effect." - _sleep 3600 - fi - fi #Check if the TXT exists _dns_one_getrecord "TXT" "$subdomain" "$txtvalue" @@ -92,26 +64,8 @@ dns_one_rm() { subdomain="${_sub_domain}" maindomain=${_domain} - useProxy=0 - if [ "${_sub_domain}" = "_acme-challenge" ]; then - subdomain="proxy${_sub_domain}" - useProxy=1 - fi - _debug subdomain "$subdomain" _debug maindomain "$maindomain" - if [ $useProxy -eq 1 ]; then - if [ "$ONECOM_KeepCnameProxy" = "1" ]; then - _info "$(__red "Keeping CNAME Proxy record: '$(__green "\"$_sub_domain\" => \"$subdomain.$maindomain\"")'")" - else - #Check if the CNAME exists - _dns_one_getrecord "CNAME" "$_sub_domain" "$subdomain.$maindomain" - if [ -n "$id" ]; then - _info "$(__red "Removing CNAME Proxy record: '$(__green "\"$_sub_domain\" => \"$subdomain.$maindomain\"")'")" - _dns_one_delrecord "$id" - fi - fi - fi #Check if the TXT exists _dns_one_getrecord "TXT" "$subdomain" "$txtvalue" @@ -136,7 +90,7 @@ dns_one_rm() { # _domain=domain.com _get_root() { domain="$1" - i=2 + i=1 p=1 while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) @@ -163,8 +117,6 @@ _get_root() { _dns_one_login() { # get credentials - ONECOM_KeepCnameProxy="${ONECOM_KeepCnameProxy:-$(_readaccountconf_mutable ONECOM_KeepCnameProxy)}" - ONECOM_KeepCnameProxy="${ONECOM_KeepCnameProxy:-0}" ONECOM_User="${ONECOM_User:-$(_readaccountconf_mutable ONECOM_User)}" ONECOM_Password="${ONECOM_Password:-$(_readaccountconf_mutable ONECOM_Password)}" if [ -z "$ONECOM_User" ] || [ -z "$ONECOM_Password" ]; then @@ -176,7 +128,6 @@ _dns_one_login() { fi #save the api key and email to the account conf file. - _saveaccountconf_mutable ONECOM_KeepCnameProxy "$ONECOM_KeepCnameProxy" _saveaccountconf_mutable ONECOM_User "$ONECOM_User" _saveaccountconf_mutable ONECOM_Password "$ONECOM_Password" From 1c58913eeb54911457f289c32ed52f52e2b82f53 Mon Sep 17 00:00:00 2001 From: Jasper Zonneveld Date: Fri, 26 Mar 2021 14:59:13 +0100 Subject: [PATCH 0356/1526] Add Aurora DNS API --- dnsapi/dns_aurora.sh | 171 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 171 insertions(+) create mode 100644 dnsapi/dns_aurora.sh diff --git a/dnsapi/dns_aurora.sh b/dnsapi/dns_aurora.sh new file mode 100644 index 00000000..00f44739 --- /dev/null +++ b/dnsapi/dns_aurora.sh @@ -0,0 +1,171 @@ +#!/usr/bin/env sh + +# +#AURORA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" +# +#AURORA_Secret="sdfsdfsdfljlbjkljlkjsdfoiwje" + +AURORA_Api="https://api.auroradns.eu" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_aurora_add() { + fulldomain=$1 + txtvalue=$2 + + AURORA_Key="${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}" + AURORA_Secret="${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}" + + if [ -z "$AURORA_Key" ] || [ -z "$AURORA_Secret" ]; then + AURORA_Key="" + AURORA_Secret="" + _err "You didn't specify an Aurora api key and secret yet." + _err "You can get yours from here https://cp.pcextreme.nl/auroradns/users." + return 1 + fi + + #save the api key and secret to the account conf file. + _saveaccountconf_mutable AURORA_Key "$AURORA_Key" + _saveaccountconf_mutable AURORA_Secret "$AURORA_Secret" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _info "Adding record" + if _aurora_rest POST "zones/$_domain_id/records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":300}"; then + if _contains "$response" "$txtvalue"; then + _info "Added, OK" + return 0 + elif _contains "$response" "RecordExistsError"; then + _info "Already exists, OK" + return 0 + else + _err "Add txt record error." + return 1 + fi + fi + _err "Add txt record error." + return 1 + +} + +#fulldomain txtvalue +dns_aurora_rm() { + fulldomain=$1 + txtvalue=$2 + + AURORA_Key="${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}" + AURORA_Secret="${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting records" + _aurora_rest GET "zones/${_domain_id}/records" + + if ! _contains "$response" "$txtvalue"; then + _info "Don't need to remove." + else + records=$(echo "$response" | _normalizeJson | tr -d "[]" | sed "s/},{/}|{/g" | tr "|" "\n") + if [ "$(echo "$records" | wc -l)" -le 2 ]; then + _err "Can not parse records." + return 1 + fi + record_id=$(echo "$records" | grep "\"type\": *\"TXT\"" | grep "\"name\": *\"$_sub_domain\"" | grep "\"content\": *\"$txtvalue\"" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") + _debug "record_id" "$record_id" + if [ -z "$record_id" ]; then + _err "Can not get record id to remove." + return 1 + fi + if ! _aurora_rest DELETE "zones/$_domain_id/records/$record_id"; then + _err "Delete record error." + return 1 + fi + fi + return 0 + +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=1 + p=1 + + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if ! _aurora_rest GET "zones/$h"; then + return 1 + fi + + if _contains "$response" "\"name\": \"$h\""; then + _domain_id=$(echo "$response" | _normalizeJson | tr -d "{}" | tr "," "\n" | grep "\"id\": *\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") + _debug _domain_id "$_domain_id" + if [ "$_domain_id" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain=$h + return 0 + fi + return 1 + fi + p=$i + i=$(_math "$i" + 1) + done + return 1 +} + +_aurora_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + key_trimmed=$(echo "$AURORA_Key" | tr -d '"') + secret_trimmed=$(echo "$AURORA_Secret" | tr -d '"') + + timestamp=$(date -u +"%Y%m%dT%H%M%SZ") + signature=$(printf "%s/%s%s" "$m" "$ep" "$timestamp" | _hmac sha256 "$(printf "%s" "$secret_trimmed" | _hex_dump | tr -d " ")" | _base64) + authorization=$(printf "AuroraDNSv1 %s" "$(printf "%s:%s" "$key_trimmed" "$signature" | _base64)") + + export _H1="Content-Type: application/json; charset=UTF-8" + export _H2="X-AuroraDNS-Date: $timestamp" + export _H3="Authorization: $authorization" + + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$AURORA_Api/$ep" "" "$m")" + else + response="$(_get "$AURORA_Api/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From f3682f0e8e30899dab1fb3fbbf6b477f4a798c0d Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 17 Apr 2021 22:09:59 +0800 Subject: [PATCH 0357/1526] fix format --- dnsapi/dns_one.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/dnsapi/dns_one.sh b/dnsapi/dns_one.sh index 0a4b2a14..1565b767 100644 --- a/dnsapi/dns_one.sh +++ b/dnsapi/dns_one.sh @@ -5,7 +5,6 @@ # export ONECOM_User="username" # export ONECOM_Password="password" - dns_one_add() { fulldomain=$1 txtvalue=$2 @@ -24,11 +23,9 @@ dns_one_add() { subdomain="${_sub_domain}" maindomain=${_domain} - _debug subdomain "$subdomain" _debug maindomain "$maindomain" - #Check if the TXT exists _dns_one_getrecord "TXT" "$subdomain" "$txtvalue" if [ -n "$id" ]; then From eb0c629fad119604d0944719ca2bfc5e70dbc97e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eike-Christian=20M=C3=BCller?= Date: Thu, 29 Apr 2021 12:53:13 +0200 Subject: [PATCH 0358/1526] more simple mail.sh fix Reverted the original patch and changed it to the obvious simple solution provided by @Neilpang. --- notify/mail.sh | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/notify/mail.sh b/notify/mail.sh index 2be93cd8..2cbddb63 100644 --- a/notify/mail.sh +++ b/notify/mail.sh @@ -78,13 +78,8 @@ mail_send() { _mail_bin() { _MAIL_BIN="" - _MAIL_BINS="sendmail ssmtp mutt mail msmtp" - if [ -n "$MAIL_BIN" ]; then - _MAIL_BINS="$MAIL_BIN $_MAIL_BINS" - fi - - for b in $_MAIL_BINS; do + for b in $MAIL_BIN sendmail ssmtp mutt mail msmtp; do if _exists "$b"; then _MAIL_BIN="$b" break From 81b2d0732f6a8db79f7059c5fb0dccdf02783387 Mon Sep 17 00:00:00 2001 From: Jeff Goeke-Smith Date: Thu, 29 Apr 2021 16:46:32 -0400 Subject: [PATCH 0359/1526] arguments passed to printf are more generic On systems that /bin/sh is served by shells other than bash, or shells that don't implement the same syntax as the bash printf builtin, printf -- fails to produce the output necessary for standalone operation. The test case for this was SmartOS, which uses ksh93 as its /bin/sh. This change uses the more generic method of passing a format parameter of a single string, and then the argument to replace it with. --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 8d422719..b408ed30 100755 --- a/acme.sh +++ b/acme.sh @@ -2357,7 +2357,7 @@ _startserver() { echo 'HTTP/1.0 200 OK'; \ echo 'Content-Length\: $_content_len'; \ echo ''; \ -printf -- '$content';" & +printf '%s' '$content';" & serverproc="$!" } From 91d37c78750d382d0edfec6f36e6c49bb834159c Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 1 May 2021 22:32:44 +0800 Subject: [PATCH 0360/1526] fix compatibility issue --- acme.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index b408ed30..2ec8ba57 100755 --- a/acme.sh +++ b/acme.sh @@ -2038,7 +2038,7 @@ _send_signed_request() { if _post "" "$nonceurl" "" "HEAD" "$__request_conent_type" >/dev/null; then _headers="$(cat "$HTTP_HEADER")" _debug2 _headers "$_headers" - _CACHED_NONCE="$(echo "$_headers" | grep -i "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" + _CACHED_NONCE="$(echo "$_headers" | grep -i "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2 | cut -d , -f 1)" fi fi if [ -z "$_CACHED_NONCE" ]; then @@ -2118,7 +2118,7 @@ _send_signed_request() { fi _debug2 response "$response" - _CACHED_NONCE="$(echo "$responseHeaders" | grep -i "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)" + _CACHED_NONCE="$(echo "$responseHeaders" | grep -i "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2 | cut -d , -f 1)" if ! _startswith "$code" "2"; then _body="$response" @@ -4720,7 +4720,7 @@ $_authorizations_map" _debug2 response "$response" status=$(echo "$response" | _egrep_o '"status":"[^"]*' | cut -d : -f 2 | tr -d '"') - if [ "$status" = "valid" ]; then + if _contains "$status" "valid"; then _info "$(__green Success)" _stopserver "$serverproc" serverproc="" From f855862ade83a0fc61f409c21397202f7f781c63 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 2 May 2021 22:20:04 +0800 Subject: [PATCH 0361/1526] upgrade freebsd --- .github/workflows/DNS.yml | 2 +- .github/workflows/LetsEncrypt.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 5ff1f8ab..f8e501ed 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -184,7 +184,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.3 + - uses: vmactions/freebsd-vm@v0.1.4 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 7193d88d..ba9a5317 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -111,7 +111,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.3 + - uses: vmactions/freebsd-vm@v0.1.4 with: envs: 'NGROK_TOKEN TEST_LOCAL' prepare: pkg install -y socat curl From 1a4a180e8cf0825a34a4df4810b43cc5990e47a3 Mon Sep 17 00:00:00 2001 From: Brian Hartvigsen Date: Sun, 2 May 2021 13:37:59 -0600 Subject: [PATCH 0362/1526] FIX: Synology sets "default" on wrong certificate For some DSM installs, it appears that setting the "default" flag to the string "false" actually sets it to true. This causes Synology to set the last updated certificate to be the default certificate. Using an empty string appears to still be accepted as a false-y value for DSMs where this isn't happening and corrects the behavior in the cases that it was. Credit to @Run-King for identifying the fix and @buxm for reporting. --- deploy/synology_dsm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 35d33209..25d43efb 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -121,7 +121,7 @@ synology_dsm_deploy() { # we've verified this certificate description is a thing, so save it _savedeployconf SYNO_Certificate "$SYNO_Certificate" - default=false + default="" if echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then default=true fi From 25a8240d12eb8884076242fb8adc4aa7f7bbaa84 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 3 May 2021 15:52:56 +0800 Subject: [PATCH 0363/1526] fix https://github.com/acmesh-official/acme.sh/issues/3421 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 2ec8ba57..4955a5d4 100755 --- a/acme.sh +++ b/acme.sh @@ -2266,7 +2266,7 @@ _getdeployconf() { return 0 # do nothing fi _saved=$(_readdomainconf "SAVED_$_rac_key") - eval "export $_rac_key=\"$_saved\"" + eval "export $_rac_key=\"\$_saved\"" } #_saveaccountconf key value base64encode From e65144a1053fa4a6a21d3a61f8be37202211d061 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 3 May 2021 16:35:42 +0800 Subject: [PATCH 0364/1526] fix https://github.com/acmesh-official/acme.sh/issues/3487 suppor Ali doh and dnspod doh. --- acme.sh | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 58 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index 4955a5d4..efed674b 100755 --- a/acme.sh +++ b/acme.sh @@ -102,6 +102,8 @@ DEBUG_LEVEL_NONE=0 DOH_CLOUDFLARE=1 DOH_GOOGLE=2 +DOH_ALI=3 +DOH_DP=4 HIDDEN_VALUE="[hidden](please add '--output-insecure' to see this value)" @@ -3916,7 +3918,15 @@ _ns_purge_cf() { #checks if cf server is available _ns_is_available_cf() { - if _get "https://cloudflare-dns.com" >/dev/null 2>&1; then + if _get "https://cloudflare-dns.com" "" 1 >/dev/null 2>&1; then + return 0 + else + return 1 + fi +} + +_ns_is_available_google() { + if _get "https://dns.google" "" 1 >/dev/null 2>&1; then return 0 else return 1 @@ -3931,6 +3941,38 @@ _ns_lookup_google() { _ns_lookup_impl "$_cf_ep" "$_cf_ld" "$_cf_ld_type" } +_ns_is_available_ali() { + if _get "https://dns.alidns.com" "" 1 >/dev/null 2>&1; then + return 0 + else + return 1 + fi +} + +#domain, type +_ns_lookup_ali() { + _cf_ld="$1" + _cf_ld_type="$2" + _cf_ep="https://dns.alidns.com/resolve" + _ns_lookup_impl "$_cf_ep" "$_cf_ld" "$_cf_ld_type" +} + +_ns_is_available_dp() { + if _get "https://dns.alidns.com" "" 1 >/dev/null 2>&1; then + return 0 + else + return 1 + fi +} + +#dnspod +_ns_lookup_dp() { + _cf_ld="$1" + _cf_ld_type="$2" + _cf_ep="https://doh.pub/dns-query" + _ns_lookup_impl "$_cf_ep" "$_cf_ld" "$_cf_ld_type" +} + #domain, type _ns_lookup() { if [ -z "$DOH_USE" ]; then @@ -3938,16 +3980,28 @@ _ns_lookup() { if _ns_is_available_cf; then _debug "Use cloudflare doh server" export DOH_USE=$DOH_CLOUDFLARE - else + elif _ns_is_available_google; then _debug "Use google doh server" export DOH_USE=$DOH_GOOGLE + elif _ns_is_available_ali; then + _debug "Use aliyun doh server" + export DOH_USE=$DOH_ALI + else _ns_is_available_dp; + _debug "Use dns pod doh server" + export DOH_USE=$DOH_DP fi fi if [ "$DOH_USE" = "$DOH_CLOUDFLARE" ] || [ -z "$DOH_USE" ]; then _ns_lookup_cf "$@" - else + elif [ "$DOH_USE" = "$DOH_GOOGLE" ]; then _ns_lookup_google "$@" + elif [ "$DOH_USE" = "$DOH_ALI" ]; then + _ns_lookup_ali "$@" + elif [ "$DOH_USE" = "$DOH_DP" ]; then + _ns_lookup_dp "$@" + else + _err "Unknown doh provider: DOH_USE=$DOH_USE" fi } @@ -3972,7 +4026,7 @@ __purge_txt() { if [ "$DOH_USE" = "$DOH_CLOUDFLARE" ] || [ -z "$DOH_USE" ]; then _ns_purge_cf "$_p_txtdomain" "TXT" else - _debug "no purge api for google dns api, just sleep 5 secs" + _debug "no purge api for this doh api, just sleep 5 secs" _sleep 5 fi From e0c32ce7004cfe842bda3bf631cbcf92f37651b0 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 3 May 2021 16:42:09 +0800 Subject: [PATCH 0365/1526] minor --- acme.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index efed674b..d7ec50b4 100755 --- a/acme.sh +++ b/acme.sh @@ -3986,9 +3986,11 @@ _ns_lookup() { elif _ns_is_available_ali; then _debug "Use aliyun doh server" export DOH_USE=$DOH_ALI - else _ns_is_available_dp; + elif _ns_is_available_dp; _debug "Use dns pod doh server" export DOH_USE=$DOH_DP + else + _err "No doh" fi fi From 0a4ef171351db5eb7f02341e231801e80026d33e Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 3 May 2021 17:11:02 +0800 Subject: [PATCH 0366/1526] fix nginx relative path issue: https://github.com/acmesh-official/acme.sh/issues/1743 https://github.com/acmesh-official/acme.sh/issues/1914 --- acme.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/acme.sh b/acme.sh index d7ec50b4..36e33c7b 100755 --- a/acme.sh +++ b/acme.sh @@ -3098,6 +3098,11 @@ _checkConf() { _debug "Try include files" for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do _debug "check included $included" + if !_startswith "$included" "/" && _exists dirname; then + _relpath="$(dirname "$_c_file")" + _debug "_relpath" "$_relpath" + included="$_relpath/included" + fi if _checkConf "$1" "$included"; then return 0 fi From 290beb90a74ff617d9fdf006beb287fb9450d6e5 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 3 May 2021 17:14:54 +0800 Subject: [PATCH 0367/1526] minor --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 36e33c7b..0ea93cf7 100755 --- a/acme.sh +++ b/acme.sh @@ -3991,7 +3991,7 @@ _ns_lookup() { elif _ns_is_available_ali; then _debug "Use aliyun doh server" export DOH_USE=$DOH_ALI - elif _ns_is_available_dp; + elif _ns_is_available_dp; then _debug "Use dns pod doh server" export DOH_USE=$DOH_DP else From 0881cf13799e6d2ee8b1d8a969feac8d634e2c85 Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 4 May 2021 13:32:59 +0800 Subject: [PATCH 0368/1526] start 2.9.0 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 0ea93cf7..9967e541 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.8.9 +VER=2.9.0 PROJECT_NAME="acme.sh" From c127903127077ac4ed515a0ed28cfac6384e88f4 Mon Sep 17 00:00:00 2001 From: Benoit Garret Date: Tue, 27 Apr 2021 16:03:40 +0200 Subject: [PATCH 0369/1526] Add Consul deploy hook --- deploy/consul.sh | 98 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 deploy/consul.sh diff --git a/deploy/consul.sh b/deploy/consul.sh new file mode 100644 index 00000000..97aad380 --- /dev/null +++ b/deploy/consul.sh @@ -0,0 +1,98 @@ +#!/usr/bin/env sh + +# Here is a script to deploy cert to hashicorp consul using curl +# (https://www.consul.io/) +# +# it requires following environment variables: +# +# CONSUL_PREFIX - this contains the prefix path in consul +# CONSUL_HTTP_ADDR - consul requires this to find your consul server +# +# additionally, you need to ensure that CONSUL_HTTP_TOKEN is available +# to access the consul server + +#returns 0 means success, otherwise error. + +######## Public functions ##################### + +#domain keyfile certfile cafile fullchain +consul_deploy() { + + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + # validate required env vars + _getdeployconf CONSUL_PREFIX + if [ -z "$CONSUL_PREFIX" ]; then + _err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)" + return 1 + fi + _savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX" + + _getdeployconf CONSUL_HTTP_ADDR + if [ -z "$CONSUL_HTTP_ADDR" ]; then + _err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)" + return 1 + fi + _savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR" + + CONSUL_CMD=$(command -v consul) + + # force CLI, but the binary does not exist => error + if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then + _err "Cannot find the consul binary!" + return 1 + fi + + # use the CLI first + if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then + _info "Found consul binary, deploying with CLI" + consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX" + else + _info "Did not find consul binary, deploying with API" + consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN" + fi +} + +consul_deploy_api() { + CONSUL_HTTP_ADDR="$1" + CONSUL_PREFIX="$2" + CONSUL_HTTP_TOKEN="$3" + + URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX" + export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN" + + if [ -n "$FABIO" ]; then + _post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1 + _post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1 + else + _post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1 + _post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1 + _post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1 + _post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1 + fi +} + +consul_deploy_cli() { + CONSUL_CMD="$1" + CONSUL_PREFIX="$2" + + if [ -n "$FABIO" ]; then + $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1 + $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1 + else + $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1 + $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1 + $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1 + $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1 + fi +} From c5557fc488674892cb839c7a75816869428e582e Mon Sep 17 00:00:00 2001 From: Will Browning <20662079+willbrowningme@users.noreply.github.com> Date: Thu, 6 May 2021 16:51:43 +0100 Subject: [PATCH 0370/1526] Remove DEDYN_NAME variable from dns_desec.sh --- dnsapi/dns_desec.sh | 25 +++++++++---------------- 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/dnsapi/dns_desec.sh b/dnsapi/dns_desec.sh index f64660a8..495a6780 100644 --- a/dnsapi/dns_desec.sh +++ b/dnsapi/dns_desec.sh @@ -20,21 +20,17 @@ dns_desec_add() { _debug txtvalue "$txtvalue" DEDYN_TOKEN="${DEDYN_TOKEN:-$(_readaccountconf_mutable DEDYN_TOKEN)}" - DEDYN_NAME="${DEDYN_NAME:-$(_readaccountconf_mutable DEDYN_NAME)}" - if [ -z "$DEDYN_TOKEN" ] || [ -z "$DEDYN_NAME" ]; then + if [ -z "$DEDYN_TOKEN" ]; then DEDYN_TOKEN="" - DEDYN_NAME="" - _err "You did not specify DEDYN_TOKEN and DEDYN_NAME yet." + _err "You did not specify DEDYN_TOKEN yet." _err "Please create your key and try again." _err "e.g." _err "export DEDYN_TOKEN=d41d8cd98f00b204e9800998ecf8427e" - _err "export DEDYN_NAME=foobar.dedyn.io" return 1 fi - #save the api token and name to the account conf file. + #save the api token to the account conf file. _saveaccountconf_mutable DEDYN_TOKEN "$DEDYN_TOKEN" - _saveaccountconf_mutable DEDYN_NAME "$DEDYN_NAME" _debug "First detect the root zone" if ! _get_root "$fulldomain" "$REST_API/"; then @@ -47,7 +43,7 @@ dns_desec_add() { # Get existing TXT record _debug "Getting txt records" txtvalues="\"\\\"$txtvalue\\\"\"" - _desec_rest GET "$REST_API/$DEDYN_NAME/rrsets/$_sub_domain/TXT/" + _desec_rest GET "$REST_API/$_domain/rrsets/$_sub_domain/TXT/" if [ "$_code" = "200" ]; then oldtxtvalues="$(echo "$response" | _egrep_o "\"records\":\\[\"\\S*\"\\]" | cut -d : -f 2 | tr -d "[]\\\\\"" | sed "s/,/ /g")" @@ -63,7 +59,7 @@ dns_desec_add() { _info "Adding record" body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":3600}]" - if _desec_rest PUT "$REST_API/$DEDYN_NAME/rrsets/" "$body"; then + if _desec_rest PUT "$REST_API/$_domain/rrsets/" "$body"; then if _contains "$response" "$txtvalue"; then _info "Added, OK" return 0 @@ -87,16 +83,13 @@ dns_desec_rm() { _debug txtvalue "$txtvalue" DEDYN_TOKEN="${DEDYN_TOKEN:-$(_readaccountconf_mutable DEDYN_TOKEN)}" - DEDYN_NAME="${DEDYN_NAME:-$(_readaccountconf_mutable DEDYN_NAME)}" - if [ -z "$DEDYN_TOKEN" ] || [ -z "$DEDYN_NAME" ]; then + if [ -z "$DEDYN_TOKEN" ]; then DEDYN_TOKEN="" - DEDYN_NAME="" - _err "You did not specify DEDYN_TOKEN and DEDYN_NAME yet." + _err "You did not specify DEDYN_TOKEN yet." _err "Please create your key and try again." _err "e.g." _err "export DEDYN_TOKEN=d41d8cd98f00b204e9800998ecf8427e" - _err "export DEDYN_NAME=foobar.dedyn.io" return 1 fi @@ -112,7 +105,7 @@ dns_desec_rm() { # Get existing TXT record _debug "Getting txt records" txtvalues="" - _desec_rest GET "$REST_API/$DEDYN_NAME/rrsets/$_sub_domain/TXT/" + _desec_rest GET "$REST_API/$_domain/rrsets/$_sub_domain/TXT/" if [ "$_code" = "200" ]; then oldtxtvalues="$(echo "$response" | _egrep_o "\"records\":\\[\"\\S*\"\\]" | cut -d : -f 2 | tr -d "[]\\\\\"" | sed "s/,/ /g")" @@ -131,7 +124,7 @@ dns_desec_rm() { _info "Deleting record" body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":3600}]" - _desec_rest PUT "$REST_API/$DEDYN_NAME/rrsets/" "$body" + _desec_rest PUT "$REST_API/$_domain/rrsets/" "$body" if [ "$_code" = "200" ]; then _info "Deleted, OK" return 0 From 07afc4953ada485b51d514fc65b80c00669f751b Mon Sep 17 00:00:00 2001 From: Benoit Garret Date: Fri, 7 May 2021 12:12:30 +0200 Subject: [PATCH 0371/1526] Fix the shfmt check --- deploy/consul.sh | 142 +++++++++++++++++++++++------------------------ 1 file changed, 71 insertions(+), 71 deletions(-) diff --git a/deploy/consul.sh b/deploy/consul.sh index 97aad380..f93fb452 100644 --- a/deploy/consul.sh +++ b/deploy/consul.sh @@ -18,81 +18,81 @@ #domain keyfile certfile cafile fullchain consul_deploy() { - _cdomain="$1" - _ckey="$2" - _ccert="$3" - _cca="$4" - _cfullchain="$5" - - _debug _cdomain "$_cdomain" - _debug _ckey "$_ckey" - _debug _ccert "$_ccert" - _debug _cca "$_cca" - _debug _cfullchain "$_cfullchain" - - # validate required env vars - _getdeployconf CONSUL_PREFIX - if [ -z "$CONSUL_PREFIX" ]; then - _err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)" - return 1 - fi - _savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX" - - _getdeployconf CONSUL_HTTP_ADDR - if [ -z "$CONSUL_HTTP_ADDR" ]; then - _err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)" - return 1 - fi - _savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR" - - CONSUL_CMD=$(command -v consul) - - # force CLI, but the binary does not exist => error - if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then - _err "Cannot find the consul binary!" - return 1 - fi - - # use the CLI first - if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then - _info "Found consul binary, deploying with CLI" - consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX" - else - _info "Did not find consul binary, deploying with API" - consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN" - fi + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + # validate required env vars + _getdeployconf CONSUL_PREFIX + if [ -z "$CONSUL_PREFIX" ]; then + _err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)" + return 1 + fi + _savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX" + + _getdeployconf CONSUL_HTTP_ADDR + if [ -z "$CONSUL_HTTP_ADDR" ]; then + _err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)" + return 1 + fi + _savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR" + + CONSUL_CMD=$(command -v consul) + + # force CLI, but the binary does not exist => error + if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then + _err "Cannot find the consul binary!" + return 1 + fi + + # use the CLI first + if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then + _info "Found consul binary, deploying with CLI" + consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX" + else + _info "Did not find consul binary, deploying with API" + consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN" + fi } consul_deploy_api() { - CONSUL_HTTP_ADDR="$1" - CONSUL_PREFIX="$2" - CONSUL_HTTP_TOKEN="$3" - - URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX" - export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN" - - if [ -n "$FABIO" ]; then - _post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1 - _post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1 - else - _post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1 - _post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1 - _post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1 - _post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1 - fi + CONSUL_HTTP_ADDR="$1" + CONSUL_PREFIX="$2" + CONSUL_HTTP_TOKEN="$3" + + URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX" + export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN" + + if [ -n "$FABIO" ]; then + _post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1 + _post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1 + else + _post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1 + _post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1 + _post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1 + _post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1 + fi } consul_deploy_cli() { - CONSUL_CMD="$1" - CONSUL_PREFIX="$2" - - if [ -n "$FABIO" ]; then - $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1 - $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1 - else - $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1 - $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1 - $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1 - $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1 - fi + CONSUL_CMD="$1" + CONSUL_PREFIX="$2" + + if [ -n "$FABIO" ]; then + $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1 + $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1 + else + $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1 + $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1 + $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1 + $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1 + fi } From aa59c46c4cffb89717388824e766e3c6cc1990a9 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 7 May 2021 21:49:47 +0800 Subject: [PATCH 0372/1526] fix https://github.com/acmesh-official/acme.sh/issues/3504 --- acme.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 9967e541..1f7bbda7 100755 --- a/acme.sh +++ b/acme.sh @@ -3578,6 +3578,7 @@ _regAccount() { _err "Can not get EAB credentials from ZeroSSL." return 1 fi + _debug2 "$_eabresp" _eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')" if [ -z "$_eab_id" ]; then _err "Can not resolve _eab_id" @@ -4781,7 +4782,7 @@ $_authorizations_map" _debug2 response "$response" status=$(echo "$response" | _egrep_o '"status":"[^"]*' | cut -d : -f 2 | tr -d '"') - if _contains "$status" "valid"; then + if _contains "$status" '"valid"'; then _info "$(__green Success)" _stopserver "$serverproc" serverproc="" From aede5c486be6e5f55882dcdbdecb7512200ee5be Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 7 May 2021 22:02:40 +0800 Subject: [PATCH 0373/1526] fix https://github.com/acmesh-official/acme.sh/issues/3504 check invalid status first. --- acme.sh | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/acme.sh b/acme.sh index 1f7bbda7..4fa83744 100755 --- a/acme.sh +++ b/acme.sh @@ -4782,15 +4782,8 @@ $_authorizations_map" _debug2 response "$response" status=$(echo "$response" | _egrep_o '"status":"[^"]*' | cut -d : -f 2 | tr -d '"') - if _contains "$status" '"valid"'; then - _info "$(__green Success)" - _stopserver "$serverproc" - serverproc="" - _clearupwebbroot "$_currentRoot" "$removelevel" "$token" - break - fi - if [ "$status" = "invalid" ]; then + if _contains "$status" "invalid"; then error="$(echo "$response" | _egrep_o '"error":\{[^\}]*')" _debug2 error "$error" errordetail="$(echo "$error" | _egrep_o '"detail": *"[^"]*' | cut -d '"' -f 4)" @@ -4812,6 +4805,14 @@ $_authorizations_map" return 1 fi + if _contains "$status" "valid"; then + _info "$(__green Success)" + _stopserver "$serverproc" + serverproc="" + _clearupwebbroot "$_currentRoot" "$removelevel" "$token" + break + fi + if [ "$status" = "pending" ]; then _info "Pending" elif [ "$status" = "processing" ]; then From 46180435cc5fa58b48554c9e4c918d6f15f7d207 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 8 May 2021 21:09:56 +0800 Subject: [PATCH 0374/1526] minor --- dnsapi/dns_porkbun.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_porkbun.sh b/dnsapi/dns_porkbun.sh index 18da6b2f..90caec4a 100644 --- a/dnsapi/dns_porkbun.sh +++ b/dnsapi/dns_porkbun.sh @@ -78,7 +78,7 @@ dns_porkbun_rm() { if [ "$count" = "0" ]; then _info "Don't need to remove." else - record_id=$(echo "$response" | tr '{' '\n' | grep "$txtvalue" | cut -d, -f1 | cut -d: -f2 | tr -d \") + record_id=$(echo "$response" | tr '{' '\n' | grep -- "$txtvalue" | cut -d, -f1 | cut -d: -f2 | tr -d \") _debug "record_id" "$record_id" if [ -z "$record_id" ]; then _err "Can not get record id to remove." From 5ab9ca1c0decec857de744854c52b818fc43a642 Mon Sep 17 00:00:00 2001 From: Brian Hartvigsen Date: Wed, 19 May 2021 13:21:34 -0600 Subject: [PATCH 0375/1526] Better fix for Synology DSM setting wrong default As noted by @buxm, previous fix didn't work for all versions of DSM 6. The better fix appears to be simply not outputting the "as_default" parameter unless we are doing something with the default certificate. --- deploy/synology_dsm.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 25d43efb..d7e8ace8 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -121,12 +121,6 @@ synology_dsm_deploy() { # we've verified this certificate description is a thing, so save it _savedeployconf SYNO_Certificate "$SYNO_Certificate" - default="" - if echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then - default=true - fi - _debug2 default "$default" - _info "Generate form POST request" nl="\0015\0012" delim="--------------------------$(_utc_date | tr -d -- '-: ')" @@ -135,7 +129,12 @@ synology_dsm_deploy() { content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\0012" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_Certificate}" - content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}${default}" + if echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then + _debug2 default "this is the default certificate" + content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}true" + else + _debug2 default "this is NOT the default certificate" + fi content="$content${nl}--$delim--${nl}" content="$(printf "%b_" "$content")" content="${content%_}" # protect trailing \n From af3ea2d4fd463f938505cd39f51d9a3fc0bd802e Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 22 May 2021 23:45:50 +0800 Subject: [PATCH 0376/1526] remove ACME v1 support --- acme.sh | 746 +++++++++++++++++++++----------------------------------- 1 file changed, 282 insertions(+), 464 deletions(-) diff --git a/acme.sh b/acme.sh index 4fa83744..10eef019 100755 --- a/acme.sh +++ b/acme.sh @@ -20,9 +20,6 @@ _SUB_FOLDER_DEPLOY="deploy" _SUB_FOLDERS="$_SUB_FOLDER_DNSAPI $_SUB_FOLDER_DEPLOY $_SUB_FOLDER_NOTIFY" -LETSENCRYPT_CA_V1="https://acme-v01.api.letsencrypt.org/directory" -LETSENCRYPT_STAGING_CA_V1="https://acme-staging.api.letsencrypt.org/directory" - CA_LETSENCRYPT_V2="https://acme-v02.api.letsencrypt.org/directory" CA_LETSENCRYPT_V2_TEST="https://acme-staging-v02.api.letsencrypt.org/directory" @@ -2072,17 +2069,15 @@ _send_signed_request() { _sleep 2 continue fi - if [ "$ACME_VERSION" = "2" ]; then - if [ "$url" = "$ACME_NEW_ACCOUNT" ]; then - protected="$JWK_HEADERPLACE_PART1$nonce\", \"url\": \"${url}$JWK_HEADERPLACE_PART2, \"jwk\": $jwk"'}' - elif [ "$url" = "$ACME_REVOKE_CERT" ] && [ "$keyfile" != "$ACCOUNT_KEY_PATH" ]; then - protected="$JWK_HEADERPLACE_PART1$nonce\", \"url\": \"${url}$JWK_HEADERPLACE_PART2, \"jwk\": $jwk"'}' - else - protected="$JWK_HEADERPLACE_PART1$nonce\", \"url\": \"${url}$JWK_HEADERPLACE_PART2, \"kid\": \"${ACCOUNT_URL}\""'}' - fi - else + + if [ "$url" = "$ACME_NEW_ACCOUNT" ]; then protected="$JWK_HEADERPLACE_PART1$nonce\", \"url\": \"${url}$JWK_HEADERPLACE_PART2, \"jwk\": $jwk"'}' + elif [ "$url" = "$ACME_REVOKE_CERT" ] && [ "$keyfile" != "$ACCOUNT_KEY_PATH" ]; then + protected="$JWK_HEADERPLACE_PART1$nonce\", \"url\": \"${url}$JWK_HEADERPLACE_PART2, \"jwk\": $jwk"'}' + else + protected="$JWK_HEADERPLACE_PART1$nonce\", \"url\": \"${url}$JWK_HEADERPLACE_PART2, \"kid\": \"${ACCOUNT_URL}\""'}' fi + _debug3 protected "$protected" protected64="$(printf "%s" "$protected" | _base64 | _url_replace)" @@ -2549,61 +2544,25 @@ _initAPI() { response=$(echo "$response" | _json_decode) _debug2 "response" "$response" - ACME_KEY_CHANGE=$(echo "$response" | _egrep_o 'key-change" *: *"[^"]*"' | cut -d '"' -f 3) - if [ -z "$ACME_KEY_CHANGE" ]; then - ACME_KEY_CHANGE=$(echo "$response" | _egrep_o 'keyChange" *: *"[^"]*"' | cut -d '"' -f 3) - fi + ACME_KEY_CHANGE=$(echo "$response" | _egrep_o 'keyChange" *: *"[^"]*"' | cut -d '"' -f 3) export ACME_KEY_CHANGE - ACME_NEW_AUTHZ=$(echo "$response" | _egrep_o 'new-authz" *: *"[^"]*"' | cut -d '"' -f 3) - if [ -z "$ACME_NEW_AUTHZ" ]; then - ACME_NEW_AUTHZ=$(echo "$response" | _egrep_o 'newAuthz" *: *"[^"]*"' | cut -d '"' -f 3) - fi + ACME_NEW_AUTHZ=$(echo "$response" | _egrep_o 'newAuthz" *: *"[^"]*"' | cut -d '"' -f 3) export ACME_NEW_AUTHZ - ACME_NEW_ORDER=$(echo "$response" | _egrep_o 'new-cert" *: *"[^"]*"' | cut -d '"' -f 3) - ACME_NEW_ORDER_RES="new-cert" - if [ -z "$ACME_NEW_ORDER" ]; then - ACME_NEW_ORDER=$(echo "$response" | _egrep_o 'new-order" *: *"[^"]*"' | cut -d '"' -f 3) - ACME_NEW_ORDER_RES="new-order" - if [ -z "$ACME_NEW_ORDER" ]; then - ACME_NEW_ORDER=$(echo "$response" | _egrep_o 'newOrder" *: *"[^"]*"' | cut -d '"' -f 3) - fi - fi + ACME_NEW_ORDER=$(echo "$response" | _egrep_o 'newOrder" *: *"[^"]*"' | cut -d '"' -f 3) export ACME_NEW_ORDER - export ACME_NEW_ORDER_RES - - ACME_NEW_ACCOUNT=$(echo "$response" | _egrep_o 'new-reg" *: *"[^"]*"' | cut -d '"' -f 3) - ACME_NEW_ACCOUNT_RES="new-reg" - if [ -z "$ACME_NEW_ACCOUNT" ]; then - ACME_NEW_ACCOUNT=$(echo "$response" | _egrep_o 'new-account" *: *"[^"]*"' | cut -d '"' -f 3) - ACME_NEW_ACCOUNT_RES="new-account" - if [ -z "$ACME_NEW_ACCOUNT" ]; then - ACME_NEW_ACCOUNT=$(echo "$response" | _egrep_o 'newAccount" *: *"[^"]*"' | cut -d '"' -f 3) - if [ "$ACME_NEW_ACCOUNT" ]; then - export ACME_VERSION=2 - fi - fi - fi + + ACME_NEW_ACCOUNT=$(echo "$response" | _egrep_o 'newAccount" *: *"[^"]*"' | cut -d '"' -f 3) export ACME_NEW_ACCOUNT - export ACME_NEW_ACCOUNT_RES - ACME_REVOKE_CERT=$(echo "$response" | _egrep_o 'revoke-cert" *: *"[^"]*"' | cut -d '"' -f 3) - if [ -z "$ACME_REVOKE_CERT" ]; then - ACME_REVOKE_CERT=$(echo "$response" | _egrep_o 'revokeCert" *: *"[^"]*"' | cut -d '"' -f 3) - fi + ACME_REVOKE_CERT=$(echo "$response" | _egrep_o 'revokeCert" *: *"[^"]*"' | cut -d '"' -f 3) export ACME_REVOKE_CERT - ACME_NEW_NONCE=$(echo "$response" | _egrep_o 'new-nonce" *: *"[^"]*"' | cut -d '"' -f 3) - if [ -z "$ACME_NEW_NONCE" ]; then - ACME_NEW_NONCE=$(echo "$response" | _egrep_o 'newNonce" *: *"[^"]*"' | cut -d '"' -f 3) - fi + ACME_NEW_NONCE=$(echo "$response" | _egrep_o 'newNonce" *: *"[^"]*"' | cut -d '"' -f 3) export ACME_NEW_NONCE - ACME_AGREEMENT=$(echo "$response" | _egrep_o 'terms-of-service" *: *"[^"]*"' | cut -d '"' -f 3) - if [ -z "$ACME_AGREEMENT" ]; then - ACME_AGREEMENT=$(echo "$response" | _egrep_o 'termsOfService" *: *"[^"]*"' | cut -d '"' -f 3) - fi + ACME_AGREEMENT=$(echo "$response" | _egrep_o 'termsOfService" *: *"[^"]*"' | cut -d '"' -f 3) export ACME_AGREEMENT _debug "ACME_KEY_CHANGE" "$ACME_KEY_CHANGE" @@ -2613,7 +2572,6 @@ _initAPI() { _debug "ACME_REVOKE_CERT" "$ACME_REVOKE_CERT" _debug "ACME_AGREEMENT" "$ACME_AGREEMENT" _debug "ACME_NEW_NONCE" "$ACME_NEW_NONCE" - _debug "ACME_VERSION" "$ACME_VERSION" fi } @@ -3563,69 +3521,62 @@ _regAccount() { if [ "$_email" ]; then _savecaconf "CA_EMAIL" "$_email" fi - if [ "$ACME_VERSION" = "2" ]; then - if [ "$ACME_DIRECTORY" = "$CA_ZEROSSL" ]; then - if [ -z "$_eab_id" ] || [ -z "$_eab_hmac_key" ]; then - _info "No EAB credentials found for ZeroSSL, let's get one" - if [ -z "$_email" ]; then - _err "Please provide a email address for ZeroSSL account." - _err "See ZeroSSL usage: $_ZEROSSL_WIKI" - return 1 - fi - _eabresp=$(_post "email=$_email" $_ZERO_EAB_ENDPOINT) - if [ "$?" != "0" ]; then - _debug2 "$_eabresp" - _err "Can not get EAB credentials from ZeroSSL." - return 1 - fi + + if [ "$ACME_DIRECTORY" = "$CA_ZEROSSL" ]; then + if [ -z "$_eab_id" ] || [ -z "$_eab_hmac_key" ]; then + _info "No EAB credentials found for ZeroSSL, let's get one" + if [ -z "$_email" ]; then + _err "Please provide a email address for ZeroSSL account." + _err "See ZeroSSL usage: $_ZEROSSL_WIKI" + return 1 + fi + _eabresp=$(_post "email=$_email" $_ZERO_EAB_ENDPOINT) + if [ "$?" != "0" ]; then _debug2 "$_eabresp" - _eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')" - if [ -z "$_eab_id" ]; then - _err "Can not resolve _eab_id" - return 1 - fi - _eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')" - if [ -z "$_eab_hmac_key" ]; then - _err "Can not resolve _eab_hmac_key" - return 1 - fi - _savecaconf CA_EAB_KEY_ID "$_eab_id" - _savecaconf CA_EAB_HMAC_KEY "$_eab_hmac_key" + _err "Can not get EAB credentials from ZeroSSL." + return 1 fi + _debug2 "$_eabresp" + _eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')" + if [ -z "$_eab_id" ]; then + _err "Can not resolve _eab_id" + return 1 + fi + _eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')" + if [ -z "$_eab_hmac_key" ]; then + _err "Can not resolve _eab_hmac_key" + return 1 + fi + _savecaconf CA_EAB_KEY_ID "$_eab_id" + _savecaconf CA_EAB_HMAC_KEY "$_eab_hmac_key" fi - if [ "$_eab_id" ] && [ "$_eab_hmac_key" ]; then - eab_protected="{\"alg\":\"HS256\",\"kid\":\"$_eab_id\",\"url\":\"${ACME_NEW_ACCOUNT}\"}" - _debug3 eab_protected "$eab_protected" + fi + if [ "$_eab_id" ] && [ "$_eab_hmac_key" ]; then + eab_protected="{\"alg\":\"HS256\",\"kid\":\"$_eab_id\",\"url\":\"${ACME_NEW_ACCOUNT}\"}" + _debug3 eab_protected "$eab_protected" - eab_protected64=$(printf "%s" "$eab_protected" | _base64 | _url_replace) - _debug3 eab_protected64 "$eab_protected64" + eab_protected64=$(printf "%s" "$eab_protected" | _base64 | _url_replace) + _debug3 eab_protected64 "$eab_protected64" - eab_payload64=$(printf "%s" "$jwk" | _base64 | _url_replace) - _debug3 eab_payload64 "$eab_payload64" + eab_payload64=$(printf "%s" "$jwk" | _base64 | _url_replace) + _debug3 eab_payload64 "$eab_payload64" - eab_sign_t="$eab_protected64.$eab_payload64" - _debug3 eab_sign_t "$eab_sign_t" + eab_sign_t="$eab_protected64.$eab_payload64" + _debug3 eab_sign_t "$eab_sign_t" - key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 | _hex_dump | tr -d ' ')" - _debug3 key_hex "$key_hex" + key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 | _hex_dump | tr -d ' ')" + _debug3 key_hex "$key_hex" - eab_signature=$(printf "%s" "$eab_sign_t" | _hmac sha256 $key_hex | _base64 | _url_replace) - _debug3 eab_signature "$eab_signature" + eab_signature=$(printf "%s" "$eab_sign_t" | _hmac sha256 $key_hex | _base64 | _url_replace) + _debug3 eab_signature "$eab_signature" - externalBinding=",\"externalAccountBinding\":{\"protected\":\"$eab_protected64\", \"payload\":\"$eab_payload64\", \"signature\":\"$eab_signature\"}" - _debug3 externalBinding "$externalBinding" - fi - if [ "$_email" ]; then - email_sg="\"contact\": [\"mailto:$_email\"], " - fi - regjson="{$email_sg\"termsOfServiceAgreed\": true$externalBinding}" - else - _reg_res="$ACME_NEW_ACCOUNT_RES" - regjson='{"resource": "'$_reg_res'", "terms-of-service-agreed": true, "agreement": "'$ACME_AGREEMENT'"}' - if [ "$_email" ]; then - regjson='{"resource": "'$_reg_res'", "contact": ["mailto:'$_email'"], "terms-of-service-agreed": true, "agreement": "'$ACME_AGREEMENT'"}' - fi + externalBinding=",\"externalAccountBinding\":{\"protected\":\"$eab_protected64\", \"payload\":\"$eab_payload64\", \"signature\":\"$eab_signature\"}" + _debug3 externalBinding "$externalBinding" fi + if [ "$_email" ]; then + email_sg="\"contact\": [\"mailto:$_email\"], " + fi + regjson="{$email_sg\"termsOfServiceAgreed\": true$externalBinding}" _info "Registering account: $ACME_DIRECTORY" @@ -3710,20 +3661,13 @@ updateaccount() { _initAPI _email="$(_getAccountEmail)" - if [ "$ACME_VERSION" = "2" ]; then - if [ "$ACCOUNT_EMAIL" ]; then - updjson='{"contact": ["mailto:'$_email'"]}' - else - updjson='{"contact": []}' - fi + + if [ "$ACCOUNT_EMAIL" ]; then + updjson='{"contact": ["mailto:'$_email'"]}' else - # ACMEv1: Updates happen the same way a registration is done. - # https://tools.ietf.org/html/draft-ietf-acme-acme-01#section-6.3 - _regAccount - return + updjson='{"contact": []}' fi - # this part handles ACMEv2 account updates. _send_signed_request "$_accUri" "$updjson" if [ "$code" = '200' ]; then @@ -3768,11 +3712,8 @@ deactivateaccount() { fi _initAPI - if [ "$ACME_VERSION" = "2" ]; then - _djson="{\"status\":\"deactivated\"}" - else - _djson="{\"resource\": \"reg\", \"status\":\"deactivated\"}" - fi + _djson="{\"status\":\"deactivated\"}" + if _send_signed_request "$_accUri" "$_djson" && _contains "$response" '"deactivated"'; then _info "Deactivate account success for $_accUri." _accid=$(echo "$response" | _egrep_o "\"id\" *: *[^,]*," | cut -d : -f 2 | tr -d ' ,') @@ -3877,11 +3818,9 @@ __trigger_validation() { _debug2 _t_key_authz "$_t_key_authz" _t_vtype="$3" _debug2 _t_vtype "$_t_vtype" - if [ "$ACME_VERSION" = "2" ]; then - _send_signed_request "$_t_url" "{}" - else - _send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"type\": \"$_t_vtype\", \"keyAuthorization\": \"$_t_key_authz\"}" - fi + + _send_signed_request "$_t_url" "{}" + } #endpoint domain type @@ -4297,74 +4236,72 @@ issue() { sep='#' dvsep=',' if [ -z "$vlist" ]; then - if [ "$ACME_VERSION" = "2" ]; then - #make new order request - _identifiers="{\"type\":\"dns\",\"value\":\"$(_idn "$_main_domain")\"}" - _w_index=1 - while true; do - d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")" - _w_index="$(_math "$_w_index" + 1)" - _debug d "$d" - if [ -z "$d" ]; then - break - fi - _identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$(_idn "$d")\"}" - done - _debug2 _identifiers "$_identifiers" - if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then - _err "Create new order error." - _clearup - _on_issue_err "$_post_hook" - return 1 - fi - Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n " | cut -d ":" -f 2-)" - _debug Le_LinkOrder "$Le_LinkOrder" - Le_OrderFinalize="$(echo "$response" | _egrep_o '"finalize" *: *"[^"]*"' | cut -d '"' -f 4)" - _debug Le_OrderFinalize "$Le_OrderFinalize" - if [ -z "$Le_OrderFinalize" ]; then - _err "Create new order error. Le_OrderFinalize not found. $response" - _clearup - _on_issue_err "$_post_hook" - return 1 + #make new order request + _identifiers="{\"type\":\"dns\",\"value\":\"$(_idn "$_main_domain")\"}" + _w_index=1 + while true; do + d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")" + _w_index="$(_math "$_w_index" + 1)" + _debug d "$d" + if [ -z "$d" ]; then + break fi + _identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$(_idn "$d")\"}" + done + _debug2 _identifiers "$_identifiers" + if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then + _err "Create new order error." + _clearup + _on_issue_err "$_post_hook" + return 1 + fi + Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n " | cut -d ":" -f 2-)" + _debug Le_LinkOrder "$Le_LinkOrder" + Le_OrderFinalize="$(echo "$response" | _egrep_o '"finalize" *: *"[^"]*"' | cut -d '"' -f 4)" + _debug Le_OrderFinalize "$Le_OrderFinalize" + if [ -z "$Le_OrderFinalize" ]; then + _err "Create new order error. Le_OrderFinalize not found. $response" + _clearup + _on_issue_err "$_post_hook" + return 1 + fi - #for dns manual mode - _savedomainconf "Le_OrderFinalize" "$Le_OrderFinalize" + #for dns manual mode + _savedomainconf "Le_OrderFinalize" "$Le_OrderFinalize" - _authorizations_seg="$(echo "$response" | _json_decode | _egrep_o '"authorizations" *: *\[[^\[]*\]' | cut -d '[' -f 2 | tr -d ']' | tr -d '"')" - _debug2 _authorizations_seg "$_authorizations_seg" - if [ -z "$_authorizations_seg" ]; then - _err "_authorizations_seg not found." + _authorizations_seg="$(echo "$response" | _json_decode | _egrep_o '"authorizations" *: *\[[^\[]*\]' | cut -d '[' -f 2 | tr -d ']' | tr -d '"')" + _debug2 _authorizations_seg "$_authorizations_seg" + if [ -z "$_authorizations_seg" ]; then + _err "_authorizations_seg not found." + _clearup + _on_issue_err "$_post_hook" + return 1 + fi + + #domain and authz map + _authorizations_map="" + for _authz_url in $(echo "$_authorizations_seg" | tr ',' ' '); do + _debug2 "_authz_url" "$_authz_url" + if ! _send_signed_request "$_authz_url"; then + _err "get to authz error." + _err "_authorizations_seg" "$_authorizations_seg" + _err "_authz_url" "$_authz_url" _clearup _on_issue_err "$_post_hook" return 1 fi - #domain and authz map - _authorizations_map="" - for _authz_url in $(echo "$_authorizations_seg" | tr ',' ' '); do - _debug2 "_authz_url" "$_authz_url" - if ! _send_signed_request "$_authz_url"; then - _err "get to authz error." - _err "_authorizations_seg" "$_authorizations_seg" - _err "_authz_url" "$_authz_url" - _clearup - _on_issue_err "$_post_hook" - return 1 - fi - - response="$(echo "$response" | _normalizeJson)" - _debug2 response "$response" - _d="$(echo "$response" | _egrep_o '"value" *: *"[^"]*"' | cut -d : -f 2 | tr -d ' "')" - if _contains "$response" "\"wildcard\" *: *true"; then - _d="*.$_d" - fi - _debug2 _d "$_d" - _authorizations_map="$_d,$response + response="$(echo "$response" | _normalizeJson)" + _debug2 response "$response" + _d="$(echo "$response" | _egrep_o '"value" *: *"[^"]*"' | cut -d : -f 2 | tr -d ' "')" + if _contains "$response" "\"wildcard\" *: *true"; then + _d="*.$_d" + fi + _debug2 _d "$_d" + _authorizations_map="$_d,$response $_authorizations_map" - done - _debug2 _authorizations_map "$_authorizations_map" - fi + done + _debug2 _authorizations_map "$_authorizations_map" _index=0 _currentRoot="" @@ -4395,33 +4332,25 @@ $_authorizations_map" vtype="$VTYPE_ALPN" fi - if [ "$ACME_VERSION" = "2" ]; then - _idn_d="$(_idn "$d")" - _candidates="$(echo "$_authorizations_map" | grep -i "^$_idn_d,")" - _debug2 _candidates "$_candidates" - if [ "$(echo "$_candidates" | wc -l)" -gt 1 ]; then - for _can in $_candidates; do - if _startswith "$(echo "$_can" | tr '.' '|')" "$(echo "$_idn_d" | tr '.' '|'),"; then - _candidates="$_can" - break - fi - done - fi - response="$(echo "$_candidates" | sed "s/$_idn_d,//")" - _debug2 "response" "$response" - if [ -z "$response" ]; then - _err "get to authz error." - _err "_authorizations_map" "$_authorizations_map" - _clearup - _on_issue_err "$_post_hook" - return 1 - fi - else - if ! __get_domain_new_authz "$d"; then - _clearup - _on_issue_err "$_post_hook" - return 1 - fi + _idn_d="$(_idn "$d")" + _candidates="$(echo "$_authorizations_map" | grep -i "^$_idn_d,")" + _debug2 _candidates "$_candidates" + if [ "$(echo "$_candidates" | wc -l)" -gt 1 ]; then + for _can in $_candidates; do + if _startswith "$(echo "$_can" | tr '.' '|')" "$(echo "$_idn_d" | tr '.' '|'),"; then + _candidates="$_can" + break + fi + done + fi + response="$(echo "$_candidates" | sed "s/$_idn_d,//")" + _debug2 "response" "$response" + if [ -z "$response" ]; then + _err "get to authz error." + _err "_authorizations_map" "$_authorizations_map" + _clearup + _on_issue_err "$_post_hook" + return 1 fi if [ -z "$thumbprint" ]; then @@ -4462,11 +4391,9 @@ $_authorizations_map" _on_issue_err "$_post_hook" return 1 fi - if [ "$ACME_VERSION" = "2" ]; then - uri="$(echo "$entry" | _egrep_o '"url":"[^"]*' | cut -d '"' -f 4 | _head_n 1)" - else - uri="$(echo "$entry" | _egrep_o '"uri":"[^"]*' | cut -d '"' -f 4)" - fi + + uri="$(echo "$entry" | _egrep_o '"url":"[^"]*' | cut -d '"' -f 4 | _head_n 1)" + _debug uri "$uri" if [ -z "$uri" ]; then @@ -4764,11 +4691,9 @@ $_authorizations_map" _debug "sleep 2 secs to verify" sleep 2 _debug "checking" - if [ "$ACME_VERSION" = "2" ]; then - _send_signed_request "$uri" - else - response="$(_get "$uri")" - fi + + _send_signed_request "$uri" + if [ "$?" != "0" ]; then _err "$d:Verify error:$response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" @@ -4833,150 +4758,128 @@ $_authorizations_map" _info "Verify finished, start to sign." der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)" - if [ "$ACME_VERSION" = "2" ]; then - _info "Lets finalize the order." - _info "Le_OrderFinalize" "$Le_OrderFinalize" - if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then - _err "Sign failed." - _on_issue_err "$_post_hook" - return 1 - fi - if [ "$code" != "200" ]; then - _err "Sign failed, finalize code is not 200." - _err "$response" - _on_issue_err "$_post_hook" - return 1 - fi - if [ -z "$Le_LinkOrder" ]; then - Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n \t" | cut -d ":" -f 2-)" - fi - _savedomainconf "Le_LinkOrder" "$Le_LinkOrder" + _info "Lets finalize the order." + _info "Le_OrderFinalize" "$Le_OrderFinalize" + if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then + _err "Sign failed." + _on_issue_err "$_post_hook" + return 1 + fi + if [ "$code" != "200" ]; then + _err "Sign failed, finalize code is not 200." + _err "$response" + _on_issue_err "$_post_hook" + return 1 + fi + if [ -z "$Le_LinkOrder" ]; then + Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n \t" | cut -d ":" -f 2-)" + fi - _link_cert_retry=0 - _MAX_CERT_RETRY=30 - while [ "$_link_cert_retry" -lt "$_MAX_CERT_RETRY" ]; do - if _contains "$response" "\"status\":\"valid\""; then - _debug "Order status is valid." - Le_LinkCert="$(echo "$response" | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)" - _debug Le_LinkCert "$Le_LinkCert" - if [ -z "$Le_LinkCert" ]; then - _err "Sign error, can not find Le_LinkCert" - _err "$response" - _on_issue_err "$_post_hook" - return 1 - fi - break - elif _contains "$response" "\"processing\""; then - _info "Order status is processing, lets sleep and retry." - _retryafter=$(echo "$responseHeaders" | grep -i "^Retry-After *:" | cut -d : -f 2 | tr -d ' ' | tr -d '\r') - _debug "_retryafter" "$_retryafter" - if [ "$_retryafter" ]; then - _info "Retry after: $_retryafter" - _sleep $_retryafter - else - _sleep 2 - fi - else - _err "Sign error, wrong status" + _savedomainconf "Le_LinkOrder" "$Le_LinkOrder" + + _link_cert_retry=0 + _MAX_CERT_RETRY=30 + while [ "$_link_cert_retry" -lt "$_MAX_CERT_RETRY" ]; do + if _contains "$response" "\"status\":\"valid\""; then + _debug "Order status is valid." + Le_LinkCert="$(echo "$response" | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)" + _debug Le_LinkCert "$Le_LinkCert" + if [ -z "$Le_LinkCert" ]; then + _err "Sign error, can not find Le_LinkCert" _err "$response" _on_issue_err "$_post_hook" return 1 fi - #the order is processing, so we are going to poll order status - if [ -z "$Le_LinkOrder" ]; then - _err "Sign error, can not get order link location header" - _err "responseHeaders" "$responseHeaders" - _on_issue_err "$_post_hook" - return 1 - fi - _info "Polling order status: $Le_LinkOrder" - if ! _send_signed_request "$Le_LinkOrder"; then - _err "Sign failed, can not post to Le_LinkOrder cert:$Le_LinkOrder." - _err "$response" - _on_issue_err "$_post_hook" - return 1 + break + elif _contains "$response" "\"processing\""; then + _info "Order status is processing, lets sleep and retry." + _retryafter=$(echo "$responseHeaders" | grep -i "^Retry-After *:" | cut -d : -f 2 | tr -d ' ' | tr -d '\r') + _debug "_retryafter" "$_retryafter" + if [ "$_retryafter" ]; then + _info "Retry after: $_retryafter" + _sleep $_retryafter + else + _sleep 2 fi - _link_cert_retry="$(_math $_link_cert_retry + 1)" - done - - if [ -z "$Le_LinkCert" ]; then - _err "Sign failed, can not get Le_LinkCert, retry time limit." + else + _err "Sign error, wrong status" _err "$response" _on_issue_err "$_post_hook" return 1 fi - _info "Downloading cert." - _info "Le_LinkCert" "$Le_LinkCert" - if ! _send_signed_request "$Le_LinkCert"; then - _err "Sign failed, can not download cert:$Le_LinkCert." + #the order is processing, so we are going to poll order status + if [ -z "$Le_LinkOrder" ]; then + _err "Sign error, can not get order link location header" + _err "responseHeaders" "$responseHeaders" + _on_issue_err "$_post_hook" + return 1 + fi + _info "Polling order status: $Le_LinkOrder" + if ! _send_signed_request "$Le_LinkOrder"; then + _err "Sign failed, can not post to Le_LinkOrder cert:$Le_LinkOrder." _err "$response" _on_issue_err "$_post_hook" return 1 fi + _link_cert_retry="$(_math $_link_cert_retry + 1)" + done - echo "$response" >"$CERT_PATH" - _split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH" + if [ -z "$Le_LinkCert" ]; then + _err "Sign failed, can not get Le_LinkCert, retry time limit." + _err "$response" + _on_issue_err "$_post_hook" + return 1 + fi + _info "Downloading cert." + _info "Le_LinkCert" "$Le_LinkCert" + if ! _send_signed_request "$Le_LinkCert"; then + _err "Sign failed, can not download cert:$Le_LinkCert." + _err "$response" + _on_issue_err "$_post_hook" + return 1 + fi - if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then - if [ "$DEBUG" ]; then - _debug "default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")" - fi - if ! _match_issuer "$CERT_FULLCHAIN_PATH" "$_preferred_chain"; then - rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)" - _debug2 "rels" "$rels" - for rel in $rels; do - _info "Try rel: $rel" - if ! _send_signed_request "$rel"; then - _err "Sign failed, can not download cert:$rel" - _err "$response" - continue - fi - _relcert="$CERT_PATH.alt" - _relfullchain="$CERT_FULLCHAIN_PATH.alt" - _relca="$CA_CERT_PATH.alt" - echo "$response" >"$_relcert" - _split_cert_chain "$_relcert" "$_relfullchain" "$_relca" - if [ "$DEBUG" ]; then - _debug "rel chain issuers: " "$(_get_chain_issuers "$_relfullchain")" - fi - if _match_issuer "$_relfullchain" "$_preferred_chain"; then - _info "Matched issuer in: $rel" - cat $_relcert >"$CERT_PATH" - cat $_relfullchain >"$CERT_FULLCHAIN_PATH" - cat $_relca >"$CA_CERT_PATH" - rm -f "$_relcert" - rm -f "$_relfullchain" - rm -f "$_relca" - break - fi + echo "$response" >"$CERT_PATH" + _split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH" + + if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then + if [ "$DEBUG" ]; then + _debug "default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")" + fi + if ! _match_issuer "$CERT_FULLCHAIN_PATH" "$_preferred_chain"; then + rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)" + _debug2 "rels" "$rels" + for rel in $rels; do + _info "Try rel: $rel" + if ! _send_signed_request "$rel"; then + _err "Sign failed, can not download cert:$rel" + _err "$response" + continue + fi + _relcert="$CERT_PATH.alt" + _relfullchain="$CERT_FULLCHAIN_PATH.alt" + _relca="$CA_CERT_PATH.alt" + echo "$response" >"$_relcert" + _split_cert_chain "$_relcert" "$_relfullchain" "$_relca" + if [ "$DEBUG" ]; then + _debug "rel chain issuers: " "$(_get_chain_issuers "$_relfullchain")" + fi + if _match_issuer "$_relfullchain" "$_preferred_chain"; then + _info "Matched issuer in: $rel" + cat $_relcert >"$CERT_PATH" + cat $_relfullchain >"$CERT_FULLCHAIN_PATH" + cat $_relca >"$CA_CERT_PATH" rm -f "$_relcert" rm -f "$_relfullchain" rm -f "$_relca" - done - fi - fi - else - if ! _send_signed_request "${ACME_NEW_ORDER}" "{\"resource\": \"$ACME_NEW_ORDER_RES\", \"csr\": \"$der\"}" "needbase64"; then - _err "Sign failed. $response" - _on_issue_err "$_post_hook" - return 1 - fi - _rcert="$response" - Le_LinkCert="$(grep -i '^Location.*$' "$HTTP_HEADER" | _tail_n 1 | tr -d "\r\n" | cut -d " " -f 2)" - echo "$BEGIN_CERT" >"$CERT_PATH" - - #if ! _get "$Le_LinkCert" | _base64 "multiline" >> "$CERT_PATH" ; then - # _debug "Get cert failed. Let's try last response." - # printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >> "$CERT_PATH" - #fi - - if ! printf -- "%s" "$_rcert" | _dbase64 "multiline" | _base64 "multiline" >>"$CERT_PATH"; then - _debug "Try cert link." - _get "$Le_LinkCert" | _base64 "multiline" >>"$CERT_PATH" + break + fi + rm -f "$_relcert" + rm -f "$_relfullchain" + rm -f "$_relca" + done fi - - echo "$END_CERT" >>"$CERT_PATH" fi _debug "Le_LinkCert" "$Le_LinkCert" @@ -5005,53 +4908,6 @@ $_authorizations_map" fi fi - if [ "$ACME_VERSION" = "2" ]; then - _debug "v2 chain." - else - cp "$CERT_PATH" "$CERT_FULLCHAIN_PATH" - Le_LinkIssuer=$(grep -i '^Link' "$HTTP_HEADER" | _head_n 1 | cut -d " " -f 2 | cut -d ';' -f 1 | tr -d '<>') - - if [ "$Le_LinkIssuer" ]; then - if ! _contains "$Le_LinkIssuer" ":"; then - _info "$(__red "Relative issuer link found.")" - Le_LinkIssuer="$_ACME_SERVER_HOST$Le_LinkIssuer" - fi - _debug Le_LinkIssuer "$Le_LinkIssuer" - _savedomainconf "Le_LinkIssuer" "$Le_LinkIssuer" - - _link_issuer_retry=0 - _MAX_ISSUER_RETRY=5 - while [ "$_link_issuer_retry" -lt "$_MAX_ISSUER_RETRY" ]; do - _debug _link_issuer_retry "$_link_issuer_retry" - if [ "$ACME_VERSION" = "2" ]; then - if _send_signed_request "$Le_LinkIssuer"; then - echo "$response" >"$CA_CERT_PATH" - break - fi - else - if _get "$Le_LinkIssuer" >"$CA_CERT_PATH.der"; then - echo "$BEGIN_CERT" >"$CA_CERT_PATH" - _base64 "multiline" <"$CA_CERT_PATH.der" >>"$CA_CERT_PATH" - echo "$END_CERT" >>"$CA_CERT_PATH" - if ! _checkcert "$CA_CERT_PATH"; then - _err "Can not get the ca cert." - break - fi - cat "$CA_CERT_PATH" >>"$CERT_FULLCHAIN_PATH" - rm -f "$CA_CERT_PATH.der" - break - fi - fi - _link_issuer_retry=$(_math $_link_issuer_retry + 1) - _sleep "$_link_issuer_retry" - done - if [ "$_link_issuer_retry" = "$_MAX_ISSUER_RETRY" ]; then - _err "Max retry for issuer ca cert is reached." - fi - else - _debug "No Le_LinkIssuer header found." - fi - fi [ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in $(__green " $CA_CERT_PATH ")" [ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green " $CERT_FULLCHAIN_PATH ")" @@ -5165,15 +5021,6 @@ renew() { . "$DOMAIN_CONF" _debug Le_API "$Le_API" - if [ "$Le_API" = "$LETSENCRYPT_CA_V1" ]; then - _cleardomainconf Le_API - Le_API="$DEFAULT_CA" - fi - if [ "$Le_API" = "$LETSENCRYPT_STAGING_CA_V1" ]; then - _cleardomainconf Le_API - Le_API="$DEFAULT_STAGING_CA" - fi - if [ "$Le_API" ]; then export ACME_DIRECTORY="$Le_API" #reload ca configs @@ -5388,9 +5235,6 @@ signcsr() { return 1 fi - if [ -z "$ACME_VERSION" ] && _contains "$_csrsubj,$_csrdomainlist" "*."; then - export ACME_VERSION=2 - fi _initpath "$_csrsubj" "$_csrkeylength" mkdir -p "$DOMAIN_PATH" @@ -5851,11 +5695,8 @@ revoke() { _initAPI - if [ "$ACME_VERSION" = "2" ]; then - data="{\"certificate\": \"$cert\",\"reason\":$_reason}" - else - data="{\"resource\": \"revoke-cert\", \"certificate\": \"$cert\"}" - fi + data="{\"certificate\": \"$cert\",\"reason\":$_reason}" + uri="${ACME_REVOKE_CERT}" if [ -f "$CERT_KEY_PATH" ]; then @@ -5926,50 +5767,35 @@ _deactivate() { _d_type="$2" _initpath - if [ "$ACME_VERSION" = "2" ]; then - _identifiers="{\"type\":\"dns\",\"value\":\"$_d_domain\"}" - if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then - _err "Can not get domain new order." - return 1 - fi - _authorizations_seg="$(echo "$response" | _egrep_o '"authorizations" *: *\[[^\]*\]' | cut -d '[' -f 2 | tr -d ']' | tr -d '"')" - _debug2 _authorizations_seg "$_authorizations_seg" - if [ -z "$_authorizations_seg" ]; then - _err "_authorizations_seg not found." - _clearup - _on_issue_err "$_post_hook" - return 1 - fi - - authzUri="$_authorizations_seg" - _debug2 "authzUri" "$authzUri" - if ! _send_signed_request "$authzUri"; then - _err "get to authz error." - _err "_authorizations_seg" "$_authorizations_seg" - _err "authzUri" "$authzUri" - _clearup - _on_issue_err "$_post_hook" - return 1 - fi - - response="$(echo "$response" | _normalizeJson)" - _debug2 response "$response" - _URL_NAME="url" - else - if ! __get_domain_new_authz "$_d_domain"; then - _err "Can not get domain new authz token." - return 1 - fi + _identifiers="{\"type\":\"dns\",\"value\":\"$_d_domain\"}" + if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then + _err "Can not get domain new order." + return 1 + fi + _authorizations_seg="$(echo "$response" | _egrep_o '"authorizations" *: *\[[^\]*\]' | cut -d '[' -f 2 | tr -d ']' | tr -d '"')" + _debug2 _authorizations_seg "$_authorizations_seg" + if [ -z "$_authorizations_seg" ]; then + _err "_authorizations_seg not found." + _clearup + _on_issue_err "$_post_hook" + return 1 + fi - authzUri="$(echo "$responseHeaders" | grep "^Location:" | _head_n 1 | cut -d ':' -f 2- | tr -d "\r\n")" - _debug "authzUri" "$authzUri" - if [ "$code" ] && [ ! "$code" = '201' ]; then - _err "new-authz error: $response" - return 1 - fi - _URL_NAME="uri" + authzUri="$_authorizations_seg" + _debug2 "authzUri" "$authzUri" + if ! _send_signed_request "$authzUri"; then + _err "get to authz error." + _err "_authorizations_seg" "$_authorizations_seg" + _err "authzUri" "$authzUri" + _clearup + _on_issue_err "$_post_hook" + return 1 fi + response="$(echo "$response" | _normalizeJson)" + _debug2 response "$response" + _URL_NAME="url" + entries="$(echo "$response" | tr '][' '==' | _egrep_o "challenges\": *=[^=]*=" | tr '}{' '\n' | grep "\"status\": *\"valid\"")" if [ -z "$entries" ]; then _info "No valid entries found." @@ -6023,11 +5849,7 @@ _deactivate() { _info "Deactivate: $_vtype" - if [ "$ACME_VERSION" = "2" ]; then - _djson="{\"status\":\"deactivated\"}" - else - _djson="{\"resource\": \"authz\", \"status\":\"deactivated\"}" - fi + _djson="{\"status\":\"deactivated\"}" if _send_signed_request "$authzUri" "$_djson" && _contains "$response" '"deactivated"'; then _info "Deactivate: $_vtype success." @@ -7033,10 +6855,6 @@ _process() { return 1 fi - if _startswith "$_dvalue" "*."; then - _debug "Wildcard domain" - export ACME_VERSION=2 - fi if [ -z "$_domain" ]; then _domain="$_dvalue" else From 7710a33b6c04c467eb1bda07fe940abd4ecaedf2 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 22 May 2021 23:48:39 +0800 Subject: [PATCH 0377/1526] fix format --- acme.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/acme.sh b/acme.sh index 10eef019..02014657 100755 --- a/acme.sh +++ b/acme.sh @@ -4758,7 +4758,6 @@ $_authorizations_map" _info "Verify finished, start to sign." der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)" - _info "Lets finalize the order." _info "Le_OrderFinalize" "$Le_OrderFinalize" if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then From bf9b33acec1969e9c35e3ba7ae81fbd7e765186b Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 23 May 2021 23:12:46 +0800 Subject: [PATCH 0378/1526] use cloudflare tunnel to test --- .github/workflows/LetsEncrypt.yml | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index ba9a5317..715f9db1 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -109,11 +109,20 @@ jobs: TEST_LOCAL: 1 steps: - uses: actions/checkout@v2 + - uses: vmactions/cf-tunnel@v0.0.1 + id: tunnel + with: + protocol: http + port: 8080 + - name: Set envs + run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/freebsd-vm@v0.1.4 with: - envs: 'NGROK_TOKEN TEST_LOCAL' + envs: 'NGROK_TOKEN TEST_LOCAL TestingDomain' + nat: | + "8080": "80" prepare: pkg install -y socat curl usesh: true run: | @@ -127,13 +136,13 @@ jobs: TEST_LOCAL: 1 steps: - uses: actions/checkout@v2 - - uses: vmactions/ngrok-tunnel@v0.0.1 - id: ngrok + - uses: vmactions/cf-tunnel@v0.0.1 + id: tunnel with: protocol: http port: 8080 - name: Set envs - run: echo "TestingDomain=${{steps.ngrok.outputs.server}}" >> $GITHUB_ENV + run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/solaris-vm@v0.0.3 From 40e2ebed958771212bca807d53ff6588c8b9b207 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 23 May 2021 23:16:04 +0800 Subject: [PATCH 0379/1526] remove ngrok token --- .github/workflows/LetsEncrypt.yml | 33 ++----------------------------- 1 file changed, 2 insertions(+), 31 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 715f9db1..fd79125f 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -15,30 +15,9 @@ on: jobs: - CheckToken: - runs-on: ubuntu-latest - outputs: - hasToken: ${{ steps.step_one.outputs.hasToken }} - env: - NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} - steps: - - name: Set the value - id: step_one - run: | - if [ "$NGROK_TOKEN" ] ; then - echo "::set-output name=hasToken::true" - else - echo "::set-output name=hasToken::false" - fi - - name: Check the value - run: echo ${{ steps.step_one.outputs.hasToken }} - Ubuntu: runs-on: ubuntu-latest - needs: CheckToken - if: "contains(needs.CheckToken.outputs.hasToken, 'true')" env: - NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} TEST_LOCAL: 1 steps: - uses: actions/checkout@v2 @@ -51,9 +30,7 @@ jobs: MacOS: runs-on: macos-latest - needs: Ubuntu env: - NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} TEST_LOCAL: 1 steps: - uses: actions/checkout@v2 @@ -66,11 +43,9 @@ jobs: Windows: runs-on: windows-latest - needs: MacOS env: - NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} TEST_LOCAL: 1 - #The 80 port is used by Windows server, we have to use a custom port, ngrok will also use this port. + #The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port. Le_HTTPPort: 8888 steps: - name: Set git to use LF @@ -103,9 +78,7 @@ jobs: FreeBSD: runs-on: macos-latest - needs: Windows env: - NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} TEST_LOCAL: 1 steps: - uses: actions/checkout@v2 @@ -120,7 +93,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/freebsd-vm@v0.1.4 with: - envs: 'NGROK_TOKEN TEST_LOCAL TestingDomain' + envs: 'TEST_LOCAL TestingDomain' nat: | "8080": "80" prepare: pkg install -y socat curl @@ -130,9 +103,7 @@ jobs: Solaris: runs-on: macos-latest - needs: FreeBSD env: - NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} TEST_LOCAL: 1 steps: - uses: actions/checkout@v2 From 7909273a21434b507d3330a9c34a0687b6799bff Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 25 May 2021 21:57:15 +0800 Subject: [PATCH 0380/1526] add debug info --- dnsapi/dns_ionos.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index aaf8580f..c2c431bb 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -149,14 +149,15 @@ _ionos_rest() { response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")" else export _H2="Accept: */*" - + export _H3= response="$(_get "$IONOS_API$route")" fi if [ "$?" != "0" ]; then - _err "Error $route" + _err "Error $route: $response" return 1 fi + _debug2 "response" "$response" return 0 } From 74a4a788b142d9febe351da61a86636542aba2f9 Mon Sep 17 00:00:00 2001 From: Brian Hartvigsen Date: Wed, 26 May 2021 15:07:23 -0600 Subject: [PATCH 0381/1526] Make certificate descriptions sed safe This escapes special characters used in POSIX sed to prevent mismatches. e.g. `SYNO_Certficiate=*.example.com` would not match a description of "*.example.com" and would look to match any number of double quotes (the last character in the sed regex prior to certificate description), followed by any single character, followed by "example", followed by any character, followed by "com". After this change, it will properly match `*.example.com` and not `""zexamplefcom`. Additionally we now store the certificate description as base64 encoded to prevent issues with single quotes. Tested on DSM 7.0-41222 (VDSM) and DSM 6.2.4-25556 (DS1515+). --- deploy/synology_dsm.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index d7e8ace8..649a48da 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -66,6 +66,11 @@ synology_dsm_deploy() { _getdeployconf SYNO_Certificate _debug SYNO_Certificate "${SYNO_Certificate:-}" + if printf "%s" "$SYNO_Certificate" | grep '\\'; then + _err "Do not use a backslash (\) in your certificate description" + return 1 + fi + _base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port" _debug _base_url "$_base_url" @@ -110,7 +115,9 @@ synology_dsm_deploy() { _info "Getting certificates in Synology DSM" response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi") _debug3 response "$response" - id=$(echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\"id\":\"\([^\"]*\).*/\1/p") + escaped_certificate="$(printf "%s" "$SYNO_Certificate" | sed 's/\([].*^$[]\)/\\\1/g;s/"/\\\\"/g')" + _debug escaped_certificate "$escaped_certificate" + id=$(echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\"id\":\"\([^\"]*\).*/\1/p") _debug2 id "$id" if [ -z "$id" ] && [ -z "${SYNO_Create:-}" ]; then @@ -119,7 +126,7 @@ synology_dsm_deploy() { fi # we've verified this certificate description is a thing, so save it - _savedeployconf SYNO_Certificate "$SYNO_Certificate" + _savedeployconf SYNO_Certificate "$SYNO_Certificate" "base64" _info "Generate form POST request" nl="\0015\0012" @@ -129,7 +136,7 @@ synology_dsm_deploy() { content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\0012" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_Certificate}" - if echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then + if echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then _debug2 default "this is the default certificate" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}true" else From dcb51683c5204feda587c2944baaa50c8bf30632 Mon Sep 17 00:00:00 2001 From: Brian Hartvigsen Date: Wed, 26 May 2021 15:24:50 -0600 Subject: [PATCH 0382/1526] shellcheck cleanup shellcheck sees '\\' as trying to escape the trailing quote (see koalaman/shellcheck#1548 ). --- deploy/synology_dsm.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 649a48da..5a70c74e 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -66,6 +66,7 @@ synology_dsm_deploy() { _getdeployconf SYNO_Certificate _debug SYNO_Certificate "${SYNO_Certificate:-}" + # shellcheck disable=SC1003 # We are not trying to escape a single quote if printf "%s" "$SYNO_Certificate" | grep '\\'; then _err "Do not use a backslash (\) in your certificate description" return 1 From 7aa4b8247cf2aae0253977206b2d9a739f1bb4db Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 29 May 2021 15:17:11 +0800 Subject: [PATCH 0383/1526] upgrade cf-tunnel --- .github/workflows/LetsEncrypt.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index fd79125f..bdc9072e 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -82,7 +82,7 @@ jobs: TEST_LOCAL: 1 steps: - uses: actions/checkout@v2 - - uses: vmactions/cf-tunnel@v0.0.1 + - uses: vmactions/cf-tunnel@v0.0.2 id: tunnel with: protocol: http @@ -107,7 +107,7 @@ jobs: TEST_LOCAL: 1 steps: - uses: actions/checkout@v2 - - uses: vmactions/cf-tunnel@v0.0.1 + - uses: vmactions/cf-tunnel@v0.0.2 id: tunnel with: protocol: http From 1e5e3353f392f0bf9535d04fa55475a3aeb98bf7 Mon Sep 17 00:00:00 2001 From: Roman Zabaluev Date: Sun, 30 May 2021 18:17:39 +0300 Subject: [PATCH 0384/1526] Fix porkbun issues See gh-3450 --- dnsapi/dns_porkbun.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_porkbun.sh b/dnsapi/dns_porkbun.sh index 90caec4a..ad4455b6 100644 --- a/dnsapi/dns_porkbun.sh +++ b/dnsapi/dns_porkbun.sh @@ -110,8 +110,8 @@ _get_root() { if _porkbun_rest POST "dns/retrieve/$h"; then if _contains "$response" "\"status\":\"SUCCESS\""; then - _sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" _domain=$h + _sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" return 0 else _debug "Go to next level of $_domain" From 3891a52aeb28329dc5f8c8dd3f582489ed49609f Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Mon, 31 May 2021 15:12:11 -0400 Subject: [PATCH 0385/1526] change "$url" -> $url so the value of $url gets passed by reference, and the string "$url" does not erroneously get passed as a variable into _post() --- dnsapi/dns_1984hosting.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index d720c1c5..d7e558a1 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -145,7 +145,7 @@ _1984hosting_login() { password=$(printf '%s' "$One984HOSTING_Password" | _url_encode) url="https://management.1984hosting.com/accounts/checkuserauth/" - response="$(_post "username=$username&password=$password&otpkey=" "$url")" + response="$(_post "username=$username&password=$password&otpkey=" $url)" response="$(echo "$response" | _normalizeJson)" _debug2 response "$response" From 5f9daa66408c751e76ba2b66366e3dc3e2e49ac1 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 1 Jun 2021 21:23:00 +0800 Subject: [PATCH 0386/1526] check initAPI error --- acme.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 02014657..86ed4b43 100755 --- a/acme.sh +++ b/acme.sh @@ -4132,7 +4132,9 @@ issue() { _debug "Using ACME_DIRECTORY: $ACME_DIRECTORY" - _initAPI + if ! _initAPI; then + return 1 + fi if [ -f "$DOMAIN_CONF" ]; then Le_NextRenewTime=$(_readdomainconf Le_NextRenewTime) From f627a028869491be5f0f18704669b73121849a4b Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 1 Jun 2021 21:24:37 +0800 Subject: [PATCH 0387/1526] add error message --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 86ed4b43..47eb5a9a 100755 --- a/acme.sh +++ b/acme.sh @@ -2538,7 +2538,7 @@ _initAPI() { response=$(_get "$_api_server") if [ "$?" != "0" ]; then _debug2 "response" "$response" - _err "Can not init api." + _err "Can not init api for: $_api_server." return 1 fi response=$(echo "$response" | _json_decode) From c2273d2c8e274201a7ccc11fd5ee27a0750d60b9 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 1 Jun 2021 22:15:41 +0800 Subject: [PATCH 0388/1526] add debug info --- dnsapi/dns_1984hosting.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index d7e558a1..fee59127 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -194,7 +194,7 @@ _check_cookie() { # _domain=domain.com _get_root() { domain="$1" - i=2 + i=1 p=1 while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) @@ -220,6 +220,7 @@ _get_root() { _authget() { export _H1="Cookie: $One984HOSTING_COOKIE" _response=$(_get "$1") + _debug2 _response "$_response" } # truncate huge HTML response From d154118600bd1cf061a7afd233f2639bffbf4830 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 1 Jun 2021 22:21:17 +0800 Subject: [PATCH 0389/1526] fix bug --- dnsapi/dns_1984hosting.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index fee59127..f371f2c1 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -177,7 +177,6 @@ _check_cookie() { fi _authget "https://management.1984hosting.com/accounts/loginstatus/" - response="$(echo "$_response" | _normalizeJson)" if _contains "$response" '"ok": true'; then _debug "Cached cookie still valid" return 0 @@ -205,7 +204,7 @@ _get_root() { fi _authget "https://management.1984hosting.com/domains/soacheck/?zone=$h&nameserver=ns0.1984.is." - if _contains "$_response" "serial"; then + if _contains "$_response" "serial" && ! _contains "$_response" 'null}'; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain="$h" return 0 @@ -219,7 +218,7 @@ _get_root() { # add extra headers to request _authget() { export _H1="Cookie: $One984HOSTING_COOKIE" - _response=$(_get "$1") + _response=$(_get "$1" | _normalizeJson) _debug2 _response "$_response" } From e353f66eaaec0f34f3ff3e993c5fd8f353dab9ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Parunakian?= Date: Wed, 2 Jun 2021 16:06:08 +0200 Subject: [PATCH 0390/1526] Fix typo --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 47eb5a9a..01c889af 100755 --- a/acme.sh +++ b/acme.sh @@ -3056,7 +3056,7 @@ _checkConf() { _debug "Try include files" for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do _debug "check included $included" - if !_startswith "$included" "/" && _exists dirname; then + if ! _startswith "$included" "/" && _exists dirname; then _relpath="$(dirname "$_c_file")" _debug "_relpath" "$_relpath" included="$_relpath/included" From fd6a59202d13d11e49c48edeca11d22ad056f9a2 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 2 Jun 2021 23:06:12 +0800 Subject: [PATCH 0391/1526] start 3.0.0 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 47eb5a9a..c2bc7e23 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.9.0 +VER=3.0.0 PROJECT_NAME="acme.sh" From 6f88c81616f9d2ca81945564b51a3090d7b454b1 Mon Sep 17 00:00:00 2001 From: Avi Miller Date: Fri, 4 Jun 2021 19:20:23 +1000 Subject: [PATCH 0392/1526] Add DNS API plugin for Oracle Cloud Infrastructure DNS Service This plugin is has noticeably more required fields than most other plugins due to the requirement that all requests to the OCI REST API must be cryptographically signed by the client using the draft standard proposed in draft-cavage-http-signatures-08[1]. The OCI specific implementation details of the draft standard are documented in the Developer Guide[2]. NOTE: there is maximum allowed clock skew of five minutes between the client and the API endpoint. Requests will be denied if the skew is greater. This PR also includes a minor tweak to the Solaris job in the DNS workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1. Without these changes, the signature generation function does not work on Solaris. [1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08 [2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five Signed-off-by: Avi Miller --- .github/workflows/DNS.yml | 10 +- dnsapi/dns_oci.sh | 246 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 251 insertions(+), 5 deletions(-) create mode 100644 dnsapi/dns_oci.sh diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index f8e501ed..b00ef263 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -59,7 +59,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Set env file run: | - cd ../acmetest + cd ../acmetest if [ "${{ secrets.TokenName1}}" ] ; then echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> env.list fi @@ -75,7 +75,7 @@ jobs: if [ "${{ secrets.TokenName5}}" ] ; then echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> env.list fi - echo "TEST_DNS_NO_WILDCARD" >> env.list + echo "TEST_DNS_NO_WILDCARD" >> env.list echo "TEST_DNS_SLEEP" >> env.list - name: Run acmetest run: cd ../acmetest && ./rundocker.sh testall @@ -226,8 +226,10 @@ jobs: - uses: vmactions/solaris-vm@v0.0.3 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' - prepare: pkgutil -y -i socat curl + prepare: pkgutil -y -i socat run: | + pkg set-mediator -v -I default@1.1 openssl + export PATH=/usr/gnu/bin:$PATH if [ "${{ secrets.TokenName1}}" ] ; then export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} fi @@ -245,5 +247,3 @@ jobs: fi cd ../acmetest ./letest.sh - - diff --git a/dnsapi/dns_oci.sh b/dnsapi/dns_oci.sh new file mode 100644 index 00000000..2843a8ca --- /dev/null +++ b/dnsapi/dns_oci.sh @@ -0,0 +1,246 @@ +#!/usr/bin/env sh +# +# Acme.sh DNS API plugin for Oracle Cloud Infrastructure +# Copyright (c) 2021, Oracle and/or its affiliates +# +# Required environment variables: +# - OCI_TENANCY : OCID of tenancy that contains the target DNS zone +# - OCI_USER : OCID of user with permission to add/remove records from zones +# - OCI_FINGERPRINT: fingerprint of the public key for the user +# - OCI_PRIVATE_KEY: Path to private API signing key file in PEM format +# +# Optional environment variables: +# - OCI_KEY_PASSPHRASE: if the private key above s encrypted, the passphrase is required +# - OCI_REGION: Your home region will probably response the fastest +# + +dns_oci_add() { + _fqdn="$1" + _rdata="$2" + + if _oci_config; then + + if ! _get_zone "$_fqdn"; then + _err "Error: DNS Zone not found for $_fqdn." + return 1 + fi + + if [ "$_sub_domain" ] && [ "$_domain" ]; then + _add_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"ttl\": 30,\"operation\":\"ADD\"}]}" + response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_add_record_body") + if [ "$response" ]; then + _info "Success: added TXT record for ${_sub_domain}.${_domain}." + else + _err "Error: failed to add TXT record for ${_sub_domain}.${_domain}." + return 1 + fi + fi + + else + return 1 + fi + +} + +dns_oci_rm() { + _fqdn="$1" + _rdata="$2" + + if _oci_config; then + + if ! _get_zone "$_fqdn"; then + _err "Error: DNS Zone not found for $_fqdn." + return 1 + fi + + if [ "$_sub_domain" ] && [ "$_domain" ]; then + _remove_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"operation\":\"REMOVE\"}]}" + response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_remove_record_body") + if [ "$response" ]; then + _info "Success: removed TXT record for ${_sub_domain}.${_domain}." + else + _err "Error: failed to remove TXT record for ${_sub_domain}.${_domain}." + return 1 + fi + fi + + else + return 1 + fi + +} + +#################### Private functions below ################################## +_oci_config() { + + OCI_TENANCY="${OCI_TENANCY:-$(_readaccountconf_mutable OCI_TENANCY)}" + OCI_USER="${OCI_USER:-$(_readaccountconf_mutable OCI_USER)}" + OCI_FINGERPRINT="${OCI_FINGERPRINT:-$(_readaccountconf_mutable OCI_FINGERPRINT)}" + OCI_PRIVATE_KEY="${OCI_PRIVATE_KEY:-$(_readaccountconf_mutable OCI_PRIVATE_KEY)}" + OCI_KEY_PASSPHRASE="${OCI_KEY_PASSPHRASE:-$(_readaccountconf_mutable OCI_KEY_PASSPHRASE)}" + OCI_REGION="${OCI_REGION:-$(_readaccountconf_mutable OCI_REGION)}" + + _not_set="" + _ret=0 + + if [ -f "$OCI_PRIVATE_KEY" ]; then + OCI_PRIVATE_KEY="$(openssl enc -a -A <"$OCI_PRIVATE_KEY")" + fi + + if [ -z "$OCI_TENANCY" ]; then + _not_set="OCI_TENANCY " + fi + + if [ -z "$OCI_USER" ]; then + _not_set="${_not_set}OCI_USER " + fi + + if [ -z "$OCI_FINGERPRINT" ]; then + _not_set="${_not_set}OCI_FINGERPRINT " + fi + + if [ -z "$OCI_PRIVATE_KEY" ]; then + _not_set="${_not_set}OCI_PRIVATE_KEY" + fi + + if [ "$_not_set" ]; then + _err "Fatal: environment variable(s): ${_not_set} not set." + _ret=1 + else + _saveaccountconf_mutable OCI_TENANCY "$OCI_TENANCY" + _saveaccountconf_mutable OCI_USER "$OCI_USER" + _saveaccountconf_mutable OCI_FINGERPRINT "$OCI_FINGERPRINT" + _saveaccountconf_mutable OCI_PRIVATE_KEY "$OCI_PRIVATE_KEY" + fi + + if [ "$OCI_PRIVATE_KEY" ] && [ "$(printf "%s\n" "$OCI_PRIVATE_KEY" | wc -l)" -eq 1 ]; then + OCI_PRIVATE_KEY="$(echo "$OCI_PRIVATE_KEY" | openssl enc -d -a -A)" + _secure_debug3 OCI_PRIVATE_KEY "$OCI_PRIVATE_KEY" + fi + + if [ "$OCI_KEY_PASSPHRASE" ]; then + _saveaccountconf_mutable OCI_KEY_PASSPHRASE "$OCI_KEY_PASSPHRASE" + fi + + if [ "$OCI_REGION" ]; then + _saveaccountconf_mutable OCI_REGION "$OCI_REGION" + else + OCI_REGION="us-ashburn-1" + fi + + return $_ret + +} + +# _get_zone(): retrieves the Zone name and OCID +# +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_ociid=ocid1.dns-zone.oc1.. +_get_zone() { + domain=$1 + i=1 + p=1 + + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + # not valid + return 1 + fi + + _domain_id=$(_signed_request "GET" "/20180115/zones/$h" "" "id") + if [ "$_domain_id" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain=$h + + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + return 0 + fi + + p=$i + i=$(_math "$i" + 1) + done + return 1 + +} + +_signed_request() { + + _sig_method="$1" + _sig_target="$2" + _sig_body="$3" + _return_field="$4" + + _sig_host="dns.$OCI_REGION.oraclecloud.com" + _sig_keyId="$OCI_TENANCY/$OCI_USER/$OCI_FINGERPRINT" + _sig_alg="rsa-sha256" + _sig_version="1" + _sig_now="$(LC_ALL=C \date -u "+%a, %d %h %Y %H:%M:%S GMT")" + + if [ "$OCI_KEY_PASSPHRASE" ]; then + export OCI_KEY_PASSPHRASE="$OCI_KEY_PASSPHRASE" + _sig_passinArg="-passin env:OCI_KEY_PASSPHRASE" + fi + + _request_method=$(printf %s "$_sig_method" | _lower_case) + _curl_method=$(printf %s "$_sig_method" | _upper_case) + + _request_target="(request-target): $_request_method $_sig_target" + _date_header="date: $_sig_now" + _host_header="host: $_sig_host" + + _string_to_sign="$_request_target\n$_date_header\n$_host_header" + _sig_headers="(request-target) date host" + + if [ "$_sig_body" ]; then + _secure_debug3 _sig_body "$_sig_body" + _sig_body_sha256="x-content-sha256: $(printf %s "$_sig_body" | openssl dgst -binary -sha256 | openssl enc -e -base64)" + _sig_body_type="content-type: application/json" + _sig_body_length="content-length: ${#_sig_body}" + _string_to_sign="$_string_to_sign\n$_sig_body_sha256\n$_sig_body_type\n$_sig_body_length" + _sig_headers="$_sig_headers x-content-sha256 content-type content-length" + fi + + _tmp_file=$(_mktemp) + if [ -f "$_tmp_file" ]; then + printf '%s' "$OCI_PRIVATE_KEY" >"$_tmp_file" + # Double quoting the file and passphrase breaks openssl + # shellcheck disable=SC2086 + _signature=$(printf '%b' "$_string_to_sign" | openssl dgst -sha256 -sign $_tmp_file $_sig_passinArg | openssl enc -e -base64 | tr -d '\r\n') + rm -f "$_tmp_file" + fi + + _signed_header="Authorization: Signature version=\"$_sig_version\",keyId=\"$_sig_keyId\",algorithm=\"$_sig_alg\",headers=\"$_sig_headers\",signature=\"$_signature\"" + _secure_debug3 _signed_header "$_signed_header" + + if [ "$_curl_method" = "GET" ]; then + export _H1="$_date_header" + export _H2="$_signed_header" + _response="$(_get "https://${_sig_host}${_sig_target}")" + elif [ "$_curl_method" = "PATCH" ]; then + export _H1="$_date_header" + export _H2="$_sig_body_sha256" + export _H3="$_sig_body_type" + export _H4="$_sig_body_length" + export _H5="$_signed_header" + _response="$(_post "$_sig_body" "https://${_sig_host}${_sig_target}" "" "PATCH")" + else + _err "Unable to process method: $_curl_method." + fi + + _ret="$?" + if [ "$_return_field" ]; then + _response="$(echo "$_response" | sed 's/\\\"//g'))" + _return=$(echo "${_response}" | _egrep_o "\"$_return_field\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") + else + _return="$_response" + fi + + printf "%s" "$_return" + return $_ret + +} From b19008d1b8b2ce4c276869a50e0bd0da775b07f6 Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sat, 5 Jun 2021 22:38:45 -0400 Subject: [PATCH 0393/1526] fix dns_1984hosting_add() so checks for HTML responses are actually find HTML responses --- dnsapi/dns_1984hosting.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index f371f2c1..6708f890 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -59,7 +59,7 @@ dns_1984hosting_add() { if _contains "$response" '"haserrors": true'; then _err "1984Hosting failed to add TXT record for $_sub_domain bad RC from _post" return 1 - elif _contains "$response" ""; then + elif _contains "$response" "html>"; then _err "1984Hosting failed to add TXT record for $_sub_domain. Check $HTTP_HEADER file" return 1 elif _contains "$response" '"auth": false'; then From a55cf40b1b5b64ea7e1259d165ecdc2996e1fe58 Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sat, 5 Jun 2021 23:06:28 -0400 Subject: [PATCH 0394/1526] fix _get_root() so that it successfully gets the root domain --- dnsapi/dns_1984hosting.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index d720c1c5..9dc3cb98 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -205,7 +205,7 @@ _get_root() { fi _authget "https://management.1984hosting.com/domains/soacheck/?zone=$h&nameserver=ns0.1984.is." - if _contains "$_response" "serial"; then + if _contains "$_response" "serial" && ! _contains "$_response" "null"; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain="$h" return 0 From 19d7c2b336de7f617d157f0f323dae8b2f636590 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 6 Jun 2021 22:53:39 +0800 Subject: [PATCH 0395/1526] fix bug --- dnsapi/dns_vultr.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_vultr.sh b/dnsapi/dns_vultr.sh index c7b52e84..84857966 100644 --- a/dnsapi/dns_vultr.sh +++ b/dnsapi/dns_vultr.sh @@ -33,7 +33,7 @@ dns_vultr_add() { _debug 'Getting txt records' _vultr_rest GET "dns/records?domain=$_domain" - if printf "%s\n" "$response" | grep "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then + if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then _err 'Error' return 1 fi @@ -73,12 +73,12 @@ dns_vultr_rm() { _debug 'Getting txt records' _vultr_rest GET "dns/records?domain=$_domain" - if printf "%s\n" "$response" | grep "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then + if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then _err 'Error' return 1 fi - _record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)" + _record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep -- "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)" _debug _record_id "$_record_id" if [ "$_record_id" ]; then _info "Successfully retrieved the record id for ACME challenge." From c0285fbc15e729096b59833395e70c2708af9322 Mon Sep 17 00:00:00 2001 From: Marcus Grando Date: Thu, 10 Jun 2021 11:45:53 -0300 Subject: [PATCH 0396/1526] Added Azion DNS API --- dnsapi/dns_azion.sh | 258 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 258 insertions(+) create mode 100644 dnsapi/dns_azion.sh diff --git a/dnsapi/dns_azion.sh b/dnsapi/dns_azion.sh new file mode 100644 index 00000000..2c5e8fda --- /dev/null +++ b/dnsapi/dns_azion.sh @@ -0,0 +1,258 @@ +#!/usr/bin/env sh + +# +#AZION_Username="" +#AZION_Password="" +#AZION_Token="" +#AZION_ZoneID="" +# + +AZION_Api="https://api.azionapi.net" + +######## Public functions ######## + +# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +# Used to add txt record +dns_azion_add() { + fulldomain=$1 + txtvalue=$2 + + AZION_Username="${AZION_Username:-$(_readaccountconf_mutable AZION_Username)}" + AZION_Password="${AZION_Password:-$(_readaccountconf_mutable AZION_Password)}" + AZION_Token="${AZION_Token:-$(_readaccountconf_mutable AZION_Token)}" + AZION_ZoneID="${AZION_ZoneID:-$(_readaccountconf_mutable AZION_ZoneID)}" + + if ! _contains "$AZION_Username" "@"; then + _err "It seems that the AZION_Username is not a valid email address. Revalidate your environments." + return 1 + fi + + if [ -z "$AZION_Token" ]; then + if [ -z "$AZION_Username" ] || [ -z "$AZION_Password" ]; then + _err "You didn't specified a AZION_Username/AZION_Password to generate Azion token." + return 1 + fi + _get_token + AZION_Token="${AZION_Token:-$(_readaccountconf_mutable AZION_Token)}" + fi + + _saveaccountconf_mutable AZION_Username "$AZION_Username" + _saveaccountconf_mutable AZION_Password "$AZION_Password" + _saveaccountconf_mutable AZION_Token "$AZION_Token" + _saveaccountconf_mutable AZION_ZoneID "$AZION_ZoneID" + + _debug "Detect the root zone" + if ! _get_root "$fulldomain"; then + _err "Domain not found" + return 1 + fi + + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + _debug _domain_id "$_domain_id" + + _info "Add or update record" + _get_record "$_sub_domain" + if [ "$record_id" ]; then + _payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [$answers_list, \"$txtvalue\"], \"ttl\": 20}" + if _azion_rest PUT "intelligent_dns/$_domain_id/records/$record_id" "$_payload"; then + if _contains "$response" "$txtvalue"; then + _info "Record updated." + return 0 + fi + fi + else + _payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [\"$txtvalue\"], \"ttl\": 20}" + if _azion_rest POST "intelligent_dns/$_domain_id/records" "$_payload"; then + if _contains "$response" "$txtvalue"; then + _info "Record added." + return 0 + fi + fi + fi + _err "Failed to add or update record." + return 1 +} + +# Usage: fulldomain txtvalue +# Used to remove the txt record after validation +dns_azion_rm() { + fulldomain=$1 + txtvalue=$2 + + AZION_Username="${AZION_Username:-$(_readaccountconf_mutable AZION_Username)}" + AZION_Password="${AZION_Password:-$(_readaccountconf_mutable AZION_Password)}" + AZION_Token="${AZION_Token:-$(_readaccountconf_mutable AZION_Token)}" + AZION_ZoneID="${AZION_ZoneID:-$(_readaccountconf_mutable AZION_ZoneID)}" + + if ! _contains "$AZION_Username" "@"; then + _err "It seems that the AZION_Username is not a valid email address. Revalidate your environments." + return 1 + fi + + if [ -z "$AZION_Token" ]; then + if [ -z "$AZION_Username" ] || [ -z "$AZION_Password" ]; then + _err "You didn't specified a AZION_Username/AZION_Password to generate Azion token." + return 1 + fi + _get_token + AZION_Token="${AZION_Token:-$(_readaccountconf_mutable AZION_Token)}" + fi + + _debug "Detect the root zone" + if ! _get_root "$fulldomain"; then + _err "Domain not found" + return 1 + fi + + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + _debug _domain_id "$_domain_id" + + _info "Removing record" + _get_record "$_sub_domain" + if [ "$record_id" ]; then + if _azion_rest DELETE "intelligent_dns/$_domain_id/records/$record_id"; then + _info "Record removed." + return 0 + else + _err "Failed to remove record." + return 1 + fi + else + _info "Record not found or already removed." + return 0 + fi +} + +#################### Private functions below ################################## +# Usage: _acme-challenge.www.domain.com +# returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=1 + p=1 + + # Use Zone ID directly if provided + if [ "$AZION_ZoneID" ]; then + if ! _azion_rest GET "intelligent_dns/$AZION_ZoneID"; then + return 1 + else + if _contains "$response" "\"domain\":\"" >/dev/null; then + _domain=$(echo "$response" | _egrep_o "\"domain\":\"[^\"]*\"" | cut -d : -f 2 | _head_n 1 | tr -d \") + if [ "$_domain" ]; then + _cutlength=$((${#domain} - ${#_domain} - 1)) + _sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cutlength") + _domain_id=$AZION_ZoneID + return 0 + else + return 1 + fi + else + return 1 + fi + fi + fi + + if ! _azion_rest GET "intelligent_dns"; then + return 1 + fi + + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + # not valid + return 1 + fi + + if _contains "$response" "\"domain\":\"$h\""; then + _domain_id=$(echo "$response" | tr '{' "\n" | grep "\"domain\":\"$h\"" | _egrep_o "\"id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \") + _debug _domain_id "$_domain_id" + if [ "$_domain_id" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain=$h + _saveaccountconf_mutable AZION_ZoneID "$_domain_id" + return 0 + fi + return 1 + fi + p=$i + i=$(_math "$i" + 1) + done + return 1 +} + +_get_record() { + _record=$1 + + AZION_ZoneID="${AZION_ZoneID:-$(_readaccountconf_mutable AZION_ZoneID)}" + + if ! _azion_rest GET "intelligent_dns/$AZION_ZoneID/records"; then + return 1 + fi + + if _contains "$response" "\"entry\":\"$_record\""; then + _json_record=$(echo "$response" | tr '{}' "\n" | grep "\"entry\":\"$_record\"") + if [ "$_json_record" ]; then + record_id=$(echo "$_json_record" | _egrep_o "\"record_id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \") + answers_list=$(echo "$_json_record" | _egrep_o "\"answers_list\":\[.*\]" | _head_n 1 | cut -d : -f 2 | tr -d \[\]) + return 0 + fi + return 1 + fi + return 1 +} + +_get_token() { + AZION_Username="${AZION_Username:-$(_readaccountconf_mutable AZION_Username)}" + AZION_Password="${AZION_Password:-$(_readaccountconf_mutable AZION_Password)}" + + _basic_auth=$(printf "%s:%s" "$AZION_Username" "$AZION_Password" | _base64) + _debug _basic_auth "$_basic_auth" + + export _H1="Accept: application/json; version=3" + export _H2="Content-Type: application/json" + export _H3="Authorization: Basic $_basic_auth" + + response="$(_post "" "$AZION_Api/tokens" "" "POST")" + _debug2 response "$response" + if _contains "$response" "\"token\":\"" >/dev/null; then + _azion_token=$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") + _debug _azion_token "$_azion_token" + _saveaccountconf_mutable AZION_Token "$_azion_token" + else + _err "Failed to generate Azion token" + return 1 + fi +} + +_azion_rest() { + _method=$1 + _uri="$2" + _data="$3" + + AZION_Token="${AZION_Token:-$(_readaccountconf_mutable AZION_Token)}" + + export _H1="Accept: application/json; version=3" + export _H2="Content-Type: application/json" + export _H3="Authorization: token $AZION_Token" + + if [ "$_method" != "GET" ]; then + _debug _data "$_data" + response="$(_post "$_data" "$AZION_Api/$_uri" "" "$_method")" + else + response="$(_get "$AZION_Api/$_uri")" + fi + + _debug2 response "$response" + + if [ "$?" != "0" ]; then + _err "error $_method $_uri $_data" + return 1 + fi + return 0 +} From d0b514890a28d13e83bb06efcfb14651e83360c5 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 13 Jun 2021 14:29:26 +0800 Subject: [PATCH 0397/1526] change default ca to zerossl --- acme.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index bc9510d6..0b2eb9e6 100755 --- a/acme.sh +++ b/acme.sh @@ -29,7 +29,7 @@ CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory" CA_ZEROSSL="https://acme.zerossl.com/v2/DV90" _ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email" -DEFAULT_CA=$CA_LETSENCRYPT_V2 +DEFAULT_CA=$CA_ZEROSSL DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST CA_NAMES=" @@ -3526,8 +3526,10 @@ _regAccount() { if [ -z "$_eab_id" ] || [ -z "$_eab_hmac_key" ]; then _info "No EAB credentials found for ZeroSSL, let's get one" if [ -z "$_email" ]; then - _err "Please provide a email address for ZeroSSL account." - _err "See ZeroSSL usage: $_ZEROSSL_WIKI" + _info "$(__green "$PROJECT_NAME is using ZeroSSL as default CA now.")" + _info "$(__green "Please update your account with an email address first.")" + _info "$(__green "$PROJECT_ENTRY --register-account -m my@example.com")" + _info "See: $(__green "$_ZEROSSL_WIKI")" return 1 fi _eabresp=$(_post "email=$_email" $_ZERO_EAB_ENDPOINT) @@ -3538,11 +3540,13 @@ _regAccount() { fi _debug2 "$_eabresp" _eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')" + _secure_debug2 _eab_id "$_eab_id" if [ -z "$_eab_id" ]; then _err "Can not resolve _eab_id" return 1 fi _eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')" + _secure_debug2 _eab_hmac_key "$_eab_hmac_key" if [ -z "$_eab_hmac_key" ]; then _err "Can not resolve _eab_hmac_key" return 1 @@ -3564,7 +3568,7 @@ _regAccount() { eab_sign_t="$eab_protected64.$eab_payload64" _debug3 eab_sign_t "$eab_sign_t" - key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 | _hex_dump | tr -d ' ')" + key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 multi | _hex_dump | tr -d ' ')" _debug3 key_hex "$key_hex" eab_signature=$(printf "%s" "$eab_sign_t" | _hmac sha256 $key_hex | _base64 | _url_replace) From 67c42c59116706572f720516117349a978f97940 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 13 Jun 2021 15:00:30 +0800 Subject: [PATCH 0398/1526] add zerossl --- .github/workflows/LetsEncrypt.yml | 48 ++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 7 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index bdc9072e..11137388 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -16,6 +16,9 @@ on: jobs: Ubuntu: + strategy: + matrix: + TEST_ACME_Server: ["", "https://acme.zerossl.com/v2/DV90"] runs-on: ubuntu-latest env: TEST_LOCAL: 1 @@ -24,11 +27,20 @@ jobs: - name: Install tools run: sudo apt-get install -y socat - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + run: | + cd .. \ + && git clone https://github.com/acmesh-official/acmetest.git \ + && cp -r acme.sh acmetest/ - name: Run acmetest - run: cd ../acmetest && sudo --preserve-env ./letest.sh + run: | + cd ../acmetest \ + && export ACME_DIRECTORY=${{ matrix.TEST_ACME_Server }} \ + && sudo --preserve-env ./letest.sh MacOS: + strategy: + matrix: + TEST_ACME_Server: ["", "https://acme.zerossl.com/v2/DV90"] runs-on: macos-latest env: TEST_LOCAL: 1 @@ -37,11 +49,20 @@ jobs: - name: Install tools run: brew install socat - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + run: | + cd .. \ + && git clone https://github.com/acmesh-official/acmetest.git \ + && cp -r acme.sh acmetest/ - name: Run acmetest - run: cd ../acmetest && sudo --preserve-env ./letest.sh + run: | + cd ../acmetest \ + && export ACME_DIRECTORY=${{ matrix.TEST_ACME_Server }} \ + && sudo --preserve-env ./letest.sh Windows: + strategy: + matrix: + TEST_ACME_Server: ["", "https://acme.zerossl.com/v2/DV90"] runs-on: windows-latest env: TEST_LOCAL: 1 @@ -74,9 +95,15 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest shell: cmd - run: cd ../acmetest && bash.exe -c ./letest.sh + run: | + cd ../acmetest \ + set ACME_DIRECTORY=${{ matrix.TEST_ACME_Server }} \ + && bash.exe -c ./letest.sh FreeBSD: + strategy: + matrix: + TEST_ACME_Server: ["", "https://acme.zerossl.com/v2/DV90"] runs-on: macos-latest env: TEST_LOCAL: 1 @@ -99,9 +126,14 @@ jobs: prepare: pkg install -y socat curl usesh: true run: | - cd ../acmetest && ./letest.sh + cd ../acmetest \ + && export ACME_DIRECTORY=${{ matrix.TEST_ACME_Server }} \ + && ./letest.sh Solaris: + strategy: + matrix: + TEST_ACME_Server: ["", "https://acme.zerossl.com/v2/DV90"] runs-on: macos-latest env: TEST_LOCAL: 1 @@ -123,5 +155,7 @@ jobs: "8080": "80" prepare: pkgutil -y -i socat curl run: | - cd ../acmetest && ./letest.sh + cd ../acmetest \ + && export ACME_DIRECTORY=${{ matrix.TEST_ACME_Server }} \ + && ./letest.sh From 1ff5d71e12ba999f8c2305fc2ec764c2abe73ee7 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 13 Jun 2021 15:30:51 +0800 Subject: [PATCH 0399/1526] fix windows --- .github/workflows/LetsEncrypt.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 11137388..e7c5e2d1 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -97,7 +97,7 @@ jobs: shell: cmd run: | cd ../acmetest \ - set ACME_DIRECTORY=${{ matrix.TEST_ACME_Server }} \ + && set ACME_DIRECTORY=${{ matrix.TEST_ACME_Server }} \ && bash.exe -c ./letest.sh FreeBSD: From 56246592c7d5143fbefa58669a826f4a6230de14 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 13 Jun 2021 15:45:33 +0800 Subject: [PATCH 0400/1526] set ca names in the env --- .github/workflows/LetsEncrypt.yml | 58 +++++++++++++++++++++++-------- 1 file changed, 43 insertions(+), 15 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index e7c5e2d1..b95334d7 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -18,10 +18,17 @@ jobs: Ubuntu: strategy: matrix: - TEST_ACME_Server: ["", "https://acme.zerossl.com/v2/DV90"] + include: + - TEST_ACME_Server: "" + CA_ECDSA: "" + CA: "" + - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + CA: "ZeroSSL RSA Domain Secure Site CA" runs-on: ubuntu-latest env: TEST_LOCAL: 1 + ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} steps: - uses: actions/checkout@v2 - name: Install tools @@ -34,16 +41,22 @@ jobs: - name: Run acmetest run: | cd ../acmetest \ - && export ACME_DIRECTORY=${{ matrix.TEST_ACME_Server }} \ && sudo --preserve-env ./letest.sh MacOS: strategy: matrix: - TEST_ACME_Server: ["", "https://acme.zerossl.com/v2/DV90"] + include: + - TEST_ACME_Server: "" + CA_ECDSA: "" + CA: "" + - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + CA: "ZeroSSL RSA Domain Secure Site CA" runs-on: macos-latest env: TEST_LOCAL: 1 + ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} steps: - uses: actions/checkout@v2 - name: Install tools @@ -56,15 +69,21 @@ jobs: - name: Run acmetest run: | cd ../acmetest \ - && export ACME_DIRECTORY=${{ matrix.TEST_ACME_Server }} \ && sudo --preserve-env ./letest.sh Windows: strategy: matrix: - TEST_ACME_Server: ["", "https://acme.zerossl.com/v2/DV90"] + include: + - TEST_ACME_Server: "" + CA_ECDSA: "" + CA: "" + - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + CA: "ZeroSSL RSA Domain Secure Site CA" runs-on: windows-latest env: + ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} TEST_LOCAL: 1 #The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port. Le_HTTPPort: 8888 @@ -95,18 +114,22 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest shell: cmd - run: | - cd ../acmetest \ - && set ACME_DIRECTORY=${{ matrix.TEST_ACME_Server }} \ - && bash.exe -c ./letest.sh + run: cd ../acmetest && bash.exe -c ./letest.sh FreeBSD: strategy: matrix: - TEST_ACME_Server: ["", "https://acme.zerossl.com/v2/DV90"] + include: + - TEST_ACME_Server: "" + CA_ECDSA: "" + CA: "" + - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + CA: "ZeroSSL RSA Domain Secure Site CA" runs-on: macos-latest env: TEST_LOCAL: 1 + ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} steps: - uses: actions/checkout@v2 - uses: vmactions/cf-tunnel@v0.0.2 @@ -120,23 +143,29 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/freebsd-vm@v0.1.4 with: - envs: 'TEST_LOCAL TestingDomain' + envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA' nat: | "8080": "80" prepare: pkg install -y socat curl usesh: true run: | cd ../acmetest \ - && export ACME_DIRECTORY=${{ matrix.TEST_ACME_Server }} \ && ./letest.sh Solaris: strategy: matrix: - TEST_ACME_Server: ["", "https://acme.zerossl.com/v2/DV90"] + include: + - TEST_ACME_Server: "" + CA_ECDSA: "" + CA: "" + - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + CA: "ZeroSSL RSA Domain Secure Site CA" runs-on: macos-latest env: TEST_LOCAL: 1 + ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} steps: - uses: actions/checkout@v2 - uses: vmactions/cf-tunnel@v0.0.2 @@ -150,12 +179,11 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/solaris-vm@v0.0.3 with: - envs: 'TEST_LOCAL TestingDomain' + envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA' nat: | "8080": "80" prepare: pkgutil -y -i socat curl run: | cd ../acmetest \ - && export ACME_DIRECTORY=${{ matrix.TEST_ACME_Server }} \ && ./letest.sh From 54f2640ef252b4c1d84d535540cc9d7ac3728775 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 13 Jun 2021 15:52:38 +0800 Subject: [PATCH 0401/1526] fix env --- .github/workflows/LetsEncrypt.yml | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index b95334d7..84fe61ad 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -22,13 +22,18 @@ jobs: - TEST_ACME_Server: "" CA_ECDSA: "" CA: "" + CA_EMAIL: "" - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" + CA_EMAIL: "githubtest@acme.sh" runs-on: ubuntu-latest env: TEST_LOCAL: 1 ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} steps: - uses: actions/checkout@v2 - name: Install tools @@ -50,13 +55,18 @@ jobs: - TEST_ACME_Server: "" CA_ECDSA: "" CA: "" + CA_EMAIL: "" - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" + CA_EMAIL: "githubtest@acme.sh" runs-on: macos-latest env: TEST_LOCAL: 1 ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} steps: - uses: actions/checkout@v2 - name: Install tools @@ -78,12 +88,17 @@ jobs: - TEST_ACME_Server: "" CA_ECDSA: "" CA: "" + CA_EMAIL: "" - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" + CA_EMAIL: "githubtest@acme.sh" runs-on: windows-latest env: ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} TEST_LOCAL: 1 #The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port. Le_HTTPPort: 8888 @@ -123,13 +138,18 @@ jobs: - TEST_ACME_Server: "" CA_ECDSA: "" CA: "" + CA_EMAIL: "" - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" + CA_EMAIL: "githubtest@acme.sh" runs-on: macos-latest env: TEST_LOCAL: 1 ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} steps: - uses: actions/checkout@v2 - uses: vmactions/cf-tunnel@v0.0.2 @@ -143,7 +163,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/freebsd-vm@v0.1.4 with: - envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA' + envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL' nat: | "8080": "80" prepare: pkg install -y socat curl @@ -159,13 +179,18 @@ jobs: - TEST_ACME_Server: "" CA_ECDSA: "" CA: "" + CA_EMAIL: "" - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" + CA_EMAIL: "githubtest@acme.sh" runs-on: macos-latest env: TEST_LOCAL: 1 ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} steps: - uses: actions/checkout@v2 - uses: vmactions/cf-tunnel@v0.0.2 @@ -179,7 +204,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/solaris-vm@v0.0.3 with: - envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA' + envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL' nat: | "8080": "80" prepare: pkgutil -y -i socat curl From 8ae08b29e4ea296c2bb10e214dccdd0bc5be66a4 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 13 Jun 2021 21:37:26 +0800 Subject: [PATCH 0402/1526] fix for solaris --- README.md | 4 ++-- acme.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index edd6442f..4b705751 100644 --- a/README.md +++ b/README.md @@ -85,8 +85,8 @@ https://github.com/acmesh-official/acmetest # Supported CA -- Letsencrypt.org CA(default) -- [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA) +- [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)(default) +- Letsencrypt.org CA - [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA) - [Pebble strict Mode](https://github.com/letsencrypt/pebble) - Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA diff --git a/acme.sh b/acme.sh index 0b2eb9e6..08de9ce7 100755 --- a/acme.sh +++ b/acme.sh @@ -3538,14 +3538,14 @@ _regAccount() { _err "Can not get EAB credentials from ZeroSSL." return 1 fi - _debug2 "$_eabresp" + _secure_debug2 _eabresp "$_eabresp" _eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')" _secure_debug2 _eab_id "$_eab_id" if [ -z "$_eab_id" ]; then _err "Can not resolve _eab_id" return 1 fi - _eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')" + _eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')" _secure_debug2 _eab_hmac_key "$_eab_hmac_key" if [ -z "$_eab_hmac_key" ]; then _err "Can not resolve _eab_hmac_key" From cc9ec806b28915f82cf9532901639604265b5531 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 14 Jun 2021 11:50:19 +0800 Subject: [PATCH 0403/1526] add all Linux --- .github/workflows/Linux.yml | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/Linux.yml diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml new file mode 100644 index 00000000..9ebc4779 --- /dev/null +++ b/.github/workflows/Linux.yml @@ -0,0 +1,38 @@ +name: Linux +on: + push: + branches: + - '*' + paths: + - '**.sh' + - '**.yml' + pull_request: + branches: + - dev + paths: + - '**.sh' + - '**.yml' + + +jobs: + Linux: + strategy: + matrix: + os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3-amd64", "clearlinux:latest"] + runs-on: ubuntu-latest + env: + TEST_LOCAL: 1 + steps: + - uses: actions/checkout@v2 + - name: Clone acmetest + run: | + cd .. \ + && git clone https://github.com/acmesh-official/acmetest.git \ + && cp -r acme.sh acmetest/ + - name: Run acmetest + run: | + cd ../acmetest \ + && ./rundocker.sh testplat {{ matrix.os }} + + + From da754e9a71c98bb17a2a0339c9bbee171f0cfd4a Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 14 Jun 2021 11:52:45 +0800 Subject: [PATCH 0404/1526] fix --- .github/workflows/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index 9ebc4779..f5f74351 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -32,7 +32,7 @@ jobs: - name: Run acmetest run: | cd ../acmetest \ - && ./rundocker.sh testplat {{ matrix.os }} + && ./rundocker.sh testplat ${{ matrix.os }} From 3d7375be8b1aee9593ba16ccb47b55753f996b9d Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 14 Jun 2021 12:00:42 +0800 Subject: [PATCH 0405/1526] update status --- README.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 4b705751..07dc5d59 100644 --- a/README.md +++ b/README.md @@ -62,24 +62,24 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|FreeBSD |4|[![Solaris](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Solaris |5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)| Ubuntu -|6|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|pfsense -|7|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|OpenBSD -|8|[![](https://acmesh-official.github.io/acmetest/status/debian-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)| Debian -|9|[![](https://acmesh-official.github.io/acmetest/status/centos-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|CentOS -|10|[![](https://acmesh-official.github.io/acmetest/status/opensuse-leap-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|openSUSE -|11|[![](https://acmesh-official.github.io/acmetest/status/alpine-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Alpine Linux (with curl) -|12|[![](https://acmesh-official.github.io/acmetest/status/archlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Archlinux -|13|[![](https://acmesh-official.github.io/acmetest/status/fedora-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|fedora -|14|[![](https://acmesh-official.github.io/acmetest/status/kalilinux-kali.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Kali Linux -|15|[![](https://acmesh-official.github.io/acmetest/status/oraclelinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Oracle Linux +|6|NA|pfsense +|7|NA|OpenBSD +|8|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian +|9|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS +|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE +|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl) +|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux +|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora +|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux +|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux |16|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) |17|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 -|18|[![](https://acmesh-official.github.io/acmetest/status/mageia.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Mageia +|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia |19|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) -|20|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Gentoo Linux -|21|[![](https://acmesh-official.github.io/acmetest/status/clearlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|ClearLinux +|20|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux +|21|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux -For all build statuses, check our [weekly build project](https://github.com/acmesh-official/acmetest): +Check our [testing project](https://github.com/acmesh-official/acmetest): https://github.com/acmesh-official/acmetest From 6621ef6a0be7c267d992733d1238d08a7ef02e67 Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Sat, 5 Oct 2019 21:28:25 +0800 Subject: [PATCH 0406/1526] Remove invalid "Contribute" link in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 07dc5d59..c1c3a3c4 100644 --- a/README.md +++ b/README.md @@ -469,7 +469,7 @@ TODO: ### Code Contributors -This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)]. +This project exists thanks to all the people who contribute. ### Financial Contributors From 447bf77dfe99d12999ec6c75495088e1a75e769b Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Sat, 5 Oct 2019 20:49:51 +0800 Subject: [PATCH 0407/1526] Simplify apk command in Dockerfile With apk `--no-cache` parameter, there is no need to run `apk update` and manually clean up the cache, apk will update automatically without leaving local cache files to be cleaned up. --- Dockerfile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4618efaf..4d8f219f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,6 @@ FROM alpine:3.12 -RUN apk update -f \ - && apk --no-cache add -f \ +RUN apk --no-cache add -f \ openssl \ openssh-client \ coreutils \ @@ -12,8 +11,7 @@ RUN apk update -f \ tzdata \ oath-toolkit-oathtool \ tar \ - libidn \ - && rm -rf /var/cache/apk/* + libidn ENV LE_CONFIG_HOME /acme.sh From 6f732a9957bbc41c3be6a37e9778b18c78f09816 Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Sat, 5 Oct 2019 20:51:51 +0800 Subject: [PATCH 0408/1526] Use `COPY` instead of `ADD` in Dockerfile for folder Ref: https://docs.docker.com/develop/develop-images/#add-or-copy --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4d8f219f..c42f4f39 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,7 @@ ARG AUTO_UPGRADE=1 ENV AUTO_UPGRADE $AUTO_UPGRADE #Install -ADD ./ /install_acme.sh/ +COPY ./ /install_acme.sh/ RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) && rm -rf /install_acme.sh/ From 017a10189c9a8d38c95b8d2631a1facf181a6549 Mon Sep 17 00:00:00 2001 From: Avi Miller Date: Fri, 18 Jun 2021 10:16:32 +1000 Subject: [PATCH 0409/1526] fix: switch to using functions instead of calling OpenSSL directly Also reduced the number of environment variables which simplifies the documentation and requirements. The variable names now match those used by the OCI CLI. Signed-off-by: Avi Miller --- dnsapi/dns_oci.sh | 120 ++++++++++++++++++++++------------------------ 1 file changed, 58 insertions(+), 62 deletions(-) diff --git a/dnsapi/dns_oci.sh b/dnsapi/dns_oci.sh index 2843a8ca..1c75b99f 100644 --- a/dnsapi/dns_oci.sh +++ b/dnsapi/dns_oci.sh @@ -3,15 +3,16 @@ # Acme.sh DNS API plugin for Oracle Cloud Infrastructure # Copyright (c) 2021, Oracle and/or its affiliates # -# Required environment variables: -# - OCI_TENANCY : OCID of tenancy that contains the target DNS zone -# - OCI_USER : OCID of user with permission to add/remove records from zones -# - OCI_FINGERPRINT: fingerprint of the public key for the user -# - OCI_PRIVATE_KEY: Path to private API signing key file in PEM format +# Required OCI CLI environment variables: +# - OCI_CLI_TENANCY : OCID of tenancy that contains the target DNS zone +# - OCI_CLI_USER : OCID of user with permission to add/remove records from zones +# - OCI_CLI_REGION : Should point to the tenancy home region # -# Optional environment variables: -# - OCI_KEY_PASSPHRASE: if the private key above s encrypted, the passphrase is required -# - OCI_REGION: Your home region will probably response the fastest +# One of the following two variables is required: +# - OCI_CLI_KEY_FILE: Path to private API signing key file in PEM format; or +# - OCI_CLI_KEY : The private API signing key in PEM format +# +# NOTE: using an encrypted private key that needs a passphrase is not supported. # dns_oci_add() { @@ -20,11 +21,6 @@ dns_oci_add() { if _oci_config; then - if ! _get_zone "$_fqdn"; then - _err "Error: DNS Zone not found for $_fqdn." - return 1 - fi - if [ "$_sub_domain" ] && [ "$_domain" ]; then _add_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"ttl\": 30,\"operation\":\"ADD\"}]}" response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_add_record_body") @@ -48,11 +44,6 @@ dns_oci_rm() { if _oci_config; then - if ! _get_zone "$_fqdn"; then - _err "Error: DNS Zone not found for $_fqdn." - return 1 - fi - if [ "$_sub_domain" ] && [ "$_domain" ]; then _remove_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"operation\":\"REMOVE\"}]}" response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_remove_record_body") @@ -73,59 +64,57 @@ dns_oci_rm() { #################### Private functions below ################################## _oci_config() { - OCI_TENANCY="${OCI_TENANCY:-$(_readaccountconf_mutable OCI_TENANCY)}" - OCI_USER="${OCI_USER:-$(_readaccountconf_mutable OCI_USER)}" - OCI_FINGERPRINT="${OCI_FINGERPRINT:-$(_readaccountconf_mutable OCI_FINGERPRINT)}" - OCI_PRIVATE_KEY="${OCI_PRIVATE_KEY:-$(_readaccountconf_mutable OCI_PRIVATE_KEY)}" - OCI_KEY_PASSPHRASE="${OCI_KEY_PASSPHRASE:-$(_readaccountconf_mutable OCI_KEY_PASSPHRASE)}" - OCI_REGION="${OCI_REGION:-$(_readaccountconf_mutable OCI_REGION)}" + OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}" + OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}" + OCI_CLI_KEY="${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}" + OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}" _not_set="" _ret=0 - if [ -f "$OCI_PRIVATE_KEY" ]; then - OCI_PRIVATE_KEY="$(openssl enc -a -A <"$OCI_PRIVATE_KEY")" + if [ -z "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then + _err "Fatal: you must provide a value for either OCI_CLI_KEY_FILE or OCI_CLI_KEY." + return 1 fi - if [ -z "$OCI_TENANCY" ]; then - _not_set="OCI_TENANCY " + if [ "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then + if [ -f "$OCI_CLI_KEY_FILE" ]; then + OCI_CLI_KEY=$(_base64 <"$OCI_CLI_KEY_FILE") + else + _err "Fatal: unable to read $OCI_CLI_KEY_FILE." + return 1 + fi fi - if [ -z "$OCI_USER" ]; then - _not_set="${_not_set}OCI_USER " + if [ -z "$OCI_CLI_TENANCY" ]; then + _not_set="${_not_set}OCI_CLI_TENANCY " fi - if [ -z "$OCI_FINGERPRINT" ]; then - _not_set="${_not_set}OCI_FINGERPRINT " + if [ -z "$OCI_CLI_USER" ]; then + _not_set="${_not_set}OCI_CLI_USER " fi - if [ -z "$OCI_PRIVATE_KEY" ]; then - _not_set="${_not_set}OCI_PRIVATE_KEY" + if [ -z "$OCI_CLI_REGION" ]; then + _not_set="${_not_set}OCI_CLI_REGION " fi if [ "$_not_set" ]; then - _err "Fatal: environment variable(s): ${_not_set} not set." + _err "Fatal: required environment variable(s): ${_not_set} not set." _ret=1 else - _saveaccountconf_mutable OCI_TENANCY "$OCI_TENANCY" - _saveaccountconf_mutable OCI_USER "$OCI_USER" - _saveaccountconf_mutable OCI_FINGERPRINT "$OCI_FINGERPRINT" - _saveaccountconf_mutable OCI_PRIVATE_KEY "$OCI_PRIVATE_KEY" - fi - - if [ "$OCI_PRIVATE_KEY" ] && [ "$(printf "%s\n" "$OCI_PRIVATE_KEY" | wc -l)" -eq 1 ]; then - OCI_PRIVATE_KEY="$(echo "$OCI_PRIVATE_KEY" | openssl enc -d -a -A)" - _secure_debug3 OCI_PRIVATE_KEY "$OCI_PRIVATE_KEY" + _saveaccountconf_mutable OCI_CLI_TENANCY "$OCI_CLI_TENANCY" + _saveaccountconf_mutable OCI_CLI_USER "$OCI_CLI_USER" + _saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY" + _saveaccountconf_mutable OCI_CLI_REGION "$OCI_CLI_REGION" fi - if [ "$OCI_KEY_PASSPHRASE" ]; then - _saveaccountconf_mutable OCI_KEY_PASSPHRASE "$OCI_KEY_PASSPHRASE" + if ! _contains "PRIVATE KEY" "$OCI_CLI_KEY"; then + OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64 multiline) fi - if [ "$OCI_REGION" ]; then - _saveaccountconf_mutable OCI_REGION "$OCI_REGION" - else - OCI_REGION="us-ashburn-1" + if ! _get_zone "$_fqdn"; then + _err "Error: DNS Zone not found for $_fqdn." + _ret=1 fi return $_ret @@ -168,6 +157,19 @@ _get_zone() { } +#Usage: privatekey +#Output MD5 fingerprint +_fingerprint() { + pkey="$1" + if [ -z "$pkey" ]; then + _usage "Usage: _fingerprint privkey" + return 1 + fi + + printf "%s" "$pkey" | ${ACME_OPENSSL_BIN:-openssl} rsa -pubout -outform DER 2>/dev/null | ${ACME_OPENSSL_BIN:-openssl} md5 -c | cut -d = -f 2 | tr -d ' ' + +} + _signed_request() { _sig_method="$1" @@ -175,17 +177,13 @@ _signed_request() { _sig_body="$3" _return_field="$4" - _sig_host="dns.$OCI_REGION.oraclecloud.com" - _sig_keyId="$OCI_TENANCY/$OCI_USER/$OCI_FINGERPRINT" + _key_fingerprint=$(_fingerprint "$OCI_CLI_KEY") + _sig_host="dns.$OCI_CLI_REGION.oraclecloud.com" + _sig_keyId="$OCI_CLI_TENANCY/$OCI_CLI_USER/$_key_fingerprint" _sig_alg="rsa-sha256" _sig_version="1" _sig_now="$(LC_ALL=C \date -u "+%a, %d %h %Y %H:%M:%S GMT")" - if [ "$OCI_KEY_PASSPHRASE" ]; then - export OCI_KEY_PASSPHRASE="$OCI_KEY_PASSPHRASE" - _sig_passinArg="-passin env:OCI_KEY_PASSPHRASE" - fi - _request_method=$(printf %s "$_sig_method" | _lower_case) _curl_method=$(printf %s "$_sig_method" | _upper_case) @@ -198,7 +196,7 @@ _signed_request() { if [ "$_sig_body" ]; then _secure_debug3 _sig_body "$_sig_body" - _sig_body_sha256="x-content-sha256: $(printf %s "$_sig_body" | openssl dgst -binary -sha256 | openssl enc -e -base64)" + _sig_body_sha256="x-content-sha256: $(printf %s "$_sig_body" | _digest sha256)" _sig_body_type="content-type: application/json" _sig_body_length="content-length: ${#_sig_body}" _string_to_sign="$_string_to_sign\n$_sig_body_sha256\n$_sig_body_type\n$_sig_body_length" @@ -207,10 +205,8 @@ _signed_request() { _tmp_file=$(_mktemp) if [ -f "$_tmp_file" ]; then - printf '%s' "$OCI_PRIVATE_KEY" >"$_tmp_file" - # Double quoting the file and passphrase breaks openssl - # shellcheck disable=SC2086 - _signature=$(printf '%b' "$_string_to_sign" | openssl dgst -sha256 -sign $_tmp_file $_sig_passinArg | openssl enc -e -base64 | tr -d '\r\n') + printf '%s' "$OCI_CLI_KEY" >"$_tmp_file" + _signature=$(printf '%b' "$_string_to_sign" | _sign "$_tmp_file" sha256 | tr -d '\r\n') rm -f "$_tmp_file" fi From 74c054b2a5db14f2ef2f663944e60f2bf5090577 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 19 Jun 2021 11:52:11 +0800 Subject: [PATCH 0410/1526] fix https://github.com/acmesh-official/acme.sh/issues/3563 --- dnsapi/dns_nsd.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_nsd.sh b/dnsapi/dns_nsd.sh index 83cc4cac..0d29a485 100644 --- a/dnsapi/dns_nsd.sh +++ b/dnsapi/dns_nsd.sh @@ -51,7 +51,7 @@ dns_nsd_rm() { Nsd_ZoneFile="${Nsd_ZoneFile:-$(_readdomainconf Nsd_ZoneFile)}" Nsd_Command="${Nsd_Command:-$(_readdomainconf Nsd_Command)}" - sed -i "/$fulldomain. $ttlvalue IN TXT \"$txtvalue\"/d" "$Nsd_ZoneFile" + _sed_i "/$fulldomain. $ttlvalue IN TXT \"$txtvalue\"/d" "$Nsd_ZoneFile" _info "Removed TXT record for $fulldomain" _debug "Running $Nsd_Command" if eval "$Nsd_Command"; then From ed971df93aff3d5688d09049784e16aa0365761d Mon Sep 17 00:00:00 2001 From: Avi Miller Date: Sat, 19 Jun 2021 15:41:34 +1000 Subject: [PATCH 0411/1526] fix: add missing else/return 1 to if block Signed-off-by: Avi Miller --- dnsapi/dns_oci.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dnsapi/dns_oci.sh b/dnsapi/dns_oci.sh index 1c75b99f..1380f4d4 100644 --- a/dnsapi/dns_oci.sh +++ b/dnsapi/dns_oci.sh @@ -30,6 +30,8 @@ dns_oci_add() { _err "Error: failed to add TXT record for ${_sub_domain}.${_domain}." return 1 fi + else + return 1 fi else @@ -53,6 +55,8 @@ dns_oci_rm() { _err "Error: failed to remove TXT record for ${_sub_domain}.${_domain}." return 1 fi + else + return 1 fi else From 946c8b498a26a0d5e1cdb487f3a11d8c5f14d9dc Mon Sep 17 00:00:00 2001 From: Avi Miller Date: Sun, 20 Jun 2021 09:06:21 +1000 Subject: [PATCH 0412/1526] feat: enable automatic configuration from an OCI configuration file The individual parameters can still be overridden via the corresponding OCI_CLI environment variable. Signed-off-by: Avi Miller --- dnsapi/dns_oci.sh | 133 +++++++++++++++++++++++++++++++++------------- 1 file changed, 96 insertions(+), 37 deletions(-) diff --git a/dnsapi/dns_oci.sh b/dnsapi/dns_oci.sh index 1380f4d4..4d013578 100644 --- a/dnsapi/dns_oci.sh +++ b/dnsapi/dns_oci.sh @@ -3,7 +3,10 @@ # Acme.sh DNS API plugin for Oracle Cloud Infrastructure # Copyright (c) 2021, Oracle and/or its affiliates # -# Required OCI CLI environment variables: +# The plugin will automatically use the default profile from an OCI SDK and CLI +# configuration file, if it exists. +# +# Alternatively, set the following environment variables: # - OCI_CLI_TENANCY : OCID of tenancy that contains the target DNS zone # - OCI_CLI_USER : OCID of user with permission to add/remove records from zones # - OCI_CLI_REGION : Should point to the tenancy home region @@ -19,18 +22,15 @@ dns_oci_add() { _fqdn="$1" _rdata="$2" - if _oci_config; then - - if [ "$_sub_domain" ] && [ "$_domain" ]; then - _add_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"ttl\": 30,\"operation\":\"ADD\"}]}" - response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_add_record_body") - if [ "$response" ]; then - _info "Success: added TXT record for ${_sub_domain}.${_domain}." - else - _err "Error: failed to add TXT record for ${_sub_domain}.${_domain}." - return 1 - fi + if _get_oci_zone; then + + _add_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"ttl\": 30,\"operation\":\"ADD\"}]}" + response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_add_record_body") + if [ "$response" ]; then + _info "Success: added TXT record for ${_sub_domain}.${_domain}." else + _err "Error: failed to add TXT record for ${_sub_domain}.${_domain}." + _err "Check that the user has permission to add records to this zone." return 1 fi @@ -44,18 +44,15 @@ dns_oci_rm() { _fqdn="$1" _rdata="$2" - if _oci_config; then - - if [ "$_sub_domain" ] && [ "$_domain" ]; then - _remove_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"operation\":\"REMOVE\"}]}" - response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_remove_record_body") - if [ "$response" ]; then - _info "Success: removed TXT record for ${_sub_domain}.${_domain}." - else - _err "Error: failed to remove TXT record for ${_sub_domain}.${_domain}." - return 1 - fi + if _get_oci_zone; then + + _remove_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"operation\":\"REMOVE\"}]}" + response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_remove_record_body") + if [ "$response" ]; then + _info "Success: removed TXT record for ${_sub_domain}.${_domain}." else + _err "Error: failed to remove TXT record for ${_sub_domain}.${_domain}." + _err "Check that the user has permission to remove records from this zone." return 1 fi @@ -66,12 +63,41 @@ dns_oci_rm() { } #################### Private functions below ################################## +_get_oci_zone() { + + if ! _oci_config; then + return 1 + fi + + if ! _get_zone "$_fqdn"; then + _err "Error: DNS Zone not found for $_fqdn in $OCI_CLI_TENANCY" + return 1 + fi + + return 0 + +} + _oci_config() { - OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}" - OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}" - OCI_CLI_KEY="${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}" - OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}" + OCI_CLI_CONFIG_FILE="${OCI_CLI_CONFIG_FILE:-$HOME/.oci/config}" + OCI_CLI_PROFILE="${OCI_CLI_PROFILE:-DEFAULT}" + + # Let's try and find the values automagically first + # But still let any environment variables take precendence + if [ -f "$OCI_CLI_CONFIG_FILE" ]; then + _info "Reading OCI configuration file: $(_green "$OCI_CLI_CONFIG_FILE")" + OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_read_oci_config tenancy)}" + OCI_CLI_USER="${OCI_CLI_USER:-$(_read_oci_config user)}" + OCI_CLI_KEY_FILE="${OCI_CLI_KEY_FILE:-$(_read_oci_config key_file)}" + OCI_CLI_REGION="${OCI_CLI_REGION:-$(_read_oci_config region)}" + else + OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}" + OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}" + OCI_CLI_KEY="${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}" + OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}" + _save_config="true" + fi _not_set="" _ret=0 @@ -85,7 +111,7 @@ _oci_config() { if [ -f "$OCI_CLI_KEY_FILE" ]; then OCI_CLI_KEY=$(_base64 <"$OCI_CLI_KEY_FILE") else - _err "Fatal: unable to read $OCI_CLI_KEY_FILE." + _err "Fatal: unable to read key file: $OCI_CLI_KEY_FILE" return 1 fi fi @@ -106,21 +132,20 @@ _oci_config() { _err "Fatal: required environment variable(s): ${_not_set} not set." _ret=1 else - _saveaccountconf_mutable OCI_CLI_TENANCY "$OCI_CLI_TENANCY" - _saveaccountconf_mutable OCI_CLI_USER "$OCI_CLI_USER" - _saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY" - _saveaccountconf_mutable OCI_CLI_REGION "$OCI_CLI_REGION" + if [ "$_save_config" ]; then + _saveaccountconf_mutable OCI_CLI_TENANCY "$OCI_CLI_TENANCY" + _saveaccountconf_mutable OCI_CLI_USER "$OCI_CLI_USER" + _saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY" + _saveaccountconf_mutable OCI_CLI_REGION "$OCI_CLI_REGION" + else + _info "Success: OCI configuration retrieved from $OCI_CLI_CONFIG_FILE." + fi fi if ! _contains "PRIVATE KEY" "$OCI_CLI_KEY"; then OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64 multiline) fi - if ! _get_zone "$_fqdn"; then - _err "Error: DNS Zone not found for $_fqdn." - _ret=1 - fi - return $_ret } @@ -244,3 +269,37 @@ _signed_request() { return $_ret } + +# file key [section] +_read_oci_config() { + _key="$1" + + _start_n=$(grep -n '\['"$OCI_CLI_PROFILE"']' "$OCI_CLI_CONFIG_FILE" | cut -d : -f 1) + _debug2 _start_n "$_start_n" + if [ -z "$_start_n" ]; then + _err "Can not find section: $OCI_CLI_PROFILE" + return 1 + fi + + _start_nn=$(_math "$_start_n" + 1) + _debug2 "_start_nn" "$_start_nn" + + _left="$(sed -n "${_start_nn},99999p" "$OCI_CLI_CONFIG_FILE")" + _debug2 _left "$_left" + _end="$(echo "$_left" | grep -n "^\[" | _head_n 1)" + _debug2 "_end" "$_end" + if [ "$_end" ]; then + _end_n=$(echo "$_end" | cut -d : -f 1) + _debug "_end_n" "$_end_n" + _seg_n=$(echo "$_left" | sed -n "1,${_end_n}p") + else + _seg_n="$_left" + fi + + _debug2 "_seg_n" "$_seg_n" + _lineini="$(echo "$_seg_n" | grep "^ *$_key *= *")" + + _debug2 "_lineini" "$_lineini" + printf "%b" "$(eval "echo $_lineini | sed -e \"s/${_key}[[:space:]]*=[[:space:]]*//g\"")" + +} From 766602284045f00fbc019b9bfa8c140fc9279a5e Mon Sep 17 00:00:00 2001 From: Avi Miller Date: Sun, 20 Jun 2021 13:12:14 +1000 Subject: [PATCH 0413/1526] fix: revert _readini() function to be more generic Also switched [::space::] with a literal space for better cross-platform compatibility. Signed-off-by: Avi Miller --- dnsapi/dns_oci.sh | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/dnsapi/dns_oci.sh b/dnsapi/dns_oci.sh index 4d013578..1666c5a7 100644 --- a/dnsapi/dns_oci.sh +++ b/dnsapi/dns_oci.sh @@ -83,14 +83,14 @@ _oci_config() { OCI_CLI_CONFIG_FILE="${OCI_CLI_CONFIG_FILE:-$HOME/.oci/config}" OCI_CLI_PROFILE="${OCI_CLI_PROFILE:-DEFAULT}" - # Let's try and find the values automagically first - # But still let any environment variables take precendence + # Read the configuration from either the default or specified config file + # Override the config file value with the environment variable value (if set) if [ -f "$OCI_CLI_CONFIG_FILE" ]; then - _info "Reading OCI configuration file: $(_green "$OCI_CLI_CONFIG_FILE")" - OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_read_oci_config tenancy)}" - OCI_CLI_USER="${OCI_CLI_USER:-$(_read_oci_config user)}" - OCI_CLI_KEY_FILE="${OCI_CLI_KEY_FILE:-$(_read_oci_config key_file)}" - OCI_CLI_REGION="${OCI_CLI_REGION:-$(_read_oci_config region)}" + _info "Reading OCI configuration file: $OCI_CLI_CONFIG_FILE" + OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readini tenancy "$OCI_CLI_CONFIG_FILE" "$OCI_CLI_PROFILE")}" + OCI_CLI_USER="${OCI_CLI_USER:-$(_readini user "$OCI_CLI_CONFIG_FILE" "$OCI_CLI_PROFILE")}" + OCI_CLI_KEY_FILE="${OCI_CLI_KEY_FILE:-$(_readini key_file "$OCI_CLI_CONFIG_FILE" "$OCI_CLI_PROFILE")}" + OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readini region "$OCI_CLI_CONFIG_FILE" "$OCI_CLI_PROFILE")}" else OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}" OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}" @@ -271,20 +271,22 @@ _signed_request() { } # file key [section] -_read_oci_config() { +_readini() { _key="$1" + _file="$2" + _section="${3:-DEFAULT}" - _start_n=$(grep -n '\['"$OCI_CLI_PROFILE"']' "$OCI_CLI_CONFIG_FILE" | cut -d : -f 1) + _start_n=$(grep -n '\['"$_section"']' "$_file" | cut -d : -f 1) _debug2 _start_n "$_start_n" if [ -z "$_start_n" ]; then - _err "Can not find section: $OCI_CLI_PROFILE" + _err "Can not find section: $_section" return 1 fi _start_nn=$(_math "$_start_n" + 1) _debug2 "_start_nn" "$_start_nn" - _left="$(sed -n "${_start_nn},99999p" "$OCI_CLI_CONFIG_FILE")" + _left="$(sed -n "${_start_nn},99999p" "$_file")" _debug2 _left "$_left" _end="$(echo "$_left" | grep -n "^\[" | _head_n 1)" _debug2 "_end" "$_end" @@ -300,6 +302,6 @@ _read_oci_config() { _lineini="$(echo "$_seg_n" | grep "^ *$_key *= *")" _debug2 "_lineini" "$_lineini" - printf "%b" "$(eval "echo $_lineini | sed -e \"s/${_key}[[:space:]]*=[[:space:]]*//g\"")" + printf "%b" "$(eval "echo $_lineini | sed -e \"s/^ *${_key} *= *//g\"")" } From 1c786633780d5a070a24b1417039eeeaad54d3a2 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 20 Jun 2021 12:26:12 +0800 Subject: [PATCH 0414/1526] exclude test for dns api changes --- .github/workflows/LetsEncrypt.yml | 6 ++++++ .github/workflows/Linux.yml | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index 84fe61ad..b579d6e9 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -6,12 +6,18 @@ on: paths: - '**.sh' - '**.yml' + - '!dnsapi/**' + - '!deploy/**' + - '!notify/**' pull_request: branches: - dev paths: - '**.sh' - '**.yml' + - '!dnsapi/**' + - '!deploy/**' + - '!notify/**' jobs: diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index f5f74351..3e1d3cf8 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -6,12 +6,18 @@ on: paths: - '**.sh' - '**.yml' + - '!dnsapi/**' + - '!deploy/**' + - '!notify/**' pull_request: branches: - dev paths: - '**.sh' - '**.yml' + - '!dnsapi/**' + - '!deploy/**' + - '!notify/**' jobs: From 1d089d4541ca2764113fb8c13b644e8d7fdd5c0a Mon Sep 17 00:00:00 2001 From: Avi Miller Date: Sun, 20 Jun 2021 14:38:24 +1000 Subject: [PATCH 0415/1526] fix: refactor the way the config is read from file and envvars The plugin will use the following order of precedence: environment value > file value > default value See the wiki for details on environment variable names. Signed-off-by: Avi Miller --- dnsapi/dns_oci.sh | 127 ++++++++++++++++++++++++++-------------------- 1 file changed, 73 insertions(+), 54 deletions(-) diff --git a/dnsapi/dns_oci.sh b/dnsapi/dns_oci.sh index 1666c5a7..c27023e2 100644 --- a/dnsapi/dns_oci.sh +++ b/dnsapi/dns_oci.sh @@ -80,76 +80,93 @@ _get_oci_zone() { _oci_config() { - OCI_CLI_CONFIG_FILE="${OCI_CLI_CONFIG_FILE:-$HOME/.oci/config}" - OCI_CLI_PROFILE="${OCI_CLI_PROFILE:-DEFAULT}" - - # Read the configuration from either the default or specified config file - # Override the config file value with the environment variable value (if set) - if [ -f "$OCI_CLI_CONFIG_FILE" ]; then - _info "Reading OCI configuration file: $OCI_CLI_CONFIG_FILE" - OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readini tenancy "$OCI_CLI_CONFIG_FILE" "$OCI_CLI_PROFILE")}" - OCI_CLI_USER="${OCI_CLI_USER:-$(_readini user "$OCI_CLI_CONFIG_FILE" "$OCI_CLI_PROFILE")}" - OCI_CLI_KEY_FILE="${OCI_CLI_KEY_FILE:-$(_readini key_file "$OCI_CLI_CONFIG_FILE" "$OCI_CLI_PROFILE")}" - OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readini region "$OCI_CLI_CONFIG_FILE" "$OCI_CLI_PROFILE")}" - else - OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}" - OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}" - OCI_CLI_KEY="${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}" - OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}" - _save_config="true" + _DEFAULT_OCI_CLI_CONFIG_FILE="$HOME/.oci/config" + OCI_CLI_CONFIG_FILE="${OCI_CLI_CONFIG_FILE:-$(_readaccountconf_mutable OCI_CLI_CONFIG_FILE)}" + + if [ -z "$OCI_CLI_CONFIG_FILE" ]; then + OCI_CLI_CONFIG_FILE="$_DEFAULT_OCI_CLI_CONFIG_FILE" fi - _not_set="" - _ret=0 + if [ "$_DEFAULT_OCI_CLI_CONFIG_FILE" != "$OCI_CLI_CONFIG_FILE" ]; then + _saveaccountconf_mutable OCI_CLI_CONFIG_FILE "$OCI_CLI_CONFIG_FILE" + else + _clearaccountconf_mutable OCI_CLI_CONFIG_FILE + fi - if [ -z "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then - _err "Fatal: you must provide a value for either OCI_CLI_KEY_FILE or OCI_CLI_KEY." - return 1 + _DEFAULT_OCI_CLI_PROFILE="DEFAULT" + OCI_CLI_PROFILE="${OCI_CLI_PROFILE:-$(_readaccountconf_mutable OCI_CLI_PROFILE)}" + if [ "$_DEFAULT_OCI_CLI_PROFILE" != "$OCI_CLI_PROFILE" ]; then + _saveaccountconf_mutable OCI_CLI_PROFILE "$OCI_CLI_PROFILE" + else + OCI_CLI_PROFILE="$_DEFAULT_OCI_CLI_PROFILE" + _clearaccountconf_mutable OCI_CLI_PROFILE fi - if [ "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then - if [ -f "$OCI_CLI_KEY_FILE" ]; then - OCI_CLI_KEY=$(_base64 <"$OCI_CLI_KEY_FILE") - else - _err "Fatal: unable to read key file: $OCI_CLI_KEY_FILE" - return 1 - fi + OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}" + if [ "$OCI_CLI_TENANCY" ]; then + _saveaccountconf_mutable OCI_CLI_TENANCY "$OCI_CLI_TENANCY" + elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then + _debug "Reading OCI_CLI_TENANCY value from: $OCI_CLI_CONFIG_FILE" + OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readini "$OCI_CLI_CONFIG_FILE" tenancy "$OCI_CLI_PROFILE")}" fi if [ -z "$OCI_CLI_TENANCY" ]; then - _not_set="${_not_set}OCI_CLI_TENANCY " + _err "Error: unable to read OCI_CLI_TENANCY from config file or environment variable." + return 1 fi + OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}" + if [ "$OCI_CLI_USER" ]; then + _saveaccountconf_mutable OCI_CLI_USER "$OCI_CLI_USER" + elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then + _debug "Reading OCI_CLI_USER value from: $OCI_CLI_CONFIG_FILE" + OCI_CLI_USER="${OCI_CLI_USER:-$(_readini "$OCI_CLI_CONFIG_FILE" user "$OCI_CLI_PROFILE")}" + fi if [ -z "$OCI_CLI_USER" ]; then - _not_set="${_not_set}OCI_CLI_USER " + _err "Error: unable to read OCI_CLI_USER from config file or environment variable." + return 1 fi + OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}" + if [ "$OCI_CLI_REGION" ]; then + _saveaccountconf_mutable OCI_CLI_REGION "$OCI_CLI_REGION" + elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then + _debug "Reading OCI_CLI_REGION value from: $OCI_CLI_CONFIG_FILE" + OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readini "$OCI_CLI_CONFIG_FILE" region "$OCI_CLI_PROFILE")}" + fi if [ -z "$OCI_CLI_REGION" ]; then - _not_set="${_not_set}OCI_CLI_REGION " + _err "Error: unable to read OCI_CLI_REGION from config file or environment variable." + return 1 fi - if [ "$_not_set" ]; then - _err "Fatal: required environment variable(s): ${_not_set} not set." - _ret=1 - else - if [ "$_save_config" ]; then - _saveaccountconf_mutable OCI_CLI_TENANCY "$OCI_CLI_TENANCY" - _saveaccountconf_mutable OCI_CLI_USER "$OCI_CLI_USER" + OCI_CLI_KEY="${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}" + if [ -z "$OCI_CLI_KEY" ]; then + _clearaccountconf_mutable OCI_CLI_KEY + OCI_CLI_KEY_FILE="${OCI_CLI_KEY_FILE:-$(_readini "$OCI_CLI_CONFIG_FILE" key_file "$OCI_CLI_PROFILE")}" + if [ "$OCI_CLI_KEY_FILE" ] && [ -f "$OCI_CLI_KEY_FILE" ]; then + _debug "Reading OCI_CLI_KEY value from: $OCI_CLI_KEY_FILE" + OCI_CLI_KEY=$(_base64 <"$OCI_CLI_KEY_FILE") _saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY" - _saveaccountconf_mutable OCI_CLI_REGION "$OCI_CLI_REGION" - else - _info "Success: OCI configuration retrieved from $OCI_CLI_CONFIG_FILE." fi + else + _saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY" + fi + + if [ -z "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then + _err "Error: unable to find key file path in OCI config file or OCI_CLI_KEY_FILE." + _err "Error: unable to load private API signing key from OCI_CLI_KEY." + return 1 fi - if ! _contains "PRIVATE KEY" "$OCI_CLI_KEY"; then + if [ "$(printf "%s\n" "$OCI_CLI_KEY" | wc -l)" -eq 1 ]; then OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64 multiline) fi - return $_ret + return 0 } + # _get_zone(): retrieves the Zone name and OCID # # _sub_domain=_acme-challenge.www @@ -189,6 +206,7 @@ _get_zone() { #Usage: privatekey #Output MD5 fingerprint _fingerprint() { + pkey="$1" if [ -z "$pkey" ]; then _usage "Usage: _fingerprint privkey" @@ -272,36 +290,37 @@ _signed_request() { # file key [section] _readini() { - _key="$1" - _file="$2" + _file="$1" + _key="$2" _section="${3:-DEFAULT}" _start_n=$(grep -n '\['"$_section"']' "$_file" | cut -d : -f 1) - _debug2 _start_n "$_start_n" + _debug3 _start_n "$_start_n" if [ -z "$_start_n" ]; then _err "Can not find section: $_section" return 1 fi _start_nn=$(_math "$_start_n" + 1) - _debug2 "_start_nn" "$_start_nn" + _debug3 "_start_nn" "$_start_nn" _left="$(sed -n "${_start_nn},99999p" "$_file")" - _debug2 _left "$_left" + _debug3 _left "$_left" _end="$(echo "$_left" | grep -n "^\[" | _head_n 1)" - _debug2 "_end" "$_end" + _debug3 "_end" "$_end" if [ "$_end" ]; then _end_n=$(echo "$_end" | cut -d : -f 1) - _debug "_end_n" "$_end_n" + _debug3 "_end_n" "$_end_n" _seg_n=$(echo "$_left" | sed -n "1,${_end_n}p") else _seg_n="$_left" fi - _debug2 "_seg_n" "$_seg_n" + _debug3 "_seg_n" "$_seg_n" _lineini="$(echo "$_seg_n" | grep "^ *$_key *= *")" + _inivalue="$(printf "%b" "$(eval "echo $_lineini | sed \"s/^ *${_key} *= *//g\"")")" + _debug2 _inivalue "$_inivalue" + echo "$_inivalue" - _debug2 "_lineini" "$_lineini" - printf "%b" "$(eval "echo $_lineini | sed -e \"s/^ *${_key} *= *//g\"")" } From 25d0fdf8ff25135a8d071a46eb394b7e7b64d73f Mon Sep 17 00:00:00 2001 From: Avi Miller Date: Sun, 20 Jun 2021 17:07:04 +1000 Subject: [PATCH 0416/1526] fix: fix a format issue reported by shellfmt Signed-off-by: Avi Miller --- dnsapi/dns_oci.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/dnsapi/dns_oci.sh b/dnsapi/dns_oci.sh index c27023e2..eb006120 100644 --- a/dnsapi/dns_oci.sh +++ b/dnsapi/dns_oci.sh @@ -166,7 +166,6 @@ _oci_config() { } - # _get_zone(): retrieves the Zone name and OCID # # _sub_domain=_acme-challenge.www @@ -322,5 +321,4 @@ _readini() { _debug2 _inivalue "$_inivalue" echo "$_inivalue" - } From 79fac4466e9b9bca12b659ea062dec2905b42052 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 20 Jun 2021 16:57:58 +0800 Subject: [PATCH 0417/1526] minor --- .github/workflows/LetsEncrypt.yml | 11 +++-------- .github/workflows/Linux.yml | 12 ++++-------- .github/workflows/PebbleStrict.yml | 4 ++-- 3 files changed, 9 insertions(+), 18 deletions(-) diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml index b579d6e9..5986290d 100644 --- a/.github/workflows/LetsEncrypt.yml +++ b/.github/workflows/LetsEncrypt.yml @@ -4,20 +4,15 @@ on: branches: - '*' paths: - - '**.sh' + - '*.sh' - '**.yml' - - '!dnsapi/**' - - '!deploy/**' - - '!notify/**' + pull_request: branches: - dev paths: - - '**.sh' + - '*.sh' - '**.yml' - - '!dnsapi/**' - - '!deploy/**' - - '!notify/**' jobs: diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index 3e1d3cf8..6d4dcf7c 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -4,20 +4,16 @@ on: branches: - '*' paths: - - '**.sh' + - '*.sh' - '**.yml' - - '!dnsapi/**' - - '!deploy/**' - - '!notify/**' + pull_request: branches: - dev paths: - - '**.sh' + - '*.sh' - '**.yml' - - '!dnsapi/**' - - '!deploy/**' - - '!notify/**' + jobs: diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index 976e5373..fee41feb 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -4,13 +4,13 @@ on: branches: - '*' paths: - - '**.sh' + - '*.sh' - '**.yml' pull_request: branches: - dev paths: - - '**.sh' + - '*.sh' - '**.yml' jobs: From 280e44304ae87fa603b21d34dca3a39db951fa1a Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 21 Jun 2021 20:11:15 +0800 Subject: [PATCH 0418/1526] fix for compatibility to sslcom --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 08de9ce7..df1d7567 100755 --- a/acme.sh +++ b/acme.sh @@ -1210,7 +1210,7 @@ _createcsr() { _debug2 csr "$csr" _debug2 csrconf "$csrconf" - printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment" >"$csrconf" + printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\n" >"$csrconf" if [ "$acmeValidationv1" ]; then domainlist="$(_idn "$domainlist")" From 53d6ab6c2377f8bf6c2b0b1afd8b6d308d647c90 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 21 Jun 2021 21:31:00 +0800 Subject: [PATCH 0419/1526] support SSL.com --- README.md | 1 + acme.sh | 33 ++++++++++++++++++++++++++------- 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index c1c3a3c4..88373193 100644 --- a/README.md +++ b/README.md @@ -88,6 +88,7 @@ https://github.com/acmesh-official/acmetest - [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)(default) - Letsencrypt.org CA - [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA) +- [SSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA) - [Pebble strict Mode](https://github.com/letsencrypt/pebble) - Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA diff --git a/acme.sh b/acme.sh index df1d7567..e398870f 100755 --- a/acme.sh +++ b/acme.sh @@ -29,18 +29,24 @@ CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory" CA_ZEROSSL="https://acme.zerossl.com/v2/DV90" _ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email" + +CA_SSLCOM_RSA="https://acme.ssl.com/sslcom-dv-rsa" +CA_SSLCOM_ECC="https://acme.ssl.com/sslcom-dv-ecc" + + DEFAULT_CA=$CA_ZEROSSL DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST CA_NAMES=" +ZeroSSL.com,zerossl LetsEncrypt.org,letsencrypt LetsEncrypt.org_test,letsencrypt_test,letsencrypttest BuyPass.com,buypass BuyPass.com_test,buypass_test,buypasstest -ZeroSSL.com,zerossl +SSL.com,sslcom " -CA_SERVERS="$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_ZEROSSL" +CA_SERVERS="$CA_ZEROSSL,$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_SSLCOM_RSA" DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)" @@ -155,6 +161,8 @@ _REVOKE_WIKI="https://github.com/acmesh-official/acme.sh/wiki/revokecert" _ZEROSSL_WIKI="https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA" +_SSLCOM_WIKI="https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA" + _SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server" _PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain" @@ -2617,7 +2625,13 @@ _initpath() { _ACME_SERVER_HOST="$(echo "$ACME_DIRECTORY" | cut -d : -f 2 | tr -s / | cut -d / -f 2)" _debug2 "_ACME_SERVER_HOST" "$_ACME_SERVER_HOST" - CA_DIR="$CA_HOME/$_ACME_SERVER_HOST" + _ACME_SERVER_PATH="$(echo "$ACME_DIRECTORY" | cut -d : -f 2- | tr -s / | cut -d / -f 3-)" + _debug2 "_ACME_SERVER_PATH" "$_ACME_SERVER_PATH" + if [ -z "$_ACME_SERVER_PATH" ] || [ "$_ACME_SERVER_PATH" = "directory" ]; then + CA_DIR="$CA_HOME/$_ACME_SERVER_HOST" + else + CA_DIR="$CA_HOME/$_ACME_SERVER_HOST/$_ACME_SERVER_PATH" + fi _DEFAULT_CA_CONF="$CA_DIR/ca.conf" @@ -6638,9 +6652,10 @@ _checkSudo() { return 0 } -#server +#server #keylength _selectServer() { _server="$1" + _skeylength="$2" _server_lower="$(echo "$_server" | _lower_case)" _sindex=0 for snames in $CA_NAMES; do @@ -6651,6 +6666,9 @@ _selectServer() { if [ "$_server_lower" = "$sname" ]; then _debug2 "_selectServer match $sname" _serverdir="$(_getfield "$CA_SERVERS" $_sindex)" + if [ "$_serverdir" = "$CA_SSLCOM_RSA" ] && _isEccKey "$_skeylength"; then + _serverdir="$CA_SSLCOM_ECC" + fi _debug "Selected server: $_serverdir" ACME_DIRECTORY="$_serverdir" export ACME_DIRECTORY @@ -6882,7 +6900,6 @@ _process() { ;; --server) _server="$2" - _selectServer "$_server" shift ;; --debug) @@ -6981,7 +6998,6 @@ _process() { Le_DNSSleep="$_dnssleep" shift ;; - --keylength | -k) _keylength="$2" shift @@ -6990,7 +7006,6 @@ _process() { _accountkeylength="$2" shift ;; - --cert-file | --certpath) _cert_file="$2" shift @@ -7254,6 +7269,10 @@ _process() { shift 1 done + if [ "$_server" ]; then + _selectServer "$_server" "${_ecc-:$_keylength}" + fi + if [ "${_CMD}" != "install" ]; then if [ "$__INTERACTIVE" ] && ! _checkSudo; then if [ -z "$FORCE" ]; then From 30f11d0e16e79ff672f6ef54934d6625162da882 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 21 Jun 2021 21:41:56 +0800 Subject: [PATCH 0420/1526] typo --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index e398870f..a22b053e 100755 --- a/acme.sh +++ b/acme.sh @@ -7270,7 +7270,7 @@ _process() { done if [ "$_server" ]; then - _selectServer "$_server" "${_ecc-:$_keylength}" + _selectServer "$_server" "${_ecc:-$_keylength}" fi if [ "${_CMD}" != "install" ]; then From 707cf35f0a4eb89687a2b8fcfba5184cf1a5d2f8 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 21 Jun 2021 22:29:14 +0800 Subject: [PATCH 0421/1526] fix format --- acme.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/acme.sh b/acme.sh index a22b053e..56bb3ddb 100755 --- a/acme.sh +++ b/acme.sh @@ -29,11 +29,9 @@ CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory" CA_ZEROSSL="https://acme.zerossl.com/v2/DV90" _ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email" - CA_SSLCOM_RSA="https://acme.ssl.com/sslcom-dv-rsa" CA_SSLCOM_ECC="https://acme.ssl.com/sslcom-dv-ecc" - DEFAULT_CA=$CA_ZEROSSL DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST From 593e8e1f636b83772224559b979c9a71724e4104 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 21 Jun 2021 22:47:22 +0800 Subject: [PATCH 0422/1526] move ca key path --- acme.sh | 79 ++++++++++++++++++++++----------------------------------- 1 file changed, 31 insertions(+), 48 deletions(-) diff --git a/acme.sh b/acme.sh index 56bb3ddb..a4bca7ea 100755 --- a/acme.sh +++ b/acme.sh @@ -2625,19 +2625,44 @@ _initpath() { _ACME_SERVER_PATH="$(echo "$ACME_DIRECTORY" | cut -d : -f 2- | tr -s / | cut -d / -f 3-)" _debug2 "_ACME_SERVER_PATH" "$_ACME_SERVER_PATH" - if [ -z "$_ACME_SERVER_PATH" ] || [ "$_ACME_SERVER_PATH" = "directory" ]; then - CA_DIR="$CA_HOME/$_ACME_SERVER_HOST" - else - CA_DIR="$CA_HOME/$_ACME_SERVER_HOST/$_ACME_SERVER_PATH" - fi + CA_DIR="$CA_HOME/$_ACME_SERVER_HOST/$_ACME_SERVER_PATH" _DEFAULT_CA_CONF="$CA_DIR/ca.conf" - if [ -z "$CA_CONF" ]; then CA_CONF="$_DEFAULT_CA_CONF" fi _debug3 CA_CONF "$CA_CONF" + _OLD_CADIR="$CA_HOME/$_ACME_SERVER_HOST" + _OLD_ACCOUNT_KEY="$_OLD_CADIR/account.key" + _OLD_ACCOUNT_JSON="$_OLD_CADIR/account.json" + _OLD_CA_CONF="$_OLD_CADIR/ca.conf" + + + _DEFAULT_ACCOUNT_KEY_PATH="$CA_DIR/account.key" + _DEFAULT_ACCOUNT_JSON_PATH="$CA_DIR/account.json" + if [ -z "$ACCOUNT_KEY_PATH" ]; then + ACCOUNT_KEY_PATH="$_DEFAULT_ACCOUNT_KEY_PATH" + if [ -f "$_OLD_ACCOUNT_KEY" ] && ! [ -f "$ACCOUNT_KEY_PATH" ]; then + mkdir -p "$CA_DIR" + mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH" + fi + fi + + if [ -z "$ACCOUNT_JSON_PATH" ]; then + ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH" + if [ -f "$_OLD_ACCOUNT_JSON" ] && ! [ -f "$ACCOUNT_JSON_PATH" ]; then + mkdir -p "$CA_DIR" + mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH" + fi + fi + + if [ -f "$_OLD_CA_CONF" ] && ! [ -f "$CA_CONF" ]; then + mkdir -p "$CA_DIR" + mv "$_OLD_CA_CONF" "$CA_CONF" + fi + + if [ -f "$CA_CONF" ]; then . "$CA_CONF" fi @@ -2658,19 +2683,6 @@ _initpath() { HTTP_HEADER="$LE_CONFIG_HOME/http.header" fi - _OLD_ACCOUNT_KEY="$LE_WORKING_DIR/account.key" - _OLD_ACCOUNT_JSON="$LE_WORKING_DIR/account.json" - - _DEFAULT_ACCOUNT_KEY_PATH="$CA_DIR/account.key" - _DEFAULT_ACCOUNT_JSON_PATH="$CA_DIR/account.json" - if [ -z "$ACCOUNT_KEY_PATH" ]; then - ACCOUNT_KEY_PATH="$_DEFAULT_ACCOUNT_KEY_PATH" - fi - - if [ -z "$ACCOUNT_JSON_PATH" ]; then - ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH" - fi - _DEFAULT_CERT_HOME="$LE_CONFIG_HOME" if [ -z "$CERT_HOME" ]; then CERT_HOME="$_DEFAULT_CERT_HOME" @@ -3501,15 +3513,6 @@ _regAccount() { _initAPI mkdir -p "$CA_DIR" - if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then - _info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH" - mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH" - fi - - if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then - _info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH" - mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH" - fi if [ ! -f "$ACCOUNT_KEY_PATH" ]; then if ! _create_account_key "$_reg_length"; then @@ -3647,16 +3650,6 @@ _regAccount() { updateaccount() { _initpath - if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then - _info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH" - mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH" - fi - - if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then - _info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH" - mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH" - fi - if [ ! -f "$ACCOUNT_KEY_PATH" ]; then _err "Account key is not found at: $ACCOUNT_KEY_PATH" return 1 @@ -3699,16 +3692,6 @@ updateaccount() { deactivateaccount() { _initpath - if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then - _info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH" - mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH" - fi - - if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then - _info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH" - mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH" - fi - if [ ! -f "$ACCOUNT_KEY_PATH" ]; then _err "Account key is not found at: $ACCOUNT_KEY_PATH" return 1 From c0ae44a41bf0c093b599a405f6e18538a786c6ea Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 21 Jun 2021 22:59:14 +0800 Subject: [PATCH 0423/1526] fix format --- acme.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/acme.sh b/acme.sh index a4bca7ea..4682544d 100755 --- a/acme.sh +++ b/acme.sh @@ -2638,7 +2638,6 @@ _initpath() { _OLD_ACCOUNT_JSON="$_OLD_CADIR/account.json" _OLD_CA_CONF="$_OLD_CADIR/ca.conf" - _DEFAULT_ACCOUNT_KEY_PATH="$CA_DIR/account.key" _DEFAULT_ACCOUNT_JSON_PATH="$CA_DIR/account.json" if [ -z "$ACCOUNT_KEY_PATH" ]; then @@ -2662,7 +2661,6 @@ _initpath() { mv "$_OLD_CA_CONF" "$CA_CONF" fi - if [ -f "$CA_CONF" ]; then . "$CA_CONF" fi From 8dae8c52c031cb49ad33c106e288b14fe577707d Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 22 Jun 2021 07:48:37 +0800 Subject: [PATCH 0424/1526] split in to multiple files, so that it can pass more. --- .github/workflows/FreeBSD.yml | 60 +++++++++ .github/workflows/LetsEncrypt.yml | 215 ------------------------------ .github/workflows/MacOS.yml | 52 ++++++++ .github/workflows/Solaris.yml | 58 ++++++++ .github/workflows/Ubuntu.yml | 52 ++++++++ .github/workflows/Windows.yml | 70 ++++++++++ 6 files changed, 292 insertions(+), 215 deletions(-) create mode 100644 .github/workflows/FreeBSD.yml delete mode 100644 .github/workflows/LetsEncrypt.yml create mode 100644 .github/workflows/MacOS.yml create mode 100644 .github/workflows/Solaris.yml create mode 100644 .github/workflows/Ubuntu.yml create mode 100644 .github/workflows/Windows.yml diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml new file mode 100644 index 00000000..dd80a0b9 --- /dev/null +++ b/.github/workflows/FreeBSD.yml @@ -0,0 +1,60 @@ +name: FreeBSD +on: + push: + branches: + - '*' + paths: + - '*.sh' + - '**.yml' + + pull_request: + branches: + - dev + paths: + - '*.sh' + - '**.yml' + + +jobs: + FreeBSD: + strategy: + matrix: + include: + - TEST_ACME_Server: "" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + CA: "ZeroSSL RSA Domain Secure Site CA" + CA_EMAIL: "githubtest@acme.sh" + runs-on: macos-latest + env: + TEST_LOCAL: 1 + ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} + steps: + - uses: actions/checkout@v2 + - uses: vmactions/cf-tunnel@v0.0.2 + id: tunnel + with: + protocol: http + port: 8080 + - name: Set envs + run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/freebsd-vm@v0.1.4 + with: + envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL' + nat: | + "8080": "80" + prepare: pkg install -y socat curl + usesh: true + run: | + cd ../acmetest \ + && ./letest.sh + + diff --git a/.github/workflows/LetsEncrypt.yml b/.github/workflows/LetsEncrypt.yml deleted file mode 100644 index 5986290d..00000000 --- a/.github/workflows/LetsEncrypt.yml +++ /dev/null @@ -1,215 +0,0 @@ -name: LetsEncrypt -on: - push: - branches: - - '*' - paths: - - '*.sh' - - '**.yml' - - pull_request: - branches: - - dev - paths: - - '*.sh' - - '**.yml' - - -jobs: - Ubuntu: - strategy: - matrix: - include: - - TEST_ACME_Server: "" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" - CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - CA: "ZeroSSL RSA Domain Secure Site CA" - CA_EMAIL: "githubtest@acme.sh" - runs-on: ubuntu-latest - env: - TEST_LOCAL: 1 - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - steps: - - uses: actions/checkout@v2 - - name: Install tools - run: sudo apt-get install -y socat - - name: Clone acmetest - run: | - cd .. \ - && git clone https://github.com/acmesh-official/acmetest.git \ - && cp -r acme.sh acmetest/ - - name: Run acmetest - run: | - cd ../acmetest \ - && sudo --preserve-env ./letest.sh - - MacOS: - strategy: - matrix: - include: - - TEST_ACME_Server: "" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" - CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - CA: "ZeroSSL RSA Domain Secure Site CA" - CA_EMAIL: "githubtest@acme.sh" - runs-on: macos-latest - env: - TEST_LOCAL: 1 - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - steps: - - uses: actions/checkout@v2 - - name: Install tools - run: brew install socat - - name: Clone acmetest - run: | - cd .. \ - && git clone https://github.com/acmesh-official/acmetest.git \ - && cp -r acme.sh acmetest/ - - name: Run acmetest - run: | - cd ../acmetest \ - && sudo --preserve-env ./letest.sh - - Windows: - strategy: - matrix: - include: - - TEST_ACME_Server: "" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" - CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - CA: "ZeroSSL RSA Domain Secure Site CA" - CA_EMAIL: "githubtest@acme.sh" - runs-on: windows-latest - env: - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - TEST_LOCAL: 1 - #The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port. - Le_HTTPPort: 8888 - steps: - - name: Set git to use LF - run: | - git config --global core.autocrlf false - - uses: actions/checkout@v2 - - name: Install cygwin base packages with chocolatey - run: | - choco config get cacheLocation - choco install --no-progress cygwin - shell: cmd - - name: Install cygwin additional packages - run: | - C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git - shell: cmd - - name: Set ENV - shell: cmd - run: | - echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% - - name: Check ENV - shell: cmd - run: | - echo "PATH=%PATH%" - - name: Clone acmetest - shell: cmd - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - name: Run acmetest - shell: cmd - run: cd ../acmetest && bash.exe -c ./letest.sh - - FreeBSD: - strategy: - matrix: - include: - - TEST_ACME_Server: "" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" - CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - CA: "ZeroSSL RSA Domain Secure Site CA" - CA_EMAIL: "githubtest@acme.sh" - runs-on: macos-latest - env: - TEST_LOCAL: 1 - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - steps: - - uses: actions/checkout@v2 - - uses: vmactions/cf-tunnel@v0.0.2 - id: tunnel - with: - protocol: http - port: 8080 - - name: Set envs - run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.4 - with: - envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL' - nat: | - "8080": "80" - prepare: pkg install -y socat curl - usesh: true - run: | - cd ../acmetest \ - && ./letest.sh - - Solaris: - strategy: - matrix: - include: - - TEST_ACME_Server: "" - CA_ECDSA: "" - CA: "" - CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" - CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - CA: "ZeroSSL RSA Domain Secure Site CA" - CA_EMAIL: "githubtest@acme.sh" - runs-on: macos-latest - env: - TEST_LOCAL: 1 - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} - CA_ECDSA: ${{ matrix.CA_ECDSA }} - CA: ${{ matrix.CA }} - CA_EMAIL: ${{ matrix.CA_EMAIL }} - steps: - - uses: actions/checkout@v2 - - uses: vmactions/cf-tunnel@v0.0.2 - id: tunnel - with: - protocol: http - port: 8080 - - name: Set envs - run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.3 - with: - envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL' - nat: | - "8080": "80" - prepare: pkgutil -y -i socat curl - run: | - cd ../acmetest \ - && ./letest.sh - diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml new file mode 100644 index 00000000..b03bec0c --- /dev/null +++ b/.github/workflows/MacOS.yml @@ -0,0 +1,52 @@ +name: MacOS +on: + push: + branches: + - '*' + paths: + - '*.sh' + - '**.yml' + + pull_request: + branches: + - dev + paths: + - '*.sh' + - '**.yml' + + +jobs: + MacOS: + strategy: + matrix: + include: + - TEST_ACME_Server: "" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + CA: "ZeroSSL RSA Domain Secure Site CA" + CA_EMAIL: "githubtest@acme.sh" + runs-on: macos-latest + env: + TEST_LOCAL: 1 + ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} + steps: + - uses: actions/checkout@v2 + - name: Install tools + run: brew install socat + - name: Clone acmetest + run: | + cd .. \ + && git clone https://github.com/acmesh-official/acmetest.git \ + && cp -r acme.sh acmetest/ + - name: Run acmetest + run: | + cd ../acmetest \ + && sudo --preserve-env ./letest.sh + + diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml new file mode 100644 index 00000000..ad976f59 --- /dev/null +++ b/.github/workflows/Solaris.yml @@ -0,0 +1,58 @@ +name: Solaris +on: + push: + branches: + - '*' + paths: + - '*.sh' + - '**.yml' + + pull_request: + branches: + - dev + paths: + - '*.sh' + - '**.yml' + + +jobs: + Solaris: + strategy: + matrix: + include: + - TEST_ACME_Server: "" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + CA: "ZeroSSL RSA Domain Secure Site CA" + CA_EMAIL: "githubtest@acme.sh" + runs-on: macos-latest + env: + TEST_LOCAL: 1 + ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} + steps: + - uses: actions/checkout@v2 + - uses: vmactions/cf-tunnel@v0.0.2 + id: tunnel + with: + protocol: http + port: 8080 + - name: Set envs + run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/solaris-vm@v0.0.3 + with: + envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL' + nat: | + "8080": "80" + prepare: pkgutil -y -i socat curl + run: | + cd ../acmetest \ + && ./letest.sh + diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml new file mode 100644 index 00000000..1ec50189 --- /dev/null +++ b/.github/workflows/Ubuntu.yml @@ -0,0 +1,52 @@ +name: Ubuntu +on: + push: + branches: + - '*' + paths: + - '*.sh' + - '**.yml' + + pull_request: + branches: + - dev + paths: + - '*.sh' + - '**.yml' + + +jobs: + Ubuntu: + strategy: + matrix: + include: + - TEST_ACME_Server: "" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + CA: "ZeroSSL RSA Domain Secure Site CA" + CA_EMAIL: "githubtest@acme.sh" + runs-on: ubuntu-latest + env: + TEST_LOCAL: 1 + ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} + steps: + - uses: actions/checkout@v2 + - name: Install tools + run: sudo apt-get install -y socat + - name: Clone acmetest + run: | + cd .. \ + && git clone https://github.com/acmesh-official/acmetest.git \ + && cp -r acme.sh acmetest/ + - name: Run acmetest + run: | + cd ../acmetest \ + && sudo --preserve-env ./letest.sh + + diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml new file mode 100644 index 00000000..0219eaa5 --- /dev/null +++ b/.github/workflows/Windows.yml @@ -0,0 +1,70 @@ +name: Windows +on: + push: + branches: + - '*' + paths: + - '*.sh' + - '**.yml' + + pull_request: + branches: + - dev + paths: + - '*.sh' + - '**.yml' + + +jobs: + Windows: + strategy: + matrix: + include: + - TEST_ACME_Server: "" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + CA: "ZeroSSL RSA Domain Secure Site CA" + CA_EMAIL: "githubtest@acme.sh" + runs-on: windows-latest + env: + ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} + TEST_LOCAL: 1 + #The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port. + Le_HTTPPort: 8888 + steps: + - name: Set git to use LF + run: | + git config --global core.autocrlf false + - uses: actions/checkout@v2 + - name: Install cygwin base packages with chocolatey + run: | + choco config get cacheLocation + choco install --no-progress cygwin + shell: cmd + - name: Install cygwin additional packages + run: | + C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git + shell: cmd + - name: Set ENV + shell: cmd + run: | + echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% + - name: Check ENV + shell: cmd + run: | + echo "PATH=%PATH%" + - name: Clone acmetest + shell: cmd + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - name: Run acmetest + shell: cmd + run: cd ../acmetest && bash.exe -c ./letest.sh + + + From 20082ec9fb5dda855d6ebd2d309cbba3cb4c0ad4 Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 22 Jun 2021 07:55:12 +0800 Subject: [PATCH 0425/1526] update status --- README.md | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 88373193..805b1c2c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,10 @@ # An ACME Shell script: acme.sh -![LetsEncrypt](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg) +[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml) +[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml) +[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml) +[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml) +[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml) ![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg) ![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) ![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg) @@ -57,11 +61,11 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) | NO | Status| Platform| |----|-------|---------| -|1|[![MacOS](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Mac OSX -|2|[![Windows](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Windows (cygwin with curl, openssl and crontab included) -|3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|FreeBSD -|4|[![Solaris](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Solaris -|5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)| Ubuntu +|1|[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml)|Mac OSX +|2|[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)|Windows (cygwin with curl, openssl and crontab included) +|3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml)FreeBSD +|4|[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)Solaris +|5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)| Ubuntu |6|NA|pfsense |7|NA|OpenBSD |8|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian @@ -73,11 +77,12 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux |15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux |16|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) -|17|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 -|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia -|19|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) -|20|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux -|21|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux +|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia +|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux +|19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux +|20|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 +|21|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) + Check our [testing project](https://github.com/acmesh-official/acmetest): From 41f4baadb9c20924b5f7d66e15f563d7aa178bc6 Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 22 Jun 2021 07:59:02 +0800 Subject: [PATCH 0426/1526] minor --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 805b1c2c..132a375a 100644 --- a/README.md +++ b/README.md @@ -63,8 +63,8 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |----|-------|---------| |1|[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml)|Mac OSX |2|[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)|Windows (cygwin with curl, openssl and crontab included) -|3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml)FreeBSD -|4|[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)Solaris +|3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml)|FreeBSD +|4|[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)|Solaris |5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)| Ubuntu |6|NA|pfsense |7|NA|OpenBSD @@ -76,12 +76,12 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora |14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux |15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux -|16|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) -|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia -|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux -|19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux -|20|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 -|21|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) +|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia +|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux +|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux +|19|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 +|20|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) +|21|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) Check our [testing project](https://github.com/acmesh-official/acmetest): From c7285967d61d79fcd2d1ecf0f8418952a930ca11 Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 22 Jun 2021 20:39:00 +0800 Subject: [PATCH 0427/1526] fix for list short name --- README.md | 1 + acme.sh | 3 +++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 132a375a..c7f7e677 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ [![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml) [![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml) [![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml) + ![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg) ![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) ![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg) diff --git a/acme.sh b/acme.sh index 4682544d..681632fa 100755 --- a/acme.sh +++ b/acme.sh @@ -6665,6 +6665,9 @@ _getCAShortName() { if [ -z "$caurl" ]; then caurl="$DEFAULT_CA" fi + if [ "$CA_SSLCOM_ECC" = "$caurl" ]; then + caurl="$CA_SSLCOM_RSA" #just hack to get the short name + fi caurl_lower="$(echo $caurl | _lower_case)" _sindex=0 for surl in $(echo "$CA_SERVERS" | _lower_case | tr , ' '); do From 7c7d61f61e634649482eff75e216df1da9e8e298 Mon Sep 17 00:00:00 2001 From: Habetdin <15926758+Habetdin@users.noreply.github.com> Date: Wed, 23 Jun 2021 03:20:07 +0300 Subject: [PATCH 0428/1526] Fix special characters escaping To escape characters '_', '*', '`', '[' outside of an entity, prepend the characters '\' before them. --- notify/telegram.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/telegram.sh b/notify/telegram.sh index d16f3a98..454b4146 100644 --- a/notify/telegram.sh +++ b/notify/telegram.sh @@ -27,7 +27,7 @@ telegram_send() { fi _saveaccountconf_mutable TELEGRAM_BOT_CHATID "$TELEGRAM_BOT_CHATID" - _content="$(printf "%s" "$_content" | sed -e 's/*/\\\\*/')" + _content="$(printf "%s" "$_content" | sed -e 's/\([_*`\[]\)/\\\\\1/g')" _content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" _data="{\"text\": \"$_content\", " _data="$_data\"chat_id\": \"$TELEGRAM_BOT_CHATID\", " From 014e01605859d18a75d55db33f1ce2e886e50bbc Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 24 Jun 2021 20:35:49 +0800 Subject: [PATCH 0429/1526] add retry for init api --- acme.sh | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/acme.sh b/acme.sh index 681632fa..efbbd042 100755 --- a/acme.sh +++ b/acme.sh @@ -2540,12 +2540,18 @@ _initAPI() { _api_server="${1:-$ACME_DIRECTORY}" _debug "_init api for server: $_api_server" - if [ -z "$ACME_NEW_ACCOUNT" ]; then + MAX_API_RETRY_TIMES=10 + _sleep_retry_sec=10 + _request_retry_times=0 + while [ -z "$ACME_NEW_ACCOUNT" ] && [ "${_request_retry_times}" -lt "$MAX_API_RETRY_TIMES" ]; do + _request_retry_times=$(_math "$_request_retry_times" + 1) response=$(_get "$_api_server") if [ "$?" != "0" ]; then _debug2 "response" "$response" - _err "Can not init api for: $_api_server." - return 1 + _info "Can not init api for: $_api_server." + _info "Sleep $_sleep_retry_sec and retry." + _sleep "$_sleep_retry_sec" + continue fi response=$(echo "$response" | _json_decode) _debug2 "response" "$response" @@ -2578,8 +2584,12 @@ _initAPI() { _debug "ACME_REVOKE_CERT" "$ACME_REVOKE_CERT" _debug "ACME_AGREEMENT" "$ACME_AGREEMENT" _debug "ACME_NEW_NONCE" "$ACME_NEW_NONCE" - - fi + if [ "$ACME_KEY_CHANGE" ] && [ "$ACME_NEW_AUTHZ" ] && [ "$ACME_NEW_ORDEW_ACCOUNT" ] && [ "$ACME_REVOR" ] && [ "$ACME_NEKE_CERT" ]; then + return 0 + fi + done + _err "Can not init api, for $_api_server" + return 1 } #[domain] [keylength or isEcc flag] From 9daeae1695b19f13741b435d04381ed9fa84c815 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 24 Jun 2021 20:45:15 +0800 Subject: [PATCH 0430/1526] remove unnecessary check --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index efbbd042..0f81419a 100755 --- a/acme.sh +++ b/acme.sh @@ -2584,7 +2584,7 @@ _initAPI() { _debug "ACME_REVOKE_CERT" "$ACME_REVOKE_CERT" _debug "ACME_AGREEMENT" "$ACME_AGREEMENT" _debug "ACME_NEW_NONCE" "$ACME_NEW_NONCE" - if [ "$ACME_KEY_CHANGE" ] && [ "$ACME_NEW_AUTHZ" ] && [ "$ACME_NEW_ORDEW_ACCOUNT" ] && [ "$ACME_REVOR" ] && [ "$ACME_NEKE_CERT" ]; then + if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then return 0 fi done From 078a8b40e9cbcb42af679caf44ae19b2536a58a3 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 24 Jun 2021 22:03:00 +0800 Subject: [PATCH 0431/1526] add buypass test --- .github/workflows/Ubuntu.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 1ec50189..c8ceffc7 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -28,6 +28,10 @@ jobs: CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" + - TEST_ACME_Server: "https://api.test4.buypass.no/acme/directory" + CA_ECDSA: "Buypass Class 2 Test4 CA 5" + CA: "Buypass Class 2 Test4 CA 5" + CA_EMAIL: "githubtest@acme.sh" runs-on: ubuntu-latest env: TEST_LOCAL: 1 From 1ae9c4837042e5a53a2f3413ea88a263e86347e3 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 24 Jun 2021 22:05:43 +0800 Subject: [PATCH 0432/1526] fix error --- .github/workflows/Ubuntu.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index c8ceffc7..4113738f 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -28,7 +28,7 @@ jobs: CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" - - TEST_ACME_Server: "https://api.test4.buypass.no/acme/directory" + - TEST_ACME_Server: "https://api.test4.buypass.no/acme/directory" CA_ECDSA: "Buypass Class 2 Test4 CA 5" CA: "Buypass Class 2 Test4 CA 5" CA_EMAIL: "githubtest@acme.sh" From 29fe1c86dae489458f64a660f3fe60d3d5a29bad Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 24 Jun 2021 23:21:10 +0800 Subject: [PATCH 0433/1526] fix initapi --- acme.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/acme.sh b/acme.sh index 0f81419a..0dd8b678 100755 --- a/acme.sh +++ b/acme.sh @@ -2587,6 +2587,8 @@ _initAPI() { if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then return 0 fi + _info "Sleep $_sleep_retry_sec and retry." + _sleep "$_sleep_retry_sec" done _err "Can not init api, for $_api_server" return 1 From 2c927277e25758233b6b33300877afecb0e8a4a2 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 24 Jun 2021 23:23:46 +0800 Subject: [PATCH 0434/1526] fix error --- .github/workflows/Ubuntu.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 4113738f..cddf14b5 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -28,7 +28,7 @@ jobs: CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" - - TEST_ACME_Server: "https://api.test4.buypass.no/acme/directory" + - TEST_ACME_Server: "https://api.test4.buypass.no/acme/directory" CA_ECDSA: "Buypass Class 2 Test4 CA 5" CA: "Buypass Class 2 Test4 CA 5" CA_EMAIL: "githubtest@acme.sh" From c66e157a14cae435413f39ef15630ca5a67d8ffd Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 24 Jun 2021 23:30:16 +0800 Subject: [PATCH 0435/1526] fix path filter --- .github/workflows/FreeBSD.yml | 2 +- .github/workflows/Linux.yml | 2 +- .github/workflows/MacOS.yml | 2 +- .github/workflows/PebbleStrict.yml | 2 +- .github/workflows/Solaris.yml | 2 +- .github/workflows/Ubuntu.yml | 2 +- .github/workflows/Windows.yml | 2 +- .github/workflows/dockerhub.yml | 5 +++++ .github/workflows/shellcheck.yml | 2 +- 9 files changed, 13 insertions(+), 8 deletions(-) diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index dd80a0b9..8b6d4aa5 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -5,7 +5,7 @@ on: - '*' paths: - '*.sh' - - '**.yml' + - '.github/workflows/FreeBSD.yml' pull_request: branches: diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index 6d4dcf7c..a3cf1c59 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -12,7 +12,7 @@ on: - dev paths: - '*.sh' - - '**.yml' + - '.github/workflows/Linux.yml' diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml index b03bec0c..e12ef8e2 100644 --- a/.github/workflows/MacOS.yml +++ b/.github/workflows/MacOS.yml @@ -12,7 +12,7 @@ on: - dev paths: - '*.sh' - - '**.yml' + - '.github/workflows/MacOS.yml' jobs: diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index fee41feb..15795367 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -11,7 +11,7 @@ on: - dev paths: - '*.sh' - - '**.yml' + - '.github/workflows/PebbleStrict.yml' jobs: PebbleStrict: diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index ad976f59..3f2adb6a 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -12,7 +12,7 @@ on: - dev paths: - '*.sh' - - '**.yml' + - '.github/workflows/Solaris.yml' jobs: diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index cddf14b5..dc704c04 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -12,7 +12,7 @@ on: - dev paths: - '*.sh' - - '**.yml' + - '.github/workflows/Ubuntu.yml' jobs: diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index 0219eaa5..ed73641f 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -12,7 +12,7 @@ on: - dev paths: - '*.sh' - - '**.yml' + - '.github/workflows/Windows.yml' jobs: diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml index 238fde3a..0c3aec0a 100644 --- a/.github/workflows/dockerhub.yml +++ b/.github/workflows/dockerhub.yml @@ -6,6 +6,11 @@ on: - '*' tags: - '*' + paths: + - '**.sh' + - "Dockerfile" + - '.github/workflows/dockerhub.yml' + jobs: CheckToken: diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index b22a2fd8..006b5873 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -11,7 +11,7 @@ on: - dev paths: - '**.sh' - - '**.yml' + - '.github/workflows/shellcheck.yml' jobs: ShellCheck: From 77f659c9b9cbb1685075d5fc5e9d7409c87a6eb7 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 24 Jun 2021 23:57:21 +0800 Subject: [PATCH 0436/1526] add NO_ECC_384 --- .github/workflows/Ubuntu.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index dc704c04..88a9fd38 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -32,6 +32,7 @@ jobs: CA_ECDSA: "Buypass Class 2 Test4 CA 5" CA: "Buypass Class 2 Test4 CA 5" CA_EMAIL: "githubtest@acme.sh" + NO_ECC_384: "1" runs-on: ubuntu-latest env: TEST_LOCAL: 1 @@ -39,6 +40,7 @@ jobs: CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} + NO_ECC_384: ${{ matrix.NO_ECC_384 }} steps: - uses: actions/checkout@v2 - name: Install tools From e9bdf02cfc7f57263d6693a62e35568795f56c3e Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 25 Jun 2021 00:01:46 +0800 Subject: [PATCH 0437/1526] fix filter --- .github/workflows/FreeBSD.yml | 2 +- .github/workflows/Linux.yml | 2 +- .github/workflows/MacOS.yml | 2 +- .github/workflows/PebbleStrict.yml | 2 +- .github/workflows/Solaris.yml | 2 +- .github/workflows/Ubuntu.yml | 2 +- .github/workflows/Windows.yml | 2 +- .github/workflows/shellcheck.yml | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 8b6d4aa5..407a9e6d 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -12,7 +12,7 @@ on: - dev paths: - '*.sh' - - '**.yml' + - '.github/workflows/FreeBSD.yml' jobs: diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index a3cf1c59..c4ec07c4 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -5,7 +5,7 @@ on: - '*' paths: - '*.sh' - - '**.yml' + - '.github/workflows/Linux.yml' pull_request: branches: diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml index e12ef8e2..5ceeba7a 100644 --- a/.github/workflows/MacOS.yml +++ b/.github/workflows/MacOS.yml @@ -5,7 +5,7 @@ on: - '*' paths: - '*.sh' - - '**.yml' + - '.github/workflows/MacOS.yml' pull_request: branches: diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index 15795367..ea8e723d 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -5,7 +5,7 @@ on: - '*' paths: - '*.sh' - - '**.yml' + - '.github/workflows/PebbleStrict.yml' pull_request: branches: - dev diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 3f2adb6a..c3c756bb 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -5,7 +5,7 @@ on: - '*' paths: - '*.sh' - - '**.yml' + - '.github/workflows/Solaris.yml' pull_request: branches: diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 88a9fd38..e6102b97 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -5,7 +5,7 @@ on: - '*' paths: - '*.sh' - - '**.yml' + - '.github/workflows/Ubuntu.yml' pull_request: branches: diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index ed73641f..91605a52 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -5,7 +5,7 @@ on: - '*' paths: - '*.sh' - - '**.yml' + - '.github/workflows/Windows.yml' pull_request: branches: diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 006b5873..940a187d 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -5,7 +5,7 @@ on: - '*' paths: - '**.sh' - - '**.yml' + - '.github/workflows/shellcheck.yml' pull_request: branches: - dev From bcce77508a222eb70615e040c8cd6cbaf069b944 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 25 Jun 2021 00:04:13 +0800 Subject: [PATCH 0438/1526] remove buypass test --- .github/workflows/Ubuntu.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index e6102b97..d3d66e19 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -28,11 +28,7 @@ jobs: CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" - - TEST_ACME_Server: "https://api.test4.buypass.no/acme/directory" - CA_ECDSA: "Buypass Class 2 Test4 CA 5" - CA: "Buypass Class 2 Test4 CA 5" - CA_EMAIL: "githubtest@acme.sh" - NO_ECC_384: "1" + runs-on: ubuntu-latest env: TEST_LOCAL: 1 From eae490b5b153f1e7b43528a88e3156d18eb4f389 Mon Sep 17 00:00:00 2001 From: Arnoud Vermeer Date: Fri, 25 Jun 2021 10:12:23 +0200 Subject: [PATCH 0439/1526] [dns_pdns] Fix: missing content type in PATCH requests #3454 --- dnsapi/dns_pdns.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index 28b35492..6aa2e953 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -103,7 +103,7 @@ set_record() { _build_record_string "$oldchallenge" done - if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}"; then + if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}" "application/json"; then _err "Set txt record error." return 1 fi @@ -126,7 +126,7 @@ rm_record() { if _contains "$_existing_challenges" "$txtvalue"; then #Delete all challenges (PowerDNS API does not allow to delete content) - if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}"; then + if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}" "application/json"; then _err "Delete txt record error." return 1 fi @@ -140,7 +140,7 @@ rm_record() { fi done #Recreate the existing challenges - if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}"; then + if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}" "application/json"; then _err "Set txt record error." return 1 fi @@ -203,12 +203,13 @@ _pdns_rest() { method=$1 ep=$2 data=$3 + ct=$4 export _H1="X-API-Key: $PDNS_Token" if [ ! "$method" = "GET" ]; then _debug data "$data" - response="$(_post "$data" "$PDNS_Url$ep" "" "$method")" + response="$(_post "$data" "$PDNS_Url$ep" "" "$method" "$ct")" else response="$(_get "$PDNS_Url$ep")" fi From e225e173861a2679136bb5f24c4bd863b5b15c8e Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 25 Jun 2021 20:56:17 +0800 Subject: [PATCH 0440/1526] remove unused file --- .github/auto-comment.yml | 40 ---------------------------------------- 1 file changed, 40 deletions(-) delete mode 100644 .github/auto-comment.yml diff --git a/.github/auto-comment.yml b/.github/auto-comment.yml deleted file mode 100644 index 520b3ce3..00000000 --- a/.github/auto-comment.yml +++ /dev/null @@ -1,40 +0,0 @@ -# Comment to a new issue. -issuesOpened: > - If this is a bug report, please upgrade to the latest code and try again: - - 如果有 bug, 请先更新到最新版试试: - - ``` - acme.sh --upgrade - ``` - - please also provide the log with `--debug 2`. - - 同时请提供调试输出 `--debug 2` - - see: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh - - Without `--debug 2` log, your issue will NEVER get replied. - - 没有调试输出, 你的 issue 不会得到任何解答. - - -pullRequestOpened: > - First, NEVER send a PR to `master` branch, it will NEVER be accepted. Please send to the `dev` branch instead. - - If this is a PR to support new DNS API or new notification API, please read this guide first: - https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide - - Please check the guide items one by one. - - Then add your usage here: - https://github.com/acmesh-official/acme.sh/wiki/dnsapi - - Or some other wiki pages: - - https://github.com/acmesh-official/acme.sh/wiki/deployhooks - - https://github.com/acmesh-official/acme.sh/wiki/notify - - - From 77d3815baa72457e4b0fa6c4fb3677543fc979d4 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 25 Jun 2021 21:18:03 +0800 Subject: [PATCH 0441/1526] use TEST_ACME_Server --- .github/workflows/Ubuntu.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index d3d66e19..df0faaf3 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -20,11 +20,11 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "" + - TEST_ACME_Server: "LetsEncrypt.org" CA_ECDSA: "" CA: "" CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest env: TEST_LOCAL: 1 - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} From a69aece23a147a52714f6dd6724281b3e19213a4 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 25 Jun 2021 21:28:20 +0800 Subject: [PATCH 0442/1526] Use TEST_ACME_Server --- .github/workflows/FreeBSD.yml | 6 +++--- .github/workflows/MacOS.yml | 6 +++--- .github/workflows/PebbleStrict.yml | 2 +- .github/workflows/Solaris.yml | 6 +++--- .github/workflows/Windows.yml | 6 +++--- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 407a9e6d..45b08405 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -20,18 +20,18 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "" + - TEST_ACME_Server: "LetsEncrypt.org" CA_ECDSA: "" CA: "" CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" runs-on: macos-latest env: TEST_LOCAL: 1 - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml index 5ceeba7a..11d8e5c3 100644 --- a/.github/workflows/MacOS.yml +++ b/.github/workflows/MacOS.yml @@ -20,18 +20,18 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "" + - TEST_ACME_Server: "LetsEncrypt.org" CA_ECDSA: "" CA: "" CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" runs-on: macos-latest env: TEST_LOCAL: 1 - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index ea8e723d..f7907d8b 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -19,7 +19,7 @@ jobs: env: TestingDomain: example.com TestingAltDomains: www.example.com - ACME_DIRECTORY: https://localhost:14000/dir + TEST_ACME_Server: https://localhost:14000/dir HTTPS_INSECURE: 1 Le_HTTPPort: 5002 TEST_LOCAL: 1 diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index c3c756bb..27e9ad09 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -20,18 +20,18 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "" + - TEST_ACME_Server: "LetsEncrypt.org" CA_ECDSA: "" CA: "" CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" runs-on: macos-latest env: TEST_LOCAL: 1 - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index 91605a52..69ed64ea 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -20,17 +20,17 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "" + - TEST_ACME_Server: "LetsEncrypt.org" CA_ECDSA: "" CA: "" CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" runs-on: windows-latest env: - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} From 536a5f7cffe3b20441687713fb1e14837adc5637 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 25 Jun 2021 21:59:38 +0800 Subject: [PATCH 0443/1526] fix deactivate --- acme.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 0dd8b678..62fb80d0 100755 --- a/acme.sh +++ b/acme.sh @@ -5775,7 +5775,20 @@ remove() { _deactivate() { _d_domain="$1" _d_type="$2" - _initpath + _initpath "$_d_domain" "$_d_type" + + . "$DOMAIN_CONF" + _debug Le_API "$Le_API" + + if [ "$Le_API" ]; then + export ACME_DIRECTORY="$Le_API" + #reload ca configs + ACCOUNT_KEY_PATH="" + ACCOUNT_JSON_PATH="" + CA_CONF="" + _debug3 "initpath again." + _initpath "$Le_Domain" "$_d_type" + fi _identifiers="{\"type\":\"dns\",\"value\":\"$_d_domain\"}" if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then From 175200430144c1b3070ec08450d8641713cb67a5 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 25 Jun 2021 22:16:16 +0800 Subject: [PATCH 0444/1526] fix deactivate --- acme.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/acme.sh b/acme.sh index 62fb80d0..bf6f2806 100755 --- a/acme.sh +++ b/acme.sh @@ -2535,6 +2535,16 @@ __initHome() { fi } +_clearAPI() { + ACME_NEW_ACCOUNT="" + ACME_KEY_CHANGE="" + ACME_NEW_AUTHZ="" + ACME_NEW_ORDER="" + ACME_REVOKE_CERT="" + ACME_NEW_NONCE="" + ACME_AGREEMENT="" +} + #server _initAPI() { _api_server="${1:-$ACME_DIRECTORY}" @@ -5032,6 +5042,9 @@ renew() { _debug Le_API "$Le_API" if [ "$Le_API" ]; then + if [ "$Le_API" != "$ACME_DIRECTORY" ]; then + _clearAPI + fi export ACME_DIRECTORY="$Le_API" #reload ca configs ACCOUNT_KEY_PATH="" @@ -5039,6 +5052,7 @@ renew() { CA_CONF="" _debug3 "initpath again." _initpath "$Le_Domain" "$_isEcc" + _initAPI fi if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then @@ -5781,6 +5795,9 @@ _deactivate() { _debug Le_API "$Le_API" if [ "$Le_API" ]; then + if [ "$Le_API" != "$ACME_DIRECTORY" ]; then + _clearAPI + fi export ACME_DIRECTORY="$Le_API" #reload ca configs ACCOUNT_KEY_PATH="" @@ -5788,6 +5805,7 @@ _deactivate() { CA_CONF="" _debug3 "initpath again." _initpath "$Le_Domain" "$_d_type" + _initAPI fi _identifiers="{\"type\":\"dns\",\"value\":\"$_d_domain\"}" From 13ab98440c9699e9c652a323dbd493a82f149703 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 25 Jun 2021 22:23:17 +0800 Subject: [PATCH 0445/1526] fix initapi --- acme.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/acme.sh b/acme.sh index bf6f2806..8e3d5f54 100755 --- a/acme.sh +++ b/acme.sh @@ -2600,6 +2600,9 @@ _initAPI() { _info "Sleep $_sleep_retry_sec and retry." _sleep "$_sleep_retry_sec" done + if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then + return 0 + fi _err "Can not init api, for $_api_server" return 1 } From 719ba75fccb8a2cb8dfe6655901d370f21bb2820 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 25 Jun 2021 22:29:40 +0800 Subject: [PATCH 0446/1526] fix test server --- .github/workflows/FreeBSD.yml | 2 +- .github/workflows/MacOS.yml | 2 +- .github/workflows/Solaris.yml | 2 +- .github/workflows/Ubuntu.yml | 2 +- .github/workflows/Windows.yml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 45b08405..83364b3c 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -20,7 +20,7 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "LetsEncrypt.org" + - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml index 11d8e5c3..85ec7527 100644 --- a/.github/workflows/MacOS.yml +++ b/.github/workflows/MacOS.yml @@ -20,7 +20,7 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "LetsEncrypt.org" + - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 27e9ad09..64dd741f 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -20,7 +20,7 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "LetsEncrypt.org" + - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index df0faaf3..af74965a 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -20,7 +20,7 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "LetsEncrypt.org" + - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index 69ed64ea..8c8e2842 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -20,7 +20,7 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "LetsEncrypt.org" + - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" From 13fd83e0baf69edd7d5778eec980e16032f65a38 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 25 Jun 2021 22:44:23 +0800 Subject: [PATCH 0447/1526] fix revoke --- acme.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/acme.sh b/acme.sh index 8e3d5f54..3afb958c 100755 --- a/acme.sh +++ b/acme.sh @@ -5713,6 +5713,23 @@ revoke() { return 1 fi + . "$DOMAIN_CONF" + _debug Le_API "$Le_API" + + if [ "$Le_API" ]; then + if [ "$Le_API" != "$ACME_DIRECTORY" ]; then + _clearAPI + fi + export ACME_DIRECTORY="$Le_API" + #reload ca configs + ACCOUNT_KEY_PATH="" + ACCOUNT_JSON_PATH="" + CA_CONF="" + _debug3 "initpath again." + _initpath "$Le_Domain" "$_isEcc" + _initAPI + fi + cert="$(_getfile "${CERT_PATH}" "${BEGIN_CERT}" "${END_CERT}" | tr -d "\r\n" | _url_replace)" if [ -z "$cert" ]; then From fb73dceab09bb5aec542becd1a896ed5cbbccdd6 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 25 Jun 2021 22:46:55 +0800 Subject: [PATCH 0448/1526] fix format --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 3afb958c..b309704c 100755 --- a/acme.sh +++ b/acme.sh @@ -5713,7 +5713,7 @@ revoke() { return 1 fi - . "$DOMAIN_CONF" + . "$DOMAIN_CONF" _debug Le_API "$Le_API" if [ "$Le_API" ]; then From ba7d85145aff76cf15c0b61f03340af0ff01cca7 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 25 Jun 2021 23:01:47 +0800 Subject: [PATCH 0449/1526] fix env --- .github/workflows/FreeBSD.yml | 2 +- .github/workflows/Solaris.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 83364b3c..6a82156d 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -48,7 +48,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/freebsd-vm@v0.1.4 with: - envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL' + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL' nat: | "8080": "80" prepare: pkg install -y socat curl diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 64dd741f..9d1c46ac 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -48,7 +48,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/solaris-vm@v0.0.3 with: - envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL' + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL' nat: | "8080": "80" prepare: pkgutil -y -i socat curl From 772d9700748ee00de74f1242753eb93bbeae089c Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 25 Jun 2021 23:20:40 +0800 Subject: [PATCH 0450/1526] fix CI tests (#3574) fix CI tests --- .github/auto-comment.yml | 40 ---------------------- .github/workflows/FreeBSD.yml | 8 ++--- .github/workflows/MacOS.yml | 6 ++-- .github/workflows/PebbleStrict.yml | 2 +- .github/workflows/Solaris.yml | 8 ++--- .github/workflows/Ubuntu.yml | 6 ++-- .github/workflows/Windows.yml | 6 ++-- acme.sh | 53 +++++++++++++++++++++++++++++- 8 files changed, 70 insertions(+), 59 deletions(-) delete mode 100644 .github/auto-comment.yml diff --git a/.github/auto-comment.yml b/.github/auto-comment.yml deleted file mode 100644 index 520b3ce3..00000000 --- a/.github/auto-comment.yml +++ /dev/null @@ -1,40 +0,0 @@ -# Comment to a new issue. -issuesOpened: > - If this is a bug report, please upgrade to the latest code and try again: - - 如果有 bug, 请先更新到最新版试试: - - ``` - acme.sh --upgrade - ``` - - please also provide the log with `--debug 2`. - - 同时请提供调试输出 `--debug 2` - - see: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh - - Without `--debug 2` log, your issue will NEVER get replied. - - 没有调试输出, 你的 issue 不会得到任何解答. - - -pullRequestOpened: > - First, NEVER send a PR to `master` branch, it will NEVER be accepted. Please send to the `dev` branch instead. - - If this is a PR to support new DNS API or new notification API, please read this guide first: - https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide - - Please check the guide items one by one. - - Then add your usage here: - https://github.com/acmesh-official/acme.sh/wiki/dnsapi - - Or some other wiki pages: - - https://github.com/acmesh-official/acme.sh/wiki/deployhooks - - https://github.com/acmesh-official/acme.sh/wiki/notify - - - diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 407a9e6d..6a82156d 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -20,18 +20,18 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "" + - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" runs-on: macos-latest env: TEST_LOCAL: 1 - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} @@ -48,7 +48,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/freebsd-vm@v0.1.4 with: - envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL' + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL' nat: | "8080": "80" prepare: pkg install -y socat curl diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml index 5ceeba7a..85ec7527 100644 --- a/.github/workflows/MacOS.yml +++ b/.github/workflows/MacOS.yml @@ -20,18 +20,18 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "" + - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" runs-on: macos-latest env: TEST_LOCAL: 1 - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index ea8e723d..f7907d8b 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -19,7 +19,7 @@ jobs: env: TestingDomain: example.com TestingAltDomains: www.example.com - ACME_DIRECTORY: https://localhost:14000/dir + TEST_ACME_Server: https://localhost:14000/dir HTTPS_INSECURE: 1 Le_HTTPPort: 5002 TEST_LOCAL: 1 diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index c3c756bb..9d1c46ac 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -20,18 +20,18 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "" + - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" runs-on: macos-latest env: TEST_LOCAL: 1 - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} @@ -48,7 +48,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/solaris-vm@v0.0.3 with: - envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL' + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL' nat: | "8080": "80" prepare: pkgutil -y -i socat curl diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index d3d66e19..af74965a 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -20,11 +20,11 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "" + - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest env: TEST_LOCAL: 1 - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index 91605a52..8c8e2842 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -20,17 +20,17 @@ jobs: strategy: matrix: include: - - TEST_ACME_Server: "" + - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" - - TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90" + - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" runs-on: windows-latest env: - ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }} + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} diff --git a/acme.sh b/acme.sh index 0dd8b678..b309704c 100755 --- a/acme.sh +++ b/acme.sh @@ -2535,6 +2535,16 @@ __initHome() { fi } +_clearAPI() { + ACME_NEW_ACCOUNT="" + ACME_KEY_CHANGE="" + ACME_NEW_AUTHZ="" + ACME_NEW_ORDER="" + ACME_REVOKE_CERT="" + ACME_NEW_NONCE="" + ACME_AGREEMENT="" +} + #server _initAPI() { _api_server="${1:-$ACME_DIRECTORY}" @@ -2590,6 +2600,9 @@ _initAPI() { _info "Sleep $_sleep_retry_sec and retry." _sleep "$_sleep_retry_sec" done + if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then + return 0 + fi _err "Can not init api, for $_api_server" return 1 } @@ -5032,6 +5045,9 @@ renew() { _debug Le_API "$Le_API" if [ "$Le_API" ]; then + if [ "$Le_API" != "$ACME_DIRECTORY" ]; then + _clearAPI + fi export ACME_DIRECTORY="$Le_API" #reload ca configs ACCOUNT_KEY_PATH="" @@ -5039,6 +5055,7 @@ renew() { CA_CONF="" _debug3 "initpath again." _initpath "$Le_Domain" "$_isEcc" + _initAPI fi if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then @@ -5696,6 +5713,23 @@ revoke() { return 1 fi + . "$DOMAIN_CONF" + _debug Le_API "$Le_API" + + if [ "$Le_API" ]; then + if [ "$Le_API" != "$ACME_DIRECTORY" ]; then + _clearAPI + fi + export ACME_DIRECTORY="$Le_API" + #reload ca configs + ACCOUNT_KEY_PATH="" + ACCOUNT_JSON_PATH="" + CA_CONF="" + _debug3 "initpath again." + _initpath "$Le_Domain" "$_isEcc" + _initAPI + fi + cert="$(_getfile "${CERT_PATH}" "${BEGIN_CERT}" "${END_CERT}" | tr -d "\r\n" | _url_replace)" if [ -z "$cert" ]; then @@ -5775,7 +5809,24 @@ remove() { _deactivate() { _d_domain="$1" _d_type="$2" - _initpath + _initpath "$_d_domain" "$_d_type" + + . "$DOMAIN_CONF" + _debug Le_API "$Le_API" + + if [ "$Le_API" ]; then + if [ "$Le_API" != "$ACME_DIRECTORY" ]; then + _clearAPI + fi + export ACME_DIRECTORY="$Le_API" + #reload ca configs + ACCOUNT_KEY_PATH="" + ACCOUNT_JSON_PATH="" + CA_CONF="" + _debug3 "initpath again." + _initpath "$Le_Domain" "$_d_type" + _initAPI + fi _identifiers="{\"type\":\"dns\",\"value\":\"$_d_domain\"}" if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then From e0def66959cc435d8320b6ce33ef86807a0b3479 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 27 Jun 2021 11:29:51 +0800 Subject: [PATCH 0451/1526] fix for compatiblity --- acme.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index b309704c..6f41285b 100755 --- a/acme.sh +++ b/acme.sh @@ -3577,7 +3577,7 @@ _regAccount() { return 1 fi _secure_debug2 _eabresp "$_eabresp" - _eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')" + _eab_id="$(echo "$_eabresp" | tr ',}' '\n\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')" _secure_debug2 _eab_id "$_eab_id" if [ -z "$_eab_id" ]; then _err "Can not resolve _eab_id" @@ -5857,7 +5857,7 @@ _deactivate() { _debug2 response "$response" _URL_NAME="url" - entries="$(echo "$response" | tr '][' '==' | _egrep_o "challenges\": *=[^=]*=" | tr '}{' '\n' | grep "\"status\": *\"valid\"")" + entries="$(echo "$response" | tr '][' '==' | _egrep_o "challenges\": *=[^=]*=" | tr '}{' '\n\n' | grep "\"status\": *\"valid\"")" if [ -z "$entries" ]; then _info "No valid entries found." if [ -z "$thumbprint" ]; then @@ -6621,7 +6621,7 @@ _getRepoHash() { _hash_path=$1 shift _hash_url="https://api.github.com/repos/acmesh-official/$PROJECT_NAME/git/refs/$_hash_path" - _get $_hash_url | tr -d "\r\n" | tr '{},' '\n' | grep '"sha":' | cut -d '"' -f 4 + _get $_hash_url | tr -d "\r\n" | tr '{},' '\n\n\n' | grep '"sha":' | cut -d '"' -f 4 } _getUpgradeHash() { From 518e1df257511f1a0f0c8e285f78c4a6320b5511 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 28 Jun 2021 21:10:42 +0800 Subject: [PATCH 0452/1526] sync (#3580) sync --- acme.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index b309704c..6f41285b 100755 --- a/acme.sh +++ b/acme.sh @@ -3577,7 +3577,7 @@ _regAccount() { return 1 fi _secure_debug2 _eabresp "$_eabresp" - _eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')" + _eab_id="$(echo "$_eabresp" | tr ',}' '\n\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')" _secure_debug2 _eab_id "$_eab_id" if [ -z "$_eab_id" ]; then _err "Can not resolve _eab_id" @@ -5857,7 +5857,7 @@ _deactivate() { _debug2 response "$response" _URL_NAME="url" - entries="$(echo "$response" | tr '][' '==' | _egrep_o "challenges\": *=[^=]*=" | tr '}{' '\n' | grep "\"status\": *\"valid\"")" + entries="$(echo "$response" | tr '][' '==' | _egrep_o "challenges\": *=[^=]*=" | tr '}{' '\n\n' | grep "\"status\": *\"valid\"")" if [ -z "$entries" ]; then _info "No valid entries found." if [ -z "$thumbprint" ]; then @@ -6621,7 +6621,7 @@ _getRepoHash() { _hash_path=$1 shift _hash_url="https://api.github.com/repos/acmesh-official/$PROJECT_NAME/git/refs/$_hash_path" - _get $_hash_url | tr -d "\r\n" | tr '{},' '\n' | grep '"sha":' | cut -d '"' -f 4 + _get $_hash_url | tr -d "\r\n" | tr '{},' '\n\n\n' | grep '"sha":' | cut -d '"' -f 4 } _getUpgradeHash() { From 2d07185300d612ed468538e8486c64cde03b8f20 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 28 Jun 2021 21:16:32 +0800 Subject: [PATCH 0453/1526] use letsencrypt server to renew certs if no server was saved. --- acme.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/acme.sh b/acme.sh index 6f41285b..d62f7007 100755 --- a/acme.sh +++ b/acme.sh @@ -5043,6 +5043,11 @@ renew() { . "$DOMAIN_CONF" _debug Le_API "$Le_API" + if [ -z "$Le_API" ]; then + #if this is from an old version, Le_API is empty, + #so, we force to use letsencrypt server + Le_API="$CA_LETSENCRYPT_V2" + fi if [ "$Le_API" ]; then if [ "$Le_API" != "$ACME_DIRECTORY" ]; then From d519873fa434705b94b38f8e7975b62a2a426fd9 Mon Sep 17 00:00:00 2001 From: xpac1985 Date: Thu, 1 Jul 2021 22:25:49 +0200 Subject: [PATCH 0454/1526] Fix Infoblox_View handling + some cleanup URL is now constructed after possible fallback value for Infoblox_View is being set Infoblox_View is URLencoded to deal with e.g. spaces Some cleanup, clearer log messages etc. --- dnsapi/dns_infoblox.sh | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/dnsapi/dns_infoblox.sh b/dnsapi/dns_infoblox.sh index 4cbb2146..a4581585 100644 --- a/dnsapi/dns_infoblox.sh +++ b/dnsapi/dns_infoblox.sh @@ -9,7 +9,6 @@ dns_infoblox_add() { ## Nothing to see here, just some housekeeping fulldomain=$1 txtvalue=$2 - baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=$Infoblox_View" _info "Using Infoblox API" _debug fulldomain "$fulldomain" @@ -19,32 +18,39 @@ dns_infoblox_add() { if [ -z "$Infoblox_Creds" ] || [ -z "$Infoblox_Server" ]; then Infoblox_Creds="" Infoblox_Server="" - _err "You didn't specify the credentials, server or infoblox view yet (Infoblox_Creds, Infoblox_Server and Infoblox_View)." - _err "Please set them via EXPORT ([username:password], [ip or hostname]) and try again." + _err "You didn't specify the Infoblox credentials or server (Infoblox_Creds; Infoblox_Server)." + _err "Please set them via EXPORT Infoblox_Creds=username:password or EXPORT Infoblox_server=ip/hostname and try again." return 1 fi if [ -z "$Infoblox_View" ]; then + _info "No Infoblox_View set, using fallback value 'default'" Infoblox_View="default" fi - + ## Save the credentials to the account file _saveaccountconf Infoblox_Creds "$Infoblox_Creds" _saveaccountconf Infoblox_Server "$Infoblox_Server" _saveaccountconf Infoblox_View "$Infoblox_View" + ## URLencode Infoblox View to deal with e.g. spaces + Infoblox_ViewEncoded=$(printf "%b" "$Infoblox_View" | _url_encode) + ## Base64 encode the credentials Infoblox_CredsEncoded=$(printf "%b" "$Infoblox_Creds" | _base64) ## Construct the HTTP Authorization header export _H1="Accept-Language:en-US" export _H2="Authorization: Basic $Infoblox_CredsEncoded" + + ## Construct the request URL + baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=${Infoblox_ViewEncoded}" ## Add the challenge record to the Infoblox grid member result="$(_post "" "$baseurlnObject" "" "POST")" ## Let's see if we get something intelligible back from the unit - if [ "$(echo "$result" | _egrep_o "record:txt/.*:.*/$Infoblox_View")" ]; then + if [ "$(echo "$result" | _egrep_o "record:txt/.*:.*/${Infoblox_ViewEncoded}")" ]; then _info "Successfully created the txt record" return 0 else @@ -65,6 +71,9 @@ dns_infoblox_rm() { _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" + ## URLencode Infoblox View to deal with e.g. spaces + Infoblox_ViewEncoded=$(printf "%b" "$Infoblox_View" | _url_encode) + ## Base64 encode the credentials Infoblox_CredsEncoded="$(printf "%b" "$Infoblox_Creds" | _base64)" @@ -73,18 +82,18 @@ dns_infoblox_rm() { export _H2="Authorization: Basic $Infoblox_CredsEncoded" ## Does the record exist? Let's check. - baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=$Infoblox_View&_return_type=xml-pretty" + baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=${Infoblox_ViewEncoded}&_return_type=xml-pretty" result="$(_get "$baseurlnObject")" ## Let's see if we get something intelligible back from the grid - if [ "$(echo "$result" | _egrep_o "record:txt/.*:.*/$Infoblox_View")" ]; then + if [ "$(echo "$result" | _egrep_o "record:txt/.*:.*/${Infoblox_ViewEncoded}")" ]; then ## Extract the object reference - objRef="$(printf "%b" "$result" | _egrep_o "record:txt/.*:.*/$Infoblox_View")" + objRef="$(printf "%b" "$result" | _egrep_o "record:txt/.*:.*/${Infoblox_ViewEncoded}")" objRmUrl="https://$Infoblox_Server/wapi/v2.2.2/$objRef" ## Delete them! All the stale records! rmResult="$(_post "" "$objRmUrl" "" "DELETE")" ## Let's see if that worked - if [ "$(echo "$rmResult" | _egrep_o "record:txt/.*:.*/$Infoblox_View")" ]; then + if [ "$(echo "$rmResult" | _egrep_o "record:txt/.*:.*/${Infoblox_ViewEncoded}")" ]; then _info "Successfully deleted $objRef" return 0 else From 52243d0870c67251cdccae936ca9b291d2306516 Mon Sep 17 00:00:00 2001 From: xpac1985 Date: Thu, 1 Jul 2021 22:54:56 +0200 Subject: [PATCH 0455/1526] Clean up formatting (SHFMT) --- dnsapi/dns_infoblox.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_infoblox.sh b/dnsapi/dns_infoblox.sh index a4581585..827d92d1 100644 --- a/dnsapi/dns_infoblox.sh +++ b/dnsapi/dns_infoblox.sh @@ -27,7 +27,7 @@ dns_infoblox_add() { _info "No Infoblox_View set, using fallback value 'default'" Infoblox_View="default" fi - + ## Save the credentials to the account file _saveaccountconf Infoblox_Creds "$Infoblox_Creds" _saveaccountconf Infoblox_Server "$Infoblox_Server" @@ -45,7 +45,7 @@ dns_infoblox_add() { ## Construct the request URL baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=${Infoblox_ViewEncoded}" - + ## Add the challenge record to the Infoblox grid member result="$(_post "" "$baseurlnObject" "" "POST")" From 224cd046739e73c8c873a2031ca7b340349bc496 Mon Sep 17 00:00:00 2001 From: xpac1985 Date: Thu, 1 Jul 2021 22:59:43 +0200 Subject: [PATCH 0456/1526] Shell formatting, again --- dnsapi/dns_infoblox.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_infoblox.sh b/dnsapi/dns_infoblox.sh index 827d92d1..6bfd36ee 100644 --- a/dnsapi/dns_infoblox.sh +++ b/dnsapi/dns_infoblox.sh @@ -42,10 +42,10 @@ dns_infoblox_add() { ## Construct the HTTP Authorization header export _H1="Accept-Language:en-US" export _H2="Authorization: Basic $Infoblox_CredsEncoded" - + ## Construct the request URL baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=${Infoblox_ViewEncoded}" - + ## Add the challenge record to the Infoblox grid member result="$(_post "" "$baseurlnObject" "" "POST")" From a0c5d17539394cd1b457c9afa14577debe1c52ed Mon Sep 17 00:00:00 2001 From: jonwltn <86822083+jonwltn@users.noreply.github.com> Date: Fri, 2 Jul 2021 09:23:45 -0700 Subject: [PATCH 0457/1526] Fix the URL for checking DNSPod availability. --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index d62f7007..4b20b708 100755 --- a/acme.sh +++ b/acme.sh @@ -3925,7 +3925,7 @@ _ns_lookup_ali() { } _ns_is_available_dp() { - if _get "https://dns.alidns.com" "" 1 >/dev/null 2>&1; then + if _get "https://doh.pub" "" 1 >/dev/null 2>&1; then return 0 else return 1 From da58fcbfce9402aee9209497850349f21dc61fae Mon Sep 17 00:00:00 2001 From: Steven Zhu Date: Tue, 6 Jul 2021 20:51:51 -0400 Subject: [PATCH 0458/1526] Add sender name for SendGrid notify hook --- notify/sendgrid.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/notify/sendgrid.sh b/notify/sendgrid.sh index 0d5ea3b3..ea4dcc93 100644 --- a/notify/sendgrid.sh +++ b/notify/sendgrid.sh @@ -37,11 +37,19 @@ sendgrid_send() { fi _saveaccountconf_mutable SENDGRID_FROM "$SENDGRID_FROM" + SENDGRID_FROM_NAME="${SENDGRID_FROM_NAME:-$(_readaccountconf_mutable SENDGRID_FROM_NAME)}" + _saveaccountconf_mutable SENDGRID_FROM_NAME "$SENDGRID_FROM_NAME" + export _H1="Authorization: Bearer $SENDGRID_API_KEY" export _H2="Content-Type: application/json" _content="$(echo "$_content" | _json_encode)" - _data="{\"personalizations\": [{\"to\": [{\"email\": \"$SENDGRID_TO\"}]}],\"from\": {\"email\": \"$SENDGRID_FROM\"},\"subject\": \"$_subject\",\"content\": [{\"type\": \"text/plain\", \"value\": \"$_content\"}]}" + + if [ -z "$SENDGRID_FROM_NAME" ]; then + _data="{\"personalizations\": [{\"to\": [{\"email\": \"$SENDGRID_TO\"}]}],\"from\": {\"email\": \"$SENDGRID_FROM\"},\"subject\": \"$_subject\",\"content\": [{\"type\": \"text/plain\", \"value\": \"$_content\"}]}" + else + _data="{\"personalizations\": [{\"to\": [{\"email\": \"$SENDGRID_TO\"}]}],\"from\": {\"email\": \"$SENDGRID_FROM\", \"name\": \"$SENDGRID_FROM_NAME\"},\"subject\": \"$_subject\",\"content\": [{\"type\": \"text/plain\", \"value\": \"$_content\"}]}" + fi response="$(_post "$_data" "https://api.sendgrid.com/v3/mail/send")" if [ "$?" = "0" ] && [ -z "$response" ]; then From 849c3fd9c90027cd96966d99569ffdfdccc61a3d Mon Sep 17 00:00:00 2001 From: Steven Zhu Date: Tue, 6 Jul 2021 22:54:15 -0400 Subject: [PATCH 0459/1526] Fix space inconsistency --- notify/sendgrid.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/sendgrid.sh b/notify/sendgrid.sh index ea4dcc93..82d3f6c6 100644 --- a/notify/sendgrid.sh +++ b/notify/sendgrid.sh @@ -44,7 +44,7 @@ sendgrid_send() { export _H2="Content-Type: application/json" _content="$(echo "$_content" | _json_encode)" - + if [ -z "$SENDGRID_FROM_NAME" ]; then _data="{\"personalizations\": [{\"to\": [{\"email\": \"$SENDGRID_TO\"}]}],\"from\": {\"email\": \"$SENDGRID_FROM\"},\"subject\": \"$_subject\",\"content\": [{\"type\": \"text/plain\", \"value\": \"$_content\"}]}" else From ac9993394c51409c22bb300c02f631bd8915022a Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 11 Jul 2021 21:58:47 +0800 Subject: [PATCH 0460/1526] update --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index c7f7e677..91a18985 100644 --- a/README.md +++ b/README.md @@ -20,18 +20,18 @@ - An ACME protocol client written purely in Shell (Unix shell) language. - Full ACME protocol implementation. -- Support ACME v1 and ACME v2 -- Support ACME v2 wildcard certs +- Support ECDSA certs +- Support SAN and wildcard certs - Simple, powerful and very easy to use. You only need 3 minutes to learn it. - Bash, dash and sh compatible. -- Purely written in Shell with no dependencies on python or the official Let's Encrypt client. +- Purely written in Shell with no dependencies on python. - Just one script to issue, renew and install your certificates automatically. - DOES NOT require `root/sudoer` access. -- Docker friendly -- IPv6 support +- Docker ready +- IPv6 ready - Cron job notifications for renewal or error etc. -It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt. +It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates. Wiki: https://github.com/acmesh-official/acme.sh/wiki From 98ef51514f59da72fcb8f4f2c2be563252c77848 Mon Sep 17 00:00:00 2001 From: ciro Date: Sun, 11 Jul 2021 20:29:44 -0300 Subject: [PATCH 0461/1526] added pushbullet functionality --- notify/pushbullet.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 notify/pushbullet.sh diff --git a/notify/pushbullet.sh b/notify/pushbullet.sh new file mode 100644 index 00000000..44461d25 --- /dev/null +++ b/notify/pushbullet.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env sh + +#Support for pushbullet.com's api. Push notification, notification sync and message platform for multiple platforms +#PUSHBULLET_TOKEN="" Required, pushbullet application token +#PUSHBULLET_DEVICE="" Optional, Specific device, ignore to send to all devices + +PUSHBULLET_URI="https://api.pushbullet.com/v2/pushes" +pushbullet_send() { + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_statusCode" "$_statusCode" + + PUSHBULLET_TOKEN="${PUSHBULLET_TOKEN:-$(_readaccountconf_mutable PUSHBULLET_TOKEN)}" + if [ -z "$PUSHBULLET_TOKEN" ]; then + PUSHBULLET_TOKEN="" + _err "You didn't specify a Pushbullet application token yet." + return 1 + fi + _saveaccountconf_mutable PUSHBULLET_TOKEN "$PUSHBULLET_TOKEN" + + PUSHBULLET_DEVICE="${PUSHBULLET_DEVICE:-$(_readaccountconf_mutable PUSHBULLET_DEVICE)}" + if [ -z "$PUSHBULLET_DEVICE" ]; then + _saveaccountconf_mutable PUSHBULLET_TOKEN "$PUSHBULLET_TOKEN" + fi + + export _H1="Content-Type: application/json" + export _H2="Access-Token: ${PUSHBULLET_TOKEN}" + _content="$(printf "*%s*\n" "$_content" | _json_encode)" + _subject="$(printf "*%s*\n" "$_subject" | _json_encode)" + _data="{\"type\": \"note\",\"title\": \"${_subject}\",\"body\": \"${_content}\",\"device_iden\": \"${PUSHBULLET_DEVICE}\"}" + response="$(_post "$_data" "$PUSHBULLET_URI")" + + if [ "$?" != "0" ] || _contains "$response" "\"error_code\""; then + _err "PUSHBULLET send error." + _err "$response" + return 1 + fi + + _info "PUSHBULLET send success." + return 0 +} From dcc50093bb96df781c82708bf53233711287c63a Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 12 Jul 2021 21:46:08 +0800 Subject: [PATCH 0462/1526] fix https://github.com/acmesh-official/acme.sh/issues/3600 --- acme.sh | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/acme.sh b/acme.sh index 4b20b708..c57cd2ad 100755 --- a/acme.sh +++ b/acme.sh @@ -4712,26 +4712,13 @@ $_authorizations_map" return 1 fi - _debug "sleep 2 secs to verify" - sleep 2 - _debug "checking" - - _send_signed_request "$uri" - - if [ "$?" != "0" ]; then - _err "$d:Verify error:$response" - _clearupwebbroot "$_currentRoot" "$removelevel" "$token" - _clearup - _on_issue_err "$_post_hook" "$vlist" - return 1 - fi _debug2 original "$response" response="$(echo "$response" | _normalizeJson)" _debug2 response "$response" status=$(echo "$response" | _egrep_o '"status":"[^"]*' | cut -d : -f 2 | tr -d '"') - + _debug2 status "$status" if _contains "$status" "invalid"; then error="$(echo "$response" | _egrep_o '"error":\{[^\}]*')" _debug2 error "$error" @@ -4773,7 +4760,19 @@ $_authorizations_map" _on_issue_err "$_post_hook" "$vlist" return 1 fi + _debug "sleep 2 secs to verify again" + sleep 2 + _debug "checking" + _send_signed_request "$uri" + + if [ "$?" != "0" ]; then + _err "$d:Verify error:$response" + _clearupwebbroot "$_currentRoot" "$removelevel" "$token" + _clearup + _on_issue_err "$_post_hook" "$vlist" + return 1 + fi done done From ae3dda0f8fc3071495cd1e8dff0fe4a339febb1c Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 15 Jul 2021 22:21:32 +0800 Subject: [PATCH 0463/1526] add retry for get() and post() --- acme.sh | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 68 insertions(+), 6 deletions(-) diff --git a/acme.sh b/acme.sh index c57cd2ad..4ddc7501 100755 --- a/acme.sh +++ b/acme.sh @@ -1768,7 +1768,7 @@ _inithttp() { if [ -z "$ACME_HTTP_NO_REDIRECTS" ]; then _ACME_CURL="$_ACME_CURL -L " fi - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then + if [ "$DEBUG" ] && [ "$DEBUG" -ge 2 ]; then _CURL_DUMP="$(_mktemp)" _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP " fi @@ -1808,6 +1808,8 @@ _inithttp() { } +_HTTP_MAX_RETRY=8 + # body url [needbase64] [POST|PUT|DELETE] [ContentType] _post() { body="$1" @@ -1815,6 +1817,33 @@ _post() { needbase64="$3" httpmethod="$4" _postContentType="$5" + _sleep_retry_sec=1 + _http_retry_times=0 + _hcode=0 + while [ "${_http_retry_times}" -le "$_HTTP_MAX_RETRY" ]; do + [ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ] + _lastHCode="$?" + _debug "Retrying post" + _post_impl "$body" "$_post_url" "$needbase64" "$httpmethod" "$_postContentType" "$_lastHCode"; + _hcode="$?" + _debug _hcode "$_hcode" + if [ "$_hcode" = "0" ]; then + break; + fi + _http_retry_times=$(_math $_http_retry_times + 1) + _sleep $_sleep_retry_sec + done + return $_hcode +} + +# body url [needbase64] [POST|PUT|DELETE] [ContentType] [displayError] +_post_impl() { + body="$1" + _post_url="$2" + needbase64="$3" + httpmethod="$4" + _postContentType="$5" + displayError="$6" if [ -z "$httpmethod" ]; then httpmethod="POST" @@ -1866,7 +1895,9 @@ _post() { fi _ret="$?" if [ "$_ret" != "0" ]; then - _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" + if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then + _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" + fi if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _err "Here is the curl dump log:" _err "$(cat "$_CURL_DUMP")" @@ -1922,7 +1953,9 @@ _post() { _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later." fi if [ "$_ret" != "0" ]; then - _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" + if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then + _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" + fi fi _sed_i "s/^ *//g" "$HTTP_HEADER" else @@ -1936,13 +1969,38 @@ _post() { # url getheader timeout _get() { + url="$1" + onlyheader="$2" + t="$3" + _sleep_retry_sec=1 + _http_retry_times=0 + _hcode=0 + while [ "${_http_retry_times}" -le "$_HTTP_MAX_RETRY" ]; do + [ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ] + _lastHCode="$?" + _debug "Retrying GET" + _get_impl "$url" "$onlyheader" "$t" "$_lastHCode"; + _hcode="$?" + _debug _hcode "$_hcode" + if [ "$_hcode" = "0" ]; then + break; + fi + _http_retry_times=$(_math $_http_retry_times + 1) + _sleep $_sleep_retry_sec + done + return $_hcode +} + +# url getheader timeout displayError +_get_impl() { _debug GET url="$1" onlyheader="$2" t="$3" + displayError="$4" _debug url "$url" _debug "timeout=$t" - + _debug "displayError" "$displayError" _inithttp if [ "$_ACME_CURL" ] && [ "${ACME_USE_WGET:-0}" = "0" ]; then @@ -1961,7 +2019,9 @@ _get() { fi ret=$? if [ "$ret" != "0" ]; then - _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret" + if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then + _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret" + fi if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _err "Here is the curl dump log:" _err "$(cat "$_CURL_DUMP")" @@ -1987,7 +2047,9 @@ _get() { _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later." fi if [ "$ret" != "0" ]; then - _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret" + if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then + _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret" + fi fi else ret=$? From d70b759cb9c5b413cce92e65e841a54a65813962 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 15 Jul 2021 22:47:20 +0800 Subject: [PATCH 0464/1526] format --- acme.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index 4ddc7501..47b0e4d2 100755 --- a/acme.sh +++ b/acme.sh @@ -1824,11 +1824,11 @@ _post() { [ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ] _lastHCode="$?" _debug "Retrying post" - _post_impl "$body" "$_post_url" "$needbase64" "$httpmethod" "$_postContentType" "$_lastHCode"; + _post_impl "$body" "$_post_url" "$needbase64" "$httpmethod" "$_postContentType" "$_lastHCode" _hcode="$?" _debug _hcode "$_hcode" if [ "$_hcode" = "0" ]; then - break; + break fi _http_retry_times=$(_math $_http_retry_times + 1) _sleep $_sleep_retry_sec @@ -1979,11 +1979,11 @@ _get() { [ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ] _lastHCode="$?" _debug "Retrying GET" - _get_impl "$url" "$onlyheader" "$t" "$_lastHCode"; + _get_impl "$url" "$onlyheader" "$t" "$_lastHCode" _hcode="$?" _debug _hcode "$_hcode" if [ "$_hcode" = "0" ]; then - break; + break fi _http_retry_times=$(_math $_http_retry_times + 1) _sleep $_sleep_retry_sec From c7ca9d7e36a2a240a5a25f60d3e7f9d9daefc3b2 Mon Sep 17 00:00:00 2001 From: ciro Date: Thu, 15 Jul 2021 22:55:35 -0300 Subject: [PATCH 0465/1526] fix shfmt issues --- notify/pushbullet.sh | 56 ++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/notify/pushbullet.sh b/notify/pushbullet.sh index 44461d25..0a638745 100644 --- a/notify/pushbullet.sh +++ b/notify/pushbullet.sh @@ -6,37 +6,37 @@ PUSHBULLET_URI="https://api.pushbullet.com/v2/pushes" pushbullet_send() { - _subject="$1" - _content="$2" - _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped - _debug "_statusCode" "$_statusCode" + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_statusCode" "$_statusCode" - PUSHBULLET_TOKEN="${PUSHBULLET_TOKEN:-$(_readaccountconf_mutable PUSHBULLET_TOKEN)}" - if [ -z "$PUSHBULLET_TOKEN" ]; then - PUSHBULLET_TOKEN="" - _err "You didn't specify a Pushbullet application token yet." - return 1 - fi - _saveaccountconf_mutable PUSHBULLET_TOKEN "$PUSHBULLET_TOKEN" + PUSHBULLET_TOKEN="${PUSHBULLET_TOKEN:-$(_readaccountconf_mutable PUSHBULLET_TOKEN)}" + if [ -z "$PUSHBULLET_TOKEN" ]; then + PUSHBULLET_TOKEN="" + _err "You didn't specify a Pushbullet application token yet." + return 1 + fi + _saveaccountconf_mutable PUSHBULLET_TOKEN "$PUSHBULLET_TOKEN" - PUSHBULLET_DEVICE="${PUSHBULLET_DEVICE:-$(_readaccountconf_mutable PUSHBULLET_DEVICE)}" - if [ -z "$PUSHBULLET_DEVICE" ]; then - _saveaccountconf_mutable PUSHBULLET_TOKEN "$PUSHBULLET_TOKEN" - fi + PUSHBULLET_DEVICE="${PUSHBULLET_DEVICE:-$(_readaccountconf_mutable PUSHBULLET_DEVICE)}" + if [ -z "$PUSHBULLET_DEVICE" ]; then + _saveaccountconf_mutable PUSHBULLET_TOKEN "$PUSHBULLET_TOKEN" + fi - export _H1="Content-Type: application/json" - export _H2="Access-Token: ${PUSHBULLET_TOKEN}" - _content="$(printf "*%s*\n" "$_content" | _json_encode)" - _subject="$(printf "*%s*\n" "$_subject" | _json_encode)" - _data="{\"type\": \"note\",\"title\": \"${_subject}\",\"body\": \"${_content}\",\"device_iden\": \"${PUSHBULLET_DEVICE}\"}" - response="$(_post "$_data" "$PUSHBULLET_URI")" + export _H1="Content-Type: application/json" + export _H2="Access-Token: ${PUSHBULLET_TOKEN}" + _content="$(printf "*%s*\n" "$_content" | _json_encode)" + _subject="$(printf "*%s*\n" "$_subject" | _json_encode)" + _data="{\"type\": \"note\",\"title\": \"${_subject}\",\"body\": \"${_content}\",\"device_iden\": \"${PUSHBULLET_DEVICE}\"}" + response="$(_post "$_data" "$PUSHBULLET_URI")" - if [ "$?" != "0" ] || _contains "$response" "\"error_code\""; then - _err "PUSHBULLET send error." - _err "$response" - return 1 - fi + if [ "$?" != "0" ] || _contains "$response" "\"error_code\""; then + _err "PUSHBULLET send error." + _err "$response" + return 1 + fi - _info "PUSHBULLET send success." - return 0 + _info "PUSHBULLET send success." + return 0 } From 4a8511f68009826f0b56302df3e9faff3a64106c Mon Sep 17 00:00:00 2001 From: ciro Date: Sat, 17 Jul 2021 13:50:45 -0300 Subject: [PATCH 0466/1526] fix wrong variable name --- notify/pushbullet.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/pushbullet.sh b/notify/pushbullet.sh index 0a638745..6f33b44f 100644 --- a/notify/pushbullet.sh +++ b/notify/pushbullet.sh @@ -21,7 +21,7 @@ pushbullet_send() { PUSHBULLET_DEVICE="${PUSHBULLET_DEVICE:-$(_readaccountconf_mutable PUSHBULLET_DEVICE)}" if [ -z "$PUSHBULLET_DEVICE" ]; then - _saveaccountconf_mutable PUSHBULLET_TOKEN "$PUSHBULLET_TOKEN" + _saveaccountconf_mutable PUSHBULLET_DEVICE "$PUSHBULLET_DEVICE" fi export _H1="Content-Type: application/json" From 103810ce2091a2d0e907062033f12b06ec615d62 Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 20 Jul 2021 21:05:17 +0800 Subject: [PATCH 0467/1526] add info --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 47b0e4d2..d9e7136a 100755 --- a/acme.sh +++ b/acme.sh @@ -4812,9 +4812,9 @@ $_authorizations_map" fi if [ "$status" = "pending" ]; then - _info "Pending" + _info "Pending, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)" elif [ "$status" = "processing" ]; then - _info "Processing" + _info "Processing, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)" else _err "$d:Verify error:$response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" From 63165764dcc7084750cb537b8563671fbc655b74 Mon Sep 17 00:00:00 2001 From: Ivanovitch_k Date: Thu, 22 Jul 2021 00:09:44 +0200 Subject: [PATCH 0468/1526] dns_ovh: fix random add/remove txt records failures due to inconsistent curl api response json --- dnsapi/dns_ovh.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index f6f9689a..b2c646fa 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -261,7 +261,9 @@ _get_root() { return 1 fi - if ! _contains "$response" "This service does not exist" >/dev/null && ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then + if ! _contains "$response" "This service does not exist" >/dev/null && \ + ! _contains "$response" "This call has not been granted" >/dev/null && \ + ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain="$h" return 0 From 08438608d1e727cbbcaa311057c107c22f21a171 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 24 Jul 2021 15:46:58 +0800 Subject: [PATCH 0469/1526] fix format --- dnsapi/dns_ovh.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index b2c646fa..e65babbd 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -261,9 +261,9 @@ _get_root() { return 1 fi - if ! _contains "$response" "This service does not exist" >/dev/null && \ - ! _contains "$response" "This call has not been granted" >/dev/null && \ - ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then + if ! _contains "$response" "This service does not exist" >/dev/null && + ! _contains "$response" "This call has not been granted" >/dev/null && + ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain="$h" return 0 From 655e34b166d89cef80e3a14c48d1e52b3ea9fb43 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 24 Jul 2021 16:23:30 +0800 Subject: [PATCH 0470/1526] minor, clean links for renewal --- acme.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/acme.sh b/acme.sh index d9e7136a..8ded1465 100755 --- a/acme.sh +++ b/acme.sh @@ -4207,6 +4207,10 @@ issue() { if [ -z "$_ACME_IS_RENEW" ]; then _initpath "$_main_domain" "$_key_length" mkdir -p "$DOMAIN_PATH" + else + Le_OrderFinalize="" + Le_LinkOrder="" + Le_LinkCert="" fi if _hasfield "$_web_roots" "$W_DNS" && [ -z "$FORCE_DNS_MANUAL" ]; then From 5cc1d9521cb33619d244d13dd2e646ee41e0410a Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 28 Jul 2021 22:14:54 +0800 Subject: [PATCH 0471/1526] fix https://github.com/acmesh-official/acme.sh/issues/3624#issuecomment-887689325 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 8ded1465..b2398c5d 100755 --- a/acme.sh +++ b/acme.sh @@ -3441,7 +3441,7 @@ _on_before_issue() { _netprc="$(_ss "$_checkport" | grep "$_checkport")" netprc="$(echo "$_netprc" | grep "$_checkaddr")" if [ -z "$netprc" ]; then - netprc="$(echo "$_netprc" | grep "$LOCAL_ANY_ADDRESS")" + netprc="$(echo "$_netprc" | grep "$LOCAL_ANY_ADDRESS:$_checkport")" fi if [ "$netprc" ]; then _err "$netprc" From 89abad798003362a8ec4f0f1866f2190993deba1 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 1 Aug 2021 13:11:52 +0800 Subject: [PATCH 0472/1526] fix https://github.com/acmesh-official/acme.sh/issues/3635 --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index b2398c5d..0028164a 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=3.0.0 +VER=3.0.1 PROJECT_NAME="acme.sh" @@ -4207,7 +4207,7 @@ issue() { if [ -z "$_ACME_IS_RENEW" ]; then _initpath "$_main_domain" "$_key_length" mkdir -p "$DOMAIN_PATH" - else + elif ! _hasfield "$_web_roots" "$W_DNS"; then Le_OrderFinalize="" Le_LinkOrder="" Le_LinkCert="" From 2b5e2d4760d7c3ec36f5af33dfa95d9077cd5966 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 1 Aug 2021 15:44:14 +0800 Subject: [PATCH 0473/1526] fix nginx mode --- acme.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index 0028164a..c0986c72 100755 --- a/acme.sh +++ b/acme.sh @@ -3161,14 +3161,14 @@ _checkConf() { FOUND_REAL_NGINX_CONF="$2" return 0 fi - if cat "$2" | tr "\t" " " | grep "^ *include *.*;" >/dev/null; then + if cat "$2" | tr "\t" " " | grep "^ *include *;" >/dev/null; then _debug "Try include files" - for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do + for included in $(cat "$2" | tr "\t" " " | grep "^ *include *;" | sed "s/include //" | tr -d " ;"); do _debug "check included $included" if ! _startswith "$included" "/" && _exists dirname; then _relpath="$(dirname "$_c_file")" _debug "_relpath" "$_relpath" - included="$_relpath/included" + included="$_relpath/$included" fi if _checkConf "$1" "$included"; then return 0 From ec678bc6d2095334f449b25298cfd029ce4ace74 Mon Sep 17 00:00:00 2001 From: Felix Yan Date: Tue, 3 Aug 2021 01:36:59 +0800 Subject: [PATCH 0474/1526] Correct a typo in dns_aws.sh --- dnsapi/dns_aws.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 068c337c..14a4594d 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -32,7 +32,7 @@ dns_aws_add() { if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then AWS_ACCESS_KEY_ID="" AWS_SECRET_ACCESS_KEY="" - _err "You haven't specifed the aws route53 api key id and and api key secret yet." + _err "You haven't specified the aws route53 api key id and and api key secret yet." _err "Please create your key and try again. see $(__green $AWS_WIKI)" return 1 fi From 6b97dc67349671450833450fd26449fb48450bbc Mon Sep 17 00:00:00 2001 From: jonwltn <86822083+jonwltn@users.noreply.github.com> Date: Wed, 4 Aug 2021 10:44:48 -0700 Subject: [PATCH 0475/1526] Minor output formatting changes. --- acme.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/acme.sh b/acme.sh index c0986c72..9bc962d8 100755 --- a/acme.sh +++ b/acme.sh @@ -4984,10 +4984,10 @@ $_authorizations_map" _info "$(__green "Cert success.")" cat "$CERT_PATH" - _info "Your cert is in $(__green " $CERT_PATH ")" + _info "Your cert is in: $(__green "$CERT_PATH")" if [ -f "$CERT_KEY_PATH" ]; then - _info "Your cert key is in $(__green " $CERT_KEY_PATH ")" + _info "Your cert key is in: $(__green "$CERT_KEY_PATH")" fi if [ ! "$USER_PATH" ] || [ ! "$_ACME_IN_CRON" ]; then @@ -4996,8 +4996,8 @@ $_authorizations_map" fi fi - [ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in $(__green " $CA_CERT_PATH ")" - [ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green " $CERT_FULLCHAIN_PATH ")" + [ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in: $(__green "$CA_CERT_PATH")" + [ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green "$CERT_FULLCHAIN_PATH")" Le_CertCreateTime=$(_time) _savedomainconf "Le_CertCreateTime" "$Le_CertCreateTime" @@ -5541,7 +5541,7 @@ _installcert() { mkdir -p "$_backup_path" if [ "$_real_cert" ]; then - _info "Installing cert to:$_real_cert" + _info "Installing cert to: $_real_cert" if [ -f "$_real_cert" ] && [ ! "$_ACME_IS_RENEW" ]; then cp "$_real_cert" "$_backup_path/cert.bak" fi @@ -5549,7 +5549,7 @@ _installcert() { fi if [ "$_real_ca" ]; then - _info "Installing CA to:$_real_ca" + _info "Installing CA to: $_real_ca" if [ "$_real_ca" = "$_real_cert" ]; then echo "" >>"$_real_ca" cat "$CA_CERT_PATH" >>"$_real_ca" || return 1 @@ -5562,7 +5562,7 @@ _installcert() { fi if [ "$_real_key" ]; then - _info "Installing key to:$_real_key" + _info "Installing key to: $_real_key" if [ -f "$_real_key" ] && [ ! "$_ACME_IS_RENEW" ]; then cp "$_real_key" "$_backup_path/key.bak" fi @@ -5575,7 +5575,7 @@ _installcert() { fi if [ "$_real_fullchain" ]; then - _info "Installing full chain to:$_real_fullchain" + _info "Installing full chain to: $_real_fullchain" if [ -f "$_real_fullchain" ] && [ ! "$_ACME_IS_RENEW" ]; then cp "$_real_fullchain" "$_backup_path/fullchain.bak" fi From 06580bf0e457fafb63fdd2e7aa8fad36dfb86d35 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 5 Aug 2021 20:12:42 +0800 Subject: [PATCH 0476/1526] fix https://github.com/acmesh-official/acme.sh/issues/1914#issuecomment-893188476 --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 9bc962d8..2459404a 100755 --- a/acme.sh +++ b/acme.sh @@ -3161,9 +3161,9 @@ _checkConf() { FOUND_REAL_NGINX_CONF="$2" return 0 fi - if cat "$2" | tr "\t" " " | grep "^ *include *;" >/dev/null; then + if cat "$2" | tr "\t" " " | grep "^ *include +.*;" >/dev/null; then _debug "Try include files" - for included in $(cat "$2" | tr "\t" " " | grep "^ *include *;" | sed "s/include //" | tr -d " ;"); do + for included in $(cat "$2" | tr "\t" " " | grep "^ *include +.*;" | sed "s/include //" | tr -d " ;"); do _debug "check included $included" if ! _startswith "$included" "/" && _exists dirname; then _relpath="$(dirname "$_c_file")" From 5a44e63caddd9fe7b6b039b80a2a78f0d0a39dd9 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 6 Aug 2021 21:22:10 +0800 Subject: [PATCH 0477/1526] fix nginx mode https://github.com/acmesh-official/acme.sh/issues/3648#issuecomment-894045613 --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 2459404a..b7284db7 100755 --- a/acme.sh +++ b/acme.sh @@ -3161,9 +3161,9 @@ _checkConf() { FOUND_REAL_NGINX_CONF="$2" return 0 fi - if cat "$2" | tr "\t" " " | grep "^ *include +.*;" >/dev/null; then + if cat "$2" | tr "\t" " " | grep "^ *include *.*;" >/dev/null; then _debug "Try include files" - for included in $(cat "$2" | tr "\t" " " | grep "^ *include +.*;" | sed "s/include //" | tr -d " ;"); do + for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do _debug "check included $included" if ! _startswith "$included" "/" && _exists dirname; then _relpath="$(dirname "$_c_file")" From ccfd907914dad2530b52a1708b52e4a4248561d0 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 7 Aug 2021 21:06:05 +0800 Subject: [PATCH 0478/1526] fix https://github.com/acmesh-official/acme.sh/issues/3649 --- acme.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index b7284db7..27b769ae 100755 --- a/acme.sh +++ b/acme.sh @@ -20,6 +20,8 @@ _SUB_FOLDER_DEPLOY="deploy" _SUB_FOLDERS="$_SUB_FOLDER_DNSAPI $_SUB_FOLDER_DEPLOY $_SUB_FOLDER_NOTIFY" +CA_LETSENCRYPT_V1="https://acme-v01.api.letsencrypt.org/directory" + CA_LETSENCRYPT_V2="https://acme-v02.api.letsencrypt.org/directory" CA_LETSENCRYPT_V2_TEST="https://acme-staging-v02.api.letsencrypt.org/directory" @@ -5108,7 +5110,7 @@ renew() { . "$DOMAIN_CONF" _debug Le_API "$Le_API" - if [ -z "$Le_API" ]; then + if [ -z "$Le_API" ] || [ "$CA_LETSENCRYPT_V1" = "$Le_API" ]; then #if this is from an old version, Le_API is empty, #so, we force to use letsencrypt server Le_API="$CA_LETSENCRYPT_V2" From 72e3f33f287a2da93cbc7d716290996c83f9ffd7 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 8 Aug 2021 08:49:15 +0800 Subject: [PATCH 0479/1526] fix docker test --- .github/workflows/DNS.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index b00ef263..13066fdd 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -61,22 +61,22 @@ jobs: run: | cd ../acmetest if [ "${{ secrets.TokenName1}}" ] ; then - echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> env.list + echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> docker.env fi if [ "${{ secrets.TokenName2}}" ] ; then - echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> env.list + echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> docker.env fi if [ "${{ secrets.TokenName3}}" ] ; then - echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> env.list + echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> docker.env fi if [ "${{ secrets.TokenName4}}" ] ; then - echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> env.list + echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> docker.env fi if [ "${{ secrets.TokenName5}}" ] ; then - echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> env.list + echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> docker.env fi - echo "TEST_DNS_NO_WILDCARD" >> env.list - echo "TEST_DNS_SLEEP" >> env.list + echo "TEST_DNS_NO_WILDCARD" >> docker.env + echo "TEST_DNS_SLEEP" >> docker.env - name: Run acmetest run: cd ../acmetest && ./rundocker.sh testall From e164362069001387d93229106e706fab959a3699 Mon Sep 17 00:00:00 2001 From: Bernard Spil Date: Tue, 10 Aug 2021 12:36:29 +0200 Subject: [PATCH 0480/1526] Make domain names available to pre hook Export Le_Domains and Le_Alt so your pre-hook script can run additional checks. Allows running checks on the domain names before the first call to the ACME API. Thereby not counting against the rate-limit when an issue is going to be problematic. Supersedes: #3288 --- acme.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/acme.sh b/acme.sh index 27b769ae..d08a0b06 100755 --- a/acme.sh +++ b/acme.sh @@ -3382,6 +3382,8 @@ _on_before_issue() { if [ "$_chk_pre_hook" ]; then _info "Run pre hook:'$_chk_pre_hook'" if ! ( + export Le_Domain="$_chk_main_domain" + export Le_Alt="$_chk_alt_domains" cd "$DOMAIN_PATH" && eval "$_chk_pre_hook" ); then _err "Error when run pre hook." From 6bdf689d0f14e27fe41a3064d98a57d9a61c7565 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 15 Aug 2021 08:52:55 +0800 Subject: [PATCH 0481/1526] fix https://github.com/acmesh-official/acme.sh/issues/3660 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 27b769ae..3567900e 100755 --- a/acme.sh +++ b/acme.sh @@ -5745,7 +5745,7 @@ uninstallcronjob() { _info "Removing cron job" cr="$($_CRONTAB -l | grep "$PROJECT_ENTRY --cron")" if [ "$cr" ]; then - if _exists uname && uname -a | grep solaris >/dev/null; then + if _exists uname && uname -a | grep SunOS >/dev/null; then $_CRONTAB -l | sed "/$PROJECT_ENTRY --cron/d" | $_CRONTAB -- else $_CRONTAB -l | sed "/$PROJECT_ENTRY --cron/d" | $_CRONTAB - From 83cb89e4f741b0d160cd9776e625d6d17e3b5af6 Mon Sep 17 00:00:00 2001 From: Aleksei Faians Date: Tue, 17 Aug 2021 08:58:04 +0300 Subject: [PATCH 0482/1526] treat variable contents as text, don't process switches --- dnsapi/dns_he.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_he.sh b/dnsapi/dns_he.sh index ef09fa0a..bf4a5030 100755 --- a/dnsapi/dns_he.sh +++ b/dnsapi/dns_he.sh @@ -85,7 +85,7 @@ dns_he_rm() { _debug "The txt record is not found, just skip" return 0 fi - _record_id="$(echo "$response" | tr -d "#" | sed "s/ Date: Wed, 18 Aug 2021 20:59:47 +0800 Subject: [PATCH 0483/1526] remove clearlinux --- .github/workflows/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index c4ec07c4..7e7eba87 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -20,7 +20,7 @@ jobs: Linux: strategy: matrix: - os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3-amd64", "clearlinux:latest"] + os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3-amd64"] runs-on: ubuntu-latest env: TEST_LOCAL: 1 From 6d84f59e6bdbcec0dbfe8d6ca7f8046ad92bd772 Mon Sep 17 00:00:00 2001 From: Leo <8571049+leoluo0818@users.noreply.github.com> Date: Sat, 21 Aug 2021 04:11:21 +0800 Subject: [PATCH 0484/1526] Add Weixin Work notify hook --- nofity/weixin_work.sh | 49 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 nofity/weixin_work.sh diff --git a/nofity/weixin_work.sh b/nofity/weixin_work.sh new file mode 100644 index 00000000..bf3e9ad6 --- /dev/null +++ b/nofity/weixin_work.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env sh + +#Support weixin work webhooks api + +#WEIXIN_WORK_WEBHOOK="xxxx" + +#optional +#WEIXIN_WORK_KEYWORD="yyyy" + +#`WEIXIN_WORK_SIGNING_KEY`="SEC08ffdbd403cbc3fc8a65xxxxxxxxxxxxxxxxxxxx" + +# subject content statusCode +weixin_work_send() { + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_subject" "$_subject" + _debug "_content" "$_content" + _debug "_statusCode" "$_statusCode" + + WEIXIN_WORK_WEBHOOK="${WEIXIN_WORK_WEBHOOK:-$(_readaccountconf_mutable WEIXIN_WORK_WEBHOOK)}" + if [ -z "$WEIXIN_WORK_WEBHOOK" ]; then + WEIXIN_WORK_WEBHOOK="" + _err "You didn't specify a weixin_work webhooks WEIXIN_WORK_WEBHOOK yet." + _err "You can get yours from https://work.weixin.qq.com/api/doc/90000/90136/91770" + return 1 + fi + _saveaccountconf_mutable WEIXIN_WORK_WEBHOOK "$WEIXIN_WORK_WEBHOOK" + + WEIXIN_WORK_KEYWORD="${WEIXIN_WORK_KEYWORD:-$(_readaccountconf_mutable WEIXIN_WORK_KEYWORD)}" + if [ "$WEIXIN_WORK_KEYWORD" ]; then + _saveaccountconf_mutable WEIXIN_WORK_KEYWORD "$WEIXIN_WORK_KEYWORD" + fi + + _content=$(echo "$_content" | _json_encode) + _subject=$(echo "$_subject" | _json_encode) + _data="{\"msgtype\": \"text\", \"text\": {\"content\": \"[$WEIXIN_WORK_KEYWORD]\n$_subject\n$_content\"}}" + + response="$(_post "$_data" "$WEIXIN_WORK_WEBHOOK" "" "POST" "application/json")" + + if [ "$?" = "0" ] && _contains "$response" "errmsg\":\"ok"; then + _info "weixin_work webhooks event fired success." + return 0 + fi + + _err "weixin_work webhooks event fired error." + _err "$response" + return 1 +} From 20d23fcb92bcc58360089b8e0f3208c8291602aa Mon Sep 17 00:00:00 2001 From: fradev Date: Wed, 25 Aug 2021 16:55:36 +0200 Subject: [PATCH 0485/1526] Update ssh.sh Added scp mode for copy the certs --- deploy/ssh.sh | 229 ++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 201 insertions(+), 28 deletions(-) diff --git a/deploy/ssh.sh b/deploy/ssh.sh index 18de4aa6..b4a8140e 100644 --- a/deploy/ssh.sh +++ b/deploy/ssh.sh @@ -23,6 +23,8 @@ # export DEPLOY_SSH_BACKUP="" # yes or no, default to yes or previously saved value # export DEPLOY_SSH_BACKUP_PATH=".acme_ssh_deploy" # path on remote system. Defaults to .acme_ssh_deploy # export DEPLOY_SSH_MULTI_CALL="" # yes or no, default to no or previously saved value +# export DEPLOY_SSH_USE_SCP="" yes or no , default to no +# export DEPLOY_SSH_SCP_CMD="" defaults to "scp -T -q " # ######## Public functions ##################### @@ -73,6 +75,25 @@ ssh_deploy() { Le_Deploy_ssh_cmd="ssh -T" fi + # USE_SCP is optional. If not provided then default to previously saved + # value (which may be undefined... equivalent to "no"). + if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then + Le_Deploy_ssh_use_scp="yes" + _savedomainconf Le_Deploy_ssh_use_scp "$Le_Deploy_ssh_use_scp" + elif [ "$DEPLOY_SSH_USE_SCP" = "no" ]; then + Le_Deploy_ssh_use_scp="" + _cleardomainconf Le_Deploy_ssh_use_scp + fi + + # SCP_CMD is optional. If not provided then use scp + if [ -n "$DEPLOY_SSH_SCP_CMD" ]; then + Le_Deploy_ssh_scp_cmd="$DEPLOY_SSH_SCP_CMD" + _savedomainconf Le_Deploy_ssh_scp_cmd "$Le_Deploy_ssh_scp_cmd" + elif [ -z "$Le_Deploy_ssh_scp_cmd" ]; then + Le_Deploy_ssh_scp_cmd="scp -T" + fi + + # BACKUP is optional. If not provided then default to previously saved value or yes. if [ "$DEPLOY_SSH_BACKUP" = "no" ]; then Le_Deploy_ssh_backup="no" @@ -99,6 +120,26 @@ ssh_deploy() { _cleardomainconf Le_Deploy_ssh_multi_call fi + # USE_SCP is optional. If not provided then default to previously saved + # value (which may be undefined... equivalent to "no"). + if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then + Le_Deploy_ssh_use_scp="yes" + _savedomainconf Le_Deploy_ssh_use_scp "$Le_Deploy_ssh_use_scp" + Le_Deploy_ssh_multi_call="yes" + _savedomainconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call" + elif [ "$DEPLOY_SSH_USE_SCP" = "no" ]; then + Le_Deploy_ssh_use_scp="" + _cleardomainconf Le_Deploy_ssh_use_scp + fi + + # SCP_CMD is optional. If not provided then use scp + if [ -n "$DEPLOY_SSH_SCP_CMD" ]; then + Le_Deploy_ssh_scp_cmd="$DEPLOY_SSH_SCP_CMD" + _savedomainconf Le_Deploy_ssh_scp_cmd "$Le_Deploy_ssh_scp_cmd" + elif [ -z "$Le_Deploy_ssh_scp_cmd" ]; then + Le_Deploy_ssh_scp_cmd="scp -T -q " + fi + _deploy_ssh_servers=$Le_Deploy_ssh_server for Le_Deploy_ssh_server in $_deploy_ssh_servers; do _ssh_deploy @@ -110,8 +151,16 @@ _ssh_deploy() { _cmdstr="" _backupprefix="" _backupdir="" + _local_cert_file="" + _local_ca_file="" + _local_full_file="" _info "Deploy certificates to remote server $Le_Deploy_ssh_user@$Le_Deploy_ssh_server" + if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then + _info "Using scp as alternate method for copying files. Multicall Mode is implicit" + Le_Deploy_ssh_multi_call="yes" + _savedomainconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call" + fi if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then _info "Using MULTI_CALL mode... Required commands sent in multiple calls to remote host" else @@ -149,15 +198,30 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d if [ "$Le_Deploy_ssh_backup" = "yes" ]; then # backup file we are about to overwrite. _cmdstr="$_cmdstr cp $Le_Deploy_ssh_keyfile $_backupdir >/dev/null;" + if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + if ! _ssh_remote_cmd "$_cmdstr"; then + return $_err_code + fi + _cmdstr="" + fi fi - # copy new certificate into file. - _cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $Le_Deploy_ssh_keyfile;" - _info "will copy private key to remote file $Le_Deploy_ssh_keyfile" - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then - if ! _ssh_remote_cmd "$_cmdstr"; then - return $_err_code + + + # copy new key into file. + if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then + # scp the file + if ! _scp_remote_cmd "$_ckey" "$Le_Deploy_ssh_keyfile"; then + return $_err_code + fi + else + _cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $Le_Deploy_ssh_keyfile;" + _info "will copy private key to remote file $Le_Deploy_ssh_keyfile" + if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + if ! _ssh_remote_cmd "$_cmdstr"; then + return $_err_code + fi + _cmdstr="" fi - _cmdstr="" fi fi @@ -172,18 +236,40 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d if [ "$Le_Deploy_ssh_certfile" = "$Le_Deploy_ssh_keyfile" ]; then # if filename is same as previous file then append. _pipe=">>" + _local_cert_file=$(_mktemp) + cat $_ckey > $_local_cert_file + cat $_ccert >> $_local_cert_file elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then # backup file we are about to overwrite. _cmdstr="$_cmdstr cp $Le_Deploy_ssh_certfile $_backupdir >/dev/null;" + if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + if ! _ssh_remote_cmd "$_cmdstr"; then + return $_err_code + fi + _cmdstr="" + fi fi - # copy new certificate into file. - _cmdstr="$_cmdstr echo \"$(cat "$_ccert")\" $_pipe $Le_Deploy_ssh_certfile;" - _info "will copy certificate to remote file $Le_Deploy_ssh_certfile" - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then - if ! _ssh_remote_cmd "$_cmdstr"; then - return $_err_code + + if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then + if -n $_local_cert_file ; then + if ! _scp_remote_cmd "$_local_cert_file" "$Le_Deploy_ssh_certfile"; then + return $_err_code + fi + else + if ! _scp_remote_cmd "$_ccert" "$Le_Deploy_ssh_certfile"; then + return $_err_code + fi + fi + else + # copy new certificate into file. + _cmdstr="$_cmdstr echo \"$(cat "$_ccert")\" $_pipe $Le_Deploy_ssh_certfile;" + _info "will copy certificate to remote file $Le_Deploy_ssh_certfile" + if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + if ! _ssh_remote_cmd "$_cmdstr"; then + return $_err_code + fi + _cmdstr="" fi - _cmdstr="" fi fi @@ -199,18 +285,47 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then # if filename is same as previous file then append. _pipe=">>" + _local_ca_file=$(_mktemp) + if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] ; then + cat $_ckey >> $_local_ca_file + fi + if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then + cat $_ccert >> $_local_ca_file + fi + + cat $_cca >> $_local_ca_file + elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then # backup file we are about to overwrite. _cmdstr="$_cmdstr cp $Le_Deploy_ssh_cafile $_backupdir >/dev/null;" + if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + if ! _ssh_remote_cmd "$_cmdstr"; then + return $_err_code + fi + _cmdstr="" + fi fi - # copy new certificate into file. - _cmdstr="$_cmdstr echo \"$(cat "$_cca")\" $_pipe $Le_Deploy_ssh_cafile;" - _info "will copy CA file to remote file $Le_Deploy_ssh_cafile" - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then - if ! _ssh_remote_cmd "$_cmdstr"; then - return $_err_code + + if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then + if -n $_local_ca_file ; then + if ! _scp_remote_cmd "$_local_ca_file" "$Le_Deploy_ssh_cafile"; then + return $_err_code + fi + else + if ! _scp_remote_cmd "$_cca" "$Le_Deploy_ssh_cafile"; then + return $_err_code + fi + fi + else + # copy new certificate into file. + _cmdstr="$_cmdstr echo \"$(cat "$_cca")\" $_pipe $Le_Deploy_ssh_cafile;" + _info "will copy CA file to remote file $Le_Deploy_ssh_cafile" + if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + if ! _ssh_remote_cmd "$_cmdstr"; then + return $_err_code + fi + _cmdstr="" fi - _cmdstr="" fi fi @@ -227,20 +342,63 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then # if filename is same as previous file then append. _pipe=">>" + _local_full_file=$(_mktemp) + if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] ; then + cat $_ckey >> $_local_full_file + fi + if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ]; then + cat $_ccert >> $_local_full_file + fi + if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then + cat $_cca >> $_local_full_file + fi + cat $_cfullchain >> $_local_full_file + elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then # backup file we are about to overwrite. _cmdstr="$_cmdstr cp $Le_Deploy_ssh_fullchain $_backupdir >/dev/null;" + if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + if ! _ssh_remote_cmd "$_cmdstr"; then + return $_err_code + fi + _cmdstr="" + fi fi - # copy new certificate into file. - _cmdstr="$_cmdstr echo \"$(cat "$_cfullchain")\" $_pipe $Le_Deploy_ssh_fullchain;" - _info "will copy fullchain to remote file $Le_Deploy_ssh_fullchain" - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then - if ! _ssh_remote_cmd "$_cmdstr"; then - return $_err_code + + if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then + if -n $_local_full_file ; then + if ! _scp_remote_cmd "$_local_full_file" "$Le_Deploy_ssh_fullchain"; then + return $_err_code + fi + else + if ! _scp_remote_cmd "$_cfullchain" "$Le_Deploy_ssh_fullchain"; then + return $_err_code + fi + fi + else + # copy new certificate into file. + _cmdstr="$_cmdstr echo \"$(cat "$_cfullchain")\" $_pipe $Le_Deploy_ssh_fullchain;" + _info "will copy fullchain to remote file $Le_Deploy_ssh_fullchain" + if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + if ! _ssh_remote_cmd "$_cmdstr"; then + return $_err_code + fi + _cmdstr="" fi - _cmdstr="" fi fi + # cleanup local files if any + + if [ -n "$_local_cert_file" ]; then + rm $_local_cert_file > /dev/null 1>&2 + fi + if [ -n "$_local_ca_file" ]; then + rm $_local_ca_file > /dev/null 1>&2 + fi + if [ -n "$_local_full_file" ]; then + rm $_local_full_file > /dev/null 1>&2 + fi + # REMOTE_CMD is optional. # If provided then this command will be executed on remote host. @@ -265,6 +423,7 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d return $_err_code fi fi + # cleanup in case all is ok return 0 } @@ -284,3 +443,17 @@ _ssh_remote_cmd() { return $_err_code } + +# cmd scp +_scp_remote_cmd() { + _secure_debug "Remote scp source $1 and destination $2 using : $Le_Deploy_ssh_scp_cmd" + _info "Submitting secure copy command : $Le_Deploy_ssh_scp_cmd" + $Le_Deploy_ssh_scp_cmd "$1" "$Le_Deploy_ssh_user"@"$Le_Deploy_ssh_server":"$2" + _err_code="$?" + + if [ "$_err_code" != "0" ]; then + _err "Error code $_err_code returned from scp" + fi + + return $_err_code +} From 613475ac264bf9cf48681bd11f72b4d2aa341e54 Mon Sep 17 00:00:00 2001 From: fradev Date: Mon, 30 Aug 2021 11:08:06 +0200 Subject: [PATCH 0486/1526] Update ssh.sh --- deploy/ssh.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/deploy/ssh.sh b/deploy/ssh.sh index b4a8140e..3424055f 100644 --- a/deploy/ssh.sh +++ b/deploy/ssh.sh @@ -237,8 +237,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # if filename is same as previous file then append. _pipe=">>" _local_cert_file=$(_mktemp) - cat $_ckey > $_local_cert_file - cat $_ccert >> $_local_cert_file + cat "$_ckey" > "$_local_cert_file" + cat "$_ccert" >> "$_local_cert_file" elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then # backup file we are about to overwrite. _cmdstr="$_cmdstr cp $Le_Deploy_ssh_certfile $_backupdir >/dev/null;" @@ -344,15 +344,15 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d _pipe=">>" _local_full_file=$(_mktemp) if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] ; then - cat $_ckey >> $_local_full_file + cat "$_ckey" >> "$_local_full_file" fi if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ]; then - cat $_ccert >> $_local_full_file + cat "$_ccert" >> "$_local_full_file" fi if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then - cat $_cca >> $_local_full_file + cat "$_cca" >> "$_local_full_file" fi - cat $_cfullchain >> $_local_full_file + cat "$_cfullchain" >> "$_local_full_file" elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then # backup file we are about to overwrite. @@ -390,13 +390,13 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # cleanup local files if any if [ -n "$_local_cert_file" ]; then - rm $_local_cert_file > /dev/null 1>&2 + rm "$_local_cert_file" > /dev/null 1>&2 fi if [ -n "$_local_ca_file" ]; then - rm $_local_ca_file > /dev/null 1>&2 + rm "$_local_ca_file" > /dev/null 1>&2 fi if [ -n "$_local_full_file" ]; then - rm $_local_full_file > /dev/null 1>&2 + rm "$_local_full_file" > /dev/null 1>&2 fi From 4cda54774aeaae0f58352cff18dc243a69bdb9e9 Mon Sep 17 00:00:00 2001 From: fradev Date: Mon, 30 Aug 2021 11:17:03 +0200 Subject: [PATCH 0487/1526] Update ssh.sh SC2086 and SC2215 --- deploy/ssh.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/ssh.sh b/deploy/ssh.sh index 3424055f..8b91a055 100644 --- a/deploy/ssh.sh +++ b/deploy/ssh.sh @@ -251,7 +251,7 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then - if -n $_local_cert_file ; then + if [ -n "$_local_cert_file" ]; then if ! _scp_remote_cmd "$_local_cert_file" "$Le_Deploy_ssh_certfile"; then return $_err_code fi @@ -287,13 +287,13 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d _pipe=">>" _local_ca_file=$(_mktemp) if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] ; then - cat $_ckey >> $_local_ca_file + cat "$_ckey" >> "$_local_ca_file" fi if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then - cat $_ccert >> $_local_ca_file + cat "$_ccert" >> "$_local_ca_file" fi - cat $_cca >> $_local_ca_file + cat "$_cca" >> "$_local_ca_file" elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then # backup file we are about to overwrite. @@ -307,7 +307,7 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then - if -n $_local_ca_file ; then + if [ -n "$_local_ca_file" ]; then if ! _scp_remote_cmd "$_local_ca_file" "$Le_Deploy_ssh_cafile"; then return $_err_code fi @@ -366,7 +366,7 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then - if -n $_local_full_file ; then + if [ -n "$_local_full_file" ] ; then if ! _scp_remote_cmd "$_local_full_file" "$Le_Deploy_ssh_fullchain"; then return $_err_code fi From 08d60fcbf26172a3277a8785b9e161b8d1aa6c23 Mon Sep 17 00:00:00 2001 From: fradev Date: Mon, 30 Aug 2021 11:32:07 +0200 Subject: [PATCH 0488/1526] Update ssh.sh shfmt formatting --- deploy/ssh.sh | 47 ++++++++++++++++++++++------------------------- 1 file changed, 22 insertions(+), 25 deletions(-) diff --git a/deploy/ssh.sh b/deploy/ssh.sh index 8b91a055..6039eefb 100644 --- a/deploy/ssh.sh +++ b/deploy/ssh.sh @@ -93,7 +93,6 @@ ssh_deploy() { Le_Deploy_ssh_scp_cmd="scp -T" fi - # BACKUP is optional. If not provided then default to previously saved value or yes. if [ "$DEPLOY_SSH_BACKUP" = "no" ]; then Le_Deploy_ssh_backup="no" @@ -206,12 +205,11 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi fi - # copy new key into file. if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then # scp the file if ! _scp_remote_cmd "$_ckey" "$Le_Deploy_ssh_keyfile"; then - return $_err_code + return $_err_code fi else _cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $Le_Deploy_ssh_keyfile;" @@ -237,8 +235,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # if filename is same as previous file then append. _pipe=">>" _local_cert_file=$(_mktemp) - cat "$_ckey" > "$_local_cert_file" - cat "$_ccert" >> "$_local_cert_file" + cat "$_ckey" >"$_local_cert_file" + cat "$_ccert" >>"$_local_cert_file" elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then # backup file we are about to overwrite. _cmdstr="$_cmdstr cp $Le_Deploy_ssh_certfile $_backupdir >/dev/null;" @@ -253,11 +251,11 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then if [ -n "$_local_cert_file" ]; then if ! _scp_remote_cmd "$_local_cert_file" "$Le_Deploy_ssh_certfile"; then - return $_err_code + return $_err_code fi else if ! _scp_remote_cmd "$_ccert" "$Le_Deploy_ssh_certfile"; then - return $_err_code + return $_err_code fi fi else @@ -286,14 +284,14 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # if filename is same as previous file then append. _pipe=">>" _local_ca_file=$(_mktemp) - if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] ; then - cat "$_ckey" >> "$_local_ca_file" + if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ]; then + cat "$_ckey" >>"$_local_ca_file" fi if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then - cat "$_ccert" >> "$_local_ca_file" + cat "$_ccert" >>"$_local_ca_file" fi - cat "$_cca" >> "$_local_ca_file" + cat "$_cca" >>"$_local_ca_file" elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then # backup file we are about to overwrite. @@ -309,11 +307,11 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then if [ -n "$_local_ca_file" ]; then if ! _scp_remote_cmd "$_local_ca_file" "$Le_Deploy_ssh_cafile"; then - return $_err_code + return $_err_code fi else if ! _scp_remote_cmd "$_cca" "$Le_Deploy_ssh_cafile"; then - return $_err_code + return $_err_code fi fi else @@ -343,16 +341,16 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # if filename is same as previous file then append. _pipe=">>" _local_full_file=$(_mktemp) - if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] ; then - cat "$_ckey" >> "$_local_full_file" + if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ]; then + cat "$_ckey" >>"$_local_full_file" fi if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ]; then - cat "$_ccert" >> "$_local_full_file" + cat "$_ccert" >>"$_local_full_file" fi if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then - cat "$_cca" >> "$_local_full_file" + cat "$_cca" >>"$_local_full_file" fi - cat "$_cfullchain" >> "$_local_full_file" + cat "$_cfullchain" >>"$_local_full_file" elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then # backup file we are about to overwrite. @@ -366,13 +364,13 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then - if [ -n "$_local_full_file" ] ; then + if [ -n "$_local_full_file" ]; then if ! _scp_remote_cmd "$_local_full_file" "$Le_Deploy_ssh_fullchain"; then - return $_err_code + return $_err_code fi else if ! _scp_remote_cmd "$_cfullchain" "$Le_Deploy_ssh_fullchain"; then - return $_err_code + return $_err_code fi fi else @@ -390,16 +388,15 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # cleanup local files if any if [ -n "$_local_cert_file" ]; then - rm "$_local_cert_file" > /dev/null 1>&2 + rm "$_local_cert_file" >/dev/null 1>&2 fi if [ -n "$_local_ca_file" ]; then - rm "$_local_ca_file" > /dev/null 1>&2 + rm "$_local_ca_file" >/dev/null 1>&2 fi if [ -n "$_local_full_file" ]; then - rm "$_local_full_file" > /dev/null 1>&2 + rm "$_local_full_file" >/dev/null 1>&2 fi - # REMOTE_CMD is optional. # If provided then this command will be executed on remote host. if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then From f354e6de69f66c23b67cc29dd84baac06d2fe5d6 Mon Sep 17 00:00:00 2001 From: Michael Weber Date: Sat, 6 Feb 2021 08:25:49 +0000 Subject: [PATCH 0489/1526] lighttpd deploy hook * verbatim copy from haproxy.sh, s/haproxy/lighttpd * enable issuer --- deploy/lighttpd.sh | 275 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 275 insertions(+) create mode 100644 deploy/lighttpd.sh diff --git a/deploy/lighttpd.sh b/deploy/lighttpd.sh new file mode 100644 index 00000000..c003f455 --- /dev/null +++ b/deploy/lighttpd.sh @@ -0,0 +1,275 @@ +#!/usr/bin/env sh + +# Script for acme.sh to deploy certificates to lighttpd +# +# The following variables can be exported: +# +# export DEPLOY_LIGHTTPD_PEM_NAME="${domain}.pem" +# +# Defines the name of the PEM file. +# Defaults to ".pem" +# +# export DEPLOY_LIGHTTPD_PEM_PATH="/etc/lighttpd" +# +# Defines location of PEM file for Lighttpd. +# Defaults to /etc/lighttpd +# +# export DEPLOY_LIGHTTPD_RELOAD="systemctl reload lighttpd" +# +# OPTIONAL: Reload command used post deploy +# This defaults to be a no-op (ie "true"). +# It is strongly recommended to set this something that makes sense +# for your distro. +# +# export DEPLOY_LIGHTTPD_ISSUER="yes" +# +# OPTIONAL: Places CA file as "${DEPLOY_LIGHTTPD_PEM}.issuer" +# Note: Required for OCSP stapling to work +# +# export DEPLOY_LIGHTTPD_BUNDLE="no" +# +# OPTIONAL: Deploy this certificate as part of a multi-cert bundle +# This adds a suffix to the certificate based on the certificate type +# eg RSA certificates will have .rsa as a suffix to the file name +# Lighttpd will load all certificates and provide one or the other +# depending on client capabilities +# Note: This functionality requires Lighttpd was compiled against +# a version of OpenSSL that supports this. +# + +######## Public functions ##################### + +#domain keyfile certfile cafile fullchain +lighttpd_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + # Some defaults + DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT="/etc/lighttpd" + DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT="${_cdomain}.pem" + DEPLOY_LIGHTTPD_BUNDLE_DEFAULT="no" + DEPLOY_LIGHTTPD_ISSUER_DEFAULT="yes" + DEPLOY_LIGHTTPD_RELOAD_DEFAULT="true" + + if [ -f "${DOMAIN_CONF}" ]; then + # shellcheck disable=SC1090 + . "${DOMAIN_CONF}" + fi + + _debug _cdomain "${_cdomain}" + _debug _ckey "${_ckey}" + _debug _ccert "${_ccert}" + _debug _cca "${_cca}" + _debug _cfullchain "${_cfullchain}" + + # PEM_PATH is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}" + if [ -n "${DEPLOY_LIGHTTPD_PEM_PATH}" ]; then + Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH}" + _savedomainconf Le_Deploy_lighttpd_pem_path "${Le_Deploy_lighttpd_pem_path}" + elif [ -z "${Le_Deploy_lighttpd_pem_path}" ]; then + Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}" + fi + + # Ensure PEM_PATH exists + if [ -d "${Le_Deploy_lighttpd_pem_path}" ]; then + _debug "PEM_PATH ${Le_Deploy_lighttpd_pem_path} exists" + else + _err "PEM_PATH ${Le_Deploy_lighttpd_pem_path} does not exist" + return 1 + fi + + # PEM_NAME is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}" + if [ -n "${DEPLOY_LIGHTTPD_PEM_NAME}" ]; then + Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME}" + _savedomainconf Le_Deploy_lighttpd_pem_name "${Le_Deploy_lighttpd_pem_name}" + elif [ -z "${Le_Deploy_lighttpd_pem_name}" ]; then + Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}" + fi + + # BUNDLE is optional. If not provided then assume "${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}" + if [ -n "${DEPLOY_LIGHTTPD_BUNDLE}" ]; then + Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE}" + _savedomainconf Le_Deploy_lighttpd_bundle "${Le_Deploy_lighttpd_bundle}" + elif [ -z "${Le_Deploy_lighttpd_bundle}" ]; then + Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}" + fi + + # ISSUER is optional. If not provided then assume "${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}" + if [ -n "${DEPLOY_LIGHTTPD_ISSUER}" ]; then + Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER}" + _savedomainconf Le_Deploy_lighttpd_issuer "${Le_Deploy_lighttpd_issuer}" + elif [ -z "${Le_Deploy_lighttpd_issuer}" ]; then + Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}" + fi + + # RELOAD is optional. If not provided then assume "${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}" + if [ -n "${DEPLOY_LIGHTTPD_RELOAD}" ]; then + Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD}" + _savedomainconf Le_Deploy_lighttpd_reload "${Le_Deploy_lighttpd_reload}" + elif [ -z "${Le_Deploy_lighttpd_reload}" ]; then + Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}" + fi + + # Set the suffix depending if we are creating a bundle or not + if [ "${Le_Deploy_lighttpd_bundle}" = "yes" ]; then + _info "Bundle creation requested" + # Initialise $Le_Keylength if its not already set + if [ -z "${Le_Keylength}" ]; then + Le_Keylength="" + fi + if _isEccKey "${Le_Keylength}"; then + _info "ECC key type detected" + _suffix=".ecdsa" + else + _info "RSA key type detected" + _suffix=".rsa" + fi + else + _suffix="" + fi + _debug _suffix "${_suffix}" + + # Set variables for later + _pem="${Le_Deploy_lighttpd_pem_path}/${Le_Deploy_lighttpd_pem_name}${_suffix}" + _issuer="${_pem}.issuer" + _ocsp="${_pem}.ocsp" + _reload="${Le_Deploy_lighttpd_reload}" + + _info "Deploying PEM file" + # Create a temporary PEM file + _temppem="$(_mktemp)" + _debug _temppem "${_temppem}" + cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}" + _ret="$?" + + # Check that we could create the temporary file + if [ "${_ret}" != "0" ]; then + _err "Error code ${_ret} returned during PEM file creation" + [ -f "${_temppem}" ] && rm -f "${_temppem}" + return ${_ret} + fi + + # Move PEM file into place + _info "Moving new certificate into place" + _debug _pem "${_pem}" + cat "${_temppem}" >"${_pem}" + _ret=$? + + # Clean up temp file + [ -f "${_temppem}" ] && rm -f "${_temppem}" + + # Deal with any failure of moving PEM file into place + if [ "${_ret}" != "0" ]; then + _err "Error code ${_ret} returned while moving new certificate into place" + return ${_ret} + fi + + # Update .issuer file if requested + if [ "${Le_Deploy_lighttpd_issuer}" = "yes" ]; then + _info "Updating .issuer file" + _debug _issuer "${_issuer}" + cat "${_cca}" >"${_issuer}" + _ret="$?" + + if [ "${_ret}" != "0" ]; then + _err "Error code ${_ret} returned while copying issuer/CA certificate into place" + return ${_ret} + fi + else + [ -f "${_issuer}" ] && _err "Issuer file update not requested but .issuer file exists" + fi + + # Update .ocsp file if certificate was requested with --ocsp/--ocsp-must-staple option + if [ -z "${Le_OCSP_Staple}" ]; then + Le_OCSP_Staple="0" + fi + if [ "${Le_OCSP_Staple}" = "1" ]; then + _info "Updating OCSP stapling info" + _debug _ocsp "${_ocsp}" + _info "Extracting OCSP URL" + _ocsp_url=$(openssl x509 -noout -ocsp_uri -in "${_pem}") + _debug _ocsp_url "${_ocsp_url}" + + # Only process OCSP if URL was present + if [ "${_ocsp_url}" != "" ]; then + # Extract the hostname from the OCSP URL + _info "Extracting OCSP URL" + _ocsp_host=$(echo "${_ocsp_url}" | cut -d/ -f3) + _debug _ocsp_host "${_ocsp_host}" + + # Only process the certificate if we have a .issuer file + if [ -r "${_issuer}" ]; then + # Check if issuer cert is also a root CA cert + _subjectdn=$(openssl x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) + _debug _subjectdn "${_subjectdn}" + _issuerdn=$(openssl x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) + _debug _issuerdn "${_issuerdn}" + _info "Requesting OCSP response" + # If the issuer is a CA cert then our command line has "-CAfile" added + if [ "${_subjectdn}" = "${_issuerdn}" ]; then + _cafile_argument="-CAfile \"${_issuer}\"" + else + _cafile_argument="" + fi + _debug _cafile_argument "${_cafile_argument}" + # if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed + _openssl_version=$(openssl version | cut -d' ' -f2) + _debug _openssl_version "${_openssl_version}" + _openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1) + _openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2) + if [ "${_openssl_major}" -eq "1" ] && [ "${_openssl_minor}" -ge "1" ] || [ "${_openssl_major}" -ge "2" ]; then + _header_sep="=" + else + _header_sep=" " + fi + # Request the OCSP response from the issuer and store it + _openssl_ocsp_cmd="openssl ocsp \ + -issuer \"${_issuer}\" \ + -cert \"${_pem}\" \ + -url \"${_ocsp_url}\" \ + -header Host${_header_sep}\"${_ocsp_host}\" \ + -respout \"${_ocsp}\" \ + -verify_other \"${_issuer}\" \ + ${_cafile_argument} \ + | grep -q \"${_pem}: good\"" + _debug _openssl_ocsp_cmd "${_openssl_ocsp_cmd}" + eval "${_openssl_ocsp_cmd}" + _ret=$? + else + # Non fatal: No issuer file was present so no OCSP stapling file created + _err "OCSP stapling in use but no .issuer file was present" + fi + else + # Non fatal: No OCSP url was found int the certificate + _err "OCSP update requested but no OCSP URL was found in certificate" + fi + + # Non fatal: Check return code of openssl command + if [ "${_ret}" != "0" ]; then + _err "Updating OCSP stapling failed with return code ${_ret}" + fi + else + # An OCSP file was already present but certificate did not have OCSP extension + if [ -f "${_ocsp}" ]; then + _err "OCSP was not requested but .ocsp file exists." + # Could remove the file at this step, although Lighttpd just ignores it in this case + # rm -f "${_ocsp}" || _err "Problem removing stale .ocsp file" + fi + fi + + # Reload Lighttpd + _debug _reload "${_reload}" + eval "${_reload}" + _ret=$? + if [ "${_ret}" != "0" ]; then + _err "Error code ${_ret} during reload" + return ${_ret} + else + _info "Reload successful" + fi + + return 0 +} From c43c711f720c672e2662e3d0c37cbcca44407e7a Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Wed, 1 Sep 2021 16:36:11 -0400 Subject: [PATCH 0490/1526] use _getdeployconf instead of sourcing DOMAIN_CONF (requested by @Neilpang in #3394) github: closes #3394 --- deploy/haproxy.sh | 15 ++++++++++----- deploy/lighttpd.sh | 15 ++++++++++----- deploy/ssh.sh | 27 ++++++++++++++++++++++----- 3 files changed, 42 insertions(+), 15 deletions(-) diff --git a/deploy/haproxy.sh b/deploy/haproxy.sh index 0a45ee07..4497c34b 100644 --- a/deploy/haproxy.sh +++ b/deploy/haproxy.sh @@ -54,11 +54,6 @@ haproxy_deploy() { DEPLOY_HAPROXY_ISSUER_DEFAULT="no" DEPLOY_HAPROXY_RELOAD_DEFAULT="true" - if [ -f "${DOMAIN_CONF}" ]; then - # shellcheck disable=SC1090 - . "${DOMAIN_CONF}" - fi - _debug _cdomain "${_cdomain}" _debug _ckey "${_ckey}" _debug _ccert "${_ccert}" @@ -66,6 +61,8 @@ haproxy_deploy() { _debug _cfullchain "${_cfullchain}" # PEM_PATH is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_PATH_DEFAULT}" + _getdeployconf DEPLOY_HAPROXY_PEM_PATH + _debug2 DEPLOY_HAPROXY_PEM_PATH "${DEPLOY_HAPROXY_PEM_PATH}" if [ -n "${DEPLOY_HAPROXY_PEM_PATH}" ]; then Le_Deploy_haproxy_pem_path="${DEPLOY_HAPROXY_PEM_PATH}" _savedomainconf Le_Deploy_haproxy_pem_path "${Le_Deploy_haproxy_pem_path}" @@ -82,6 +79,8 @@ haproxy_deploy() { fi # PEM_NAME is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_NAME_DEFAULT}" + _getdeployconf DEPLOY_HAPROXY_PEM_NAME + _debug2 DEPLOY_HAPROXY_PEM_NAME "${DEPLOY_HAPROXY_PEM_NAME}" if [ -n "${DEPLOY_HAPROXY_PEM_NAME}" ]; then Le_Deploy_haproxy_pem_name="${DEPLOY_HAPROXY_PEM_NAME}" _savedomainconf Le_Deploy_haproxy_pem_name "${Le_Deploy_haproxy_pem_name}" @@ -90,6 +89,8 @@ haproxy_deploy() { fi # BUNDLE is optional. If not provided then assume "${DEPLOY_HAPROXY_BUNDLE_DEFAULT}" + _getdeployconf DEPLOY_HAPROXY_BUNDLE + _debug2 DEPLOY_HAPROXY_BUNDLE "${DEPLOY_HAPROXY_BUNDLE}" if [ -n "${DEPLOY_HAPROXY_BUNDLE}" ]; then Le_Deploy_haproxy_bundle="${DEPLOY_HAPROXY_BUNDLE}" _savedomainconf Le_Deploy_haproxy_bundle "${Le_Deploy_haproxy_bundle}" @@ -98,6 +99,8 @@ haproxy_deploy() { fi # ISSUER is optional. If not provided then assume "${DEPLOY_HAPROXY_ISSUER_DEFAULT}" + _getdeployconf DEPLOY_HAPROXY_ISSUER + _debug2 DEPLOY_HAPROXY_ISSUER "${DEPLOY_HAPROXY_ISSUER}" if [ -n "${DEPLOY_HAPROXY_ISSUER}" ]; then Le_Deploy_haproxy_issuer="${DEPLOY_HAPROXY_ISSUER}" _savedomainconf Le_Deploy_haproxy_issuer "${Le_Deploy_haproxy_issuer}" @@ -106,6 +109,8 @@ haproxy_deploy() { fi # RELOAD is optional. If not provided then assume "${DEPLOY_HAPROXY_RELOAD_DEFAULT}" + _getdeployconf DEPLOY_HAPROXY_RELOAD + _debug2 DEPLOY_HAPROXY_RELOAD "${DEPLOY_HAPROXY_RELOAD}" if [ -n "${DEPLOY_HAPROXY_RELOAD}" ]; then Le_Deploy_haproxy_reload="${DEPLOY_HAPROXY_RELOAD}" _savedomainconf Le_Deploy_haproxy_reload "${Le_Deploy_haproxy_reload}" diff --git a/deploy/lighttpd.sh b/deploy/lighttpd.sh index c003f455..e28cd27a 100644 --- a/deploy/lighttpd.sh +++ b/deploy/lighttpd.sh @@ -54,11 +54,6 @@ lighttpd_deploy() { DEPLOY_LIGHTTPD_ISSUER_DEFAULT="yes" DEPLOY_LIGHTTPD_RELOAD_DEFAULT="true" - if [ -f "${DOMAIN_CONF}" ]; then - # shellcheck disable=SC1090 - . "${DOMAIN_CONF}" - fi - _debug _cdomain "${_cdomain}" _debug _ckey "${_ckey}" _debug _ccert "${_ccert}" @@ -66,6 +61,8 @@ lighttpd_deploy() { _debug _cfullchain "${_cfullchain}" # PEM_PATH is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}" + _getdeployconf DEPLOY_LIGHTTPD_PEM_PATH + _debug2 DEPLOY_LIGHTTPD_PEM_PATH "${DEPLOY_LIGHTTPD_PEM_PATH}" if [ -n "${DEPLOY_LIGHTTPD_PEM_PATH}" ]; then Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH}" _savedomainconf Le_Deploy_lighttpd_pem_path "${Le_Deploy_lighttpd_pem_path}" @@ -82,6 +79,8 @@ lighttpd_deploy() { fi # PEM_NAME is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}" + _getdeployconf DEPLOY_LIGHTTPD_PEM_NAME + _debug2 DEPLOY_LIGHTTPD_PEM_NAME "${DEPLOY_LIGHTTPD_PEM_NAME}" if [ -n "${DEPLOY_LIGHTTPD_PEM_NAME}" ]; then Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME}" _savedomainconf Le_Deploy_lighttpd_pem_name "${Le_Deploy_lighttpd_pem_name}" @@ -90,6 +89,8 @@ lighttpd_deploy() { fi # BUNDLE is optional. If not provided then assume "${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}" + _getdeployconf DEPLOY_LIGHTTPD_BUNDLE + _debug2 DEPLOY_LIGHTTPD_BUNDLE "${DEPLOY_LIGHTTPD_BUNDLE}" if [ -n "${DEPLOY_LIGHTTPD_BUNDLE}" ]; then Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE}" _savedomainconf Le_Deploy_lighttpd_bundle "${Le_Deploy_lighttpd_bundle}" @@ -98,6 +99,8 @@ lighttpd_deploy() { fi # ISSUER is optional. If not provided then assume "${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}" + _getdeployconf DEPLOY_LIGHTTPD_ISSUER + _debug2 DEPLOY_LIGHTTPD_ISSUER "${DEPLOY_LIGHTTPD_ISSUER}" if [ -n "${DEPLOY_LIGHTTPD_ISSUER}" ]; then Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER}" _savedomainconf Le_Deploy_lighttpd_issuer "${Le_Deploy_lighttpd_issuer}" @@ -106,6 +109,8 @@ lighttpd_deploy() { fi # RELOAD is optional. If not provided then assume "${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}" + _getdeployconf DEPLOY_LIGHTTPD_RELOAD + _debug2 DEPLOY_LIGHTTPD_RELOAD "${DEPLOY_LIGHTTPD_RELOAD}" if [ -n "${DEPLOY_LIGHTTPD_RELOAD}" ]; then Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD}" _savedomainconf Le_Deploy_lighttpd_reload "${Le_Deploy_lighttpd_reload}" diff --git a/deploy/ssh.sh b/deploy/ssh.sh index 18de4aa6..89962621 100644 --- a/deploy/ssh.sh +++ b/deploy/ssh.sh @@ -35,11 +35,6 @@ ssh_deploy() { _cfullchain="$5" _deploy_ssh_servers="" - if [ -f "$DOMAIN_CONF" ]; then - # shellcheck disable=SC1090 - . "$DOMAIN_CONF" - fi - _debug _cdomain "$_cdomain" _debug _ckey "$_ckey" _debug _ccert "$_ccert" @@ -47,6 +42,8 @@ ssh_deploy() { _debug _cfullchain "$_cfullchain" # USER is required to login by SSH to remote host. + _getdeployconf DEPLOY_SSH_USER + _debug2 DEPLOY_SSH_USER "$DEPLOY_SSH_USER" if [ -z "$DEPLOY_SSH_USER" ]; then if [ -z "$Le_Deploy_ssh_user" ]; then _err "DEPLOY_SSH_USER not defined." @@ -58,6 +55,8 @@ ssh_deploy() { fi # SERVER is optional. If not provided then use _cdomain + _getdeployconf DEPLOY_SSH_SERVER + _debug2 DEPLOY_SSH_SERVER "$DEPLOY_SSH_SERVER" if [ -n "$DEPLOY_SSH_SERVER" ]; then Le_Deploy_ssh_server="$DEPLOY_SSH_SERVER" _savedomainconf Le_Deploy_ssh_server "$Le_Deploy_ssh_server" @@ -66,6 +65,8 @@ ssh_deploy() { fi # CMD is optional. If not provided then use ssh + _getdeployconf DEPLOY_SSH_CMD + _debug2 DEPLOY_SSH_CMD "$DEPLOY_SSH_CMD" if [ -n "$DEPLOY_SSH_CMD" ]; then Le_Deploy_ssh_cmd="$DEPLOY_SSH_CMD" _savedomainconf Le_Deploy_ssh_cmd "$Le_Deploy_ssh_cmd" @@ -74,6 +75,8 @@ ssh_deploy() { fi # BACKUP is optional. If not provided then default to previously saved value or yes. + _getdeployconf DEPLOY_SSH_BACKUP + _debug2 DEPLOY_SSH_BACKUP "$DEPLOY_SSH_BACKUP" if [ "$DEPLOY_SSH_BACKUP" = "no" ]; then Le_Deploy_ssh_backup="no" elif [ -z "$Le_Deploy_ssh_backup" ] || [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then @@ -82,6 +85,8 @@ ssh_deploy() { _savedomainconf Le_Deploy_ssh_backup "$Le_Deploy_ssh_backup" # BACKUP_PATH is optional. If not provided then default to previously saved value or .acme_ssh_deploy + _getdeployconf DEPLOY_SSH_BACKUP_PATH + _debug2 DEPLOY_SSH_BACKUP_PATH "$DEPLOY_SSH_BACKUP_PATH" if [ -n "$DEPLOY_SSH_BACKUP_PATH" ]; then Le_Deploy_ssh_backup_path="$DEPLOY_SSH_BACKUP_PATH" elif [ -z "$Le_Deploy_ssh_backup_path" ]; then @@ -91,6 +96,8 @@ ssh_deploy() { # MULTI_CALL is optional. If not provided then default to previously saved # value (which may be undefined... equivalent to "no"). + _getdeployconf DEPLOY_SSH_MULTI_CALL + _debug2 DEPLOY_SSH_MULTI_CALL "$DEPLOY_SSH_MULTI_CALL" if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then Le_Deploy_ssh_multi_call="yes" _savedomainconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call" @@ -141,6 +148,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # KEYFILE is optional. # If provided then private key will be copied to provided filename. + _getdeployconf DEPLOY_SSH_KEYFILE + _debug2 DEPLOY_SSH_KEYFILE "$DEPLOY_SSH_KEYFILE" if [ -n "$DEPLOY_SSH_KEYFILE" ]; then Le_Deploy_ssh_keyfile="$DEPLOY_SSH_KEYFILE" _savedomainconf Le_Deploy_ssh_keyfile "$Le_Deploy_ssh_keyfile" @@ -163,6 +172,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # CERTFILE is optional. # If provided then certificate will be copied or appended to provided filename. + _getdeployconf DEPLOY_SSH_CERTFILE + _debug2 DEPLOY_SSH_CERTFILE "$DEPLOY_SSH_CERTFILE" if [ -n "$DEPLOY_SSH_CERTFILE" ]; then Le_Deploy_ssh_certfile="$DEPLOY_SSH_CERTFILE" _savedomainconf Le_Deploy_ssh_certfile "$Le_Deploy_ssh_certfile" @@ -189,6 +200,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # CAFILE is optional. # If provided then CA intermediate certificate will be copied or appended to provided filename. + _getdeployconf DEPLOY_SSH_CAFILE + _debug2 DEPLOY_SSH_CAFILE "$DEPLOY_SSH_CAFILE" if [ -n "$DEPLOY_SSH_CAFILE" ]; then Le_Deploy_ssh_cafile="$DEPLOY_SSH_CAFILE" _savedomainconf Le_Deploy_ssh_cafile "$Le_Deploy_ssh_cafile" @@ -216,6 +229,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # FULLCHAIN is optional. # If provided then fullchain certificate will be copied or appended to provided filename. + _getdeployconf DEPLOY_SSH_FULLCHAIN + _debug2 DEPLOY_SSH_FULLCHAIN "$DEPLOY_SSH_FULLCHAIN" if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then Le_Deploy_ssh_fullchain="$DEPLOY_SSH_FULLCHAIN" _savedomainconf Le_Deploy_ssh_fullchain "$Le_Deploy_ssh_fullchain" @@ -244,6 +259,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # REMOTE_CMD is optional. # If provided then this command will be executed on remote host. + _getdeployconf DEPLOY_SSH_REMOTE_CMD + _debug2 DEPLOY_SSH_REMOTE_CMD "$DEPLOY_SSH_REMOTE_CMD" if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then Le_Deploy_ssh_remote_cmd="$DEPLOY_SSH_REMOTE_CMD" _savedomainconf Le_Deploy_ssh_remote_cmd "$Le_Deploy_ssh_remote_cmd" From 2447fccf1eed45ef654e1ef60a9ffa5df1db96f0 Mon Sep 17 00:00:00 2001 From: Nookery Date: Sat, 4 Sep 2021 16:59:50 +0800 Subject: [PATCH 0491/1526] name="snis" => name="snis[]" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit kong 2.5.x,snis参数是一个数组 --- deploy/kong.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/kong.sh b/deploy/kong.sh index 1e1e310c..b8facedf 100755 --- a/deploy/kong.sh +++ b/deploy/kong.sh @@ -45,7 +45,7 @@ kong_deploy() { #Generate data for request (Multipart/form-data with mixed content) if [ -z "$ssl_uuid" ]; then #set sni to domain - content="--$delim${nl}Content-Disposition: form-data; name=\"snis\"${nl}${nl}$_cdomain" + content="--$delim${nl}Content-Disposition: form-data; name=\"snis[]\"${nl}${nl}$_cdomain" fi #add key content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")" From 1064c270d96050ed829e832392fef8cc54cc4b33 Mon Sep 17 00:00:00 2001 From: Philipp B <16269108+TheTyrius@users.noreply.github.com> Date: Mon, 6 Sep 2021 17:01:31 +0200 Subject: [PATCH 0492/1526] Fix variable name Wrong variable name was used in login() and logout(), preventing operation. --- dnsapi/dns_netcup.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_netcup.sh b/dnsapi/dns_netcup.sh index d519e4f7..776fa02d 100644 --- a/dnsapi/dns_netcup.sh +++ b/dnsapi/dns_netcup.sh @@ -119,16 +119,16 @@ login() { tmp=$(_post "{\"action\": \"login\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apipassword\": \"$NC_Apipw\", \"customernumber\": \"$NC_CID\"}}" "$end" "" "POST") sid=$(echo "$tmp" | tr '{}' '\n' | grep apisessionid | cut -d '"' -f 4) _debug "$tmp" - if [ "$(_getfield "$msg" "4" | sed s/\"status\":\"//g | sed s/\"//g)" != "success" ]; then - _err "$msg" + if [ "$(_getfield "$tmp" "4" | sed s/\"status\":\"//g | sed s/\"//g)" != "success" ]; then + _err "$tmp" return 1 fi } logout() { tmp=$(_post "{\"action\": \"logout\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apisessionid\": \"$sid\", \"customernumber\": \"$NC_CID\"}}" "$end" "" "POST") _debug "$tmp" - if [ "$(_getfield "$msg" "4" | sed s/\"status\":\"//g | sed s/\"//g)" != "success" ]; then - _err "$msg" + if [ "$(_getfield "$tmp" "4" | sed s/\"status\":\"//g | sed s/\"//g)" != "success" ]; then + _err "$tmp" return 1 fi } From d317b49940adc07fc33f0d2cf0f011e4f1da0e03 Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Wed, 8 Sep 2021 22:48:43 -0400 Subject: [PATCH 0493/1526] use head instead of tail so that the sessionid cookie gets set correctly --- dnsapi/dns_1984hosting.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index d720c1c5..4d5549ab 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -150,7 +150,7 @@ _1984hosting_login() { _debug2 response "$response" if _contains "$response" '"loggedin": true'; then - One984HOSTING_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _tail_n 1 | _egrep_o 'sessionid=[^;]*;' | tr -d ';')" + One984HOSTING_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _head_n 1 | _egrep_o 'sessionid=[^;]*;' | tr -d ';')" export One984HOSTING_COOKIE _saveaccountconf_mutable One984HOSTING_COOKIE "$One984HOSTING_COOKIE" return 0 From 1312ef7e504c8bbac7c95c1acb0fd29032d36b5e Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Fri, 10 Sep 2021 07:25:18 -0400 Subject: [PATCH 0494/1526] simplify One984HOSTING_COOKIE grep --- dnsapi/dns_1984hosting.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index 33c9bb2a..a9eb9dd2 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -150,7 +150,7 @@ _1984hosting_login() { _debug2 response "$response" if _contains "$response" '"loggedin": true'; then - One984HOSTING_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _head_n 1 | _egrep_o 'sessionid=[^;]*;' | tr -d ';')" + One984HOSTING_COOKIE="$(grep -io 'sessionid=[^;]*;' "$HTTP_HEADER" | tr -d ';')" export One984HOSTING_COOKIE _saveaccountconf_mutable One984HOSTING_COOKIE "$One984HOSTING_COOKIE" return 0 From 92f13eb8bf329523e618b32e97283cb4bf392126 Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Fri, 10 Sep 2021 08:02:13 -0400 Subject: [PATCH 0495/1526] get both the CSRF token and session ID cookies, as they are both needed for login now --- dnsapi/dns_1984hosting.sh | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index a9eb9dd2..62448754 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -135,7 +135,7 @@ dns_1984hosting_rm() { _1984hosting_login() { if ! _check_credentials; then return 1; fi - if _check_cookie; then + if _check_cookies; then _debug "Already logged in" return 0 fi @@ -150,9 +150,12 @@ _1984hosting_login() { _debug2 response "$response" if _contains "$response" '"loggedin": true'; then - One984HOSTING_COOKIE="$(grep -io 'sessionid=[^;]*;' "$HTTP_HEADER" | tr -d ';')" - export One984HOSTING_COOKIE - _saveaccountconf_mutable One984HOSTING_COOKIE "$One984HOSTING_COOKIE" + One984HOSTING_SESSIONID_COOKIE="$(grep -io 'sessionid=[^;]*;' "$HTTP_HEADER" | tr -d ';')" + One984HOSTING_CSRFTOKEN_COOKIE="$(grep -io 'csrftoken=[^;]*;' "$HTTP_HEADER" | tr -d ';')" + export One984HOSTING_SESSIONID_COOKIE + export One984HOSTING_CSRFTOKEN_COOKIE + _saveaccountconf_mutable One984HOSTING_SESSIONID_COOKIE "$One984HOSTING_SESSIONID_COOKIE" + _saveaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE "$One984HOSTING_CSRFTOKEN_COOKIE" return 0 fi return 1 @@ -169,21 +172,24 @@ _check_credentials() { return 0 } -_check_cookie() { - One984HOSTING_COOKIE="${One984HOSTING_COOKIE:-$(_readaccountconf_mutable One984HOSTING_COOKIE)}" - if [ -z "$One984HOSTING_COOKIE" ]; then - _debug "No cached cookie found" +_check_cookies() { + One984HOSTING_SESSIONID_COOKIE="${One984HOSTING_SESSIONID_COOKIE:-$(_readaccountconf_mutable One984HOSTING_SESSIONID_COOKIE)}" + One984HOSTING_CSRFTOKEN_COOKIE="${One984HOSTING_CSRFTOKEN_COOKIE:-$(_readaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE)}" + if [ -z "$One984HOSTING_SESSIONID_COOKIE" ] || [ -z "$One984HOSTING_CSRFTOKEN_COOKIE" ]; then + _debug "No cached cookie(s) found" return 1 fi _authget "https://management.1984hosting.com/accounts/loginstatus/" if _contains "$response" '"ok": true'; then - _debug "Cached cookie still valid" + _debug "Cached cookies still valid" return 0 fi - _debug "Cached cookie no longer valid" - One984HOSTING_COOKIE="" - _saveaccountconf_mutable One984HOSTING_COOKIE "$One984HOSTING_COOKIE" + _debug "Cached cookies no longer valid" + One984HOSTING_SESSIONID_COOKIE="" + One984HOSTING_CSRFTOKEN_COOKIE="" + _saveaccountconf_mutable One984HOSTING_SESSIONID_COOKIE "$One984HOSTING_SESSIONID_COOKIE" + _saveaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE "$One984HOSTING_CSRFTOKEN_COOKIE" return 1 } @@ -217,7 +223,8 @@ _get_root() { # add extra headers to request _authget() { - export _H1="Cookie: $One984HOSTING_COOKIE" + export _H1="Cookie: $One984HOSTING_SESSIONID_COOKIE" + export _H2="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE" _response=$(_get "$1" | _normalizeJson) _debug2 _response "$_response" } @@ -225,12 +232,14 @@ _authget() { # truncate huge HTML response # echo: Argument list too long _htmlget() { - export _H1="Cookie: $One984HOSTING_COOKIE" + export _H1="Cookie: $One984HOSTING_SESSIONID_COOKIE" + export _H2="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE" _response=$(_get "$1" | grep "$2" | _head_n 1) } # add extra headers to request _authpost() { - export _H1="Cookie: $One984HOSTING_COOKIE" + export _H1="Cookie: $One984HOSTING_SESSIONID_COOKIE" + export _H2="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE" _response=$(_post "$1" "$2") } From ced7110a78ba8faa6163bbe1f8a786f00ad5c6a9 Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Fri, 10 Sep 2021 08:49:38 -0400 Subject: [PATCH 0496/1526] remove -o option from grep and use _egrep_o instead --- dnsapi/dns_1984hosting.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index 62448754..f626e75a 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -150,8 +150,8 @@ _1984hosting_login() { _debug2 response "$response" if _contains "$response" '"loggedin": true'; then - One984HOSTING_SESSIONID_COOKIE="$(grep -io 'sessionid=[^;]*;' "$HTTP_HEADER" | tr -d ';')" - One984HOSTING_CSRFTOKEN_COOKIE="$(grep -io 'csrftoken=[^;]*;' "$HTTP_HEADER" | tr -d ';')" + One984HOSTING_SESSIONID_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'sessionid=[^;]*;' | tr -d ';')" + One984HOSTING_CSRFTOKEN_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'csrftoken=[^;]*;' | tr -d ';')" export One984HOSTING_SESSIONID_COOKIE export One984HOSTING_CSRFTOKEN_COOKIE _saveaccountconf_mutable One984HOSTING_SESSIONID_COOKIE "$One984HOSTING_SESSIONID_COOKIE" From ea18c47011279cbabbba4e857abea5a2a92e8a3a Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sun, 12 Sep 2021 12:35:20 -0400 Subject: [PATCH 0497/1526] move getting zone id code into its own function --- dnsapi/dns_1984hosting.sh | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index f626e75a..fceb7618 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -95,17 +95,7 @@ dns_1984hosting_rm() { _debug _domain "$_domain" _debug "Delete $fulldomain TXT record" - url="https://management.1984hosting.com/domains" - - _htmlget "$url" "$_domain" - _debug2 _response "$_response" - zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')" - _debug2 zone_id "$zone_id" - if [ -z "$zone_id" ]; then - _err "Error getting zone_id for $1" - return 1 - fi - + _htmlget "$url/$zone_id" "$_sub_domain" _debug2 _response "$_response" entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')" @@ -221,6 +211,22 @@ _get_root() { return 1 } +#domain.com +#returns zone id for domain.com +_get_zone_id() { + url="https://management.1984hosting.com/domains" + + _htmlget "$url" "$_domain" + _debug2 _response "$_response" + _zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')" + _debug2 _zone_id "$_zone_id" + if [ -z "$zone_id" ]; then + _err "Error getting _zone_id for $1" + return 1 + fi + return 0 +} + # add extra headers to request _authget() { export _H1="Cookie: $One984HOSTING_SESSIONID_COOKIE" From 8f3b7c179ec3e6333c67ce41a054f2c5bf2fd7fb Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sun, 12 Sep 2021 12:37:56 -0400 Subject: [PATCH 0498/1526] put cookies into a format that the 1984 Hosting website expects --- dnsapi/dns_1984hosting.sh | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index fceb7618..d1d7b154 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -229,8 +229,7 @@ _get_zone_id() { # add extra headers to request _authget() { - export _H1="Cookie: $One984HOSTING_SESSIONID_COOKIE" - export _H2="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE" + export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE" _response=$(_get "$1" | _normalizeJson) _debug2 _response "$_response" } @@ -238,14 +237,12 @@ _authget() { # truncate huge HTML response # echo: Argument list too long _htmlget() { - export _H1="Cookie: $One984HOSTING_SESSIONID_COOKIE" - export _H2="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE" + export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE" _response=$(_get "$1" | grep "$2" | _head_n 1) } # add extra headers to request _authpost() { - export _H1="Cookie: $One984HOSTING_SESSIONID_COOKIE" - export _H2="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE" + export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE" _response=$(_post "$1" "$2") } From c668c603cc1a4be51393dcb6fd1896df3a5afe1a Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sun, 12 Sep 2021 12:45:06 -0400 Subject: [PATCH 0499/1526] add Referer and X-CSRFToken HTTP headers --- dnsapi/dns_1984hosting.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index d1d7b154..dc33ca60 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -243,6 +243,10 @@ _htmlget() { # add extra headers to request _authpost() { + _get_zone_id "$@" + csrf_header="$(echo "$One984HOSTING_CSRFTOKEN_COOKIE" | _egrep_o "=[^=][0-9a-zA-Z]*" | tr -d "=")" export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE" + export _H2="Referer: https://management.1984hosting.com/domains/$_zone_id" + export _H3="X-CSRFToken: $csrf_header" _response=$(_post "$1" "$2") } From c5c2014081b8c0ae87bfe1d92572d86140f43bf9 Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sun, 12 Sep 2021 12:48:27 -0400 Subject: [PATCH 0500/1526] add _get_zone_id to dns_1984hosting_rm to get the zone id --- dnsapi/dns_1984hosting.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index dc33ca60..395c0da1 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -96,7 +96,9 @@ dns_1984hosting_rm() { _debug "Delete $fulldomain TXT record" - _htmlget "$url/$zone_id" "$_sub_domain" + _get_zone_id + + _htmlget "$url/$_zone_id" "$_sub_domain" _debug2 _response "$_response" entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')" _debug2 entry_id "$entry_id" From 46e62f1a9ab12b1b111e141deef2f62ab3451578 Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sun, 12 Sep 2021 12:50:03 -0400 Subject: [PATCH 0501/1526] fix typo --- dnsapi/dns_1984hosting.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index 395c0da1..4d1bd9af 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -222,7 +222,7 @@ _get_zone_id() { _debug2 _response "$_response" _zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')" _debug2 _zone_id "$_zone_id" - if [ -z "$zone_id" ]; then + if [ -z "$_zone_id" ]; then _err "Error getting _zone_id for $1" return 1 fi From 384bc62f257eebd58850ef0e32c068b8831f548e Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sun, 12 Sep 2021 12:54:42 -0400 Subject: [PATCH 0502/1526] make _get_zone_id usage consistent --- dnsapi/dns_1984hosting.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index 4d1bd9af..fafd9e8d 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -96,7 +96,7 @@ dns_1984hosting_rm() { _debug "Delete $fulldomain TXT record" - _get_zone_id + _get_zone_id "$@" _htmlget "$url/$_zone_id" "$_sub_domain" _debug2 _response "$_response" From aa05a1e81ddd3a5cb71dff985881b081ba9cc4e0 Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sun, 12 Sep 2021 13:00:03 -0400 Subject: [PATCH 0503/1526] make sure _url gets set where it is needed --- dnsapi/dns_1984hosting.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index fafd9e8d..d011f334 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -96,9 +96,10 @@ dns_1984hosting_rm() { _debug "Delete $fulldomain TXT record" + _url="https://management.1984hosting.com/domains" _get_zone_id "$@" - _htmlget "$url/$_zone_id" "$_sub_domain" + _htmlget "$_url/$_zone_id" "$_sub_domain" _debug2 _response "$_response" entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')" _debug2 entry_id "$entry_id" @@ -216,9 +217,7 @@ _get_root() { #domain.com #returns zone id for domain.com _get_zone_id() { - url="https://management.1984hosting.com/domains" - - _htmlget "$url" "$_domain" + _htmlget "$_url" "$_domain" _debug2 _response "$_response" _zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')" _debug2 _zone_id "$_zone_id" From f101418658fd4980071cdc0e34c96e2346d44d3f Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sun, 12 Sep 2021 13:03:54 -0400 Subject: [PATCH 0504/1526] change _url -> url --- dnsapi/dns_1984hosting.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index d011f334..764aad9e 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -96,10 +96,10 @@ dns_1984hosting_rm() { _debug "Delete $fulldomain TXT record" - _url="https://management.1984hosting.com/domains" + url="https://management.1984hosting.com/domains" _get_zone_id "$@" - _htmlget "$_url/$_zone_id" "$_sub_domain" + _htmlget "$url/$_zone_id" "$_sub_domain" _debug2 _response "$_response" entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')" _debug2 entry_id "$entry_id" @@ -217,7 +217,7 @@ _get_root() { #domain.com #returns zone id for domain.com _get_zone_id() { - _htmlget "$_url" "$_domain" + _htmlget "$url" "$_domain" _debug2 _response "$_response" _zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')" _debug2 _zone_id "$_zone_id" From a196958bd6f26d429db8845ef0e096d40d57773e Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sun, 12 Sep 2021 13:13:55 -0400 Subject: [PATCH 0505/1526] add check when getting zone id --- dnsapi/dns_1984hosting.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index 764aad9e..734d64fb 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -97,7 +97,11 @@ dns_1984hosting_rm() { _debug "Delete $fulldomain TXT record" url="https://management.1984hosting.com/domains" - _get_zone_id "$@" + + if ! _get_zone_id "$_domain"; then + _err "invalid zone" "$_domain" + return 1 + fi _htmlget "$url/$_zone_id" "$_sub_domain" _debug2 _response "$_response" @@ -214,10 +218,12 @@ _get_root() { return 1 } -#domain.com +#usage: _get_zone_id domain.com #returns zone id for domain.com _get_zone_id() { - _htmlget "$url" "$_domain" + url="https://management.1984hosting.com/domains" + domain=$1 + _htmlget "$url" "$domain" _debug2 _response "$_response" _zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')" _debug2 _zone_id "$_zone_id" From b45a44e4057fbc39f8be727520f3ee17739cd530 Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sun, 12 Sep 2021 13:33:55 -0400 Subject: [PATCH 0506/1526] fix formatting --- dnsapi/dns_1984hosting.sh | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index 734d64fb..c517dc3f 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -93,14 +93,12 @@ dns_1984hosting_rm() { fi _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - _debug "Delete $fulldomain TXT record" - - url="https://management.1984hosting.com/domains" - if ! _get_zone_id "$_domain"; then - _err "invalid zone" "$_domain" - return 1 + url="https://management.1984hosting.com/domains" + if ! _get_zone_id "$url" "$_domain"; then + _err "invalid zone" "$_domain" + return 1 fi _htmlget "$url/$_zone_id" "$_sub_domain" @@ -218,11 +216,11 @@ _get_root() { return 1 } -#usage: _get_zone_id domain.com +#usage: _get_zone_id url domain.com #returns zone id for domain.com _get_zone_id() { - url="https://management.1984hosting.com/domains" - domain=$1 + url=$1 + domain=$2 _htmlget "$url" "$domain" _debug2 _response "$_response" _zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')" From 622464ff5e8dad1adb89815250dd79515c7858f7 Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sun, 12 Sep 2021 13:49:31 -0400 Subject: [PATCH 0507/1526] fix error message for _get_zone_id --- dnsapi/dns_1984hosting.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index c517dc3f..572173b2 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -226,7 +226,7 @@ _get_zone_id() { _zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')" _debug2 _zone_id "$_zone_id" if [ -z "$_zone_id" ]; then - _err "Error getting _zone_id for $1" + _err "Error getting _zone_id for $2" return 1 fi return 0 From 8d7a48701361cf0952b7022fba28d259a0c3a30e Mon Sep 17 00:00:00 2001 From: Christophe B Billheimer Date: Sun, 12 Sep 2021 14:10:15 -0400 Subject: [PATCH 0508/1526] change $@ -> $_domain --- dnsapi/dns_1984hosting.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index 572173b2..16cd22a7 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -248,7 +248,7 @@ _htmlget() { # add extra headers to request _authpost() { - _get_zone_id "$@" + _get_zone_id "$_domain" csrf_header="$(echo "$One984HOSTING_CSRFTOKEN_COOKIE" | _egrep_o "=[^=][0-9a-zA-Z]*" | tr -d "=")" export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE" export _H2="Referer: https://management.1984hosting.com/domains/$_zone_id" From 2f3ec3a77f071e4e56e78a5b858b8572005c29ec Mon Sep 17 00:00:00 2001 From: DerVerruckteFuchs Date: Sun, 12 Sep 2021 16:25:21 -0400 Subject: [PATCH 0509/1526] filter out instances where email@domain.com exists --- dnsapi/dns_1984hosting.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index 16cd22a7..cd7102f1 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -244,6 +244,9 @@ _authget() { _htmlget() { export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE" _response=$(_get "$1" | grep "$2" | _head_n 1) + if _contains "$_response" "@$2"; then + _response=$(echo "$_response" | grep -v "[@]" | _head_n 1) + fi } # add extra headers to request From 148336929d2aa0143fdddd9a301ba09e7c028cbb Mon Sep 17 00:00:00 2001 From: DerVerruckteFuchs Date: Sun, 12 Sep 2021 16:27:40 -0400 Subject: [PATCH 0510/1526] fix formatting --- dnsapi/dns_1984hosting.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index cd7102f1..80587101 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -245,7 +245,7 @@ _htmlget() { export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE" _response=$(_get "$1" | grep "$2" | _head_n 1) if _contains "$_response" "@$2"; then - _response=$(echo "$_response" | grep -v "[@]" | _head_n 1) + _response=$(echo "$_response" | grep -v "[@]" | _head_n 1) fi } From f3196396a2cfb836df25af196017fb9cb7394ea1 Mon Sep 17 00:00:00 2001 From: DerVerruckteFuchs Date: Sun, 12 Sep 2021 16:49:53 -0400 Subject: [PATCH 0511/1526] fix email filtering --- dnsapi/dns_1984hosting.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index 80587101..c75e4217 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -223,7 +223,7 @@ _get_zone_id() { domain=$2 _htmlget "$url" "$domain" _debug2 _response "$_response" - _zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')" + _zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+' | _head_n 1)" _debug2 _zone_id "$_zone_id" if [ -z "$_zone_id" ]; then _err "Error getting _zone_id for $2" @@ -243,7 +243,7 @@ _authget() { # echo: Argument list too long _htmlget() { export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE" - _response=$(_get "$1" | grep "$2" | _head_n 1) + _response=$(_get "$1" | grep "$2") if _contains "$_response" "@$2"; then _response=$(echo "$_response" | grep -v "[@]" | _head_n 1) fi From 64e3cab6ab7ee2ea2b420d02da50e87ca8dfa79e Mon Sep 17 00:00:00 2001 From: DerVerruckteFuchs Date: Sun, 12 Sep 2021 16:57:32 -0400 Subject: [PATCH 0512/1526] add correct number of vars for _get_zone_id --- dnsapi/dns_1984hosting.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index c75e4217..0a562605 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -251,7 +251,8 @@ _htmlget() { # add extra headers to request _authpost() { - _get_zone_id "$_domain" + url="https://management.1984hosting.com/domains" + _get_zone_id "$url" "$_domain" csrf_header="$(echo "$One984HOSTING_CSRFTOKEN_COOKIE" | _egrep_o "=[^=][0-9a-zA-Z]*" | tr -d "=")" export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE" export _H2="Referer: https://management.1984hosting.com/domains/$_zone_id" From b910726c4356383b69601ce3b52a101e0f55353d Mon Sep 17 00:00:00 2001 From: DerVerruckteFuchs Date: Sun, 12 Sep 2021 17:05:36 -0400 Subject: [PATCH 0513/1526] pick first entry if more than one TXT entry exists --- dnsapi/dns_1984hosting.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index 0a562605..cb60651d 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -103,7 +103,7 @@ dns_1984hosting_rm() { _htmlget "$url/$_zone_id" "$_sub_domain" _debug2 _response "$_response" - entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')" + entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//' | _head_n 1)" _debug2 entry_id "$entry_id" if [ -z "$entry_id" ]; then _err "Error getting TXT entry_id for $1" From 4e553f34ba6958931e0a29bb97a629319dd3f95a Mon Sep 17 00:00:00 2001 From: DerVerruckteFuchs Date: Sun, 12 Sep 2021 17:20:01 -0400 Subject: [PATCH 0514/1526] get TXT entry based on $txtvalue --- dnsapi/dns_1984hosting.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index cb60651d..5fa8b738 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -103,7 +103,7 @@ dns_1984hosting_rm() { _htmlget "$url/$_zone_id" "$_sub_domain" _debug2 _response "$_response" - entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//' | _head_n 1)" + entry_id="$(echo "$_response" | grep "$txtvalue" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')" _debug2 entry_id "$entry_id" if [ -z "$entry_id" ]; then _err "Error getting TXT entry_id for $1" From 4d95e35c06e4d5268edfb46a0909d7342e91dc04 Mon Sep 17 00:00:00 2001 From: DerVerruckteFuchs Date: Sun, 12 Sep 2021 17:38:27 -0400 Subject: [PATCH 0515/1526] get response based on $txtvalue --- dnsapi/dns_1984hosting.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index 5fa8b738..c36c7758 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -101,9 +101,9 @@ dns_1984hosting_rm() { return 1 fi - _htmlget "$url/$_zone_id" "$_sub_domain" + _htmlget "$url/$_zone_id" "$txtvalue" _debug2 _response "$_response" - entry_id="$(echo "$_response" | grep "$txtvalue" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')" + entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')" _debug2 entry_id "$entry_id" if [ -z "$entry_id" ]; then _err "Error getting TXT entry_id for $1" From 41a2d0e06c7f7af044cf6815c6733c36664f57c3 Mon Sep 17 00:00:00 2001 From: DerVerruckteFuchs Date: Mon, 13 Sep 2021 11:44:39 -0400 Subject: [PATCH 0516/1526] reduce ttl --- dnsapi/dns_1984hosting.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index c36c7758..db0cbe15 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -46,7 +46,7 @@ dns_1984hosting_add() { postdata="entry=new" postdata="$postdata&type=TXT" - postdata="$postdata&ttl=3600" + postdata="$postdata&ttl=900" postdata="$postdata&zone=$_domain" postdata="$postdata&host=$_sub_domain" postdata="$postdata&rdata=%22$value%22" From 5a689ce897e86d0e493de908b54de87e4e583915 Mon Sep 17 00:00:00 2001 From: Stephen Pliaskin Date: Wed, 22 Sep 2021 23:17:50 +0300 Subject: [PATCH 0517/1526] Add Veesp DNS API --- dnsapi/dns_veesp.sh | 158 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 158 insertions(+) create mode 100644 dnsapi/dns_veesp.sh diff --git a/dnsapi/dns_veesp.sh b/dnsapi/dns_veesp.sh new file mode 100644 index 00000000..b8a41d00 --- /dev/null +++ b/dnsapi/dns_veesp.sh @@ -0,0 +1,158 @@ +#!/usr/bin/env sh + +# bug reports to stepan@plyask.in + +# +# export VEESP_User="username" +# export VEESP_Password="password" + +VEESP_Api="https://secure.veesp.com/api" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_veesp_add() { + fulldomain=$1 + txtvalue=$2 + + VEESP_Password="${VEESP_Password:-$(_readaccountconf_mutable VEESP_Password)}" + VEESP_User="${VEESP_User:-$(_readaccountconf_mutable VEESP_User)}" + VEESP_auth=$(printf "%s" "$VEESP_User:$VEESP_Password" | _base64) + + if [ -z "$VEESP_Password" ] || [ -z "$VEESP_User" ]; then + VEESP_Password="" + VEESP_User="" + _err "You don't specify veesp api key and email yet." + _err "Please create you key and try again." + return 1 + fi + + #save the api key and email to the account conf file. + _saveaccountconf_mutable VEESP_Password "$VEESP_Password" + _saveaccountconf_mutable VEESP_User "$VEESP_User" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _info "Adding record" + if VEESP_rest POST "service/$_service_id/dns/$_domain_id/records" "{\"name\":\"$fulldomain\",\"ttl\":1,\"priority\":0,\"type\":\"TXT\",\"content\":\"$txtvalue\"}"; then + if _contains "$response" "\"success\":true"; then + _info "Added" + #todo: check if the record takes effect + return 0 + else + _err "Add txt record error." + return 1 + fi + fi +} + +# Usage: fulldomain txtvalue +# Used to remove the txt record after validation +dns_veesp_rm() { + fulldomain=$1 + txtvalue=$2 + + VEESP_Password="${VEESP_Password:-$(_readaccountconf_mutable VEESP_Password)}" + VEESP_User="${VEESP_User:-$(_readaccountconf_mutable VEESP_User)}" + VEESP_auth=$(printf "%s" "$VEESP_User:$VEESP_Password" | _base64) + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + VEESP_rest GET "service/$_service_id/dns/$_domain_id" + + count=$(printf "%s\n" "$response" | _egrep_o "\"type\":\"TXT\",\"content\":\".\"$txtvalue.\"\"" | wc -l | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Don't need to remove." + else + record_id=$(printf "%s\n" "$response" | _egrep_o "{\"id\":[^}]*\"type\":\"TXT\",\"content\":\".\"$txtvalue.\"\"" | cut -d\" -f4) + _debug "record_id" "$record_id" + if [ -z "$record_id" ]; then + _err "Can not get record id to remove." + return 1 + fi + if ! VEESP_rest DELETE "service/$_service_id/dns/$_domain_id/records/$record_id"; then + _err "Delete record error." + return 1 + fi + _contains "$response" "\"success\":true" + fi +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + if ! VEESP_rest GET "dns"; then + return 1 + fi + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if _contains "$response" "\"name\":\"$h\""; then + _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"domain_id\":[^,]*,\"name\":\"$h\"" | cut -d : -f 2 | cut -d , -f 1 | cut -d '"' -f 2) + _debug _domain_id "$_domain_id" + _service_id=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$h\",\"service_id\":[^}]*" | cut -d : -f 3 | cut -d '"' -f 2) + _debug _service_id "$_service_id" + if [ "$_domain_id" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + return 0 + fi + return 1 + fi + p=$i + i=$(_math "$i" + 1) + done + return 1 +} + +VEESP_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + export _H1="Accept: application/json" + export _H2="Authorization: Basic $VEESP_auth" + if [ "$m" != "GET" ]; then + _debug data "$data" + export _H3="Content-Type: application/json" + response="$(_post "$data" "$VEESP_Api/$ep" "" "$m")" + else + response="$(_get "$VEESP_Api/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From 8d3ad3a8c17adc419dd25de6cbcf920888ae58f7 Mon Sep 17 00:00:00 2001 From: Tom Cocca Date: Thu, 23 Sep 2021 08:10:17 -0400 Subject: [PATCH 0518/1526] Rackspace changed their API response, fixed the sed matching --- dnsapi/dns_rackspace.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_rackspace.sh b/dnsapi/dns_rackspace.sh index 03e1fa68..9c967182 100644 --- a/dnsapi/dns_rackspace.sh +++ b/dnsapi/dns_rackspace.sh @@ -7,6 +7,7 @@ RACKSPACE_Endpoint="https://dns.api.rackspacecloud.com/v1.0" +# 20210923 - RS changed the fields in the API response; fix sed # 20190213 - The name & id fields swapped in the API response; fix sed # 20190101 - Duplicating file for new pull request to dev branch # Original - tcocca:rackspace_dnsapi https://github.com/acmesh-official/acme.sh/pull/1297 @@ -79,8 +80,8 @@ _get_root_zone() { _debug2 response "$response" if _contains "$response" "\"name\":\"$h\"" >/dev/null; then # Response looks like: - # {"ttl":300,"accountId":12345,"id":1111111,"name":"example.com","emailAddress": ... - _domain_id=$(echo "$response" | sed -n "s/^.*\"id\":\([^,]*\),\"name\":\"$h\",.*/\1/p") + # {"id": "12345","accountId": "1111111","name": "example.com","ttl": 3600,"emailAddress": ... + _domain_id=$(echo "$response" | sed -n "s/^.*\"id\":\"\([^,]*\)\",\"accountId\":\"[0-9]*\",\"name\":\"$h\",.*/\1/p") _debug2 domain_id "$_domain_id" if [ -n "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) From b9aa4f4478416e33593d9cc6c958cf1eaf73a2d5 Mon Sep 17 00:00:00 2001 From: Tom Cocca Date: Thu, 23 Sep 2021 08:20:50 -0400 Subject: [PATCH 0519/1526] trigger a GH actions change --- dnsapi/dns_rackspace.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_rackspace.sh b/dnsapi/dns_rackspace.sh index 9c967182..62af3c67 100644 --- a/dnsapi/dns_rackspace.sh +++ b/dnsapi/dns_rackspace.sh @@ -80,7 +80,7 @@ _get_root_zone() { _debug2 response "$response" if _contains "$response" "\"name\":\"$h\"" >/dev/null; then # Response looks like: - # {"id": "12345","accountId": "1111111","name": "example.com","ttl": 3600,"emailAddress": ... + # {"id": "12345","accountId": "1111111","name": "example.com","ttl": 3600,"emailAddress": ... _domain_id=$(echo "$response" | sed -n "s/^.*\"id\":\"\([^,]*\)\",\"accountId\":\"[0-9]*\",\"name\":\"$h\",.*/\1/p") _debug2 domain_id "$_domain_id" if [ -n "$_domain_id" ]; then From 16d0416f2211809f9d38945d506f508ef58bc462 Mon Sep 17 00:00:00 2001 From: Tom Cocca Date: Thu, 23 Sep 2021 08:50:20 -0400 Subject: [PATCH 0520/1526] trigger GH Actions again --- dnsapi/dns_rackspace.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_rackspace.sh b/dnsapi/dns_rackspace.sh index 62af3c67..b50d9168 100644 --- a/dnsapi/dns_rackspace.sh +++ b/dnsapi/dns_rackspace.sh @@ -80,7 +80,7 @@ _get_root_zone() { _debug2 response "$response" if _contains "$response" "\"name\":\"$h\"" >/dev/null; then # Response looks like: - # {"id": "12345","accountId": "1111111","name": "example.com","ttl": 3600,"emailAddress": ... + # {"id":"12345","accountId":"1111111","name": "example.com","ttl":3600,"emailAddress": ... _domain_id=$(echo "$response" | sed -n "s/^.*\"id\":\"\([^,]*\)\",\"accountId\":\"[0-9]*\",\"name\":\"$h\",.*/\1/p") _debug2 domain_id "$_domain_id" if [ -n "$_domain_id" ]; then From 8419b42e83ff4278a441390b8963281c50279b40 Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Thu, 30 Sep 2021 19:00:21 -0400 Subject: [PATCH 0521/1526] use ${ACME_OPENSSL_BIN:-openssl} instead of openssl (requested by @Neilpang in #3687) --- deploy/haproxy.sh | 10 +++++----- deploy/lighttpd.sh | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/deploy/haproxy.sh b/deploy/haproxy.sh index 4497c34b..c255059d 100644 --- a/deploy/haproxy.sh +++ b/deploy/haproxy.sh @@ -195,7 +195,7 @@ haproxy_deploy() { _info "Updating OCSP stapling info" _debug _ocsp "${_ocsp}" _info "Extracting OCSP URL" - _ocsp_url=$(openssl x509 -noout -ocsp_uri -in "${_pem}") + _ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}") _debug _ocsp_url "${_ocsp_url}" # Only process OCSP if URL was present @@ -208,9 +208,9 @@ haproxy_deploy() { # Only process the certificate if we have a .issuer file if [ -r "${_issuer}" ]; then # Check if issuer cert is also a root CA cert - _subjectdn=$(openssl x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) + _subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) _debug _subjectdn "${_subjectdn}" - _issuerdn=$(openssl x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) + _issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) _debug _issuerdn "${_issuerdn}" _info "Requesting OCSP response" # If the issuer is a CA cert then our command line has "-CAfile" added @@ -221,7 +221,7 @@ haproxy_deploy() { fi _debug _cafile_argument "${_cafile_argument}" # if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed - _openssl_version=$(openssl version | cut -d' ' -f2) + _openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2) _debug _openssl_version "${_openssl_version}" _openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1) _openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2) @@ -231,7 +231,7 @@ haproxy_deploy() { _header_sep=" " fi # Request the OCSP response from the issuer and store it - _openssl_ocsp_cmd="openssl ocsp \ + _openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \ -issuer \"${_issuer}\" \ -cert \"${_pem}\" \ -url \"${_ocsp_url}\" \ diff --git a/deploy/lighttpd.sh b/deploy/lighttpd.sh index e28cd27a..71f64b96 100644 --- a/deploy/lighttpd.sh +++ b/deploy/lighttpd.sh @@ -195,7 +195,7 @@ lighttpd_deploy() { _info "Updating OCSP stapling info" _debug _ocsp "${_ocsp}" _info "Extracting OCSP URL" - _ocsp_url=$(openssl x509 -noout -ocsp_uri -in "${_pem}") + _ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}") _debug _ocsp_url "${_ocsp_url}" # Only process OCSP if URL was present @@ -208,9 +208,9 @@ lighttpd_deploy() { # Only process the certificate if we have a .issuer file if [ -r "${_issuer}" ]; then # Check if issuer cert is also a root CA cert - _subjectdn=$(openssl x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) + _subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) _debug _subjectdn "${_subjectdn}" - _issuerdn=$(openssl x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) + _issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) _debug _issuerdn "${_issuerdn}" _info "Requesting OCSP response" # If the issuer is a CA cert then our command line has "-CAfile" added @@ -221,7 +221,7 @@ lighttpd_deploy() { fi _debug _cafile_argument "${_cafile_argument}" # if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed - _openssl_version=$(openssl version | cut -d' ' -f2) + _openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2) _debug _openssl_version "${_openssl_version}" _openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1) _openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2) @@ -231,7 +231,7 @@ lighttpd_deploy() { _header_sep=" " fi # Request the OCSP response from the issuer and store it - _openssl_ocsp_cmd="openssl ocsp \ + _openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \ -issuer \"${_issuer}\" \ -cert \"${_pem}\" \ -url \"${_ocsp_url}\" \ From 7f9b8d68ac793ed9b3a9cd525f0eafbff94ca4c6 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sat, 2 Oct 2021 19:30:07 +0200 Subject: [PATCH 0522/1526] Added dns-cpanel.sh as support for cPanel controlled DNS systems --- dnsapi/dns_cpanel.sh | 150 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) create mode 100755 dnsapi/dns_cpanel.sh diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh new file mode 100755 index 00000000..4f25dc5c --- /dev/null +++ b/dnsapi/dns_cpanel.sh @@ -0,0 +1,150 @@ +#!/bin/bash +#Author: Bjarne Saltbaek +#Report Bugs here: https://github.com/acmesh-official/acme.sh +# +# +######## Public functions ##################### + +# Export CPANEL username,api token and hostname in the following variables +# +# cPanel_Username=username +# cPanel_Apitoken=apitoken +# cPanel_Hostname=hostname + +#Usage: dns_cpanel_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_cpanel_add() { + fulldomain=$1 + txtvalue=$2 + + _info "Adding TXT record to cPanel based system" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + if ! _cpanel_login; then + _err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file" + return 1 + fi + + _debug "First detect the root zone" + if ! _get_domain "$fulldomain"; then + _err "No matching root domain for $fulldomain found" + return 1 + fi + # adding entry + _info "Adding the entry" + stripped_fulldomain=$(echo "$fulldomain" | sed "s/.$_domain//") + _debug "Adding $stripped_fulldomain to $_domain zone" + _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=add_zone_record&domain=$_domain&name=$stripped_fulldomain&type=TXT&txtdata=$txtvalue&ttl=1" + if _successful_update; then return 0; fi + _err "Couldn't create entry!" + return 1 +} + +#Usage: fulldomain txtvalue +#Remove the txt record after validation. +dns_cpanel_rm() { + fulldomain=$1 + txtvalue=$2 + + _info "Using cPanel based system" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + if ! _cpanel_login; then + _err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file" + return 1 + fi + + if ! _get_domain; then + _err "No matching root domain for $fulldomain found" + return 1 + fi + + _findentry "$fulldomain" "$txtvalue" + if [ -z "$_id" ]; then + _info "Entry doesn't exist, nothing to delete" + return 0 + fi + _debug "Deleting record..." + _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=remove_zone_record&domain=$_domain&line=$_id" + # removing entry + + if _successful_update; then return 0; fi + _err "Couldn't delete entry!" + return 1 +} + +#################### Private functions below ################################## + +_checkcredentials() { + cPanel_Username="${cPanel_Username:-$(_readaccountconf_mutable cPanel_Username)}" + cPanel_Apitoken="${cPanel_Apitoken:-$(_readaccountconf_mutable cPanel_Apitoken)}" + + if [ -z "$cPanel_Username" ] || [ -z "$cPanel_Apitoken" ]; then + cPanel_Username="" + cPanel_Apitoken="" + _err "You haven't specified cPanel username and apitoken yet." + _err "Please add credentials and try again." + return 1 + fi + #save the credentials to the account conf file. + _saveaccountconf_mutable cPanel_Username "$cPanel_Username" + _saveaccountconf_mutable cPanel_Apitoken "$cPanel_Apitoken" + return 0 +} + +_cpanel_login() { + if ! _checkcredentials; then return 1; fi + + if ! _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=CustInfo&cpanel_jsonapi_func=displaycontactinfo"; then + _err "cPanel login failed for user $cPanel_Username." + return 1 + fi + return 0 +} + +_myget() { + #Adds auth header to request + export _H1="Authorization: cpanel $cPanel_Username:$cPanel_Apitoken" + _result=$(_get "$cPanel_Hostname/$1") +} + +_get_domain() { + _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' + _domains=$(echo "$_result" | jq '.cpanelresult.data[]| {zones}| .zones| keys' | sed -e 's/"//g' -e 's/,//g' -e 's/\[//g' -e 's/\]//g' -e '/^$/d' -e 's/[[:space:]]//g') + _debug "_result is: $_result" + _debug "_domains is: $_domains" + if [ -z "$_domains" ]; then + _err "Primary domain list not found!" + return 1 + fi + for _domain in $_domains; do + _debug "Checking if $fulldomain ends with $_domain" + if (_endswith "$fulldomain" "$_domain"); then + _debug "Root domain: $_domain" + return 0 + fi + done + return 1 +} + +_successful_update() { + if (echo "$_result" | grep -q 'newserial'); then return 0; fi + return 1 +} + +_findentry() { + _debug "In _findentry" + #returns id of dns entry, if it exists + _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain" + jqquery=".cpanelresult.data[] | select(.name == \"$fulldomain.\")| {Line} | .Line" + _id=$(echo "$_result" | jq "$jqquery") + _debug "_result is: $_result" + _debug "fulldomain. is $fulldomain." + _debug "_id is: $_id" + if [ -n "$_id" ]; then + _debug "Entry found with _id=$_id" + return 0 + fi + return 1 +} From d4e1899747395971b276108402ffbb08f75a90b5 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 3 Oct 2021 19:02:45 +0800 Subject: [PATCH 0523/1526] support "--set-default-chain", fix https://github.com/acmesh-official/acme.sh/issues/3717 --- acme.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/acme.sh b/acme.sh index 0c4928f5..84fa1767 100755 --- a/acme.sh +++ b/acme.sh @@ -6547,6 +6547,8 @@ Commands: --deactivate Deactivate the domain authz, professional use. --set-default-ca Used with '--server', Set the default CA to use. See: $_SERVER_WIKI + --set-default-chain Set the default preferred chain for a CA. + See: $_PREFERRED_CHAIN_WIKI Parameters: @@ -6833,6 +6835,18 @@ setdefaultca() { _info "Changed default CA to: $(__green "$ACME_DIRECTORY")" } +#preferred-chain +setdefaultchain() { + _initpath + _preferred_chain="$1" + if [ -z "$_preferred_chain" ]; then + _err "Please give a '--preferred-chain value' value." + return 1 + fi + mkdir -p "$CA_DIR" + _savecaconf "DEFAULT_PREFERRED_CHAIN" "$_preferred_chain" +} + _process() { _CMD="" _domain="" @@ -6984,6 +6998,9 @@ _process() { --set-default-ca) _CMD="setdefaultca" ;; + --set-default-chain) + _CMD="setdefaultchain" + ;; -d | --domain) _dvalue="$2" @@ -7514,6 +7531,9 @@ _process() { setdefaultca) setdefaultca ;; + setdefaultchain) + setdefaultchain "$_preferred_chain" + ;; *) if [ "$_CMD" ]; then _err "Invalid command: $_CMD" From 64908e00804fe2464d05ade1b622173885fbdf07 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 3 Oct 2021 19:28:30 +0800 Subject: [PATCH 0524/1526] fix Windows path --- .github/workflows/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index 8c8e2842..36af6934 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -54,7 +54,7 @@ jobs: - name: Set ENV shell: cmd run: | - echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% + echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin;%PATH% >> %GITHUB_ENV% - name: Check ENV shell: cmd run: | From d2d023cca7fbb8d8b5e9136349a80b8b94c23382 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 13:35:22 +0200 Subject: [PATCH 0525/1526] added saving of cPanel_Hostname --- dnsapi/dns_cpanel.sh | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 4f25dc5c..868a411a 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -1,6 +1,7 @@ -#!/bin/bash +#!/usr/bin/env sh +# #Author: Bjarne Saltbaek -#Report Bugs here: https://github.com/acmesh-official/acme.sh +#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732 # # ######## Public functions ##################### @@ -10,8 +11,11 @@ # cPanel_Username=username # cPanel_Apitoken=apitoken # cPanel_Hostname=hostname +# +# Note: the program 'jq' must be availble on your system -#Usage: dns_cpanel_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +# Used to add txt record dns_cpanel_add() { fulldomain=$1 txtvalue=$2 @@ -26,7 +30,7 @@ dns_cpanel_add() { fi _debug "First detect the root zone" - if ! _get_domain "$fulldomain"; then + if ! _get_root "$fulldomain"; then _err "No matching root domain for $fulldomain found" return 1 fi @@ -40,8 +44,8 @@ dns_cpanel_add() { return 1 } -#Usage: fulldomain txtvalue -#Remove the txt record after validation. +# Usage: fulldomain txtvalue +# Used to remove the txt record after validation dns_cpanel_rm() { fulldomain=$1 txtvalue=$2 @@ -55,7 +59,7 @@ dns_cpanel_rm() { return 1 fi - if ! _get_domain; then + if ! _get_root; then _err "No matching root domain for $fulldomain found" return 1 fi @@ -79,17 +83,20 @@ dns_cpanel_rm() { _checkcredentials() { cPanel_Username="${cPanel_Username:-$(_readaccountconf_mutable cPanel_Username)}" cPanel_Apitoken="${cPanel_Apitoken:-$(_readaccountconf_mutable cPanel_Apitoken)}" + cPanel_Hostname="${cPanel_Hostname:-$(_readaccountconf_mutable cPanel_Hostname)}" - if [ -z "$cPanel_Username" ] || [ -z "$cPanel_Apitoken" ]; then + if [ -z "$cPanel_Username" ] || [ -z "$cPanel_Apitoken" ] || [ -z "$cPanel_Hostname" ]; then cPanel_Username="" cPanel_Apitoken="" - _err "You haven't specified cPanel username and apitoken yet." + cPanel_Hostname="" + _err "You haven't specified cPanel username, apitoken and hostname yet." _err "Please add credentials and try again." return 1 fi #save the credentials to the account conf file. _saveaccountconf_mutable cPanel_Username "$cPanel_Username" _saveaccountconf_mutable cPanel_Apitoken "$cPanel_Apitoken" + _saveaccountconf_mutable cPanel_Hostname "$cPanel_Hostname" return 0 } @@ -109,7 +116,7 @@ _myget() { _result=$(_get "$cPanel_Hostname/$1") } -_get_domain() { +_get_root() { _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' _domains=$(echo "$_result" | jq '.cpanelresult.data[]| {zones}| .zones| keys' | sed -e 's/"//g' -e 's/,//g' -e 's/\[//g' -e 's/\]//g' -e '/^$/d' -e 's/[[:space:]]//g') _debug "_result is: $_result" From 84fe6654ccc351324f5d9204d170161d0cab2dc9 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 3 Oct 2021 20:59:55 +0800 Subject: [PATCH 0526/1526] fix for https://github.com/acmesh-official/acme.sh/issues/3717 --- acme.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 84fa1767..a5ac9e47 100755 --- a/acme.sh +++ b/acme.sh @@ -4934,7 +4934,9 @@ $_authorizations_map" echo "$response" >"$CERT_PATH" _split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH" - + if [ -z "$_preferred_chain" ]; then + _preferred_chain=$(_readcaconf DEFAULT_PREFERRED_CHAIN) + fi if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then if [ "$DEBUG" ]; then _debug "default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")" From 6a7f993a9a9d9e41977292498423a0aeb1bc1079 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 15:56:26 +0200 Subject: [PATCH 0527/1526] Forced CI --- dnsapi/dns_cpanel.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 868a411a..c3857aca 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -3,7 +3,6 @@ #Author: Bjarne Saltbaek #Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732 # -# ######## Public functions ##################### # Export CPANEL username,api token and hostname in the following variables From 68debc474abafe860f0aa6cb448ef7dc38168f4d Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 16:20:08 +0200 Subject: [PATCH 0528/1526] First jq rework --- dnsapi/dns_cpanel.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index c3857aca..99baf13a 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -11,8 +11,6 @@ # cPanel_Apitoken=apitoken # cPanel_Hostname=hostname # -# Note: the program 'jq' must be availble on your system - # Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" # Used to add txt record dns_cpanel_add() { @@ -117,7 +115,7 @@ _myget() { _get_root() { _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' - _domains=$(echo "$_result" | jq '.cpanelresult.data[]| {zones}| .zones| keys' | sed -e 's/"//g' -e 's/,//g' -e 's/\[//g' -e 's/\]//g' -e '/^$/d' -e 's/[[:space:]]//g') + _domains=$(echo "$_result" | cut -d ':' -f9 | sed -e 's/"//g' -e 's/{//g' ) _debug "_result is: $_result" _debug "_domains is: $_domains" if [ -z "$_domains" ]; then From bd00db4292a0d6342292f0e2dd776c1f248ab491 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 16:25:21 +0200 Subject: [PATCH 0529/1526] First jq rework - redo --- dnsapi/dns_cpanel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 99baf13a..86d42506 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -115,7 +115,7 @@ _myget() { _get_root() { _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' - _domains=$(echo "$_result" | cut -d ':' -f9 | sed -e 's/"//g' -e 's/{//g' ) + _domains=$(echo "$_result" | cut -d ':' -f9 | sed 's/"//g' | sed 's/{//g' ) _debug "_result is: $_result" _debug "_domains is: $_domains" if [ -z "$_domains" ]; then From 20f604948f943feca26b595fbeb21795c79e1a01 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 3 Oct 2021 22:31:56 +0800 Subject: [PATCH 0530/1526] Update pushbullet.sh --- notify/pushbullet.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/notify/pushbullet.sh b/notify/pushbullet.sh index 6f33b44f..76606c86 100644 --- a/notify/pushbullet.sh +++ b/notify/pushbullet.sh @@ -20,7 +20,9 @@ pushbullet_send() { _saveaccountconf_mutable PUSHBULLET_TOKEN "$PUSHBULLET_TOKEN" PUSHBULLET_DEVICE="${PUSHBULLET_DEVICE:-$(_readaccountconf_mutable PUSHBULLET_DEVICE)}" - if [ -z "$PUSHBULLET_DEVICE" ]; then + if [ -z "$PUSHBULLET_DEVICE" ]; then + _clearaccountconf_mutable PUSHBULLET_DEVICE + else _saveaccountconf_mutable PUSHBULLET_DEVICE "$PUSHBULLET_DEVICE" fi From 608547c62c292f0e3327af51572715d2dd40fc45 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 16:32:03 +0200 Subject: [PATCH 0531/1526] First jq rework - 3. redo --- dnsapi/dns_cpanel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 86d42506..e61e55ec 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -115,7 +115,7 @@ _myget() { _get_root() { _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' - _domains=$(echo "$_result" | cut -d ':' -f9 | sed 's/"//g' | sed 's/{//g' ) + _domains=$(echo "$_result" | cut -d ':' -f9 | sed 's/"//g' | sed 's/{//g') _debug "_result is: $_result" _debug "_domains is: $_domains" if [ -z "$_domains" ]; then From f2958818c8ae1bb0f915d8418247802af2ac970e Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 3 Oct 2021 22:33:41 +0800 Subject: [PATCH 0532/1526] Update pushbullet.sh --- notify/pushbullet.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/pushbullet.sh b/notify/pushbullet.sh index 76606c86..ca997c84 100644 --- a/notify/pushbullet.sh +++ b/notify/pushbullet.sh @@ -20,7 +20,7 @@ pushbullet_send() { _saveaccountconf_mutable PUSHBULLET_TOKEN "$PUSHBULLET_TOKEN" PUSHBULLET_DEVICE="${PUSHBULLET_DEVICE:-$(_readaccountconf_mutable PUSHBULLET_DEVICE)}" - if [ -z "$PUSHBULLET_DEVICE" ]; then + if [ -z "$PUSHBULLET_DEVICE" ]; then _clearaccountconf_mutable PUSHBULLET_DEVICE else _saveaccountconf_mutable PUSHBULLET_DEVICE "$PUSHBULLET_DEVICE" From 8339b88180dc5e6f99d6035aa0bbbd47a9c2d82f Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 16:34:12 +0200 Subject: [PATCH 0533/1526] First jq rework - docker fails in Github - not my fault... --- dnsapi/dns_cpanel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index e61e55ec..237ecc30 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -4,7 +4,7 @@ #Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732 # ######## Public functions ##################### - +# # Export CPANEL username,api token and hostname in the following variables # # cPanel_Username=username From be827be74218d54ca8ee38a8959321167864dbb0 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 16:48:23 +0200 Subject: [PATCH 0534/1526] First jq rework - 4. redo --- dnsapi/dns_cpanel.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 237ecc30..f0776371 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -20,6 +20,9 @@ dns_cpanel_add() { _info "Adding TXT record to cPanel based system" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" + _debug cPanel_Username "$cPanel_Username" + _debug cPanel_Apitoken "$cPanel_Apitoken" + _debug cPanel_Hostname "$cPanel_Hostname" if ! _cpanel_login; then _err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file" From 6b3d6d5211a36f722a8c8b5107b721b026343647 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 16:51:02 +0200 Subject: [PATCH 0535/1526] First jq rework - 5. redo --- dnsapi/dns_cpanel.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index f0776371..99a24965 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -24,6 +24,7 @@ dns_cpanel_add() { _debug cPanel_Apitoken "$cPanel_Apitoken" _debug cPanel_Hostname "$cPanel_Hostname" + if ! _cpanel_login; then _err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file" return 1 From 0fdac82b935117b8e689c61703eac0940247e494 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 16:55:44 +0200 Subject: [PATCH 0536/1526] First jq rework - 6. redo --- dnsapi/dns_cpanel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 99a24965..eb77179c 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -119,7 +119,7 @@ _myget() { _get_root() { _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' - _domains=$(echo "$_result" | cut -d ':' -f9 | sed 's/"//g' | sed 's/{//g') + _domains=$(echo "$_result" | cut -d ':' -f10 | sed 's/"//g' | sed 's/{//g') _debug "_result is: $_result" _debug "_domains is: $_domains" if [ -z "$_domains" ]; then From fda6502f33acf2deee09f62c0d0e422bf3fdd5d3 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 17:00:53 +0200 Subject: [PATCH 0537/1526] First jq rework - 7. redo --- dnsapi/dns_cpanel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index eb77179c..c9f62b11 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -119,7 +119,7 @@ _myget() { _get_root() { _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' - _domains=$(echo "$_result" | cut -d ':' -f10 | sed 's/"//g' | sed 's/{//g') + _domains=$(echo "$_result" | cut -d ':' -f11 | sed 's/"//g' | sed 's/{//g') _debug "_result is: $_result" _debug "_domains is: $_domains" if [ -z "$_domains" ]; then From c9b353a689fab793e95b7cf2c3da610c404fb6e9 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 17:02:24 +0200 Subject: [PATCH 0538/1526] First jq rework - 8. redo --- dnsapi/dns_cpanel.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index c9f62b11..68888842 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -24,7 +24,6 @@ dns_cpanel_add() { _debug cPanel_Apitoken "$cPanel_Apitoken" _debug cPanel_Hostname "$cPanel_Hostname" - if ! _cpanel_login; then _err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file" return 1 From 9264737985c8d35b970a1a33df98e5d7001369b1 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 17:04:49 +0200 Subject: [PATCH 0539/1526] First jq rework - 8. redo --- dnsapi/dns_cpanel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 68888842..cfd26d60 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -118,7 +118,7 @@ _myget() { _get_root() { _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' - _domains=$(echo "$_result" | cut -d ':' -f11 | sed 's/"//g' | sed 's/{//g') + _domains=$(echo "$_result" | cut -d ':' -f10 | sed 's/"//g' | sed 's/{//g') _debug "_result is: $_result" _debug "_domains is: $_domains" if [ -z "$_domains" ]; then From 3184c3c21b94c82a2404dd25cc76ce3e741293f6 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 17:10:38 +0200 Subject: [PATCH 0540/1526] First jq rework - 9. redo --- dnsapi/dns_cpanel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index cfd26d60..f0776371 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -118,7 +118,7 @@ _myget() { _get_root() { _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' - _domains=$(echo "$_result" | cut -d ':' -f10 | sed 's/"//g' | sed 's/{//g') + _domains=$(echo "$_result" | cut -d ':' -f9 | sed 's/"//g' | sed 's/{//g') _debug "_result is: $_result" _debug "_domains is: $_domains" if [ -z "$_domains" ]; then From f3cfef4021d82271938be9eeea72bd196ac23d10 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 17:40:01 +0200 Subject: [PATCH 0541/1526] First jq rework - 10. redo --- dnsapi/dns_cpanel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index f0776371..c794f121 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -118,7 +118,7 @@ _myget() { _get_root() { _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' - _domains=$(echo "$_result" | cut -d ':' -f9 | sed 's/"//g' | sed 's/{//g') + _domains=$(echo "$_result" | sed 's/.*\(zones.*\[\).*/\1/' | cut -d':' -f2 | sed 's/"//g' | sed 's/{//g') _debug "_result is: $_result" _debug "_domains is: $_domains" if [ -z "$_domains" ]; then From 7bb0ff986b3698a993aeca8094ff17b8ba634527 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 17:50:57 +0200 Subject: [PATCH 0542/1526] First jq rework - 11. redo --- dnsapi/dns_cpanel.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index c794f121..d06fcfc7 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -144,8 +144,8 @@ _findentry() { _debug "In _findentry" #returns id of dns entry, if it exists _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain" - jqquery=".cpanelresult.data[] | select(.name == \"$fulldomain.\")| {Line} | .Line" - _id=$(echo "$_result" | jq "$jqquery") + _jqquery=".cpanelresult.data[] | select(.name == \"$fulldomain.\")| {Line} | .Line" + _id="" _debug "_result is: $_result" _debug "fulldomain. is $fulldomain." _debug "_id is: $_id" From bfda8f0b8a90aac03fd30df05c0023c87d2b6509 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 17:53:59 +0200 Subject: [PATCH 0543/1526] First jq rework - 12. redo --- dnsapi/dns_cpanel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index d06fcfc7..60360ebc 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -144,7 +144,7 @@ _findentry() { _debug "In _findentry" #returns id of dns entry, if it exists _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain" - _jqquery=".cpanelresult.data[] | select(.name == \"$fulldomain.\")| {Line} | .Line" + #_jqquery=".cpanelresult.data[] | select(.name == \"$fulldomain.\")| {Line} | .Line" _id="" _debug "_result is: $_result" _debug "fulldomain. is $fulldomain." From 17b18751518847317098cd588a07cb438ae4ff21 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 18:08:21 +0200 Subject: [PATCH 0544/1526] Added proper id lookup --- dnsapi/dns_cpanel.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 60360ebc..6fb65798 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -144,8 +144,7 @@ _findentry() { _debug "In _findentry" #returns id of dns entry, if it exists _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain" - #_jqquery=".cpanelresult.data[] | select(.name == \"$fulldomain.\")| {Line} | .Line" - _id="" + _id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1 _debug "_result is: $_result" _debug "fulldomain. is $fulldomain." _debug "_id is: $_id" From 15deec6c53e0efcc3d2aae372a9357298208c888 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 18:11:28 +0200 Subject: [PATCH 0545/1526] Added proper id lookup with missing bracket --- dnsapi/dns_cpanel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 6fb65798..0c6ee223 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -144,7 +144,7 @@ _findentry() { _debug "In _findentry" #returns id of dns entry, if it exists _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain" - _id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1 + _id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1) _debug "_result is: $_result" _debug "fulldomain. is $fulldomain." _debug "_id is: $_id" From d5b4f02932972befe1a083406b21f04af0b1f8be Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 18:13:05 +0200 Subject: [PATCH 0546/1526] Added proper id lookup with whitespace removed --- dnsapi/dns_cpanel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 0c6ee223..c8f1d027 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -144,7 +144,7 @@ _findentry() { _debug "In _findentry" #returns id of dns entry, if it exists _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain" - _id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1) + _id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1) _debug "_result is: $_result" _debug "fulldomain. is $fulldomain." _debug "_id is: $_id" From 86daaf4bf21e4ee31fa3b9badaaa4a7b7ce338b2 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 18:37:51 +0200 Subject: [PATCH 0547/1526] Added remove entry debug --- dnsapi/dns_cpanel.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index c8f1d027..bdda12fa 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -72,6 +72,7 @@ dns_cpanel_rm() { _debug "Deleting record..." _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=remove_zone_record&domain=$_domain&line=$_id" # removing entry + _debug "_result is: $_result" if _successful_update; then return 0; fi _err "Couldn't delete entry!" From a95e83ab6ef4b626a504cdb8f2d7d278932bd9ef Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sun, 3 Oct 2021 18:45:21 +0200 Subject: [PATCH 0548/1526] Added txtvalue to dns lookup --- dnsapi/dns_cpanel.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index bdda12fa..98d0ef34 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -145,9 +145,10 @@ _findentry() { _debug "In _findentry" #returns id of dns entry, if it exists _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain" - _id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1) + _id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain.*$txtvalue\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1) _debug "_result is: $_result" _debug "fulldomain. is $fulldomain." + _debug "txtvalue is $txtvalue" _debug "_id is: $_id" if [ -n "$_id" ]; then _debug "Entry found with _id=$_id" From aa7bf9169f36457088799c2befbfd50a24ca14e8 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Wed, 6 Oct 2021 14:01:18 +0200 Subject: [PATCH 0549/1526] Fix Word4You dns plugin to work with current api the value for uniqueFormIdTTL is not available or needed anymore. values for 'aktivPaket' are not needed by the api. changed endpoint for deletion from `/deleteRecord` to `/dns/record/delete` --- dnsapi/dns_world4you.sh | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 9ab406f6..94b9bb64 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -36,7 +36,6 @@ dns_world4you_add() { export _H1="Cookie: W4YSESSID=$sessid" form=$(_get "$WORLD4YOU_API/$paketnr/dns") formiddp=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/') - formidttl=$(echo "$form" | grep 'AddDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="AddDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/') form_token=$(echo "$form" | grep 'AddDnsRecordForm\[_token\]' | sed 's/^.*name="AddDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/') if [ -z "$formiddp" ]; then _err "Unable to parse form" @@ -45,9 +44,7 @@ dns_world4you_add() { _resethttp export ACME_HTTP_NO_REDIRECTS=1 - body="AddDnsRecordForm[name]=$RECORD&AddDnsRecordForm[dnsType][type]=TXT&\ -AddDnsRecordForm[value]=$value&AddDnsRecordForm[aktivPaket]=$paketnr&AddDnsRecordForm[uniqueFormIdDP]=$formiddp&\ -AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_token" + body="AddDnsRecordForm[name]=$RECORD&AddDnsRecordForm[dnsType][type]=TXT&AddDnsRecordForm[value]=$value&AddDnsRecordForm[uniqueFormIdDP]=$formiddp&AddDnsRecordForm[_token]=$form_token" _info "Adding record..." ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded') _resethttp @@ -101,7 +98,6 @@ dns_world4you_rm() { form=$(_get "$WORLD4YOU_API/$paketnr/dns") formiddp=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdDP\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdDP\]" value="\([^"]*\)".*$/\1/') - formidttl=$(echo "$form" | grep 'DeleteDnsRecordForm\[uniqueFormIdTTL\]' | sed 's/^.*name="DeleteDnsRecordForm\[uniqueFormIdTTL\]" value="\([^"]*\)".*$/\1/') form_token=$(echo "$form" | grep 'DeleteDnsRecordForm\[_token\]' | sed 's/^.*name="DeleteDnsRecordForm\[_token\]" value="\([^"]*\)".*$/\1/') if [ -z "$formiddp" ]; then _err "Unable to parse form" @@ -113,11 +109,9 @@ dns_world4you_rm() { _resethttp export ACME_HTTP_NO_REDIRECTS=1 - body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[aktivPaket]=$paketnr&\ -DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[uniqueFormIdTTL]=$formidttl&\ -DeleteDnsRecordForm[_token]=$form_token" + body="DeleteDnsRecordForm[recordId]=$recordid&DeleteDnsRecordForm[uniqueFormIdDP]=$formiddp&DeleteDnsRecordForm[_token]=$form_token" _info "Removing record..." - ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/deleteRecord" '' POST 'application/x-www-form-urlencoded') + ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns/record/delete" '' POST 'application/x-www-form-urlencoded') _resethttp if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then From ea4266538ae27200d385528781a13e9986628378 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Thu, 7 Oct 2021 20:21:51 +0200 Subject: [PATCH 0550/1526] force a re-test --- dnsapi/dns_cpanel.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 98d0ef34..2ff88578 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -2,7 +2,6 @@ # #Author: Bjarne Saltbaek #Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732 -# ######## Public functions ##################### # # Export CPANEL username,api token and hostname in the following variables From e11d0d37ee3eaa0b863b8d406e2a3f85c1c52f23 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Thu, 7 Oct 2021 20:51:18 +0200 Subject: [PATCH 0551/1526] force a re-test. Le servere fails during test --- dnsapi/dns_cpanel.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 2ff88578..98d0ef34 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -2,6 +2,7 @@ # #Author: Bjarne Saltbaek #Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732 +# ######## Public functions ##################### # # Export CPANEL username,api token and hostname in the following variables From 40e8c5e2b0adbca56e8e055b46b3ebb985fc4a73 Mon Sep 17 00:00:00 2001 From: Phil Krylov Date: Fri, 8 Oct 2021 18:24:21 +0200 Subject: [PATCH 0552/1526] Don't use global variable as local in recursion context ```nginx include conf.d/*; include sites-enabled/*; ``` In this situation, after the first recursive `_checkConf` invocation 4 lines below, `$_c_file` does not contain what you expect anymore, and the second lookup checks for `conf.d/sites-enabled/*` which is obviously wrong. --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index a5ac9e47..e32693b1 100755 --- a/acme.sh +++ b/acme.sh @@ -3168,7 +3168,7 @@ _checkConf() { for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do _debug "check included $included" if ! _startswith "$included" "/" && _exists dirname; then - _relpath="$(dirname "$_c_file")" + _relpath="$(dirname "$2")" _debug "_relpath" "$_relpath" included="$_relpath/$included" fi From 1d2af0f2912f3f8dfa1a2ccb09f496279979f4d8 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Fri, 8 Oct 2021 20:10:46 +0200 Subject: [PATCH 0553/1526] force a re-test. --- dnsapi/dns_cpanel.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 98d0ef34..f91725a4 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -3,6 +3,7 @@ #Author: Bjarne Saltbaek #Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732 # +# ######## Public functions ##################### # # Export CPANEL username,api token and hostname in the following variables From 38a067e203a1cff25899407845c0cc831b40d8d3 Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 12 Oct 2021 20:55:11 +0800 Subject: [PATCH 0554/1526] fix https://github.com/acmesh-official/acme.sh/issues/3752 --- acme.sh | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/acme.sh b/acme.sh index e32693b1..66291224 100755 --- a/acme.sh +++ b/acme.sh @@ -4222,12 +4222,6 @@ issue() { return 1 fi - _debug "Using ACME_DIRECTORY: $ACME_DIRECTORY" - - if ! _initAPI; then - return 1 - fi - if [ -f "$DOMAIN_CONF" ]; then Le_NextRenewTime=$(_readdomainconf Le_NextRenewTime) _debug Le_NextRenewTime "$Le_NextRenewTime" @@ -4247,6 +4241,11 @@ issue() { fi fi + _debug "Using ACME_DIRECTORY: $ACME_DIRECTORY" + if ! _initAPI; then + return 1 + fi + _savedomainconf "Le_Domain" "$_main_domain" _savedomainconf "Le_Alt" "$_alt_domains" _savedomainconf "Le_Webroot" "$_web_roots" @@ -5131,7 +5130,6 @@ renew() { CA_CONF="" _debug3 "initpath again." _initpath "$Le_Domain" "$_isEcc" - _initAPI fi if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then From 32ea224933e138915f505ee1a7b15e65f2c0085b Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 12 Oct 2021 21:31:06 +0800 Subject: [PATCH 0555/1526] update versions --- .github/workflows/FreeBSD.yml | 6 +++--- .github/workflows/Solaris.yml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 6a82156d..316da402 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -28,7 +28,7 @@ jobs: CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" - runs-on: macos-latest + runs-on: macos-10.15 env: TEST_LOCAL: 1 TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} @@ -37,7 +37,7 @@ jobs: CA_EMAIL: ${{ matrix.CA_EMAIL }} steps: - uses: actions/checkout@v2 - - uses: vmactions/cf-tunnel@v0.0.2 + - uses: vmactions/cf-tunnel@v0.0.3 id: tunnel with: protocol: http @@ -46,7 +46,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.4 + - uses: vmactions/freebsd-vm@v0.1.5 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL' nat: | diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 9d1c46ac..723a1237 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -28,7 +28,7 @@ jobs: CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" - runs-on: macos-latest + runs-on: macos-10.15 env: TEST_LOCAL: 1 TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} @@ -37,7 +37,7 @@ jobs: CA_EMAIL: ${{ matrix.CA_EMAIL }} steps: - uses: actions/checkout@v2 - - uses: vmactions/cf-tunnel@v0.0.2 + - uses: vmactions/cf-tunnel@v0.0.3 id: tunnel with: protocol: http From 1760169ef9119259105ba5b79a730bbddd91456c Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 12 Oct 2021 23:43:20 +0800 Subject: [PATCH 0556/1526] fix Windows test --- .github/workflows/Windows.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index 36af6934..dd147e85 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -49,7 +49,7 @@ jobs: shell: cmd - name: Install cygwin additional packages run: | - C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git + C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git,xxd shell: cmd - name: Set ENV shell: cmd From 365d22d0768994b1457312803fc0913b72596c7f Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 13 Oct 2021 00:03:12 +0800 Subject: [PATCH 0557/1526] add TEST_PREFERRED_CHAIN --- .github/workflows/FreeBSD.yml | 5 ++++- .github/workflows/Linux.yml | 1 + .github/workflows/MacOS.yml | 3 +++ .github/workflows/Solaris.yml | 5 ++++- .github/workflows/Ubuntu.yml | 3 +++ .github/workflows/Windows.yml | 3 +++ 6 files changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 316da402..40da24cf 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -24,10 +24,12 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" + TEST_PREFERRED_CHAIN: Fake LE Root X2 - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" + TEST_PREFERRED_CHAIN: "" runs-on: macos-10.15 env: TEST_LOCAL: 1 @@ -35,6 +37,7 @@ jobs: CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} + TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} steps: - uses: actions/checkout@v2 - uses: vmactions/cf-tunnel@v0.0.3 @@ -48,7 +51,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/freebsd-vm@v0.1.5 with: - envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL' + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | "8080": "80" prepare: pkg install -y socat curl diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index 7e7eba87..ba81391d 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -24,6 +24,7 @@ jobs: runs-on: ubuntu-latest env: TEST_LOCAL: 1 + TEST_PREFERRED_CHAIN: Fake LE Root X2 steps: - uses: actions/checkout@v2 - name: Clone acmetest diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml index 85ec7527..db87db23 100644 --- a/.github/workflows/MacOS.yml +++ b/.github/workflows/MacOS.yml @@ -24,10 +24,12 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" + TEST_PREFERRED_CHAIN: Fake LE Root X2 - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" + TEST_PREFERRED_CHAIN: "" runs-on: macos-latest env: TEST_LOCAL: 1 @@ -35,6 +37,7 @@ jobs: CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} + TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} steps: - uses: actions/checkout@v2 - name: Install tools diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 723a1237..56c53870 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -24,10 +24,12 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" + TEST_PREFERRED_CHAIN: Fake LE Root X2 - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" + TEST_PREFERRED_CHAIN: "" runs-on: macos-10.15 env: TEST_LOCAL: 1 @@ -35,6 +37,7 @@ jobs: CA_ECDSA: ${{ matrix.CA_ECDSA }} CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} + TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} steps: - uses: actions/checkout@v2 - uses: vmactions/cf-tunnel@v0.0.3 @@ -48,7 +51,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/solaris-vm@v0.0.3 with: - envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL' + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | "8080": "80" prepare: pkgutil -y -i socat curl diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index af74965a..e5fe2901 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -24,10 +24,12 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" + TEST_PREFERRED_CHAIN: Fake LE Root X2 - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" + TEST_PREFERRED_CHAIN: "" runs-on: ubuntu-latest env: @@ -37,6 +39,7 @@ jobs: CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} NO_ECC_384: ${{ matrix.NO_ECC_384 }} + TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} steps: - uses: actions/checkout@v2 - name: Install tools diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index dd147e85..f2f687f2 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -24,10 +24,12 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" + TEST_PREFERRED_CHAIN: Fake LE Root X2 - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" + TEST_PREFERRED_CHAIN: "" runs-on: windows-latest env: TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} @@ -37,6 +39,7 @@ jobs: TEST_LOCAL: 1 #The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port. Le_HTTPPort: 8888 + TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} steps: - name: Set git to use LF run: | From 0510da0853dd25c1741709e69ce726245c240c75 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 13 Oct 2021 00:28:14 +0800 Subject: [PATCH 0558/1526] fix test chain root name. --- .github/workflows/FreeBSD.yml | 2 +- .github/workflows/Linux.yml | 2 +- .github/workflows/MacOS.yml | 2 +- .github/workflows/Solaris.yml | 2 +- .github/workflows/Ubuntu.yml | 2 +- .github/workflows/Windows.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 40da24cf..5d032769 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -24,7 +24,7 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: Fake LE Root X2 + TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index ba81391d..cba708b3 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-latest env: TEST_LOCAL: 1 - TEST_PREFERRED_CHAIN: Fake LE Root X2 + TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 steps: - uses: actions/checkout@v2 - name: Clone acmetest diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml index db87db23..4b529f6a 100644 --- a/.github/workflows/MacOS.yml +++ b/.github/workflows/MacOS.yml @@ -24,7 +24,7 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: Fake LE Root X2 + TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 56c53870..4df10099 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -24,7 +24,7 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: Fake LE Root X2 + TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index e5fe2901..28b06541 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -24,7 +24,7 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: Fake LE Root X2 + TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index f2f687f2..2d7eeeae 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -24,7 +24,7 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: Fake LE Root X2 + TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" From 21ef3b0ecf622d8209b2ac04c6c9e137f952b679 Mon Sep 17 00:00:00 2001 From: wacki4 Date: Sat, 16 Oct 2021 14:08:03 +0200 Subject: [PATCH 0559/1526] Update dns_opnsense.sh Update for opnsense regards to error in #3735 --- dnsapi/dns_opnsense.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh index 069f6c32..63723f5a 100755 --- a/dnsapi/dns_opnsense.sh +++ b/dnsapi/dns_opnsense.sh @@ -150,7 +150,7 @@ _get_root() { return 1 fi _debug h "$h" - id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":\"[^\"]*\"(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) + id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":{.*}(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) if [ -n "$id" ]; then _debug id "$id" From 00b6c6a437d2d11bbbf29c228f308d51d206b3de Mon Sep 17 00:00:00 2001 From: wacki4 Date: Sat, 16 Oct 2021 16:57:12 +0200 Subject: [PATCH 0560/1526] Update dns_opnsense.sh Correction when having many zones. --- dnsapi/dns_opnsense.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh index 63723f5a..26a422f8 100755 --- a/dnsapi/dns_opnsense.sh +++ b/dnsapi/dns_opnsense.sh @@ -150,7 +150,7 @@ _get_root() { return 1 fi _debug h "$h" - id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":{.*}(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) + id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":{\"\":{[^}]*}}(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) if [ -n "$id" ]; then _debug id "$id" From 6e7ce1eec132cd0b5e7e975ecdd03fea68c87cbe Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Wed, 20 Oct 2021 14:28:55 +0200 Subject: [PATCH 0561/1526] dns_world4you: fix for freeBSD sed Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 94b9bb64..231c34b3 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -184,7 +184,7 @@ _get_paketnr() { fqdn="$1" form="$2" - domains=$(echo "$form" | grep '^ *[A-Za-z0-9_\.-]*\.[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/') + domains=$(echo "$form" | grep '^ *[A-Za-z0-9_\.-]*\.[A-Za-z0-9_-]*$' | sed 's/^ *\(.*\)$/\1/') domain='' for domain in $domains; do if _contains "$fqdn" "$domain\$"; then From 401fd37e35c4b9e56b2fea333772530149d96281 Mon Sep 17 00:00:00 2001 From: Reto Schuettel Date: Wed, 20 Oct 2021 18:18:02 +0200 Subject: [PATCH 0562/1526] dns_gcloud: allowrecord-sets list output to be separated by 'semicolon' gcloud dns record-sets list used to separate records by comma, with version 353.0.0 the tool uses semicolons instead. --- dnsapi/dns_gcloud.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index 03060a8c..d560996c 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -163,5 +163,8 @@ _dns_gcloud_get_rrdatas() { return 1 fi ttl=$(echo "$rrdatas" | cut -f1) - rrdatas=$(echo "$rrdatas" | cut -f2 | sed 's/","/"\n"/g') + # starting with version 353.0.0 gcloud seems to + # separate records with a semicolon instead of commas + # see also https://cloud.google.com/sdk/docs/release-notes#35300_2021-08-17 + rrdatas=$(echo "$rrdatas" | cut -f2 | sed 's/"[,;]"/"\n"/g') } From a31ed4a723bf01b7ee51db5402002dfbb893c0f4 Mon Sep 17 00:00:00 2001 From: Miguel Angelo Date: Tue, 23 Jun 2020 17:55:14 -0300 Subject: [PATCH 0563/1526] Notify user about a possible problem when using synology_dsm.sh with 2fa enabled user account --- deploy/synology_dsm.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 5a70c74e..177b3fbe 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -100,6 +100,7 @@ synology_dsm_deploy() { if [ -z "$token" ]; then _err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme." _err "Check your username and password." + _err "If two-factor authentication is enabled for the user, you have to choose another user." return 1 fi sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p') From dbdcbd4b9e64acd8b0626cb6ca9a886b4693ce84 Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 2 Nov 2021 20:37:14 +0800 Subject: [PATCH 0564/1526] add set-default-chain --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index c42f4f39..fb842c83 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,6 +55,7 @@ RUN for verb in help \ deactivate-account \ set-notify \ set-default-ca \ + set-default-chain \ ; do \ printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \ ; done From 35d6da785bf6bc4fc8267bbc16057192bf9a6553 Mon Sep 17 00:00:00 2001 From: jearton Date: Thu, 4 Nov 2021 00:41:58 +0800 Subject: [PATCH 0565/1526] add support for feishu notification --- notify/feishu.sh | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 notify/feishu.sh diff --git a/notify/feishu.sh b/notify/feishu.sh new file mode 100644 index 00000000..80ae9c45 --- /dev/null +++ b/notify/feishu.sh @@ -0,0 +1,48 @@ +#!/usr/bin/env sh + +#Support feishu webhooks api + +#required +#FEISHU_WEBHOOK="xxxx" + +#optional +#FEISHU_KEYWORD="yyyy" + +# subject content statusCode +feishu_send() { + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_subject" "$_subject" + _debug "_content" "$_content" + _debug "_statusCode" "$_statusCode" + + FEISHU_WEBHOOK="${FEISHU_WEBHOOK:-$(_readaccountconf_mutable FEISHU_WEBHOOK)}" + if [ -z "$FEISHU_WEBHOOK" ]; then + FEISHU_WEBHOOK="" + _err "You didn't specify a feishu webhooks FEISHU_WEBHOOK yet." + _err "You can get yours from https://www.feishu.cn" + return 1 + fi + _saveaccountconf_mutable FEISHU_WEBHOOK "$FEISHU_WEBHOOK" + + FEISHU_KEYWORD="${FEISHU_KEYWORD:-$(_readaccountconf_mutable FEISHU_KEYWORD)}" + if [ "$FEISHU_KEYWORD" ]; then + _saveaccountconf_mutable FEISHU_KEYWORD "$FEISHU_KEYWORD" + fi + + _content=$(echo "$_content" | _json_encode) + _subject=$(echo "$_subject" | _json_encode) + _data="{\"msg_type\": \"text\", \"content\": {\"text\": \"[$FEISHU_KEYWORD]\n$_subject\n$_content\"}}" + + response="$(_post "$_data" "$FEISHU_WEBHOOK" "" "POST" "application/json")" + + if [ "$?" = "0" ] && _contains "$response" "StatusCode\":0"; then + _info "feishu webhooks event fired success." + return 0 + fi + + _err "feishu webhooks event fired error." + _err "$response" + return 1 +} \ No newline at end of file From e8756482aa5884c0c85915cfde7b38aba4d8a3ed Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 4 Nov 2021 09:42:30 +0800 Subject: [PATCH 0566/1526] Update feishu.sh --- notify/feishu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/feishu.sh b/notify/feishu.sh index 80ae9c45..18693c2d 100644 --- a/notify/feishu.sh +++ b/notify/feishu.sh @@ -45,4 +45,4 @@ feishu_send() { _err "feishu webhooks event fired error." _err "$response" return 1 -} \ No newline at end of file +} From 7d249b6d3bda3503c9a1c8c83fdead9731472f0f Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 6 Nov 2021 09:52:21 +0800 Subject: [PATCH 0567/1526] start 3.0.2 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 66291224..9d576143 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=3.0.1 +VER=3.0.2 PROJECT_NAME="acme.sh" From 6ae8d101325d2df817664e197fd72ae26347c25f Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 13 Dec 2020 15:10:42 +0800 Subject: [PATCH 0568/1526] support ip cert: rfc https://tools.ietf.org/html/rfc8738 --- acme.sh | 58 ++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 49 insertions(+), 9 deletions(-) diff --git a/acme.sh b/acme.sh index 9d576143..2ddad09e 100755 --- a/acme.sh +++ b/acme.sh @@ -59,6 +59,9 @@ VTYPE_HTTP="http-01" VTYPE_DNS="dns-01" VTYPE_ALPN="tls-alpn-01" +ID_TYPE_DNS="dns" +ID_TYPE_IP="ip" + LOCAL_ANY_ADDRESS="0.0.0.0" DEFAULT_RENEW=60 @@ -1222,19 +1225,26 @@ _createcsr() { if [ "$acmeValidationv1" ]; then domainlist="$(_idn "$domainlist")" - printf -- "\nsubjectAltName=DNS:$domainlist" >>"$csrconf" + _debug2 domainlist "$domainlist" + for dl in $(echo "$domainlist" | tr "," ' '); do + if [ "$alt" ]; then + alt="$alt,$(_getIdType "$dl" | _upper_case):$dl" + else + alt="$(_getIdType "$dl" | _upper_case):$dl" + fi + done + printf -- "\nsubjectAltName=$alt" >>"$csrconf" elif [ -z "$domainlist" ] || [ "$domainlist" = "$NO_VALUE" ]; then #single domain _info "Single domain" "$domain" - printf -- "\nsubjectAltName=DNS:$(_idn "$domain")" >>"$csrconf" + printf -- "\nsubjectAltName=$(_getIdType "$domain" | _upper_case):$(_idn "$domain")" >>"$csrconf" else domainlist="$(_idn "$domainlist")" _debug2 domainlist "$domainlist" - if _contains "$domainlist" ","; then - alt="DNS:$(_idn "$domain"),DNS:$(echo "$domainlist" | sed "s/,,/,/g" | sed "s/,/,DNS:/g")" - else - alt="DNS:$(_idn "$domain"),DNS:$domainlist" - fi + alt="$(_getIdType "$domain" | _upper_case):$domain" + for dl in $(echo "$domainlist" | tr "," ' '); do + alt="$alt,$(_getIdType "$dl" | _upper_case):$dl" + done #multi _info "Multi domain" "$alt" printf -- "\nsubjectAltName=$alt" >>"$csrconf" @@ -4174,6 +4184,36 @@ _match_issuer() { _contains "$_rootissuer" "$_missuer" } +#ip +_isIPv4() { + for seg in $(echo "$1" | tr '.' ' '); do + if [ $seg -ge 0 ] 2>/dev/null && [ $seg -le 255 ] 2>/dev/null; then + continue + fi + return 1 + done + return 0 +} + +#ip6 +_isIPv6() { + _contains "$1" ":" +} + +#ip +_isIP() { + _isIPv4 "$1" || _isIPv6 "$1" +} + +#identifier +_getIdType() { + if _isIP "$1"; then + echo "$ID_TYPE_IP"; + else + echo "$ID_TYPE_DNS"; + fi +} + #webroot, domain domainlist keylength issue() { if [ -z "$2" ]; then @@ -4330,7 +4370,7 @@ issue() { dvsep=',' if [ -z "$vlist" ]; then #make new order request - _identifiers="{\"type\":\"dns\",\"value\":\"$(_idn "$_main_domain")\"}" + _identifiers="{\"type\":\"$(_getIdType "$_main_domain")\",\"value\":\"$(_idn "$_main_domain")\"}" _w_index=1 while true; do d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")" @@ -4339,7 +4379,7 @@ issue() { if [ -z "$d" ]; then break fi - _identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$(_idn "$d")\"}" + _identifiers="$_identifiers,{\"type\":\"$(_getIdType "$d")\",\"value\":\"$(_idn "$d")\"}" done _debug2 _identifiers "$_identifiers" if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then From 737a7a2db27e3d27f79036388e55168b3bdfceb1 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 13 Dec 2020 22:04:11 +0800 Subject: [PATCH 0569/1526] add test for ipcert --- .github/workflows/PebbleStrict.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index f7907d8b..c1ea1cd2 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -35,5 +35,28 @@ jobs: run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - name: Run acmetest + run: cd ../acmetest && ./letest.sh + + PebbleStrict_IPCert: + runs-on: ubuntu-latest + env: + TestingDomain: 10.30.50.1 + ACME_DIRECTORY: https://localhost:14000/dir + HTTPS_INSECURE: 1 + Le_HTTPPort: 5002 + Le_TLSPort: 5001 + TEST_LOCAL: 1 + TEST_CA: "Pebble Intermediate CA" + TEST_IPCERT: 1 + + steps: + - uses: actions/checkout@v2 + - name: Install tools + run: sudo apt-get install -y socat + - name: Run Pebble + run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest run: cd ../acmetest && ./letest.sh \ No newline at end of file From fe77d43fa0362ad48d71c9dd2cb6416ed1a64896 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 13 Dec 2020 22:57:58 +0800 Subject: [PATCH 0570/1526] fix _deactivate for ip cert --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 2ddad09e..360fb672 100755 --- a/acme.sh +++ b/acme.sh @@ -5978,7 +5978,7 @@ _deactivate() { thumbprint="$(__calc_account_thumbprint)" fi _debug "Trigger validation." - vtype="$VTYPE_DNS" + vtype="$(_getIdType "$_d_domain")" entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" _debug entry "$entry" if [ -z "$entry" ]; then From e6e07714966d6fa35b27c58c2a23cbf7a8777ae4 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 13 Dec 2020 23:20:26 +0800 Subject: [PATCH 0571/1526] fix for ip cert alpn mode --- acme.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/acme.sh b/acme.sh index 360fb672..85c3b6dd 100755 --- a/acme.sh +++ b/acme.sh @@ -1226,6 +1226,7 @@ _createcsr() { if [ "$acmeValidationv1" ]; then domainlist="$(_idn "$domainlist")" _debug2 domainlist "$domainlist" + alt="" for dl in $(echo "$domainlist" | tr "," ' '); do if [ "$alt" ]; then alt="$alt,$(_getIdType "$dl" | _upper_case):$dl" From e488220bfc7ebeef56a0406011fec17b9bd02e5d Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 14 Dec 2020 20:13:05 +0800 Subject: [PATCH 0572/1526] fix for solaris --- acme.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index 85c3b6dd..107bd998 100755 --- a/acme.sh +++ b/acme.sh @@ -429,13 +429,11 @@ _secure_debug3() { } _upper_case() { - # shellcheck disable=SC2018,SC2019 - tr 'a-z' 'A-Z' + tr '[:lower:]' '[:upper:]' } _lower_case() { - # shellcheck disable=SC2018,SC2019 - tr 'A-Z' 'a-z' + tr '[:upper:]' '[:lower:]' } _startswith() { From 3f58823430ccecb9491e481c7a70089fb5ceaa22 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 6 Nov 2021 11:26:06 +0800 Subject: [PATCH 0573/1526] fix ip cert --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 107bd998..a385aa07 100755 --- a/acme.sh +++ b/acme.sh @@ -5941,7 +5941,7 @@ _deactivate() { _initAPI fi - _identifiers="{\"type\":\"dns\",\"value\":\"$_d_domain\"}" + _identifiers="{\"type\":\"$(_getIdType "$_d_domain")\",\"value\":\"$_d_domain\"}" if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then _err "Can not get domain new order." return 1 From b8bfb5a56cb99ce8581091c4e6e34bedff05f583 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 6 Nov 2021 11:28:11 +0800 Subject: [PATCH 0574/1526] fix format --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index a385aa07..96f90208 100755 --- a/acme.sh +++ b/acme.sh @@ -4207,9 +4207,9 @@ _isIP() { #identifier _getIdType() { if _isIP "$1"; then - echo "$ID_TYPE_IP"; + echo "$ID_TYPE_IP" else - echo "$ID_TYPE_DNS"; + echo "$ID_TYPE_DNS" fi } From f63409eed9430debea571055687e3c1e9cbb5c8b Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 6 Nov 2021 12:27:50 +0800 Subject: [PATCH 0575/1526] fix https://github.com/acmesh-official/acme.sh/issues/1559 --- acme.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 96f90208..2786bbc5 100755 --- a/acme.sh +++ b/acme.sh @@ -5713,8 +5713,16 @@ installcronjob() { if [ -f "$LE_WORKING_DIR/$PROJECT_ENTRY" ]; then lesh="\"$LE_WORKING_DIR\"/$PROJECT_ENTRY" else - _err "Can not install cronjob, $PROJECT_ENTRY not found." - return 1 + _debug "_SCRIPT_" "$_SCRIPT_" + _script="$(_readlink "$_SCRIPT_")" + _debug _script "$_script" + if [ -f "$_script" ]; then + _info "Using the current script from: $_script" + lesh="$_script" + else + _err "Can not install cronjob, $PROJECT_ENTRY not found." + return 1 + fi fi if [ "$_c_home" ]; then _c_entry="--config-home \"$_c_home\" " From ee2dab51f3a8ac4445565f9aad3e084fcafaf40f Mon Sep 17 00:00:00 2001 From: Scre13 Date: Mon, 8 Nov 2021 22:13:14 +0100 Subject: [PATCH 0576/1526] removed newline at the end of subject, added MIME-Version header --- notify/mail.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/notify/mail.sh b/notify/mail.sh index 2cbddb63..23730bef 100644 --- a/notify/mail.sh +++ b/notify/mail.sh @@ -62,7 +62,7 @@ mail_send() { fi contenttype="text/plain; charset=utf-8" - subject="=?UTF-8?B?$(echo "$_subject" | _base64)?=" + subject="=?UTF-8?B?$(printf "$_subject" "%b" | _base64)?=" result=$({ _mail_body | eval "$(_mail_cmnd)"; } 2>&1) # shellcheck disable=SC2181 @@ -131,6 +131,7 @@ _mail_body() { echo "To: $MAIL_TO" echo "Subject: $subject" echo "Content-Type: $contenttype" + echo "MIME-Version: 1.0" echo ;; esac From 95bbf1b19071c3182b5d350be571ef1ed21504c7 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 9 Nov 2021 09:30:36 +0800 Subject: [PATCH 0577/1526] Update mail.sh --- notify/mail.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/mail.sh b/notify/mail.sh index 23730bef..5a5b18e2 100644 --- a/notify/mail.sh +++ b/notify/mail.sh @@ -62,7 +62,7 @@ mail_send() { fi contenttype="text/plain; charset=utf-8" - subject="=?UTF-8?B?$(printf "$_subject" "%b" | _base64)?=" + subject="=?UTF-8?B?$(printf "%b" -- "$_subject" | _base64)?=" result=$({ _mail_body | eval "$(_mail_cmnd)"; } 2>&1) # shellcheck disable=SC2181 From 2b2845aa0729b832e5c3ade841c878b050cfdc20 Mon Sep 17 00:00:00 2001 From: Scre13 Date: Tue, 9 Nov 2021 04:28:30 +0100 Subject: [PATCH 0578/1526] removed -- at beginning of subject --- notify/mail.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/mail.sh b/notify/mail.sh index 5a5b18e2..584d650f 100644 --- a/notify/mail.sh +++ b/notify/mail.sh @@ -62,7 +62,7 @@ mail_send() { fi contenttype="text/plain; charset=utf-8" - subject="=?UTF-8?B?$(printf "%b" -- "$_subject" | _base64)?=" + subject="=?UTF-8?B?$(printf "%b" "$_subject" | _base64)?=" result=$({ _mail_body | eval "$(_mail_cmnd)"; } 2>&1) # shellcheck disable=SC2181 From eb6395a62cbeb92b08da23b681a95eab3b847bae Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 9 Nov 2021 11:48:58 +0800 Subject: [PATCH 0579/1526] Update mail.sh --- notify/mail.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/mail.sh b/notify/mail.sh index 584d650f..656dd371 100644 --- a/notify/mail.sh +++ b/notify/mail.sh @@ -62,7 +62,7 @@ mail_send() { fi contenttype="text/plain; charset=utf-8" - subject="=?UTF-8?B?$(printf "%b" "$_subject" | _base64)?=" + subject="=?UTF-8?B?$(printf -- "%b" "$_subject" | _base64)?=" result=$({ _mail_body | eval "$(_mail_cmnd)"; } 2>&1) # shellcheck disable=SC2181 From 3bcb91f6ae0c0b09203cf5a66b3aa66f76c7c527 Mon Sep 17 00:00:00 2001 From: F-Plass <60349140+F-Plass@users.noreply.github.com> Date: Thu, 11 Nov 2021 23:03:00 +0100 Subject: [PATCH 0580/1526] Update truenas.sh solved the problem of UI-Restart after 12.0-U3 --- deploy/truenas.sh | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 7d8f3238..6f1a31b0 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -35,19 +35,6 @@ truenas_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - if _exists "curl"; then - _debug "curl found, no Message to restartUI error" - else - if _exists "wget"; then - _err "Until Version of TrueNAS is older than TrueNAS-12.0-U2 there are problems with using wget" - _err "There is a bug when using the API Call restartUI with wget" - _err "The API call does not give any response, whit wget the api call restartUI would be called about 20 times" - _err "Please use curl!" - _err "Bug Report at https://jira.ixsystems.com/browse/NAS-109435" - return 1 - fi - fi - _getdeployconf DEPLOY_TRUENAS_APIKEY if [ -z "$DEPLOY_TRUENAS_APIKEY" ]; then @@ -182,9 +169,6 @@ truenas_deploy() { _info "Reload WebUI from TrueNAS" _restart_UI=$(_get "$_api_url/system/general/ui_restart") - _info "Until Version of TrueNAS is older than TrueNAS-12.0-U3 curl returns error 52" - _info "This is not a problem for tis scipt" - _info "See Bugreport: https://jira.ixsystems.com/browse/NAS-109435" _debug2 _restart_UI "$_restart_UI" if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ]; then From 18e4d270d991b772ecd24d4751304372810e7eb3 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 13 Nov 2021 15:23:32 +0800 Subject: [PATCH 0581/1526] fix https://github.com/acmesh-official/acme.sh/issues/3806 --- acme.sh | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index 2786bbc5..d2e8b04d 100755 --- a/acme.sh +++ b/acme.sh @@ -429,17 +429,27 @@ _secure_debug3() { } _upper_case() { - tr '[:lower:]' '[:upper:]' + if _is_solaris; then + tr '[:lower:]' '[:upper:]' + else + # shellcheck disable=SC2018,SC2019 + tr 'a-z' 'A-Z' + fi } _lower_case() { - tr '[:upper:]' '[:lower:]' + if _is_solaris; then + tr '[:upper:]' '[:lower:]' + else + # shellcheck disable=SC2018,SC2019 + tr 'A-Z' 'a-z' + fi } _startswith() { _str="$1" _sub="$2" - echo "$_str" | grep "^$_sub" >/dev/null 2>&1 + echo "$_str" | grep -- "^$_sub" >/dev/null 2>&1 } _endswith() { From 4635dacf7ff0285f523b7a7b3fc9b54e8f40891a Mon Sep 17 00:00:00 2001 From: Nasser Alansari Date: Sat, 13 Nov 2021 12:56:10 +0300 Subject: [PATCH 0582/1526] Add SYNO_TOTP_SECRET for user with two-factor authentication --- deploy/synology_dsm.sh | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 177b3fbe..66e28f93 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -2,8 +2,7 @@ # Here is a script to deploy cert to Synology DSM # -# it requires the jq and curl are in the $PATH and the following -# environment variables must be set: +# It requires following environment variables: # # SYNO_Username - Synology Username to login (must be an administrator) # SYNO_Password - Synology Password to login @@ -16,6 +15,12 @@ # SYNO_Hostname - defaults to localhost # SYNO_Port - defaults to 5000 # SYNO_DID - device ID to skip OTP - defaults to empty +# SYNO_TOTP_SECRET - TOTP secret to generate OTP - defaults to empty +# +# Dependencies: +# ------------- +# - jq and curl +# - oathtool (When using 2 Factor Authentication and SYNO_TOTP_SECRET is set) # #returns 0 means success, otherwise error. @@ -36,6 +41,7 @@ synology_dsm_deploy() { _getdeployconf SYNO_Password _getdeployconf SYNO_Create _getdeployconf SYNO_DID + _getdeployconf SYNO_TOTP_SECRET if [ -z "${SYNO_Username:-}" ] || [ -z "${SYNO_Password:-}" ]; then _err "SYNO_Username & SYNO_Password must be set" return 1 @@ -86,13 +92,18 @@ synology_dsm_deploy() { encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)" encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)" + otp_code="" + if [ -n "$SYNO_TOTP_SECRET" ]; then + otp_code="$(oathtool --base32 --totp "${SYNO_TOTP_SECRET}" 2>/dev/null)" + fi + if [ -n "$SYNO_DID" ]; then _H1="Cookie: did=$SYNO_DID" export _H1 _debug3 H1 "${_H1}" fi - response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes" "$_base_url/webapi/auth.cgi?enable_syno_token=yes") + response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$otp_code" "$_base_url/webapi/auth.cgi?enable_syno_token=yes") token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p') _debug3 response "$response" _debug token "$token" @@ -100,7 +111,7 @@ synology_dsm_deploy() { if [ -z "$token" ]; then _err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme." _err "Check your username and password." - _err "If two-factor authentication is enabled for the user, you have to choose another user." + _err "If two-factor authentication is enabled for the user, set SYNO_TOTP_SECRET." return 1 fi sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p') @@ -113,6 +124,7 @@ synology_dsm_deploy() { _savedeployconf SYNO_Username "$SYNO_Username" _savedeployconf SYNO_Password "$SYNO_Password" _savedeployconf SYNO_DID "$SYNO_DID" + _savedeployconf SYNO_TOTP_SECRET "$SYNO_TOTP_SECRET" _info "Getting certificates in Synology DSM" response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi") From 5e5ba116010b0f2aef39b4adba864288646a5386 Mon Sep 17 00:00:00 2001 From: Hao Guan <10684225+hguandl@users.noreply.github.com> Date: Sun, 21 Nov 2021 02:39:46 +0800 Subject: [PATCH 0583/1526] Add iOS Bark notify hook. --- notify/bark.sh | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 notify/bark.sh diff --git a/notify/bark.sh b/notify/bark.sh new file mode 100644 index 00000000..bbd5bf34 --- /dev/null +++ b/notify/bark.sh @@ -0,0 +1,51 @@ +#!/usr/bin/env sh + +#Support iOS Bark Notification + +#BARK_API_URL="https://api.day.app/xxxx" +#BARK_SOUND="yyyy" +#BARK_GROUP="zzzz" + +# subject content statusCode +bark_send() { + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_subject" "$_subject" + _debug "_content" "$_content" + _debug "_statusCode" "$_statusCode" + + BARK_API_URL="${BARK_API_URL:-$(_readaccountconf_mutable BARK_API_URL)}" + if [ -z "$BARK_API_URL" ]; then + BARK_API_URL="" + _err "You didn't specify a Bark API URL BARK_API_URL yet." + _err "You can download Bark from App Store and get yours." + return 1 + fi + _saveaccountconf_mutable BARK_API_URL "$BARK_API_URL" + + BARK_SOUND="${BARK_SOUND:-$(_readaccountconf_mutable BARK_SOUND)}" + _saveaccountconf_mutable BARK_SOUND "$BARK_SOUND" + + BARK_GROUP="${BARK_GROUP:-$(_readaccountconf_mutable BARK_GROUP)}" + if [ -z "$BARK_GROUP" ]; then + BARK_GROUP="ACME" + _info "The BARK_GROUP is not set, so use the default ACME as group name." + else + _saveaccountconf_mutable BARK_GROUP "$BARK_GROUP" + fi + + _content=$(echo "$_content" | _url_encode) + _subject=$(echo "$_subject" | _url_encode) + + response="$(_get "$BARK_API_URL/$_subject/$_content?sound=$BARK_SOUND&group=$BARK_GROUP")" + + if [ "$?" = "0" ] && _contains "$response" "success"; then + _info "Bark API fired success." + return 0 + fi + + _err "Bark API fired error." + _err "$response" + return 1 +} From ba442354719632a79bdbd409d3faf15ab77214fe Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 30 Nov 2021 13:10:39 +0800 Subject: [PATCH 0584/1526] Update DNS.yml --- .github/workflows/DNS.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 13066fdd..56781fff 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -170,7 +170,7 @@ jobs: ./letest.sh FreeBSD: - runs-on: macos-latest + runs-on: macos-10.15 needs: Windows env: TEST_DNS : ${{ secrets.TEST_DNS }} @@ -209,7 +209,7 @@ jobs: ./letest.sh Solaris: - runs-on: macos-latest + runs-on: macos-10.15 needs: FreeBSD env: TEST_DNS : ${{ secrets.TEST_DNS }} From ccd3d96942803905c5b650800314ecd510a1da0a Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 5 Dec 2021 16:15:39 +0800 Subject: [PATCH 0585/1526] upgrade Solaris --- .github/workflows/DNS.yml | 2 +- .github/workflows/Solaris.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 56781fff..2b15e14c 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -223,7 +223,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.3 + - uses: vmactions/solaris-vm@v0.0.4 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkgutil -y -i socat diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 4df10099..a5f5bc7d 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -40,7 +40,7 @@ jobs: TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} steps: - uses: actions/checkout@v2 - - uses: vmactions/cf-tunnel@v0.0.3 + - uses: vmactions/cf-tunnel@v0.0.4 id: tunnel with: protocol: http From f66d9e1a2272fb960f2923b1440bfb6c8d00151f Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 5 Dec 2021 18:23:19 +0800 Subject: [PATCH 0586/1526] fix for OpenBSD7 https://github.com/acmesh-official/acme.sh/issues/3833 --- acme.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index d2e8b04d..96392f5b 100755 --- a/acme.sh +++ b/acme.sh @@ -4196,7 +4196,12 @@ _match_issuer() { #ip _isIPv4() { for seg in $(echo "$1" | tr '.' ' '); do - if [ $seg -ge 0 ] 2>/dev/null && [ $seg -le 255 ] 2>/dev/null; then + _debug2 seg "$seg" + if [ "$(echo "$seg" | tr -d [0-9])" ]; then + #not all number + return 1 + fi + if [ $seg -ge 0 ] && [ $seg -lt 256 ]; then continue fi return 1 From bdf8bf391c3f5f0cdbd7078984caf3b4a69790e4 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 5 Dec 2021 21:05:18 +0800 Subject: [PATCH 0587/1526] pass TEST_DNS_NO_SUBDOMAIN --- .github/workflows/DNS.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 2b15e14c..47bbc48f 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -49,6 +49,7 @@ jobs: TEST_DNS : ${{ secrets.TEST_DNS }} TestingDomain: ${{ secrets.TestingDomain }} TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 From 66da6f18e362bb6604c7f219778e9c29a75051a4 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 6 Dec 2021 22:03:38 +0800 Subject: [PATCH 0588/1526] add TEST_DNS_NO_SUBDOMAIN --- .github/workflows/DNS.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 47bbc48f..fc3886f2 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -88,6 +88,7 @@ jobs: TEST_DNS : ${{ secrets.TEST_DNS }} TestingDomain: ${{ secrets.TestingDomain }} TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 @@ -125,6 +126,7 @@ jobs: TEST_DNS : ${{ secrets.TEST_DNS }} TestingDomain: ${{ secrets.TestingDomain }} TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 @@ -177,6 +179,7 @@ jobs: TEST_DNS : ${{ secrets.TEST_DNS }} TestingDomain: ${{ secrets.TestingDomain }} TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 @@ -187,7 +190,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/freebsd-vm@v0.1.4 with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl usesh: true run: | @@ -216,6 +219,7 @@ jobs: TEST_DNS : ${{ secrets.TEST_DNS }} TestingDomain: ${{ secrets.TestingDomain }} TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 @@ -226,7 +230,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/solaris-vm@v0.0.4 with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkgutil -y -i socat run: | pkg set-mediator -v -I default@1.1 openssl From 225707c877cad8d9ab7fd5c4f40d3750be727e7f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jens=20Mei=C3=9Fner?= Date: Sun, 12 Dec 2021 14:17:13 +0100 Subject: [PATCH 0589/1526] [dns_knot] Use key command instead of command line argument to transmit dns key data. --- dnsapi/dns_knot.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_knot.sh b/dnsapi/dns_knot.sh index 094a6981..729a89cb 100644 --- a/dnsapi/dns_knot.sh +++ b/dnsapi/dns_knot.sh @@ -19,8 +19,9 @@ dns_knot_add() { _info "Adding ${fulldomain}. 60 TXT \"${txtvalue}\"" - knsupdate -y "${KNOT_KEY}" < Date: Mon, 13 Dec 2021 20:04:23 +0800 Subject: [PATCH 0590/1526] fix tunnel version --- .github/workflows/Solaris.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index a5f5bc7d..f0f2f670 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -40,7 +40,7 @@ jobs: TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} steps: - uses: actions/checkout@v2 - - uses: vmactions/cf-tunnel@v0.0.4 + - uses: vmactions/cf-tunnel@v0.0.3 id: tunnel with: protocol: http @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.3 + - uses: vmactions/solaris-vm@v0.0.4 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From 342bce216826eaebdda0aa48cde4271e65285e0d Mon Sep 17 00:00:00 2001 From: Joel Pearson Date: Mon, 13 Dec 2021 17:15:49 +1100 Subject: [PATCH 0591/1526] Allow optional "NEW" in CSR header and footer When generating a CSR in Windows it seems to create a CSR header that looks like "-----BEGIN NEW CERTIFICATE REQUEST-----", but the addition of "NEW" breaks the parsing of the CSR. Making "NEW " optional fixes the problem. Apparently certbot is tolerant of both forms, see: https://community.letsencrypt.org/t/error-parsing-certificate-request-resolved/40039/6 for more information. --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 96392f5b..87322a69 100755 --- a/acme.sh +++ b/acme.sh @@ -80,8 +80,8 @@ NGINX="nginx:" NGINX_START="#ACME_NGINX_START" NGINX_END="#ACME_NGINX_END" -BEGIN_CSR="-----BEGIN CERTIFICATE REQUEST-----" -END_CSR="-----END CERTIFICATE REQUEST-----" +BEGIN_CSR="-----BEGIN [NEW ]\{0,4\}CERTIFICATE REQUEST-----" +END_CSR="-----END [NEW ]\{0,4\}CERTIFICATE REQUEST-----" BEGIN_CERT="-----BEGIN CERTIFICATE-----" END_CERT="-----END CERTIFICATE-----" From 3105235a7a14b003e791780fb865ca7065457a45 Mon Sep 17 00:00:00 2001 From: Christian Burmeister Date: Tue, 21 Dec 2021 22:20:42 +0100 Subject: [PATCH 0592/1526] Update Dockerfile - alpine:3.12 -> alpine:3.15 The support for the base image alpine:3.12 will expire in 4 months (https://endoflife.date/alpine), so it would make sense to upgrade to the current version alpine:3.15. I was able to create the acme.sh image with the new alpine:3.15 version without errors and also create and deploy a certificate, but further testing would be useful. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fb842c83..4046c726 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.12 +FROM alpine:3.15 RUN apk --no-cache add -f \ openssl \ From 052b45a5101a42a592596a88ed989c6b36f813e2 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 25 Dec 2021 09:57:58 +0800 Subject: [PATCH 0593/1526] upgrade solaris vm --- .github/workflows/DNS.yml | 2 +- .github/workflows/Solaris.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index fc3886f2..32d97614 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -228,7 +228,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.4 + - uses: vmactions/solaris-vm@v0.0.5 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkgutil -y -i socat diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index f0f2f670..77fdcc9a 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.4 + - uses: vmactions/solaris-vm@v0.0.5 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From 9769afb944e791f5f8625aa8b890dca129bf8d5b Mon Sep 17 00:00:00 2001 From: racitup Date: Fri, 10 Dec 2021 01:10:41 +0000 Subject: [PATCH 0594/1526] feat: Mythic Beasts DNS API script --- dnsapi/dns_mythic_beasts.sh | 230 ++++++++++++++++++++++++++++++++++++ 1 file changed, 230 insertions(+) create mode 100755 dnsapi/dns_mythic_beasts.sh diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh new file mode 100755 index 00000000..2d1b6551 --- /dev/null +++ b/dnsapi/dns_mythic_beasts.sh @@ -0,0 +1,230 @@ +#!/usr/bin/env sh +# Mythic Beasts is a long-standing UK service provider using standards-based OAuth2 authentication +# To test: ./acme.sh --dns dns_mythic_beasts --test --debug 1 --output-insecure --issue --domain domain.com +# Cannot retest once cert is issued +# OAuth2 tokens only valid for 300 seconds so we do not store +# NOTE: This will remove all TXT records matching the fulldomain, not just the added ones (_acme-challenge.www.domain.com) + +# Test OAuth2 credentials +#MB_AK="aaaaaaaaaaaaaaaa" +#MB_AS="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" + +# URLs +MB_API='https://api.mythic-beasts.com/dns/v2/zones' +MB_AUTH='https://auth.mythic-beasts.com/login' + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_mythic_beasts_add() { + fulldomain=$1 + txtvalue=$2 + + _info "MYTHIC BEASTS Adding record $fulldomain = $txtvalue" + if ! _initAuth; then + return 1 + fi + + if ! _get_root "$fulldomain"; then + return 1 + fi + + # method path body_data + if _mb_rest POST "$_domain/records/$_sub_domain/TXT" "$txtvalue"; then + + if _contains "$response" "1 records added"; then + _info "Added, verifying..." + # Max 120 seconds to publish + for i in $(seq 1 6); do + # Retry on error + if ! _mb_rest GET "$_domain/records/$_sub_domain/TXT?verify"; then + _sleep 20 + else + _info "Record published!" + return 0 + fi + done + + else + _err "\n$response" + fi + + fi + _err "Add txt record error." + return 1 +} + +#Usage: rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_mythic_beasts_rm() { + fulldomain=$1 + txtvalue=$2 + + _info "MYTHIC BEASTS Removing record $fulldomain = $txtvalue" + if ! _initAuth; then + return 1 + fi + + if ! _get_root "$fulldomain"; then + return 1 + fi + + # method path body_data + if _mb_rest DELETE "$_domain/records/$_sub_domain/TXT" "$txtvalue"; then + _info "Record removed" + return 0 + fi + _err "Remove txt record error." + return 1 +} + +#################### Private functions below ################################## + +#Possible formats: +# _acme-challenge.www.example.com +# _acme-challenge.example.com +# _acme-challenge.example.co.uk +# _acme-challenge.www.example.co.uk +# _acme-challenge.sub1.sub2.www.example.co.uk +# sub1.sub2.example.co.uk +# example.com +# example.co.uk +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +_get_root() { + domain=$1 + i=1 + p=1 + + _debug "Detect the root zone" + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + if [ -z "$h" ]; then + _err "Domain exhausted" + return 1 + fi + + # Use the status errors to find the domain, continue on 403 Access denied + # method path body_data + _mb_rest GET "$h/records" + ret="$?" + if [ "$ret" -eq 0 ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + return 0 + elif [ "$ret" -eq 1 ]; then + return 1 + fi + + p=$i + i=$(_math "$i" + 1) + + if [ "$i" -gt 50 ]; then + break + fi + done + _err "Domain too long" + return 1 +} + +_initAuth() { + MB_AK="${MB_AK:-$(_readaccountconf_mutable MB_AK)}" + MB_AS="${MB_AS:-$(_readaccountconf_mutable MB_AS)}" + + if [ -z "$MB_AK" ] || [ -z "$MB_AS" ]; then + MB_AK="" + MB_AS="" + _err "Please specify an OAuth2 Key & Secret" + return 1 + fi + + _saveaccountconf_mutable MB_AK "$MB_AK" + _saveaccountconf_mutable MB_AS "$MB_AS" + + if ! _oauth2; then + return 1 + fi + + _info "Checking authentication" + _secure_debug access_token "$MB_TK" + _sleep 1 + + # GET a list of zones + # method path body_data + if ! _mb_rest GET ""; then + _err "The token is invalid" + return 1 + fi + _info "Token OK" + return 0 +} + +_oauth2() { + # HTTP Basic Authentication + _H1="Authorization: Basic $(echo "$MB_AK:$MB_AS" | _base64)" + _H2="Accepts: application/json" + export _H1 _H2 + body="grant_type=client_credentials" + + _info "Getting OAuth2 token..." + # body url [needbase64] [POST|PUT|DELETE] [ContentType] + response="$(_post "$body" "$MB_AUTH" "" "POST" "application/x-www-form-urlencoded")" + if _contains "$response" "\"token_type\":\"bearer\""; then + MB_TK="$(echo "$response" | _egrep_o "access_token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')" + if [ -z "$MB_TK" ]; then + _err "Unable to get access_token" + _err "\n$response" + return 1 + fi + else + _err "OAuth2 token_type not Bearer" + _err "\n$response" + return 1 + fi + _debug2 response "$response" + return 0 +} + +# method path body_data +_mb_rest() { + # URL encoded body for single API operations + m="$1" + ep="$2" + data="$3" + + if [ -z "$ep" ]; then + _mb_url="$MB_API" + else + _mb_url="$MB_API/$ep" + fi + + _H1="Authorization: Bearer $MB_TK" + _H2="Accepts: application/json" + export _H1 _H2 + if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] || [ "$m" = "DELETE" ]; then + # body url [needbase64] [POST|PUT|DELETE] [ContentType] + response="$(_post "data=$data" "$_mb_url" "" "$m" "application/x-www-form-urlencoded")" + else + response="$(_get "$_mb_url")" + fi + + if [ "$?" != "0" ]; then + _err "Request error" + return 1 + fi + + header="$(cat "$HTTP_HEADER")" + status="$(echo "$header" | _egrep_o "^HTTP[^ ]* .*$" | cut -d " " -f 2-100 | tr -d "\f\n")" + code="$(echo "$status" | _egrep_o "^[0-9]*")" + if [ "$code" -ge 400 ] || _contains "$response" "\"error\"" || _contains "$response" "invalid_client"; then + _err "error $status" + _err "\n$response" + _debug "\n$header" + return 2 + fi + + _debug2 response "$response" + return 0 +} From 962ce380cdc3ff74d956b5eb8a6d6a4103f19f4f Mon Sep 17 00:00:00 2001 From: racitup Date: Mon, 20 Dec 2021 00:31:15 +0000 Subject: [PATCH 0595/1526] fix: floating token for github --- dnsapi/dns_mythic_beasts.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 2d1b6551..3cff3b02 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -161,7 +161,20 @@ _initAuth() { return 0 } +# Github appears to use an outbound proxy for requests which means subsequent requests may not have the same +# source IP. The standard Mythic Beasts OAuth2 tokens are tied to an IP, meaning github test requests fail +# authentication. This works arounds this by using an undocumented MB API to obtain a token not tied to an +# IP just for the github tests. _oauth2() { + printenv + if [ -z "$TEST_DNS_SLEEP" ]; then + return _oauth2_std + else + return _oauth2_github + fi +} + +_oauth2_std() { # HTTP Basic Authentication _H1="Authorization: Basic $(echo "$MB_AK:$MB_AS" | _base64)" _H2="Accepts: application/json" @@ -187,6 +200,24 @@ _oauth2() { return 0 } +_oauth2_github() { + _H1="Accepts: application/json" + export _H1 + body="{\"login\":{\"handle\":$MB_AK,\"pass\":$MB_AS,\"floating\":1}}" + + _info "Getting Floating token..." + # body url [needbase64] [POST|PUT|DELETE] [ContentType] + response="$(_post "$body" "$MB_AUTH" "" "POST" "application/json")" + MB_TK="$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')" + if [ -z "$MB_TK" ]; then + _err "Unable to get access_token" + _err "\n$response" + return 1 + fi + _debug2 response "$response" + return 0 +} + # method path body_data _mb_rest() { # URL encoded body for single API operations From bf66df2a291aa503bbf47a670d50d00fb7d8c259 Mon Sep 17 00:00:00 2001 From: racitup Date: Mon, 20 Dec 2021 00:35:14 +0000 Subject: [PATCH 0596/1526] fix: correct return value --- dnsapi/dns_mythic_beasts.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 3cff3b02..9de5d34c 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -168,10 +168,11 @@ _initAuth() { _oauth2() { printenv if [ -z "$TEST_DNS_SLEEP" ]; then - return _oauth2_std + _oauth2_std else - return _oauth2_github + _oauth2_github fi + return $? } _oauth2_std() { From 9c4ac24a66bea1f2ef1c6ea40441fba84e663f07 Mon Sep 17 00:00:00 2001 From: racitup Date: Mon, 20 Dec 2021 00:50:33 +0000 Subject: [PATCH 0597/1526] fix: debugging --- dnsapi/dns_mythic_beasts.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 9de5d34c..96230bf1 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -166,7 +166,7 @@ _initAuth() { # authentication. This works arounds this by using an undocumented MB API to obtain a token not tied to an # IP just for the github tests. _oauth2() { - printenv + _info "$(printenv)" if [ -z "$TEST_DNS_SLEEP" ]; then _oauth2_std else @@ -211,7 +211,7 @@ _oauth2_github() { response="$(_post "$body" "$MB_AUTH" "" "POST" "application/json")" MB_TK="$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')" if [ -z "$MB_TK" ]; then - _err "Unable to get access_token" + _err "Unable to get token" _err "\n$response" return 1 fi From 6351b5d0dc6a30e77ff3191f71f5f3bc66fc3cd3 Mon Sep 17 00:00:00 2001 From: racitup Date: Mon, 20 Dec 2021 00:58:37 +0000 Subject: [PATCH 0598/1526] fix: github switch --- dnsapi/dns_mythic_beasts.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 96230bf1..8956ec36 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -166,8 +166,8 @@ _initAuth() { # authentication. This works arounds this by using an undocumented MB API to obtain a token not tied to an # IP just for the github tests. _oauth2() { - _info "$(printenv)" - if [ -z "$TEST_DNS_SLEEP" ]; then + _info "DOMAIN: $TEST_DNS" + if [ "$TEST_DNS" != "dns_mythic_beasts" ]; then _oauth2_std else _oauth2_github From d940f17390785693a68bb414b0dd8318a6693460 Mon Sep 17 00:00:00 2001 From: racitup Date: Mon, 20 Dec 2021 01:09:02 +0000 Subject: [PATCH 0599/1526] fix: token request body quoting --- dnsapi/dns_mythic_beasts.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 8956ec36..77eed04f 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -166,7 +166,6 @@ _initAuth() { # authentication. This works arounds this by using an undocumented MB API to obtain a token not tied to an # IP just for the github tests. _oauth2() { - _info "DOMAIN: $TEST_DNS" if [ "$TEST_DNS" != "dns_mythic_beasts" ]; then _oauth2_std else @@ -204,7 +203,7 @@ _oauth2_std() { _oauth2_github() { _H1="Accepts: application/json" export _H1 - body="{\"login\":{\"handle\":$MB_AK,\"pass\":$MB_AS,\"floating\":1}}" + body="{\"login\":{\"handle\":\"$MB_AK\",\"pass\":\"$MB_AS\",\"floating\":1}}" _info "Getting Floating token..." # body url [needbase64] [POST|PUT|DELETE] [ContentType] From ce47ccecc4b290609728f50b89d270579664c7fe Mon Sep 17 00:00:00 2001 From: racitup Date: Tue, 28 Dec 2021 14:45:02 +0000 Subject: [PATCH 0600/1526] fix: Neilpang review --- dnsapi/dns_mythic_beasts.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 77eed04f..294ae84c 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -163,13 +163,13 @@ _initAuth() { # Github appears to use an outbound proxy for requests which means subsequent requests may not have the same # source IP. The standard Mythic Beasts OAuth2 tokens are tied to an IP, meaning github test requests fail -# authentication. This works arounds this by using an undocumented MB API to obtain a token not tied to an +# authentication. This is a work around using an undocumented MB API to obtain a token not tied to an # IP just for the github tests. _oauth2() { - if [ "$TEST_DNS" != "dns_mythic_beasts" ]; then - _oauth2_std - else + if [ "$GITHUB_ACTIONS" = "true" ]; then _oauth2_github + else + _oauth2_std fi return $? } From 424cc46db0c138037106a7a51ad504cfba0b646f Mon Sep 17 00:00:00 2001 From: Viktor G Date: Thu, 30 Dec 2021 18:06:17 +0300 Subject: [PATCH 0601/1526] DNS-ISPConfig ISPC_Api_Insecure argument check fix --- dnsapi/dns_ispconfig.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_ispconfig.sh b/dnsapi/dns_ispconfig.sh index e68ddd49..765e0eb5 100755 --- a/dnsapi/dns_ispconfig.sh +++ b/dnsapi/dns_ispconfig.sh @@ -32,7 +32,7 @@ dns_ispconfig_rm() { #################### Private functions below ################################## _ISPC_credentials() { - if [ -z "${ISPC_User}" ] || [ -z "$ISPC_Password" ] || [ -z "${ISPC_Api}" ] || [ -z "${ISPC_Api_Insecure}" ]; then + if [ -z "${ISPC_User}" ] || [ -z "$ISPC_Password" ] || [ -z "${ISPC_Api}" ] || [ -n "${ISPC_Api_Insecure}" ]; then ISPC_User="" ISPC_Password="" ISPC_Api="" From 82e8792737ef88c527e75e51260fb25c53ccb5ec Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 3 Jan 2022 11:20:53 +0800 Subject: [PATCH 0602/1526] send notifications for renew command https://github.com/acmesh-official/acme.sh/issues/3869#issuecomment-1003546762 --- acme.sh | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/acme.sh b/acme.sh index 96392f5b..65ed2fd4 100755 --- a/acme.sh +++ b/acme.sh @@ -5254,13 +5254,13 @@ renewAll() { _error_level="$NOTIFY_LEVEL_RENEW" _notify_code=0 fi - if [ "$_ACME_IN_CRON" ]; then - if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ]; then - if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then - _send_notify "Renew $d success" "Good, the cert is renewed." "$NOTIFY_HOOK" 0 - fi + + if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ]; then + if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then + _send_notify "Renew $d success" "Good, the cert is renewed." "$NOTIFY_HOOK" 0 fi fi + _success_msg="${_success_msg} $d " elif [ "$rc" = "$RENEW_SKIP" ]; then @@ -5268,13 +5268,13 @@ renewAll() { _error_level="$NOTIFY_LEVEL_SKIP" _notify_code=$RENEW_SKIP fi - if [ "$_ACME_IN_CRON" ]; then - if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then - if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then - _send_notify "Renew $d skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP" - fi + + if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then + if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then + _send_notify "Renew $d skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP" fi fi + _info "Skipped $d" _skipped_msg="${_skipped_msg} $d " @@ -5283,13 +5283,13 @@ renewAll() { _error_level="$NOTIFY_LEVEL_ERROR" _notify_code=1 fi - if [ "$_ACME_IN_CRON" ]; then - if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ]; then - if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then - _send_notify "Renew $d error" "There is an error." "$NOTIFY_HOOK" 1 - fi + + if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ]; then + if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then + _send_notify "Renew $d error" "There is an error." "$NOTIFY_HOOK" 1 fi fi + _error_msg="${_error_msg} $d " if [ "$_stopRenewOnError" ]; then @@ -5304,7 +5304,7 @@ renewAll() { done _debug _error_level "$_error_level" _debug _set_level "$_set_level" - if [ "$_ACME_IN_CRON" ] && [ $_error_level -le $_set_level ]; then + if [ $_error_level -le $_set_level ]; then if [ -z "$NOTIFY_MODE" ] || [ "$NOTIFY_MODE" = "$NOTIFY_MODE_BULK" ]; then _msg_subject="Renew" if [ "$_error_msg" ]; then From eeee30ca03ab5ea4e402a3043aa13d082199da7b Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 3 Jan 2022 11:46:12 +0800 Subject: [PATCH 0603/1526] fix https://github.com/acmesh-official/acme.sh/issues/3869 --- acme.sh | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 65ed2fd4..9fc44610 100755 --- a/acme.sh +++ b/acme.sh @@ -5154,7 +5154,7 @@ renew() { _isEcc="$2" _initpath "$Le_Domain" "$_isEcc" - + _set_level=${NOTIFY_LEVEL:-$NOTIFY_LEVEL_DEFAULT} _info "$(__green "Renew: '$Le_Domain'")" if [ ! -f "$DOMAIN_CONF" ]; then _info "'$Le_Domain' is not an issued domain, skip." @@ -5189,6 +5189,11 @@ renew() { if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then _info "Skip, Next renewal time is: $(__green "$Le_NextRenewTimeStr")" _info "Add '$(__red '--force')' to force to renew." + if [ -z "$_ACME_IN_RENEWALL" ]; then + if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then + _send_notify "Renew $Le_Domain skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP" + fi + fi return "$RENEW_SKIP" fi @@ -5215,6 +5220,17 @@ renew() { fi _ACME_IS_RENEW="" + if [ -z "$_ACME_IN_RENEWALL" ]; then + if [ "$res" = "0" ]; then + if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ]; then + _send_notify "Renew $d success" "Good, the cert is renewed." "$NOTIFY_HOOK" 0 + fi + else + if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ]; then + _send_notify "Renew $d error" "There is an error." "$NOTIFY_HOOK" 1 + fi + fi + fi return "$res" } @@ -5232,6 +5248,7 @@ renewAll() { _notify_code=$RENEW_SKIP _set_level=${NOTIFY_LEVEL:-$NOTIFY_LEVEL_DEFAULT} _debug "_set_level" "$_set_level" + export _ACME_IN_RENEWALL=1 for di in "${CERT_HOME}"/*.*/; do _debug di "$di" if ! [ -d "$di" ]; then From dd2a4205787eaa9efad352d3903f25480ea49c92 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 3 Jan 2022 12:38:59 +0800 Subject: [PATCH 0604/1526] add `--info` command to show the global configs or domain configs. https://github.com/acmesh-official/acme.sh/issues/2444 --- Dockerfile | 1 + acme.sh | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/Dockerfile b/Dockerfile index 4046c726..0421da34 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,6 +40,7 @@ RUN for verb in help \ revoke \ remove \ list \ + info \ showcsr \ install-cronjob \ uninstall-cronjob \ diff --git a/acme.sh b/acme.sh index 9fc44610..fe4dc1bd 100755 --- a/acme.sh +++ b/acme.sh @@ -144,6 +144,8 @@ NOTIFY_MODE_CERT=1 NOTIFY_MODE_DEFAULT=$NOTIFY_MODE_BULK +_BASE64_ENCODED_CFGS="Le_PreHook Le_PostHook Le_RenewHook Le_Preferred_Chain Le_ReloadCmd" + _DEBUG_WIKI="https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh" _PREPARE_LINK="https://github.com/acmesh-official/acme.sh/wiki/Install-preparations" @@ -6609,6 +6611,7 @@ Commands: --revoke Revoke a cert. --remove Remove the cert from list of certs known to $PROJECT_NAME. --list List all the certs. + --info Show the $PROJECT_NAME configs, or the configs for a domain with [-d domain] parameter. --to-pkcs12 Export the certificate and key to a pfx file. --to-pkcs8 Convert to pkcs8 format. --sign-csr Issue a cert from an existing csr. @@ -6926,6 +6929,28 @@ setdefaultchain() { _savecaconf "DEFAULT_PREFERRED_CHAIN" "$_preferred_chain" } +#domain ecc +info() { + _domain="$1" + _ecc="$2" + _initpath + if [ -z "$_domain" ]; then + _debug "Show global configs" + echo "LE_WORKING_DIR=$LE_WORKING_DIR" + echo "LE_CONFIG_HOME=$LE_CONFIG_HOME" + cat "$ACCOUNT_CONF_PATH" + else + _debug "Show domain configs" + ( + _initpath "$_domain" "$_ecc" + echo "DOMAIN_CONF=$DOMAIN_CONF" + for seg in $(cat $DOMAIN_CONF | cut -d = -f 1); do + echo "$seg=$(_readdomainconf "$seg")" + done + ) + fi +} + _process() { _CMD="" _domain="" @@ -7035,6 +7060,9 @@ _process() { --list) _CMD="list" ;; + --info) + _CMD="info" + ;; --install-cronjob | --installcronjob) _CMD="installcronjob" ;; @@ -7586,6 +7614,9 @@ _process() { list) list "$_listraw" "$_domain" ;; + info) + info "$_domain" "$_ecc" + ;; installcronjob) installcronjob "$_confighome" ;; uninstallcronjob) uninstallcronjob ;; cron) cron ;; From dbd5bef0380a366773d5758dca023a51c3982d33 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 3 Jan 2022 13:41:57 +0800 Subject: [PATCH 0605/1526] fix gentoo image --- .github/workflows/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index cba708b3..7b24eac9 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -20,7 +20,7 @@ jobs: Linux: strategy: matrix: - os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3-amd64"] + os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"] runs-on: ubuntu-latest env: TEST_LOCAL: 1 From cc5cfc7525491c31ad224783fea440d30fb15554 Mon Sep 17 00:00:00 2001 From: Marvo2011 Date: Wed, 5 Jan 2022 15:03:32 +0100 Subject: [PATCH 0606/1526] Added Selfhost DNS API +ShellCheck +ACME v2 compatible Example: - Fist create 2 new TXT records on _acme-challenge.example.com - Now note the ID in (...) from the edit page behind "_acme-challenge.example.com" export SELFHOSTDNS_USERNAME=myname export SELFHOSTDNS_PASSWORD=mypass export SELFHOSTDNS_RID=id_of_txt_record export SELFHOSTDNS_RID2=id_of_second_txt_record acme.sh --issue -d example.com --dns dns_selfhost --- dnsapi/dns_selfhost.sh | 55 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 dnsapi/dns_selfhost.sh diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh new file mode 100644 index 00000000..d7dfcca4 --- /dev/null +++ b/dnsapi/dns_selfhost.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env sh +# +# Author: Marvin Edeler +# Report Bugs here: https://github.com/Marvo2011/acme.sh/issues/1 + +dns_selfhost_add() { + domain=$1 + txt=$2 + _info "Calling acme-dns on selfhost" + _debug fulldomain "$domain" + _debug txtvalue "$txt" + + SELFHOSTDNS_UPDATE_URL="https://selfhost.de/cgi-bin/api.pl" + SELFHOSTDNS_USERNAME="${SELFHOSTDNS_USERNAME:-$(_readaccountconf_mutable SELFHOSTDNS_USERNAME)}" + SELFHOSTDNS_PASSWORD="${SELFHOSTDNS_PASSWORD:-$(_readaccountconf_mutable SELFHOSTDNS_PASSWORD)}" + SELFHOSTDNS_RID="${SELFHOSTDNS_RID:-$(_readaccountconf_mutable SELFHOSTDNS_RID)}" + SELFHOSTDNS_RID2="${SELFHOSTDNS_RID2:-$(_readaccountconf_mutable SELFHOSTDNS_RID2)}" + SELFHOSTDNS_LAST_SLOT="$(_readaccountconf_mutable SELFHOSTDNS_LAST_SLOT)" + + if test -z "$SELFHOSTDNS_LAST_SLOT"; then + SELFHOSTDNS_LAST_SLOT=1 + fi + + _saveaccountconf_mutable SELFHOSTDNS_USERNAME "$SELFHOSTDNS_USERNAME" + _saveaccountconf_mutable SELFHOSTDNS_PASSWORD "$SELFHOSTDNS_PASSWORD" + _saveaccountconf_mutable SELFHOSTDNS_RID "$SELFHOSTDNS_RID" + _saveaccountconf_mutable SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" + + if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then + rid=$SELFHOSTDNS_RID + SELFHOSTDNS_LAST_SLOT=1 + else + rid=$SELFHOSTDNS_RID2 + SELFHOSTDNS_LAST_SLOT=2 + fi + + _saveaccountconf_mutable SELFHOSTDNS_LAST_SLOT "$SELFHOSTDNS_LAST_SLOT" + + _info "Trying to add $txt on selfhost for rid: $rid" + + data="?username=$SELFHOSTDNS_USERNAME&password=$SELFHOSTDNS_PASSWORD&rid=$rid&content=$txt" + response="$(_get "$SELFHOSTDNS_UPDATE_URL$data")" + + if ! echo "$response" | grep "200 OK" >/dev/null; then + _err "Invalid response of acme-dns for selfhost" + return 1 + fi +} + +dns_acmedns_rm() { + domain=$1 + txt=$2 + _debug fulldomain "$domain" + _debug txtvalue "$txt" +} From eaae0547f2687cdd7c1c9f00a437a204425dce56 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 5 Dec 2021 16:15:39 +0800 Subject: [PATCH 0607/1526] upgrade Solaris --- .github/workflows/DNS.yml | 2 +- .github/workflows/Solaris.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 56781fff..2b15e14c 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -223,7 +223,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.3 + - uses: vmactions/solaris-vm@v0.0.4 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkgutil -y -i socat diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 4df10099..a5f5bc7d 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -40,7 +40,7 @@ jobs: TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} steps: - uses: actions/checkout@v2 - - uses: vmactions/cf-tunnel@v0.0.3 + - uses: vmactions/cf-tunnel@v0.0.4 id: tunnel with: protocol: http From 4f386663e75e319b832560234b86922d14fe4184 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 5 Dec 2021 18:23:19 +0800 Subject: [PATCH 0608/1526] fix for OpenBSD7 https://github.com/acmesh-official/acme.sh/issues/3833 --- acme.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index d2e8b04d..96392f5b 100755 --- a/acme.sh +++ b/acme.sh @@ -4196,7 +4196,12 @@ _match_issuer() { #ip _isIPv4() { for seg in $(echo "$1" | tr '.' ' '); do - if [ $seg -ge 0 ] 2>/dev/null && [ $seg -le 255 ] 2>/dev/null; then + _debug2 seg "$seg" + if [ "$(echo "$seg" | tr -d [0-9])" ]; then + #not all number + return 1 + fi + if [ $seg -ge 0 ] && [ $seg -lt 256 ]; then continue fi return 1 From 69c02cae764665be83d291ab0224c3220e4b2082 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 5 Dec 2021 21:05:18 +0800 Subject: [PATCH 0609/1526] pass TEST_DNS_NO_SUBDOMAIN --- .github/workflows/DNS.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 2b15e14c..47bbc48f 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -49,6 +49,7 @@ jobs: TEST_DNS : ${{ secrets.TEST_DNS }} TestingDomain: ${{ secrets.TestingDomain }} TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 From 267e582827fd7fd6c5020fe926a5ab3835bd56a4 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 6 Dec 2021 22:03:38 +0800 Subject: [PATCH 0610/1526] add TEST_DNS_NO_SUBDOMAIN --- .github/workflows/DNS.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 47bbc48f..fc3886f2 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -88,6 +88,7 @@ jobs: TEST_DNS : ${{ secrets.TEST_DNS }} TestingDomain: ${{ secrets.TestingDomain }} TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 @@ -125,6 +126,7 @@ jobs: TEST_DNS : ${{ secrets.TEST_DNS }} TestingDomain: ${{ secrets.TestingDomain }} TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 @@ -177,6 +179,7 @@ jobs: TEST_DNS : ${{ secrets.TEST_DNS }} TestingDomain: ${{ secrets.TestingDomain }} TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 @@ -187,7 +190,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/freebsd-vm@v0.1.4 with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl usesh: true run: | @@ -216,6 +219,7 @@ jobs: TEST_DNS : ${{ secrets.TEST_DNS }} TestingDomain: ${{ secrets.TestingDomain }} TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 @@ -226,7 +230,7 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/solaris-vm@v0.0.4 with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkgutil -y -i socat run: | pkg set-mediator -v -I default@1.1 openssl From beed123fb00fd8780e4090c5e7f4ef8ed818ce7f Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 13 Dec 2021 20:04:23 +0800 Subject: [PATCH 0611/1526] fix tunnel version --- .github/workflows/Solaris.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index a5f5bc7d..f0f2f670 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -40,7 +40,7 @@ jobs: TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} steps: - uses: actions/checkout@v2 - - uses: vmactions/cf-tunnel@v0.0.4 + - uses: vmactions/cf-tunnel@v0.0.3 id: tunnel with: protocol: http @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.3 + - uses: vmactions/solaris-vm@v0.0.4 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From dac7a3d2721cfb9cc13f34ede6553aff580c656d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jens=20Mei=C3=9Fner?= Date: Sun, 12 Dec 2021 14:17:13 +0100 Subject: [PATCH 0612/1526] [dns_knot] Use key command instead of command line argument to transmit dns key data. --- dnsapi/dns_knot.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_knot.sh b/dnsapi/dns_knot.sh index 094a6981..729a89cb 100644 --- a/dnsapi/dns_knot.sh +++ b/dnsapi/dns_knot.sh @@ -19,8 +19,9 @@ dns_knot_add() { _info "Adding ${fulldomain}. 60 TXT \"${txtvalue}\"" - knsupdate -y "${KNOT_KEY}" < Date: Tue, 21 Dec 2021 22:20:42 +0100 Subject: [PATCH 0613/1526] Update Dockerfile - alpine:3.12 -> alpine:3.15 The support for the base image alpine:3.12 will expire in 4 months (https://endoflife.date/alpine), so it would make sense to upgrade to the current version alpine:3.15. I was able to create the acme.sh image with the new alpine:3.15 version without errors and also create and deploy a certificate, but further testing would be useful. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fb842c83..4046c726 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.12 +FROM alpine:3.15 RUN apk --no-cache add -f \ openssl \ From c6a0ec64cb993221643412c702a32a4085b41957 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 25 Dec 2021 09:57:58 +0800 Subject: [PATCH 0614/1526] upgrade solaris vm --- .github/workflows/DNS.yml | 2 +- .github/workflows/Solaris.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index fc3886f2..32d97614 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -228,7 +228,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.4 + - uses: vmactions/solaris-vm@v0.0.5 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkgutil -y -i socat diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index f0f2f670..77fdcc9a 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.4 + - uses: vmactions/solaris-vm@v0.0.5 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From f485f3fdb5327218978f83ec2d4ef957d9774f19 Mon Sep 17 00:00:00 2001 From: wacki4 Date: Sat, 16 Oct 2021 14:08:03 +0200 Subject: [PATCH 0615/1526] Update dns_opnsense.sh Update for opnsense regards to error in #3735 --- dnsapi/dns_opnsense.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh index 069f6c32..63723f5a 100755 --- a/dnsapi/dns_opnsense.sh +++ b/dnsapi/dns_opnsense.sh @@ -150,7 +150,7 @@ _get_root() { return 1 fi _debug h "$h" - id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":\"[^\"]*\"(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) + id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":{.*}(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) if [ -n "$id" ]; then _debug id "$id" From aa9f5b8c4af784dedcaa6411959ef8bb8a7933bb Mon Sep 17 00:00:00 2001 From: wacki4 Date: Sat, 16 Oct 2021 16:57:12 +0200 Subject: [PATCH 0616/1526] Update dns_opnsense.sh Correction when having many zones. --- dnsapi/dns_opnsense.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh index 63723f5a..26a422f8 100755 --- a/dnsapi/dns_opnsense.sh +++ b/dnsapi/dns_opnsense.sh @@ -150,7 +150,7 @@ _get_root() { return 1 fi _debug h "$h" - id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":{.*}(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) + id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":{\"\":{[^}]*}}(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) if [ -n "$id" ]; then _debug id "$id" From 4dd709b543016f3e8d7ee5bf0eb20918a618a153 Mon Sep 17 00:00:00 2001 From: racitup Date: Fri, 10 Dec 2021 01:10:41 +0000 Subject: [PATCH 0617/1526] feat: Mythic Beasts DNS API script --- dnsapi/dns_mythic_beasts.sh | 230 ++++++++++++++++++++++++++++++++++++ 1 file changed, 230 insertions(+) create mode 100755 dnsapi/dns_mythic_beasts.sh diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh new file mode 100755 index 00000000..2d1b6551 --- /dev/null +++ b/dnsapi/dns_mythic_beasts.sh @@ -0,0 +1,230 @@ +#!/usr/bin/env sh +# Mythic Beasts is a long-standing UK service provider using standards-based OAuth2 authentication +# To test: ./acme.sh --dns dns_mythic_beasts --test --debug 1 --output-insecure --issue --domain domain.com +# Cannot retest once cert is issued +# OAuth2 tokens only valid for 300 seconds so we do not store +# NOTE: This will remove all TXT records matching the fulldomain, not just the added ones (_acme-challenge.www.domain.com) + +# Test OAuth2 credentials +#MB_AK="aaaaaaaaaaaaaaaa" +#MB_AS="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" + +# URLs +MB_API='https://api.mythic-beasts.com/dns/v2/zones' +MB_AUTH='https://auth.mythic-beasts.com/login' + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_mythic_beasts_add() { + fulldomain=$1 + txtvalue=$2 + + _info "MYTHIC BEASTS Adding record $fulldomain = $txtvalue" + if ! _initAuth; then + return 1 + fi + + if ! _get_root "$fulldomain"; then + return 1 + fi + + # method path body_data + if _mb_rest POST "$_domain/records/$_sub_domain/TXT" "$txtvalue"; then + + if _contains "$response" "1 records added"; then + _info "Added, verifying..." + # Max 120 seconds to publish + for i in $(seq 1 6); do + # Retry on error + if ! _mb_rest GET "$_domain/records/$_sub_domain/TXT?verify"; then + _sleep 20 + else + _info "Record published!" + return 0 + fi + done + + else + _err "\n$response" + fi + + fi + _err "Add txt record error." + return 1 +} + +#Usage: rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_mythic_beasts_rm() { + fulldomain=$1 + txtvalue=$2 + + _info "MYTHIC BEASTS Removing record $fulldomain = $txtvalue" + if ! _initAuth; then + return 1 + fi + + if ! _get_root "$fulldomain"; then + return 1 + fi + + # method path body_data + if _mb_rest DELETE "$_domain/records/$_sub_domain/TXT" "$txtvalue"; then + _info "Record removed" + return 0 + fi + _err "Remove txt record error." + return 1 +} + +#################### Private functions below ################################## + +#Possible formats: +# _acme-challenge.www.example.com +# _acme-challenge.example.com +# _acme-challenge.example.co.uk +# _acme-challenge.www.example.co.uk +# _acme-challenge.sub1.sub2.www.example.co.uk +# sub1.sub2.example.co.uk +# example.com +# example.co.uk +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +_get_root() { + domain=$1 + i=1 + p=1 + + _debug "Detect the root zone" + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + if [ -z "$h" ]; then + _err "Domain exhausted" + return 1 + fi + + # Use the status errors to find the domain, continue on 403 Access denied + # method path body_data + _mb_rest GET "$h/records" + ret="$?" + if [ "$ret" -eq 0 ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + return 0 + elif [ "$ret" -eq 1 ]; then + return 1 + fi + + p=$i + i=$(_math "$i" + 1) + + if [ "$i" -gt 50 ]; then + break + fi + done + _err "Domain too long" + return 1 +} + +_initAuth() { + MB_AK="${MB_AK:-$(_readaccountconf_mutable MB_AK)}" + MB_AS="${MB_AS:-$(_readaccountconf_mutable MB_AS)}" + + if [ -z "$MB_AK" ] || [ -z "$MB_AS" ]; then + MB_AK="" + MB_AS="" + _err "Please specify an OAuth2 Key & Secret" + return 1 + fi + + _saveaccountconf_mutable MB_AK "$MB_AK" + _saveaccountconf_mutable MB_AS "$MB_AS" + + if ! _oauth2; then + return 1 + fi + + _info "Checking authentication" + _secure_debug access_token "$MB_TK" + _sleep 1 + + # GET a list of zones + # method path body_data + if ! _mb_rest GET ""; then + _err "The token is invalid" + return 1 + fi + _info "Token OK" + return 0 +} + +_oauth2() { + # HTTP Basic Authentication + _H1="Authorization: Basic $(echo "$MB_AK:$MB_AS" | _base64)" + _H2="Accepts: application/json" + export _H1 _H2 + body="grant_type=client_credentials" + + _info "Getting OAuth2 token..." + # body url [needbase64] [POST|PUT|DELETE] [ContentType] + response="$(_post "$body" "$MB_AUTH" "" "POST" "application/x-www-form-urlencoded")" + if _contains "$response" "\"token_type\":\"bearer\""; then + MB_TK="$(echo "$response" | _egrep_o "access_token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')" + if [ -z "$MB_TK" ]; then + _err "Unable to get access_token" + _err "\n$response" + return 1 + fi + else + _err "OAuth2 token_type not Bearer" + _err "\n$response" + return 1 + fi + _debug2 response "$response" + return 0 +} + +# method path body_data +_mb_rest() { + # URL encoded body for single API operations + m="$1" + ep="$2" + data="$3" + + if [ -z "$ep" ]; then + _mb_url="$MB_API" + else + _mb_url="$MB_API/$ep" + fi + + _H1="Authorization: Bearer $MB_TK" + _H2="Accepts: application/json" + export _H1 _H2 + if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] || [ "$m" = "DELETE" ]; then + # body url [needbase64] [POST|PUT|DELETE] [ContentType] + response="$(_post "data=$data" "$_mb_url" "" "$m" "application/x-www-form-urlencoded")" + else + response="$(_get "$_mb_url")" + fi + + if [ "$?" != "0" ]; then + _err "Request error" + return 1 + fi + + header="$(cat "$HTTP_HEADER")" + status="$(echo "$header" | _egrep_o "^HTTP[^ ]* .*$" | cut -d " " -f 2-100 | tr -d "\f\n")" + code="$(echo "$status" | _egrep_o "^[0-9]*")" + if [ "$code" -ge 400 ] || _contains "$response" "\"error\"" || _contains "$response" "invalid_client"; then + _err "error $status" + _err "\n$response" + _debug "\n$header" + return 2 + fi + + _debug2 response "$response" + return 0 +} From 6a2c9a0dc1cca74fb44f3804aa979acdc1c0e08d Mon Sep 17 00:00:00 2001 From: racitup Date: Mon, 20 Dec 2021 00:31:15 +0000 Subject: [PATCH 0618/1526] fix: floating token for github --- dnsapi/dns_mythic_beasts.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 2d1b6551..3cff3b02 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -161,7 +161,20 @@ _initAuth() { return 0 } +# Github appears to use an outbound proxy for requests which means subsequent requests may not have the same +# source IP. The standard Mythic Beasts OAuth2 tokens are tied to an IP, meaning github test requests fail +# authentication. This works arounds this by using an undocumented MB API to obtain a token not tied to an +# IP just for the github tests. _oauth2() { + printenv + if [ -z "$TEST_DNS_SLEEP" ]; then + return _oauth2_std + else + return _oauth2_github + fi +} + +_oauth2_std() { # HTTP Basic Authentication _H1="Authorization: Basic $(echo "$MB_AK:$MB_AS" | _base64)" _H2="Accepts: application/json" @@ -187,6 +200,24 @@ _oauth2() { return 0 } +_oauth2_github() { + _H1="Accepts: application/json" + export _H1 + body="{\"login\":{\"handle\":$MB_AK,\"pass\":$MB_AS,\"floating\":1}}" + + _info "Getting Floating token..." + # body url [needbase64] [POST|PUT|DELETE] [ContentType] + response="$(_post "$body" "$MB_AUTH" "" "POST" "application/json")" + MB_TK="$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')" + if [ -z "$MB_TK" ]; then + _err "Unable to get access_token" + _err "\n$response" + return 1 + fi + _debug2 response "$response" + return 0 +} + # method path body_data _mb_rest() { # URL encoded body for single API operations From 6251652c936259e7c43794413a795b527d86e867 Mon Sep 17 00:00:00 2001 From: racitup Date: Mon, 20 Dec 2021 00:35:14 +0000 Subject: [PATCH 0619/1526] fix: correct return value --- dnsapi/dns_mythic_beasts.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 3cff3b02..9de5d34c 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -168,10 +168,11 @@ _initAuth() { _oauth2() { printenv if [ -z "$TEST_DNS_SLEEP" ]; then - return _oauth2_std + _oauth2_std else - return _oauth2_github + _oauth2_github fi + return $? } _oauth2_std() { From 56d799f4492416f05efb5216b031af29718ddff9 Mon Sep 17 00:00:00 2001 From: racitup Date: Mon, 20 Dec 2021 00:50:33 +0000 Subject: [PATCH 0620/1526] fix: debugging --- dnsapi/dns_mythic_beasts.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 9de5d34c..96230bf1 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -166,7 +166,7 @@ _initAuth() { # authentication. This works arounds this by using an undocumented MB API to obtain a token not tied to an # IP just for the github tests. _oauth2() { - printenv + _info "$(printenv)" if [ -z "$TEST_DNS_SLEEP" ]; then _oauth2_std else @@ -211,7 +211,7 @@ _oauth2_github() { response="$(_post "$body" "$MB_AUTH" "" "POST" "application/json")" MB_TK="$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')" if [ -z "$MB_TK" ]; then - _err "Unable to get access_token" + _err "Unable to get token" _err "\n$response" return 1 fi From f46ee935978bcd3bf0a1c8ab74403a28b831d3e7 Mon Sep 17 00:00:00 2001 From: racitup Date: Mon, 20 Dec 2021 00:58:37 +0000 Subject: [PATCH 0621/1526] fix: github switch --- dnsapi/dns_mythic_beasts.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 96230bf1..8956ec36 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -166,8 +166,8 @@ _initAuth() { # authentication. This works arounds this by using an undocumented MB API to obtain a token not tied to an # IP just for the github tests. _oauth2() { - _info "$(printenv)" - if [ -z "$TEST_DNS_SLEEP" ]; then + _info "DOMAIN: $TEST_DNS" + if [ "$TEST_DNS" != "dns_mythic_beasts" ]; then _oauth2_std else _oauth2_github From 95f13360601e27071ccdc2dff4c46b00bb988720 Mon Sep 17 00:00:00 2001 From: racitup Date: Mon, 20 Dec 2021 01:09:02 +0000 Subject: [PATCH 0622/1526] fix: token request body quoting --- dnsapi/dns_mythic_beasts.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 8956ec36..77eed04f 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -166,7 +166,6 @@ _initAuth() { # authentication. This works arounds this by using an undocumented MB API to obtain a token not tied to an # IP just for the github tests. _oauth2() { - _info "DOMAIN: $TEST_DNS" if [ "$TEST_DNS" != "dns_mythic_beasts" ]; then _oauth2_std else @@ -204,7 +203,7 @@ _oauth2_std() { _oauth2_github() { _H1="Accepts: application/json" export _H1 - body="{\"login\":{\"handle\":$MB_AK,\"pass\":$MB_AS,\"floating\":1}}" + body="{\"login\":{\"handle\":\"$MB_AK\",\"pass\":\"$MB_AS\",\"floating\":1}}" _info "Getting Floating token..." # body url [needbase64] [POST|PUT|DELETE] [ContentType] From 2b6aa2670343e7e6a975c3d0961770f86b4ebfc9 Mon Sep 17 00:00:00 2001 From: racitup Date: Tue, 28 Dec 2021 14:45:02 +0000 Subject: [PATCH 0623/1526] fix: Neilpang review --- dnsapi/dns_mythic_beasts.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 77eed04f..294ae84c 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -163,13 +163,13 @@ _initAuth() { # Github appears to use an outbound proxy for requests which means subsequent requests may not have the same # source IP. The standard Mythic Beasts OAuth2 tokens are tied to an IP, meaning github test requests fail -# authentication. This works arounds this by using an undocumented MB API to obtain a token not tied to an +# authentication. This is a work around using an undocumented MB API to obtain a token not tied to an # IP just for the github tests. _oauth2() { - if [ "$TEST_DNS" != "dns_mythic_beasts" ]; then - _oauth2_std - else + if [ "$GITHUB_ACTIONS" = "true" ]; then _oauth2_github + else + _oauth2_std fi return $? } From d32cedd7dc925cad381920334316f6b563042f96 Mon Sep 17 00:00:00 2001 From: Viktor G Date: Thu, 30 Dec 2021 18:06:17 +0300 Subject: [PATCH 0624/1526] DNS-ISPConfig ISPC_Api_Insecure argument check fix --- dnsapi/dns_ispconfig.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_ispconfig.sh b/dnsapi/dns_ispconfig.sh index e68ddd49..765e0eb5 100755 --- a/dnsapi/dns_ispconfig.sh +++ b/dnsapi/dns_ispconfig.sh @@ -32,7 +32,7 @@ dns_ispconfig_rm() { #################### Private functions below ################################## _ISPC_credentials() { - if [ -z "${ISPC_User}" ] || [ -z "$ISPC_Password" ] || [ -z "${ISPC_Api}" ] || [ -z "${ISPC_Api_Insecure}" ]; then + if [ -z "${ISPC_User}" ] || [ -z "$ISPC_Password" ] || [ -z "${ISPC_Api}" ] || [ -n "${ISPC_Api_Insecure}" ]; then ISPC_User="" ISPC_Password="" ISPC_Api="" From 737eba57bd87be29de0f5b9ab52fcdd1bffaca4b Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 3 Jan 2022 11:20:53 +0800 Subject: [PATCH 0625/1526] send notifications for renew command https://github.com/acmesh-official/acme.sh/issues/3869#issuecomment-1003546762 --- acme.sh | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/acme.sh b/acme.sh index 96392f5b..65ed2fd4 100755 --- a/acme.sh +++ b/acme.sh @@ -5254,13 +5254,13 @@ renewAll() { _error_level="$NOTIFY_LEVEL_RENEW" _notify_code=0 fi - if [ "$_ACME_IN_CRON" ]; then - if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ]; then - if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then - _send_notify "Renew $d success" "Good, the cert is renewed." "$NOTIFY_HOOK" 0 - fi + + if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ]; then + if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then + _send_notify "Renew $d success" "Good, the cert is renewed." "$NOTIFY_HOOK" 0 fi fi + _success_msg="${_success_msg} $d " elif [ "$rc" = "$RENEW_SKIP" ]; then @@ -5268,13 +5268,13 @@ renewAll() { _error_level="$NOTIFY_LEVEL_SKIP" _notify_code=$RENEW_SKIP fi - if [ "$_ACME_IN_CRON" ]; then - if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then - if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then - _send_notify "Renew $d skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP" - fi + + if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then + if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then + _send_notify "Renew $d skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP" fi fi + _info "Skipped $d" _skipped_msg="${_skipped_msg} $d " @@ -5283,13 +5283,13 @@ renewAll() { _error_level="$NOTIFY_LEVEL_ERROR" _notify_code=1 fi - if [ "$_ACME_IN_CRON" ]; then - if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ]; then - if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then - _send_notify "Renew $d error" "There is an error." "$NOTIFY_HOOK" 1 - fi + + if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ]; then + if [ "$NOTIFY_MODE" = "$NOTIFY_MODE_CERT" ]; then + _send_notify "Renew $d error" "There is an error." "$NOTIFY_HOOK" 1 fi fi + _error_msg="${_error_msg} $d " if [ "$_stopRenewOnError" ]; then @@ -5304,7 +5304,7 @@ renewAll() { done _debug _error_level "$_error_level" _debug _set_level "$_set_level" - if [ "$_ACME_IN_CRON" ] && [ $_error_level -le $_set_level ]; then + if [ $_error_level -le $_set_level ]; then if [ -z "$NOTIFY_MODE" ] || [ "$NOTIFY_MODE" = "$NOTIFY_MODE_BULK" ]; then _msg_subject="Renew" if [ "$_error_msg" ]; then From 1566656af30524717545965cc9b91727c7f38c7d Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 3 Jan 2022 11:46:12 +0800 Subject: [PATCH 0626/1526] fix https://github.com/acmesh-official/acme.sh/issues/3869 --- acme.sh | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 65ed2fd4..9fc44610 100755 --- a/acme.sh +++ b/acme.sh @@ -5154,7 +5154,7 @@ renew() { _isEcc="$2" _initpath "$Le_Domain" "$_isEcc" - + _set_level=${NOTIFY_LEVEL:-$NOTIFY_LEVEL_DEFAULT} _info "$(__green "Renew: '$Le_Domain'")" if [ ! -f "$DOMAIN_CONF" ]; then _info "'$Le_Domain' is not an issued domain, skip." @@ -5189,6 +5189,11 @@ renew() { if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then _info "Skip, Next renewal time is: $(__green "$Le_NextRenewTimeStr")" _info "Add '$(__red '--force')' to force to renew." + if [ -z "$_ACME_IN_RENEWALL" ]; then + if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then + _send_notify "Renew $Le_Domain skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP" + fi + fi return "$RENEW_SKIP" fi @@ -5215,6 +5220,17 @@ renew() { fi _ACME_IS_RENEW="" + if [ -z "$_ACME_IN_RENEWALL" ]; then + if [ "$res" = "0" ]; then + if [ $_set_level -ge $NOTIFY_LEVEL_RENEW ]; then + _send_notify "Renew $d success" "Good, the cert is renewed." "$NOTIFY_HOOK" 0 + fi + else + if [ $_set_level -ge $NOTIFY_LEVEL_ERROR ]; then + _send_notify "Renew $d error" "There is an error." "$NOTIFY_HOOK" 1 + fi + fi + fi return "$res" } @@ -5232,6 +5248,7 @@ renewAll() { _notify_code=$RENEW_SKIP _set_level=${NOTIFY_LEVEL:-$NOTIFY_LEVEL_DEFAULT} _debug "_set_level" "$_set_level" + export _ACME_IN_RENEWALL=1 for di in "${CERT_HOME}"/*.*/; do _debug di "$di" if ! [ -d "$di" ]; then From c39e6c44231a9c077a77a131d39fefe8428ae932 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 3 Jan 2022 12:38:59 +0800 Subject: [PATCH 0627/1526] add `--info` command to show the global configs or domain configs. https://github.com/acmesh-official/acme.sh/issues/2444 --- Dockerfile | 1 + acme.sh | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/Dockerfile b/Dockerfile index 4046c726..0421da34 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,6 +40,7 @@ RUN for verb in help \ revoke \ remove \ list \ + info \ showcsr \ install-cronjob \ uninstall-cronjob \ diff --git a/acme.sh b/acme.sh index 9fc44610..fe4dc1bd 100755 --- a/acme.sh +++ b/acme.sh @@ -144,6 +144,8 @@ NOTIFY_MODE_CERT=1 NOTIFY_MODE_DEFAULT=$NOTIFY_MODE_BULK +_BASE64_ENCODED_CFGS="Le_PreHook Le_PostHook Le_RenewHook Le_Preferred_Chain Le_ReloadCmd" + _DEBUG_WIKI="https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh" _PREPARE_LINK="https://github.com/acmesh-official/acme.sh/wiki/Install-preparations" @@ -6609,6 +6611,7 @@ Commands: --revoke Revoke a cert. --remove Remove the cert from list of certs known to $PROJECT_NAME. --list List all the certs. + --info Show the $PROJECT_NAME configs, or the configs for a domain with [-d domain] parameter. --to-pkcs12 Export the certificate and key to a pfx file. --to-pkcs8 Convert to pkcs8 format. --sign-csr Issue a cert from an existing csr. @@ -6926,6 +6929,28 @@ setdefaultchain() { _savecaconf "DEFAULT_PREFERRED_CHAIN" "$_preferred_chain" } +#domain ecc +info() { + _domain="$1" + _ecc="$2" + _initpath + if [ -z "$_domain" ]; then + _debug "Show global configs" + echo "LE_WORKING_DIR=$LE_WORKING_DIR" + echo "LE_CONFIG_HOME=$LE_CONFIG_HOME" + cat "$ACCOUNT_CONF_PATH" + else + _debug "Show domain configs" + ( + _initpath "$_domain" "$_ecc" + echo "DOMAIN_CONF=$DOMAIN_CONF" + for seg in $(cat $DOMAIN_CONF | cut -d = -f 1); do + echo "$seg=$(_readdomainconf "$seg")" + done + ) + fi +} + _process() { _CMD="" _domain="" @@ -7035,6 +7060,9 @@ _process() { --list) _CMD="list" ;; + --info) + _CMD="info" + ;; --install-cronjob | --installcronjob) _CMD="installcronjob" ;; @@ -7586,6 +7614,9 @@ _process() { list) list "$_listraw" "$_domain" ;; + info) + info "$_domain" "$_ecc" + ;; installcronjob) installcronjob "$_confighome" ;; uninstallcronjob) uninstallcronjob ;; cron) cron ;; From 37cc611e3fdad187d33b3f618ca67fbb79babe8a Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 3 Jan 2022 13:41:57 +0800 Subject: [PATCH 0628/1526] fix gentoo image --- .github/workflows/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index cba708b3..7b24eac9 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -20,7 +20,7 @@ jobs: Linux: strategy: matrix: - os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3-amd64"] + os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"] runs-on: ubuntu-latest env: TEST_LOCAL: 1 From 0727f7054bc4df6112988d44f45d795099d41b63 Mon Sep 17 00:00:00 2001 From: Joel Pearson Date: Mon, 13 Dec 2021 17:15:49 +1100 Subject: [PATCH 0629/1526] Allow optional "NEW" in CSR header and footer When generating a CSR in Windows it seems to create a CSR header that looks like "-----BEGIN NEW CERTIFICATE REQUEST-----", but the addition of "NEW" breaks the parsing of the CSR. Making "NEW " optional fixes the problem. Apparently certbot is tolerant of both forms, see: https://community.letsencrypt.org/t/error-parsing-certificate-request-resolved/40039/6 for more information. --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index fe4dc1bd..b536d742 100755 --- a/acme.sh +++ b/acme.sh @@ -80,8 +80,8 @@ NGINX="nginx:" NGINX_START="#ACME_NGINX_START" NGINX_END="#ACME_NGINX_END" -BEGIN_CSR="-----BEGIN CERTIFICATE REQUEST-----" -END_CSR="-----END CERTIFICATE REQUEST-----" +BEGIN_CSR="-----BEGIN [NEW ]\{0,4\}CERTIFICATE REQUEST-----" +END_CSR="-----END [NEW ]\{0,4\}CERTIFICATE REQUEST-----" BEGIN_CERT="-----BEGIN CERTIFICATE-----" END_CERT="-----END CERTIFICATE-----" From 6aa1ec08020ca9edb9813cb4148d0f467524d46d Mon Sep 17 00:00:00 2001 From: Frank Wall Date: Thu, 6 Jan 2022 16:20:43 +0100 Subject: [PATCH 0630/1526] deploy/fritzbox: allow hook to be used with multiple fritzboxes Previously the deploy hook config was stored in the account config. This seems odd and adds unnecessary limitations to the hook. Now we're using the correct _*deployconf() functions to read and write the deploy hook config. --- deploy/fritzbox.sh | 46 +++++++++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/deploy/fritzbox.sh b/deploy/fritzbox.sh index 2ca7ab7d..416a4121 100644 --- a/deploy/fritzbox.sh +++ b/deploy/fritzbox.sh @@ -36,43 +36,51 @@ fritzbox_deploy() { fi fi - _fritzbox_username="${DEPLOY_FRITZBOX_USERNAME}" - _fritzbox_password="${DEPLOY_FRITZBOX_PASSWORD}" - _fritzbox_url="${DEPLOY_FRITZBOX_URL}" - - _debug _fritzbox_url "$_fritzbox_url" - _debug _fritzbox_username "$_fritzbox_username" - _secure_debug _fritzbox_password "$_fritzbox_password" - if [ -z "$_fritzbox_username" ]; then + # Clear traces of incorrectly stored values + _clearaccountconf DEPLOY_FRITZBOX_USERNAME + _clearaccountconf DEPLOY_FRITZBOX_PASSWORD + _clearaccountconf DEPLOY_FRITZBOX_URL + + # Read config from saved values or env + _getdeployconf DEPLOY_FRITZBOX_USERNAME + _getdeployconf DEPLOY_FRITZBOX_PASSWORD + _getdeployconf DEPLOY_FRITZBOX_URL + + _debug DEPLOY_FRITZBOX_URL "$DEPLOY_FRITZBOX_URL" + _debug DEPLOY_FRITZBOX_USERNAME "$DEPLOY_FRITZBOX_USERNAME" + _secure_debug DEPLOY_FRITZBOX_PASSWORD "$DEPLOY_FRITZBOX_PASSWORD" + + if [ -z "$DEPLOY_FRITZBOX_USERNAME" ]; then _err "FRITZ!Box username is not found, please define DEPLOY_FRITZBOX_USERNAME." return 1 fi - if [ -z "$_fritzbox_password" ]; then + if [ -z "$DEPLOY_FRITZBOX_PASSWORD" ]; then _err "FRITZ!Box password is not found, please define DEPLOY_FRITZBOX_PASSWORD." return 1 fi - if [ -z "$_fritzbox_url" ]; then + if [ -z "$DEPLOY_FRITZBOX_URL" ]; then _err "FRITZ!Box url is not found, please define DEPLOY_FRITZBOX_URL." return 1 fi - _saveaccountconf DEPLOY_FRITZBOX_USERNAME "${_fritzbox_username}" - _saveaccountconf DEPLOY_FRITZBOX_PASSWORD "${_fritzbox_password}" - _saveaccountconf DEPLOY_FRITZBOX_URL "${_fritzbox_url}" + # Save current values + _savedeployconf DEPLOY_FRITZBOX_USERNAME "$DEPLOY_FRITZBOX_USERNAME" + _savedeployconf DEPLOY_FRITZBOX_PASSWORD "$DEPLOY_FRITZBOX_PASSWORD" + _savedeployconf DEPLOY_FRITZBOX_URL "$DEPLOY_FRITZBOX_URL" # Do not check for a valid SSL certificate, because initially the cert is not valid, so it could not install the LE generated certificate export HTTPS_INSECURE=1 _info "Log in to the FRITZ!Box" - _fritzbox_challenge="$(_get "${_fritzbox_url}/login_sid.lua" | sed -e 's/^.*//' -e 's/<\/Challenge>.*$//')" + _fritzbox_challenge="$(_get "${DEPLOY_FRITZBOX_URL}/login_sid.lua" | sed -e 's/^.*//' -e 's/<\/Challenge>.*$//')" if _exists iconv; then - _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | iconv -f ASCII -t UTF16LE | _digest md5 hex)" + _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${DEPLOY_FRITZBOX_PASSWORD}" | iconv -f ASCII -t UTF16LE | _digest md5 hex)" elif _exists uconv; then - _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | uconv -f ASCII -t UTF16LE | _digest md5 hex)" + _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${DEPLOY_FRITZBOX_PASSWORD}" | uconv -f ASCII -t UTF16LE | _digest md5 hex)" else - _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | _digest md5 hex)" + _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${DEPLOY_FRITZBOX_PASSWORD}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | _digest md5 hex)" fi - _fritzbox_sid="$(_get "${_fritzbox_url}/login_sid.lua?sid=0000000000000000&username=${_fritzbox_username}&response=${_fritzbox_challenge}-${_fritzbox_hash}" | sed -e 's/^.*//' -e 's/<\/SID>.*$//')" + _fritzbox_sid="$(_get "${DEPLOY_FRITZBOX_URL}/login_sid.lua?sid=0000000000000000&username=${DEPLOY_FRITZBOX_USERNAME}&response=${_fritzbox_challenge}-${_fritzbox_hash}" | sed -e 's/^.*//' -e 's/<\/SID>.*$//')" if [ -z "${_fritzbox_sid}" ] || [ "${_fritzbox_sid}" = "0000000000000000" ]; then _err "Logging in to the FRITZ!Box failed. Please check username, password and URL." @@ -104,7 +112,7 @@ fritzbox_deploy() { _info "Upload certificate to the FRITZ!Box" export _H1="Content-type: multipart/form-data boundary=${_post_boundary}" - _post "$(cat "${_post_request}")" "${_fritzbox_url}/cgi-bin/firmwarecfg" | grep SSL + _post "$(cat "${_post_request}")" "${DEPLOY_FRITZBOX_URL}/cgi-bin/firmwarecfg" | grep SSL retval=$? if [ $retval = 0 ]; then From 8cdceb83b2422b17ba5c5e6242a46c6cd481c669 Mon Sep 17 00:00:00 2001 From: Jacob Vandborg <16362036+jvandborg@users.noreply.github.com> Date: Thu, 6 Jan 2022 19:21:05 +0100 Subject: [PATCH 0631/1526] Cannot wait for PR #3673 to be completed PR #3673 Fix simply.com API seems abandoned by maintainer and I need this fixed asap Changes implemented * Normalize JSON and fix not handling return code correctly * Add some information to comments * Fix trailing slash on URIs * Add 60 second sleep for zone to be written * Fix parsing record_data and record_type --- dnsapi/dns_simply.sh | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index e0e05017..2baa4581 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -1,15 +1,15 @@ #!/usr/bin/env sh -# +# API-integration for Simply.com (https://www.simply.com) + #SIMPLY_AccountName="accountname" -# #SIMPLY_ApiKey="apikey" # #SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" SIMPLY_Api_Default="https://api.simply.com/1" #This is used for determining success of REST call -SIMPLY_SUCCESS_CODE='"status": 200' +SIMPLY_SUCCESS_CODE='"status":200' ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" @@ -51,7 +51,7 @@ dns_simply_rm() { _simply_save_config - _debug "First detect the root zone" + _debug "Find the DNS zone" if ! _get_root "$fulldomain"; then _err "invalid domain" @@ -77,8 +77,8 @@ dns_simply_rm() { for record in $records; do _debug record "$record" - record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2) - record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2) + record_data=$(echo "$record" | sed -n "s/.*\"data\":\"\([^\"]*\)\".*/\1/p") + record_type=$(echo "$record" | sed -n "s/.*\"type\":\"\([^\"]*\)\".*/\1/p") _debug2 record_data "$record_data" _debug2 record_type "$record_type" @@ -151,7 +151,7 @@ _simply_save_config() { _simply_get_all_records() { domain=$1 - if ! _simply_rest GET "my/products/$domain/dns/records"; then + if ! _simply_rest GET "my/products/$domain/dns/records/"; then return 1 fi @@ -169,7 +169,7 @@ _get_root() { return 1 fi - if ! _simply_rest GET "my/products/$h/dns"; then + if ! _simply_rest GET "my/products/$h/dns/"; then return 1 fi @@ -193,7 +193,7 @@ _simply_add_record() { data="{\"name\": \"$sub_domain\", \"type\":\"TXT\", \"data\": \"$txtval\", \"priority\":0, \"ttl\": 3600}" - if ! _simply_rest POST "my/products/$domain/dns/records" "$data"; then + if ! _simply_rest POST "my/products/$domain/dns/records/" "$data"; then _err "Adding record not successfull!" return 1 fi @@ -203,6 +203,9 @@ _simply_add_record() { _err "$response" return 1 fi + + _info "Waiting 60 seconds for DNS changes to be written" + _sleep 60 return 0 } @@ -214,7 +217,7 @@ _simply_delete_record() { _debug record_id "Delete record with id $record_id" - if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id"; then + if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id/"; then _err "Deleting record not successfull!" return 1 fi @@ -249,6 +252,8 @@ _simply_rest() { _err "error $ep" return 1 fi + + response="$(echo "$response" | _normalizeJson)" _debug2 response "$response" From 459faf4dfb121154aa0e9a48bac3c07cd3657239 Mon Sep 17 00:00:00 2001 From: jvandborg <16362036+jvandborg@users.noreply.github.com> Date: Thu, 6 Jan 2022 22:03:39 +0100 Subject: [PATCH 0632/1526] Format to comply with style guide --- dnsapi/dns_simply.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 2baa4581..85819ab8 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -203,7 +203,7 @@ _simply_add_record() { _err "$response" return 1 fi - + _info "Waiting 60 seconds for DNS changes to be written" _sleep 60 @@ -252,7 +252,7 @@ _simply_rest() { _err "error $ep" return 1 fi - + response="$(echo "$response" | _normalizeJson)" _debug2 response "$response" From e23c02575db58790a4e3c96734549afa4aefe40e Mon Sep 17 00:00:00 2001 From: Jacob Vandborg <16362036+jvandborg@users.noreply.github.com> Date: Fri, 7 Jan 2022 08:10:31 +0100 Subject: [PATCH 0633/1526] Removed DNS sleep Users should use command line parameter --dnssleep instead --- dnsapi/dns_simply.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 85819ab8..437e5e5c 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -204,9 +204,6 @@ _simply_add_record() { return 1 fi - _info "Waiting 60 seconds for DNS changes to be written" - _sleep 60 - return 0 } From d43b587d175f3631df72d1a1d833a775df6a1066 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 7 Jan 2022 22:06:18 +0800 Subject: [PATCH 0634/1526] fix https://github.com/acmesh-official/acme.sh/issues/3870 --- acme.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index b536d742..97d1e257 100755 --- a/acme.sh +++ b/acme.sh @@ -1272,9 +1272,17 @@ _createcsr() { _csr_cn="$(_idn "$domain")" _debug2 _csr_cn "$_csr_cn" if _contains "$(uname -a)" "MINGW"; then - ${ACME_OPENSSL_BIN:-openssl} req -new -sha256 -key "$csrkey" -subj "//CN=$_csr_cn" -config "$csrconf" -out "$csr" + if _isIP "$_csr_cn"; then + ${ACME_OPENSSL_BIN:-openssl} req -new -sha256 -key "$csrkey" -subj "//O=$PROJECT_NAME" -config "$csrconf" -out "$csr" + else + ${ACME_OPENSSL_BIN:-openssl} req -new -sha256 -key "$csrkey" -subj "//CN=$_csr_cn" -config "$csrconf" -out "$csr" + fi else - ${ACME_OPENSSL_BIN:-openssl} req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr" + if _isIP "$_csr_cn"; then + ${ACME_OPENSSL_BIN:-openssl} req -new -sha256 -key "$csrkey" -subj "/O=$PROJECT_NAME" -config "$csrconf" -out "$csr" + else + ${ACME_OPENSSL_BIN:-openssl} req -new -sha256 -key "$csrkey" -subj "/CN=$_csr_cn" -config "$csrconf" -out "$csr" + fi fi } From b2f4cc2dc55459f4ca1e927670935b04afe2695e Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 7 Jan 2022 22:58:42 +0800 Subject: [PATCH 0635/1526] add Step-ca to CI https://github.com/acmesh-official/acme.sh/issues/3871 --- .github/workflows/Ubuntu.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 28b06541..0f6a4799 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -30,6 +30,11 @@ jobs: CA: "ZeroSSL RSA Domain Secure Site CA" CA_EMAIL: "githubtest@acme.sh" TEST_PREFERRED_CHAIN: "" + - TEST_ACME_Server: "https://localhost:9000/acme/acme/directory" + CA_ECDSA: "" + CA: "Smallstep Intermediate CA" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: "" runs-on: ubuntu-latest env: @@ -44,6 +49,18 @@ jobs: - uses: actions/checkout@v2 - name: Install tools run: sudo apt-get install -y socat + - name: Start StepCA + if: ${{ matrix.TEST_ACME_Server=='https://localhost:9000/acme/acme/directory' }} + run: | + docker run -d \ + -p 9000:9000 \ + -e "DOCKER_STEPCA_INIT_NAME=Smallstep" \ + -e "DOCKER_STEPCA_INIT_DNS_NAMES=localhost,$(hostname -f)" \ + --name stepca \ + smallstep/step-ca \ + && docker exec -it stepca step ca provisioner add acme --type ACME \ + && docker exec -it stepca kill -1 1 \ + && docker exec -it stepca cat /home/step/certs/root_ca.crt >>/etc/ssl/certs/ca-certificates.crt - name: Clone acmetest run: | cd .. \ From 735db1a12be7b88e4f1a1c7e622dddbc751dd432 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 7 Jan 2022 23:00:34 +0800 Subject: [PATCH 0636/1526] fix ci --- .github/workflows/Ubuntu.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 0f6a4799..33c20161 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -58,9 +58,9 @@ jobs: -e "DOCKER_STEPCA_INIT_DNS_NAMES=localhost,$(hostname -f)" \ --name stepca \ smallstep/step-ca \ - && docker exec -it stepca step ca provisioner add acme --type ACME \ - && docker exec -it stepca kill -1 1 \ - && docker exec -it stepca cat /home/step/certs/root_ca.crt >>/etc/ssl/certs/ca-certificates.crt + && docker exec stepca step ca provisioner add acme --type ACME \ + && docker exec stepca kill -1 1 \ + && docker exec stepca cat /home/step/certs/root_ca.crt >>/etc/ssl/certs/ca-certificates.crt - name: Clone acmetest run: | cd .. \ From 10f171b6e4cdd2211207f75f0e00d07fdc91a87e Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 7 Jan 2022 23:05:49 +0800 Subject: [PATCH 0637/1526] fix ci --- .github/workflows/Ubuntu.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 33c20161..1123c1ac 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -52,13 +52,13 @@ jobs: - name: Start StepCA if: ${{ matrix.TEST_ACME_Server=='https://localhost:9000/acme/acme/directory' }} run: | - docker run -d \ + docker run --rm -d \ -p 9000:9000 \ -e "DOCKER_STEPCA_INIT_NAME=Smallstep" \ -e "DOCKER_STEPCA_INIT_DNS_NAMES=localhost,$(hostname -f)" \ --name stepca \ smallstep/step-ca \ - && docker exec stepca step ca provisioner add acme --type ACME \ + && sleep 5 && docker exec stepca step ca provisioner add acme --type ACME \ && docker exec stepca kill -1 1 \ && docker exec stepca cat /home/step/certs/root_ca.crt >>/etc/ssl/certs/ca-certificates.crt - name: Clone acmetest From 49deb4af24d539a407b9fae4675d17d0b16b96f9 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 7 Jan 2022 23:09:56 +0800 Subject: [PATCH 0638/1526] fix CI --- .github/workflows/Ubuntu.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 1123c1ac..e967e3b4 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -60,7 +60,7 @@ jobs: smallstep/step-ca \ && sleep 5 && docker exec stepca step ca provisioner add acme --type ACME \ && docker exec stepca kill -1 1 \ - && docker exec stepca cat /home/step/certs/root_ca.crt >>/etc/ssl/certs/ca-certificates.crt + && docker exec stepca cat /home/step/certs/root_ca.crt | sudo cat - >>/etc/ssl/certs/ca-certificates.crt - name: Clone acmetest run: | cd .. \ From ec10a3eab4ba87fce47ce83eeff3a7831fb4ad31 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 7 Jan 2022 23:14:46 +0800 Subject: [PATCH 0639/1526] fix CI --- .github/workflows/Ubuntu.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index e967e3b4..3ac7d6ab 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -60,7 +60,7 @@ jobs: smallstep/step-ca \ && sleep 5 && docker exec stepca step ca provisioner add acme --type ACME \ && docker exec stepca kill -1 1 \ - && docker exec stepca cat /home/step/certs/root_ca.crt | sudo cat - >>/etc/ssl/certs/ca-certificates.crt + && docker exec stepca cat /home/step/certs/root_ca.crt | sudo bash -c "cat - >>/etc/ssl/certs/ca-certificates.crt" - name: Clone acmetest run: | cd .. \ From 8e9bbd1bb3e83d1af7687a16dd9b4b7a2c3f407f Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 7 Jan 2022 23:35:18 +0800 Subject: [PATCH 0640/1526] fix CI --- .github/workflows/Ubuntu.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 3ac7d6ab..1f8db98a 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -35,6 +35,7 @@ jobs: CA: "Smallstep Intermediate CA" CA_EMAIL: "" TEST_PREFERRED_CHAIN: "" + NO_REVOKE: 1 runs-on: ubuntu-latest env: @@ -45,6 +46,7 @@ jobs: CA_EMAIL: ${{ matrix.CA_EMAIL }} NO_ECC_384: ${{ matrix.NO_ECC_384 }} TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} + NO_REVOKE: ${{ matrix.NO_REVOKE }} steps: - uses: actions/checkout@v2 - name: Install tools From 45971b80834c0bea59f3dc549f23e968ccd04fbc Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 7 Jan 2022 23:43:08 +0800 Subject: [PATCH 0641/1526] add ip cert test for stepCA --- .github/workflows/Ubuntu.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 1f8db98a..ebf69a3b 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -36,6 +36,14 @@ jobs: CA_EMAIL: "" TEST_PREFERRED_CHAIN: "" NO_REVOKE: 1 + - TEST_ACME_Server: "https://localhost:9000/acme/acme/directory" + CA_ECDSA: "" + CA: "Smallstep Intermediate CA" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: "" + NO_REVOKE: 1 + TEST_IPCERT: 1 + TestingDomain: "172.17.0.1" runs-on: ubuntu-latest env: @@ -47,6 +55,8 @@ jobs: NO_ECC_384: ${{ matrix.NO_ECC_384 }} TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} NO_REVOKE: ${{ matrix.NO_REVOKE }} + TEST_IPCERT: ${{ matrix.TEST_IPCERT }} + TestingDomain: ${{ matrix.TestingDomain }} steps: - uses: actions/checkout@v2 - name: Install tools From d42feae0af801ad1c1ec0236925c350b8372571b Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 7 Jan 2022 23:44:19 +0800 Subject: [PATCH 0642/1526] fix ecdsa name for stepca --- .github/workflows/Ubuntu.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index ebf69a3b..4540580c 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -31,13 +31,13 @@ jobs: CA_EMAIL: "githubtest@acme.sh" TEST_PREFERRED_CHAIN: "" - TEST_ACME_Server: "https://localhost:9000/acme/acme/directory" - CA_ECDSA: "" + CA_ECDSA: "Smallstep Intermediate CA" CA: "Smallstep Intermediate CA" CA_EMAIL: "" TEST_PREFERRED_CHAIN: "" NO_REVOKE: 1 - TEST_ACME_Server: "https://localhost:9000/acme/acme/directory" - CA_ECDSA: "" + CA_ECDSA: "Smallstep Intermediate CA" CA: "Smallstep Intermediate CA" CA_EMAIL: "" TEST_PREFERRED_CHAIN: "" From 75ae57e1945c7f6883aa8b494a9b0f6a43a79f63 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 8 Jan 2022 19:19:51 +0800 Subject: [PATCH 0643/1526] report false --- .github/workflows/DNS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 32d97614..46fd8283 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -37,7 +37,7 @@ jobs: - name: "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" run: | echo "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" - if [ "${{github.actor}}" != "Neilpang" ]; then + if [ "${{github.repository_owner}}" != "acmesh-official" ]; then false fi From 86c3fa0df030d3b5ac7c1597b19b0b36d9616e1a Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 8 Jan 2022 19:51:04 +0800 Subject: [PATCH 0644/1526] remove retry for get and post --- acme.sh | 72 ++++----------------------------------------------------- 1 file changed, 5 insertions(+), 67 deletions(-) diff --git a/acme.sh b/acme.sh index b536d742..b0a4388b 100755 --- a/acme.sh +++ b/acme.sh @@ -1831,8 +1831,6 @@ _inithttp() { } -_HTTP_MAX_RETRY=8 - # body url [needbase64] [POST|PUT|DELETE] [ContentType] _post() { body="$1" @@ -1840,33 +1838,6 @@ _post() { needbase64="$3" httpmethod="$4" _postContentType="$5" - _sleep_retry_sec=1 - _http_retry_times=0 - _hcode=0 - while [ "${_http_retry_times}" -le "$_HTTP_MAX_RETRY" ]; do - [ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ] - _lastHCode="$?" - _debug "Retrying post" - _post_impl "$body" "$_post_url" "$needbase64" "$httpmethod" "$_postContentType" "$_lastHCode" - _hcode="$?" - _debug _hcode "$_hcode" - if [ "$_hcode" = "0" ]; then - break - fi - _http_retry_times=$(_math $_http_retry_times + 1) - _sleep $_sleep_retry_sec - done - return $_hcode -} - -# body url [needbase64] [POST|PUT|DELETE] [ContentType] [displayError] -_post_impl() { - body="$1" - _post_url="$2" - needbase64="$3" - httpmethod="$4" - _postContentType="$5" - displayError="$6" if [ -z "$httpmethod" ]; then httpmethod="POST" @@ -1918,9 +1889,7 @@ _post_impl() { fi _ret="$?" if [ "$_ret" != "0" ]; then - if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then - _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" - fi + _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret" if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _err "Here is the curl dump log:" _err "$(cat "$_CURL_DUMP")" @@ -1976,9 +1945,7 @@ _post_impl() { _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later." fi if [ "$_ret" != "0" ]; then - if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then - _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" - fi + _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" fi _sed_i "s/^ *//g" "$HTTP_HEADER" else @@ -1992,38 +1959,13 @@ _post_impl() { # url getheader timeout _get() { - url="$1" - onlyheader="$2" - t="$3" - _sleep_retry_sec=1 - _http_retry_times=0 - _hcode=0 - while [ "${_http_retry_times}" -le "$_HTTP_MAX_RETRY" ]; do - [ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ] - _lastHCode="$?" - _debug "Retrying GET" - _get_impl "$url" "$onlyheader" "$t" "$_lastHCode" - _hcode="$?" - _debug _hcode "$_hcode" - if [ "$_hcode" = "0" ]; then - break - fi - _http_retry_times=$(_math $_http_retry_times + 1) - _sleep $_sleep_retry_sec - done - return $_hcode -} - -# url getheader timeout displayError -_get_impl() { _debug GET url="$1" onlyheader="$2" t="$3" - displayError="$4" _debug url "$url" _debug "timeout=$t" - _debug "displayError" "$displayError" + _inithttp if [ "$_ACME_CURL" ] && [ "${ACME_USE_WGET:-0}" = "0" ]; then @@ -2042,9 +1984,7 @@ _get_impl() { fi ret=$? if [ "$ret" != "0" ]; then - if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then - _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret" - fi + _err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret" if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _err "Here is the curl dump log:" _err "$(cat "$_CURL_DUMP")" @@ -2070,9 +2010,7 @@ _get_impl() { _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later." fi if [ "$ret" != "0" ]; then - if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then - _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret" - fi + _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret" fi else ret=$? From e67d26caeb94c54d4daee8b8ce691b77d4861ce3 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 8 Jan 2022 19:58:49 +0800 Subject: [PATCH 0645/1526] fix https://github.com/acmesh-official/acme.sh/issues/3845#issuecomment-999367478 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index b0a4388b..b25619bf 100755 --- a/acme.sh +++ b/acme.sh @@ -1252,7 +1252,7 @@ _createcsr() { else domainlist="$(_idn "$domainlist")" _debug2 domainlist "$domainlist" - alt="$(_getIdType "$domain" | _upper_case):$domain" + alt="$(_getIdType "$domain" | _upper_case):$(_idn "$domain")" for dl in $(echo "$domainlist" | tr "," ' '); do alt="$alt,$(_getIdType "$dl" | _upper_case):$dl" done From 4346139d65ee013578e5e0893f425d1bab9863d7 Mon Sep 17 00:00:00 2001 From: Bodenhaltung <12759677+Bodenhaltung@users.noreply.github.com> Date: Sun, 9 Jan 2022 03:32:22 +0100 Subject: [PATCH 0646/1526] Add dnsHome.de API (#3823) Add dnsHome.de API --- dnsapi/dns_dnshome.sh | 87 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100755 dnsapi/dns_dnshome.sh diff --git a/dnsapi/dns_dnshome.sh b/dnsapi/dns_dnshome.sh new file mode 100755 index 00000000..99608769 --- /dev/null +++ b/dnsapi/dns_dnshome.sh @@ -0,0 +1,87 @@ +#!/usr/bin/env sh + +# dnsHome.de API for acme.sh +# +# This Script adds the necessary TXT record to a Subdomain +# +# Author dnsHome.de (https://github.com/dnsHome-de) +# +# Report Bugs to https://github.com/acmesh-official/acme.sh/issues/3819 +# +# export DNSHOME_Subdomain="" +# export DNSHOME_SubdomainPassword="" + +# Usage: add subdomain.ddnsdomain.tld "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +# Used to add txt record +dns_dnshome_add() { + txtvalue=$2 + + DNSHOME_Subdomain="${DNSHOME_Subdomain:-$(_readdomainconf DNSHOME_Subdomain)}" + DNSHOME_SubdomainPassword="${DNSHOME_SubdomainPassword:-$(_readdomainconf DNSHOME_SubdomainPassword)}" + + if [ -z "$DNSHOME_Subdomain" ] || [ -z "$DNSHOME_SubdomainPassword" ]; then + DNSHOME_Subdomain="" + DNSHOME_SubdomainPassword="" + _err "Please specify/export your dnsHome.de Subdomain and Password" + return 1 + fi + + #save the credentials to the account conf file. + _savedomainconf DNSHOME_Subdomain "$DNSHOME_Subdomain" + _savedomainconf DNSHOME_SubdomainPassword "$DNSHOME_SubdomainPassword" + + DNSHOME_Api="https://$DNSHOME_Subdomain:$DNSHOME_SubdomainPassword@www.dnshome.de/dyndns.php" + + _DNSHOME_rest POST "acme=add&txt=$txtvalue" + if ! echo "$response" | grep 'successfully' >/dev/null; then + _err "Error" + _err "$response" + return 1 + fi + + return 0 +} + +# Usage: txtvalue +# Used to remove the txt record after validation +dns_dnshome_rm() { + txtvalue=$2 + + DNSHOME_Subdomain="${DNSHOME_Subdomain:-$(_readdomainconf DNSHOME_Subdomain)}" + DNSHOME_SubdomainPassword="${DNSHOME_SubdomainPassword:-$(_readdomainconf DNSHOME_SubdomainPassword)}" + + DNSHOME_Api="https://$DNSHOME_Subdomain:$DNSHOME_SubdomainPassword@www.dnshome.de/dyndns.php" + + if [ -z "$DNSHOME_Subdomain" ] || [ -z "$DNSHOME_SubdomainPassword" ]; then + DNSHOME_Subdomain="" + DNSHOME_SubdomainPassword="" + _err "Please specify/export your dnsHome.de Subdomain and Password" + return 1 + fi + + _DNSHOME_rest POST "acme=rm&txt=$txtvalue" + if ! echo "$response" | grep 'successfully' >/dev/null; then + _err "Error" + _err "$response" + return 1 + fi + + return 0 +} + +#################### Private functions below ################################## +_DNSHOME_rest() { + method=$1 + data="$2" + _debug "$data" + + _debug data "$data" + response="$(_post "$data" "$DNSHOME_Api" "" "$method")" + + if [ "$?" != "0" ]; then + _err "error $data" + return 1 + fi + _debug2 response "$response" + return 0 +} From 61c853a3c15656f2be5259285f571e53cb400211 Mon Sep 17 00:00:00 2001 From: "Victor R. Santos" Date: Sun, 9 Jan 2022 02:39:28 +0000 Subject: [PATCH 0647/1526] Add Gotify notification (#3759) --- notify/gotify.sh | 62 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 notify/gotify.sh diff --git a/notify/gotify.sh b/notify/gotify.sh new file mode 100644 index 00000000..e370bc21 --- /dev/null +++ b/notify/gotify.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env sh + +#Support Gotify + +#GOTIFY_URL="https://gotify.example.com" +#GOTIFY_TOKEN="123456789ABCDEF" + +#optional +#GOTIFY_PRIORITY=0 + +# subject content statusCode +gotify_send() { + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_subject" "$_subject" + _debug "_content" "$_content" + _debug "_statusCode" "$_statusCode" + + GOTIFY_URL="${GOTIFY_URL:-$(_readaccountconf_mutable GOTIFY_URL)}" + if [ -z "$GOTIFY_URL" ]; then + GOTIFY_URL="" + _err "You didn't specify the gotify server url GOTIFY_URL." + return 1 + fi + _saveaccountconf_mutable GOTIFY_URL "$GOTIFY_URL" + + GOTIFY_TOKEN="${GOTIFY_TOKEN:-$(_readaccountconf_mutable GOTIFY_TOKEN)}" + if [ -z "$GOTIFY_TOKEN" ]; then + GOTIFY_TOKEN="" + _err "You didn't specify the gotify token GOTIFY_TOKEN." + return 1 + fi + _saveaccountconf_mutable GOTIFY_TOKEN "$GOTIFY_TOKEN" + + GOTIFY_PRIORITY="${GOTIFY_PRIORITY:-$(_readaccountconf_mutable GOTIFY_PRIORITY)}" + if [ -z "$GOTIFY_PRIORITY" ]; then + GOTIFY_PRIORITY=0 + else + _saveaccountconf_mutable GOTIFY_PRIORITY "$GOTIFY_PRIORITY" + fi + + export _H1="X-Gotify-Key: ${GOTIFY_TOKEN}" + export _H2="Content-Type: application/json" + + _content=$(echo "$_content" | _json_encode) + _subject=$(echo "$_subject" | _json_encode) + + _data="{\"title\": \"${_subject}\", \"message\": \"${_content}\", \"priority\": ${GOTIFY_PRIORITY}}" + + response="$(_post "${_data}" "${GOTIFY_URL}/message" "" "POST" "application/json")" + + if [ "$?" != "0" ]; then + _err "Failed to send message" + _err "$response" + return 1 + fi + + _debug2 response "$response" + + return 0 +} From 7e7291ace9d36ed2674c0042a2aa288396869a61 Mon Sep 17 00:00:00 2001 From: Sergey Pashinin Date: Sun, 9 Jan 2022 06:01:38 +0300 Subject: [PATCH 0648/1526] Support Vault KV v2 (#3502) --- deploy/vault.sh | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/deploy/vault.sh b/deploy/vault.sh index 70c80444..399abaee 100644 --- a/deploy/vault.sh +++ b/deploy/vault.sh @@ -56,12 +56,23 @@ vault_deploy() { export _H1="X-Vault-Token: $VAULT_TOKEN" if [ -n "$FABIO" ]; then - _post "{\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"}" "$URL" + if [ -n "$VAULT_KV_V2" ]; then + _post "{ \"data\": {\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"} }" "$URL" + else + _post "{\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"}" "$URL" + fi else - _post "{\"value\": \"$_ccert\"}" "$URL/cert.pem" - _post "{\"value\": \"$_ckey\"}" "$URL/cert.key" - _post "{\"value\": \"$_cca\"}" "$URL/chain.pem" - _post "{\"value\": \"$_cfullchain\"}" "$URL/fullchain.pem" + if [ -n "$VAULT_KV_V2" ]; then + _post "{\"data\": {\"value\": \"$_ccert\"}}" "$URL/cert.pem" + _post "{\"data\": {\"value\": \"$_ckey\"}}" "$URL/cert.key" + _post "{\"data\": {\"value\": \"$_cca\"}}" "$URL/chain.pem" + _post "{\"data\": {\"value\": \"$_cfullchain\"}}" "$URL/fullchain.pem" + else + _post "{\"value\": \"$_ccert\"}" "$URL/cert.pem" + _post "{\"value\": \"$_ckey\"}" "$URL/cert.key" + _post "{\"value\": \"$_cca\"}" "$URL/chain.pem" + _post "{\"value\": \"$_cfullchain\"}" "$URL/fullchain.pem" + fi fi } From 2ce145f359deaaaff9bea06312984c70a04ef87c Mon Sep 17 00:00:00 2001 From: Felix Matouschek Date: Sun, 9 Jan 2022 04:11:00 +0100 Subject: [PATCH 0649/1526] Refactoring amcedns api (second try) (#3231) --- dnsapi/dns_acmedns.sh | 63 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 51 insertions(+), 12 deletions(-) mode change 100644 => 100755 dnsapi/dns_acmedns.sh diff --git a/dnsapi/dns_acmedns.sh b/dnsapi/dns_acmedns.sh old mode 100644 new mode 100755 index 9b3efa48..057f9742 --- a/dnsapi/dns_acmedns.sh +++ b/dnsapi/dns_acmedns.sh @@ -1,31 +1,70 @@ #!/usr/bin/env sh # #Author: Wolfgang Ebner -#Report Bugs here: https://github.com/webner/acme.sh +#Author: Sven Neubuaer +#Report Bugs here: https://github.com/dampfklon/acme.sh +# +# Usage: +# export ACMEDNS_BASE_URL="https://auth.acme-dns.io" +# +# You can optionally define an already existing account: +# +# export ACMEDNS_USERNAME="" +# export ACMEDNS_PASSWORD="" +# export ACMEDNS_SUBDOMAIN="" # ######## Public functions ##################### #Usage: dns_acmedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +# Used to add txt record dns_acmedns_add() { fulldomain=$1 txtvalue=$2 _info "Using acme-dns" - _debug fulldomain "$fulldomain" - _debug txtvalue "$txtvalue" + _debug "fulldomain $fulldomain" + _debug "txtvalue $txtvalue" - ACMEDNS_UPDATE_URL="${ACMEDNS_UPDATE_URL:-$(_readaccountconf_mutable ACMEDNS_UPDATE_URL)}" + #for compatiblity from account conf ACMEDNS_USERNAME="${ACMEDNS_USERNAME:-$(_readaccountconf_mutable ACMEDNS_USERNAME)}" + _clearaccountconf_mutable ACMEDNS_USERNAME ACMEDNS_PASSWORD="${ACMEDNS_PASSWORD:-$(_readaccountconf_mutable ACMEDNS_PASSWORD)}" + _clearaccountconf_mutable ACMEDNS_PASSWORD ACMEDNS_SUBDOMAIN="${ACMEDNS_SUBDOMAIN:-$(_readaccountconf_mutable ACMEDNS_SUBDOMAIN)}" + _clearaccountconf_mutable ACMEDNS_SUBDOMAIN + + ACMEDNS_BASE_URL="${ACMEDNS_BASE_URL:-$(_readdomainconf ACMEDNS_BASE_URL)}" + ACMEDNS_USERNAME="${ACMEDNS_USERNAME:-$(_readdomainconf ACMEDNS_USERNAME)}" + ACMEDNS_PASSWORD="${ACMEDNS_PASSWORD:-$(_readdomainconf ACMEDNS_PASSWORD)}" + ACMEDNS_SUBDOMAIN="${ACMEDNS_SUBDOMAIN:-$(_readdomainconf ACMEDNS_SUBDOMAIN)}" + + if [ "$ACMEDNS_BASE_URL" = "" ]; then + ACMEDNS_BASE_URL="https://auth.acme-dns.io" + fi + + ACMEDNS_UPDATE_URL="$ACMEDNS_BASE_URL/update" + ACMEDNS_REGISTER_URL="$ACMEDNS_BASE_URL/register" - if [ "$ACMEDNS_UPDATE_URL" = "" ]; then - ACMEDNS_UPDATE_URL="https://auth.acme-dns.io/update" + if [ -z "$ACMEDNS_USERNAME" ] || [ -z "$ACMEDNS_PASSWORD" ]; then + response="$(_post "" "$ACMEDNS_REGISTER_URL" "" "POST")" + _debug response "$response" + ACMEDNS_USERNAME=$(echo "$response" | sed -n 's/^{.*\"username\":[ ]*\"\([^\"]*\)\".*}/\1/p') + _debug "received username: $ACMEDNS_USERNAME" + ACMEDNS_PASSWORD=$(echo "$response" | sed -n 's/^{.*\"password\":[ ]*\"\([^\"]*\)\".*}/\1/p') + _debug "received password: $ACMEDNS_PASSWORD" + ACMEDNS_SUBDOMAIN=$(echo "$response" | sed -n 's/^{.*\"subdomain\":[ ]*\"\([^\"]*\)\".*}/\1/p') + _debug "received subdomain: $ACMEDNS_SUBDOMAIN" + ACMEDNS_FULLDOMAIN=$(echo "$response" | sed -n 's/^{.*\"fulldomain\":[ ]*\"\([^\"]*\)\".*}/\1/p') + _info "##########################################################" + _info "# Create $fulldomain CNAME $ACMEDNS_FULLDOMAIN DNS entry #" + _info "##########################################################" + _info "Press enter to continue... " + read -r _ fi - _saveaccountconf_mutable ACMEDNS_UPDATE_URL "$ACMEDNS_UPDATE_URL" - _saveaccountconf_mutable ACMEDNS_USERNAME "$ACMEDNS_USERNAME" - _saveaccountconf_mutable ACMEDNS_PASSWORD "$ACMEDNS_PASSWORD" - _saveaccountconf_mutable ACMEDNS_SUBDOMAIN "$ACMEDNS_SUBDOMAIN" + _savedomainconf ACMEDNS_BASE_URL "$ACMEDNS_BASE_URL" + _savedomainconf ACMEDNS_USERNAME "$ACMEDNS_USERNAME" + _savedomainconf ACMEDNS_PASSWORD "$ACMEDNS_PASSWORD" + _savedomainconf ACMEDNS_SUBDOMAIN "$ACMEDNS_SUBDOMAIN" export _H1="X-Api-User: $ACMEDNS_USERNAME" export _H2="X-Api-Key: $ACMEDNS_PASSWORD" @@ -48,8 +87,8 @@ dns_acmedns_rm() { fulldomain=$1 txtvalue=$2 _info "Using acme-dns" - _debug fulldomain "$fulldomain" - _debug txtvalue "$txtvalue" + _debug "fulldomain $fulldomain" + _debug "txtvalue $txtvalue" } #################### Private functions below ################################## From 62dad721fceba8782903726349ee22dfff2400e4 Mon Sep 17 00:00:00 2001 From: Marvo2011 Date: Sun, 9 Jan 2022 11:04:15 +0100 Subject: [PATCH 0650/1526] Start ShellCheck and CI Test --- dnsapi/dns_selfhost.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index d7dfcca4..8c6e9a91 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -2,6 +2,7 @@ # # Author: Marvin Edeler # Report Bugs here: https://github.com/Marvo2011/acme.sh/issues/1 +# Last Edit: 09.01.2022 dns_selfhost_add() { domain=$1 From bda454fe9cbb3ba2d73251416a703db28a7d4ff7 Mon Sep 17 00:00:00 2001 From: I Komang Suryadana Date: Tue, 11 Jan 2022 15:25:10 +0800 Subject: [PATCH 0651/1526] Remove cloud domain record with cloud master zone. (#3507) --- dnsapi/dns_cloudns.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index 381d17ec..b03fd579 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -2,11 +2,14 @@ # Author: Boyan Peychev # Repository: https://github.com/ClouDNS/acme.sh/ +# Editor: I Komang Suryadana #CLOUDNS_AUTH_ID=XXXXX #CLOUDNS_SUB_AUTH_ID=XXXXX #CLOUDNS_AUTH_PASSWORD="YYYYYYYYY" CLOUDNS_API="https://api.cloudns.net" +DOMAIN_TYPE= +DOMAIN_MASTER= ######## Public functions ##################### @@ -61,6 +64,15 @@ dns_cloudns_rm() { host="$(echo "$1" | sed "s/\.$zone\$//")" record=$2 + _dns_cloudns_get_zone_info "$zone" + + _debug "Type" "$DOMAIN_TYPE" + _debug "Cloud Master" "$DOMAIN_MASTER" + if _contains "$DOMAIN_TYPE" "cloud"; then + zone=$DOMAIN_MASTER + fi + _debug "ZONE" "$zone" + _dns_cloudns_http_api_call "dns/records.json" "domain-name=$zone&host=$host&type=TXT" if ! _contains "$response" "\"id\":"; then return 1 @@ -134,6 +146,18 @@ _dns_cloudns_init_check() { return 0 } +_dns_cloudns_get_zone_info() { + zone=$1 + _dns_cloudns_http_api_call "dns/get-zone-info.json" "domain-name=$zone" + if ! _contains "$response" "\"status\":\"Failed\""; then + DOMAIN_TYPE=$(echo "$response" | _egrep_o '"type":"[^"]*"' | cut -d : -f 2 | tr -d '"') + if _contains "$DOMAIN_TYPE" "cloud"; then + DOMAIN_MASTER=$(echo "$response" | _egrep_o '"cloud-master":"[^"]*"' | cut -d : -f 2 | tr -d '"') + fi + fi + return 0 +} + _dns_cloudns_get_zone_name() { i=2 while true; do From e07795e8f0e8f5d9c1cd6e68cbb35d4d4d5fff06 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 11 Jan 2022 16:56:02 +0800 Subject: [PATCH 0652/1526] fix https://github.com/acmesh-official/acme.sh/issues/3883 --- acme.sh | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index f013fae2..9ec0c851 100755 --- a/acme.sh +++ b/acme.sh @@ -1631,6 +1631,24 @@ _stat() { return 1 #error, 'stat' not found } +#keyfile +_isRSA() { + keyfile=$1 + if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1 || ${ACME_OPENSSL_BIN:-openssl} rsa -in "$keyfile" -noout -text | grep "^publicExponent:" >/dev/null 2>&1; then + return 0 + fi + return 1 +} + +#keyfile +_isEcc() { + keyfile=$1 + if grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1 || ${ACME_OPENSSL_BIN:-openssl} ec -in "$keyfile" -noout -text 2>/dev/null | grep "^NIST CURVE:" >/dev/null 2>&1; then + return 0 + fi + return 1 +} + #keyfile _calcjwk() { keyfile="$1" @@ -1644,7 +1662,7 @@ _calcjwk() { return 0 fi - if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then + if _isRSA "$keyfile"; then _debug "RSA key" pub_exp=$(${ACME_OPENSSL_BIN:-openssl} rsa -in "$keyfile" -noout -text | grep "^publicExponent:" | cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1) if [ "${#pub_exp}" = "5" ]; then @@ -1666,7 +1684,7 @@ _calcjwk() { JWK_HEADER='{"alg": "RS256", "jwk": '$jwk'}' JWK_HEADERPLACE_PART1='{"nonce": "' JWK_HEADERPLACE_PART2='", "alg": "RS256"' - elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then + elif _isEcc "$keyfile"; then _debug "EC key" crv="$(${ACME_OPENSSL_BIN:-openssl} ec -in "$keyfile" -noout -text 2>/dev/null | grep "^NIST CURVE:" | cut -d ":" -f 2 | tr -d " \r\n")" _debug3 crv "$crv" From 188274277a18deb386f160de53262f22f8f7d7c2 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 11 Jan 2022 17:16:51 +0800 Subject: [PATCH 0653/1526] fix https://github.com/acmesh-official/acme.sh/issues/3883 --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 9ec0c851..78684267 100755 --- a/acme.sh +++ b/acme.sh @@ -1053,9 +1053,9 @@ _sign() { _sign_openssl="${ACME_OPENSSL_BIN:-openssl} dgst -sign $keyfile " - if grep "BEGIN RSA PRIVATE KEY" "$keyfile" >/dev/null 2>&1 || grep "BEGIN PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then + if _isRSA "$keyfile" >/dev/null 2>&1; then $_sign_openssl -$alg | _base64 - elif grep "BEGIN EC PRIVATE KEY" "$keyfile" >/dev/null 2>&1; then + elif _isEcc "$keyfile" >/dev/null 2>&1; then if ! _signedECText="$($_sign_openssl -sha$__ECC_KEY_LEN | ${ACME_OPENSSL_BIN:-openssl} asn1parse -inform DER)"; then _err "Sign failed: $_sign_openssl" _err "Key file: $keyfile" From e49ece87937aa258f32fa277c9f1a6d46b7484ce Mon Sep 17 00:00:00 2001 From: Yuan Ming Date: Fri, 14 Jan 2022 22:10:26 +0800 Subject: [PATCH 0654/1526] dns_huaweicloud.sh minor bug fixes 1. Match zone name in response in case multiple items return. 2. Use string '"id"' (single quotation marks added) to check if zone/record exist in _get_zoneid() & _get_recordset_id(). Fix domain can't contain string "id". (Sensitive _debug Access Token Commented out, For CICD Run) --- dnsapi/dns_huaweicloud.sh | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index f7192725..caac3e1e 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -35,7 +35,7 @@ dns_huaweicloud_add() { _err "dns_api(dns_huaweicloud): Error getting token." return 1 fi - _debug "Access token is: ${token}" + # _debug "Access token is: ${token}" unset zoneid zoneid="$(_get_zoneid "${token}" "${fulldomain}")" @@ -86,7 +86,7 @@ dns_huaweicloud_rm() { _err "dns_api(dns_huaweicloud): Error getting token." return 1 fi - _debug "Access token is: ${token}" + # _debug "Access token is: ${token}" unset zoneid zoneid="$(_get_zoneid "${token}" "${fulldomain}")" @@ -129,14 +129,25 @@ _get_zoneid() { fi _debug "$h" response=$(_get "${dns_api}/v2/zones?name=${h}") - - if _contains "${response}" "id"; then - _debug "Get Zone ID Success." - _zoneid=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ") - printf "%s" "${_zoneid}" - return 0 + # _debug2 "$response" + if _contains "${response}" '"id"'; then + zoneidlist=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ") + zonenamelist=$(echo "${response}" | _egrep_o "\"name\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ") + _debug2 "Return Zone ID(s):${zoneidlist}" + _debug2 "Return Zone Name(s):${zonenamelist}" + zoneidnum=0 + echo "${zonenamelist}" | while read -r zonename; do + zoneidnum=$(_math "$zoneidnum" + 1) + _debug "Check Zone Name $zonename" + if [ "${zonename}" = "${h}." ]; then + _debug "Get Zone ID Success." + _zoneid=$(echo "${zoneidlist}" | sed -n "${zoneidnum}p") + _debug2 "ZoneID:${_zoneid}" + printf "%s" "${_zoneid}" + return 0 + fi + done fi - i=$(_math "$i" + 1) done return 1 @@ -149,7 +160,7 @@ _get_recordset_id() { export _H1="X-Auth-Token: ${_token}" response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}") - if _contains "${response}" "id"; then + if _contains "${response}" '"id"'; then _id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")" printf "%s" "${_id}" return 0 @@ -269,7 +280,7 @@ _get_token() { _post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null _code=$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n") _token=$(grep "^X-Subject-Token" "$HTTP_HEADER" | cut -d " " -f 2-) - _debug2 "${_code}" + # _debug2 "${_code}" printf "%s" "${_token}" return 0 } From 9d2ee2127de6ebcd2382e4cf9270276412d3f26f Mon Sep 17 00:00:00 2001 From: Yuan Ming Date: Sat, 15 Jan 2022 19:23:30 +0800 Subject: [PATCH 0655/1526] dns_huaweicloud debug info adjust _secure_debug for sensitive token. --- dnsapi/dns_huaweicloud.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index caac3e1e..cc21396a 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -35,7 +35,7 @@ dns_huaweicloud_add() { _err "dns_api(dns_huaweicloud): Error getting token." return 1 fi - # _debug "Access token is: ${token}" + _secure_debug "Access token is:" "${token}" unset zoneid zoneid="$(_get_zoneid "${token}" "${fulldomain}")" @@ -43,7 +43,7 @@ dns_huaweicloud_add() { _err "dns_api(dns_huaweicloud): Error getting zone id." return 1 fi - _debug "Zone ID is: ${zoneid}" + _debug "Zone ID is:" "${zoneid}" _debug "Adding Record" _add_record "${token}" "${fulldomain}" "${txtvalue}" @@ -86,7 +86,7 @@ dns_huaweicloud_rm() { _err "dns_api(dns_huaweicloud): Error getting token." return 1 fi - # _debug "Access token is: ${token}" + _secure_debug "Access token is:" "${token}" unset zoneid zoneid="$(_get_zoneid "${token}" "${fulldomain}")" @@ -94,7 +94,7 @@ dns_huaweicloud_rm() { _err "dns_api(dns_huaweicloud): Error getting zone id." return 1 fi - _debug "Zone ID is: ${zoneid}" + _debug "Zone ID is:" "${zoneid}" # Remove all records # Therotically HuaweiCloud does not allow more than one record set @@ -129,20 +129,20 @@ _get_zoneid() { fi _debug "$h" response=$(_get "${dns_api}/v2/zones?name=${h}") - # _debug2 "$response" + _debug2 "$response" if _contains "${response}" '"id"'; then zoneidlist=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ") zonenamelist=$(echo "${response}" | _egrep_o "\"name\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ") - _debug2 "Return Zone ID(s):${zoneidlist}" - _debug2 "Return Zone Name(s):${zonenamelist}" + _debug2 "Return Zone ID(s):" "${zoneidlist}" + _debug2 "Return Zone Name(s):" "${zonenamelist}" zoneidnum=0 echo "${zonenamelist}" | while read -r zonename; do zoneidnum=$(_math "$zoneidnum" + 1) - _debug "Check Zone Name $zonename" + _debug "Check Zone Name" "${zonename}" if [ "${zonename}" = "${h}." ]; then _debug "Get Zone ID Success." _zoneid=$(echo "${zoneidlist}" | sed -n "${zoneidnum}p") - _debug2 "ZoneID:${_zoneid}" + _debug2 "ZoneID:" "${_zoneid}" printf "%s" "${_zoneid}" return 0 fi @@ -208,7 +208,7 @@ _add_record() { fi _record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")" - _debug "Record Set ID is: ${_record_id}" + _debug "Record Set ID is:" "${_record_id}" # Remove all records while [ "${_record_id}" != "0" ]; do @@ -280,7 +280,7 @@ _get_token() { _post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null _code=$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n") _token=$(grep "^X-Subject-Token" "$HTTP_HEADER" | cut -d " " -f 2-) - # _debug2 "${_code}" + _secure_debug "${_code}" printf "%s" "${_token}" return 0 } From edee7ea284c0b4f5670d859442c945b8cebd5b98 Mon Sep 17 00:00:00 2001 From: Ross Shen Date: Sun, 16 Jan 2022 20:46:09 +0800 Subject: [PATCH 0656/1526] routeros deploy hook: store the env vars within the domainconf related to #2344 and #2413 --- deploy/routeros.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/deploy/routeros.sh b/deploy/routeros.sh index 2f349999..9965d65c 100644 --- a/deploy/routeros.sh +++ b/deploy/routeros.sh @@ -66,21 +66,31 @@ routeros_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" + _getdeployconf ROUTER_OS_HOST + if [ -z "$ROUTER_OS_HOST" ]; then _debug "Using _cdomain as ROUTER_OS_HOST, please set if not correct." ROUTER_OS_HOST="$_cdomain" fi + _getdeployconf ROUTER_OS_USERNAME + if [ -z "$ROUTER_OS_USERNAME" ]; then _err "Need to set the env variable ROUTER_OS_USERNAME" return 1 fi + _getdeployconf ROUTER_OS_ADDITIONAL_SERVICES + if [ -z "$ROUTER_OS_ADDITIONAL_SERVICES" ]; then _debug "Not enabling additional services" ROUTER_OS_ADDITIONAL_SERVICES="" fi + _savedeployconf ROUTER_OS_HOST "$ROUTER_OS_HOST" + _savedeployconf ROUTER_OS_USERNAME "$ROUTER_OS_USERNAME" + _savedeployconf ROUTER_OS_ADDITIONAL_SERVICES "$ROUTER_OS_ADDITIONAL_SERVICES" + _info "Trying to push key '$_ckey' to router" scp "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key" _info "Trying to push cert '$_cfullchain' to router" From dca9def42c2d8fb86551d5d5c6e70124defebb29 Mon Sep 17 00:00:00 2001 From: Ross Shen Date: Wed, 19 Jan 2022 12:36:54 +0800 Subject: [PATCH 0657/1526] add remote deploy hook for openmediavault 5 based on #3757 --- Dockerfile | 3 +- deploy/openmediavault.sh | 85 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 deploy/openmediavault.sh diff --git a/Dockerfile b/Dockerfile index 0421da34..fa11ea8a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,8 @@ RUN apk --no-cache add -f \ tzdata \ oath-toolkit-oathtool \ tar \ - libidn + libidn \ + jq ENV LE_CONFIG_HOME /acme.sh diff --git a/deploy/openmediavault.sh b/deploy/openmediavault.sh new file mode 100644 index 00000000..26743326 --- /dev/null +++ b/deploy/openmediavault.sh @@ -0,0 +1,85 @@ +#!/usr/bin/env sh + +######## Public functions ##################### + +#domain keyfile certfile cafile fullchain +openmediavault_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + _getdeployconf DEPLOY_OMV_HOST + + if [ -z "$DEPLOY_OMV_HOST" ]; then + _debug "Using _cdomain as DEPLOY_OMV_HOST, please set if not correct." + DEPLOY_OMV_HOST="$_cdomain" + fi + + _getdeployconf DEPLOY_OMV_USER + + if [ -z "$DEPLOY_OMV_USER" ]; then + DEPLOY_OMV_USER="admin" + fi + + _savedeployconf DEPLOY_OMV_HOST "$DEPLOY_OMV_HOST" + _savedeployconf DEPLOY_OMV_USER "$DEPLOY_OMV_USER" + + _command="omv-rpc -u $DEPLOY_OMV_USER 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'" + # shellcheck disable=SC2086 + _uuid=$(ssh "root@$DEPLOY_OMV_HOST" "$_command") + _debug _command "$_command" + + if [ -z "$_uuid" ]; then + _info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" + _command="omv-rpc -u $DEPLOY_OMV_USER 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'" + # shellcheck disable=SC2086 + _uuid=$(ssh "root@$DEPLOY_OMV_HOST" "$_command") + _debug _command "$_command" + + if [ -z "$_uuid" ]; then + _err "[OMB deploy-hook] An error occured while creating the certificate" + return 1 + fi + fi + + _info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid" + _fullchain=$(jq <"$_cfullchain" -aRs .) + _key=$(jq <"$_ckey" -aRs .) + + _debug _fullchain "$_fullchain" + _debug _key "$_key" + + _info "[OMV deploy-hook] Updating key and certificate in openmediavault" + _command="omv-rpc -u $DEPLOY_OMV_USER 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" + # shellcheck disable=SC2029 + _result=$(ssh "root@$DEPLOY_OMV_HOST" "$_command") + _debug _result "$_result" + + _debug _command "$_command" + + _info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)" + _command="omv-rpc -u $DEPLOY_OMV_USER 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" + # shellcheck disable=SC2029 + _result=$(ssh "root@$DEPLOY_OMV_HOST" "$_command") + + _debug _command "$_command" + _debug _result "$_result" + + _info "[OMV deploy-hook] Asking nginx to reload" + _command="nginx -s reload" + # shellcheck disable=SC2029 + _result=$(ssh "root@$DEPLOY_OMV_HOST" "$_command") + + _debug _command "$_command" + _debug _result "$_result" + + return 0 +} From df671a77f674f9c75cff975b214de95b8cefc8b7 Mon Sep 17 00:00:00 2001 From: Ross Shen Date: Sun, 16 Jan 2022 20:46:09 +0800 Subject: [PATCH 0658/1526] routeros deploy hook: store the env vars within the domainconf related to #2344 and #2413 --- deploy/routeros.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/deploy/routeros.sh b/deploy/routeros.sh index 2f349999..9965d65c 100644 --- a/deploy/routeros.sh +++ b/deploy/routeros.sh @@ -66,21 +66,31 @@ routeros_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" + _getdeployconf ROUTER_OS_HOST + if [ -z "$ROUTER_OS_HOST" ]; then _debug "Using _cdomain as ROUTER_OS_HOST, please set if not correct." ROUTER_OS_HOST="$_cdomain" fi + _getdeployconf ROUTER_OS_USERNAME + if [ -z "$ROUTER_OS_USERNAME" ]; then _err "Need to set the env variable ROUTER_OS_USERNAME" return 1 fi + _getdeployconf ROUTER_OS_ADDITIONAL_SERVICES + if [ -z "$ROUTER_OS_ADDITIONAL_SERVICES" ]; then _debug "Not enabling additional services" ROUTER_OS_ADDITIONAL_SERVICES="" fi + _savedeployconf ROUTER_OS_HOST "$ROUTER_OS_HOST" + _savedeployconf ROUTER_OS_USERNAME "$ROUTER_OS_USERNAME" + _savedeployconf ROUTER_OS_ADDITIONAL_SERVICES "$ROUTER_OS_ADDITIONAL_SERVICES" + _info "Trying to push key '$_ckey' to router" scp "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key" _info "Trying to push cert '$_cfullchain' to router" From 6bbf927f57f8a7b1dcdd1f24220c09397368a541 Mon Sep 17 00:00:00 2001 From: Ross Shen Date: Wed, 19 Jan 2022 21:13:02 +0800 Subject: [PATCH 0659/1526] omv deploy hook: separate DEPLOY_OMV_WEBUI_ADMIN and DEPLOY_OMV_SSH_USER --- deploy/openmediavault.sh | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/deploy/openmediavault.sh b/deploy/openmediavault.sh index 26743326..eb04f5bc 100644 --- a/deploy/openmediavault.sh +++ b/deploy/openmediavault.sh @@ -23,25 +23,32 @@ openmediavault_deploy() { DEPLOY_OMV_HOST="$_cdomain" fi - _getdeployconf DEPLOY_OMV_USER + _getdeployconf DEPLOY_OMV_WEBUI_ADMIN - if [ -z "$DEPLOY_OMV_USER" ]; then - DEPLOY_OMV_USER="admin" + if [ -z "$DEPLOY_OMV_WEBUI_ADMIN" ]; then + DEPLOY_OMV_WEBUI_ADMIN="admin" + fi + + _getdeployconf DEPLOY_OMV_SSH_USER + + if [ -z "$DEPLOY_OMV_SSH_USER" ]; then + DEPLOY_OMV_SSH_USER="root" fi _savedeployconf DEPLOY_OMV_HOST "$DEPLOY_OMV_HOST" - _savedeployconf DEPLOY_OMV_USER "$DEPLOY_OMV_USER" + _savedeployconf DEPLOY_OMV_WEBUI_ADMIN "$DEPLOY_OMV_WEBUI_ADMIN" + _savedeployconf DEPLOY_OMV_SSH_USER "$DEPLOY_OMV_SSH_USER" - _command="omv-rpc -u $DEPLOY_OMV_USER 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'" + _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'" # shellcheck disable=SC2086 - _uuid=$(ssh "root@$DEPLOY_OMV_HOST" "$_command") + _uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") _debug _command "$_command" if [ -z "$_uuid" ]; then _info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" - _command="omv-rpc -u $DEPLOY_OMV_USER 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'" + _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'" # shellcheck disable=SC2086 - _uuid=$(ssh "root@$DEPLOY_OMV_HOST" "$_command") + _uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") _debug _command "$_command" if [ -z "$_uuid" ]; then @@ -58,17 +65,17 @@ openmediavault_deploy() { _debug _key "$_key" _info "[OMV deploy-hook] Updating key and certificate in openmediavault" - _command="omv-rpc -u $DEPLOY_OMV_USER 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" + _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" # shellcheck disable=SC2029 - _result=$(ssh "root@$DEPLOY_OMV_HOST" "$_command") - _debug _result "$_result" + _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") _debug _command "$_command" + _debug _result "$_result" _info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)" - _command="omv-rpc -u $DEPLOY_OMV_USER 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" + _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" # shellcheck disable=SC2029 - _result=$(ssh "root@$DEPLOY_OMV_HOST" "$_command") + _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") _debug _command "$_command" _debug _result "$_result" @@ -76,7 +83,7 @@ openmediavault_deploy() { _info "[OMV deploy-hook] Asking nginx to reload" _command="nginx -s reload" # shellcheck disable=SC2029 - _result=$(ssh "root@$DEPLOY_OMV_HOST" "$_command") + _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") _debug _command "$_command" _debug _result "$_result" From a78a4e67168599a2e898271a57e99aba6cbc5792 Mon Sep 17 00:00:00 2001 From: Ross Shen Date: Wed, 19 Jan 2022 21:42:17 +0800 Subject: [PATCH 0660/1526] omv deploy hook: shellcheck disable=SC2029 --- deploy/openmediavault.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/openmediavault.sh b/deploy/openmediavault.sh index eb04f5bc..b0bb4cb2 100644 --- a/deploy/openmediavault.sh +++ b/deploy/openmediavault.sh @@ -40,14 +40,14 @@ openmediavault_deploy() { _savedeployconf DEPLOY_OMV_SSH_USER "$DEPLOY_OMV_SSH_USER" _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'" - # shellcheck disable=SC2086 + # shellcheck disable=SC2029 _uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") _debug _command "$_command" if [ -z "$_uuid" ]; then _info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'" - # shellcheck disable=SC2086 + # shellcheck disable=SC2029 _uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") _debug _command "$_command" From e1a0f5706d6b7b46062668b54f3823666010c61d Mon Sep 17 00:00:00 2001 From: Vitaly Kireev Date: Tue, 28 Dec 2021 22:29:42 +0300 Subject: [PATCH 0661/1526] DNS REGRU utf-list to idn (punycode) service/get_list returns domains in utf. But if utf, then error Error parsing certificate request: x509: SAN dNSName is malformed early using my patch by IDN_ITEM="$(echo "${ITEM}" | idn)" Now replacing by IDN_ITEM="$(_idn "${ITEM}")" --- dnsapi/dns_regru.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_regru.sh b/dnsapi/dns_regru.sh index 29f758ea..2a1ebaa5 100644 --- a/dnsapi/dns_regru.sh +++ b/dnsapi/dns_regru.sh @@ -92,9 +92,10 @@ _get_root() { domains_list=$(echo "${response}" | grep dname | sed -r "s/.*dname=\"([^\"]+)\".*/\\1/g") for ITEM in ${domains_list}; do + IDN_ITEM="$(_idn "${ITEM}")" case "${domain}" in - *${ITEM}*) - _domain=${ITEM} + *${IDN_ITEM}*) + _domain=${IDN_ITEM} _debug _domain "${_domain}" return 0 ;; From faedea212095c398729224d5c9ce72f2a4d55237 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 19 Jan 2022 22:22:53 +0800 Subject: [PATCH 0662/1526] Update dns_ddnss.sh --- dnsapi/dns_ddnss.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_ddnss.sh b/dnsapi/dns_ddnss.sh index ecc4f174..b9da33ff 100644 --- a/dnsapi/dns_ddnss.sh +++ b/dnsapi/dns_ddnss.sh @@ -12,7 +12,7 @@ # -- # -DDNSS_DNS_API="https://ip4.ddnss.de/upd.php" +DDNSS_DNS_API="https://ddnss.de/upd.php" ######## Public functions ##################### @@ -77,7 +77,7 @@ dns_ddnss_rm() { # Now remove the TXT record from DDNS DNS _info "Trying to remove TXT record" - if _ddnss_rest GET "key=$DDNSS_Token&host=$_ddnss_domain&txtm=1&txt=."; then + if _ddnss_rest GET "key=$DDNSS_Token&host=$_ddnss_domain&txtm=2"; then if [ "$response" = "Updated 1 hostname." ]; then _info "TXT record has been successfully removed from your DDNSS domain." return 0 From 9088c8741a865301af48be2a87deab7ebe288759 Mon Sep 17 00:00:00 2001 From: Yuan Ming Date: Thu, 20 Jan 2022 14:01:33 +0800 Subject: [PATCH 0663/1526] Fix dns_huaweicloud subshell return Replace pipe read with line count loop, fix useless return in subshell. --- dnsapi/dns_huaweicloud.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index cc21396a..ac3ede65 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -136,13 +136,16 @@ _get_zoneid() { _debug2 "Return Zone ID(s):" "${zoneidlist}" _debug2 "Return Zone Name(s):" "${zonenamelist}" zoneidnum=0 - echo "${zonenamelist}" | while read -r zonename; do + zoneidcount=$(echo "${zoneidlist}" | grep -c '^') + _debug "Retund Zone ID(s) Count:" "${zoneidcount}" + while [ "${zoneidnum}" -lt "${zoneidcount}" ]; do zoneidnum=$(_math "$zoneidnum" + 1) + _zoneid=$(echo "${zoneidlist}" | sed -n "${zoneidnum}p") + zonename=$(echo "${zonenamelist}" | sed -n "${zoneidnum}p") _debug "Check Zone Name" "${zonename}" if [ "${zonename}" = "${h}." ]; then _debug "Get Zone ID Success." - _zoneid=$(echo "${zoneidlist}" | sed -n "${zoneidnum}p") - _debug2 "ZoneID:" "${_zoneid}" + _debug "ZoneID:" "${_zoneid}" printf "%s" "${_zoneid}" return 0 fi From 0292e20c862c49d8729a832961d72dcf5a38101b Mon Sep 17 00:00:00 2001 From: Ross Shen Date: Thu, 20 Jan 2022 17:27:11 +0800 Subject: [PATCH 0664/1526] omv deploy hook: support both local and remote deployment --- deploy/openmediavault.sh | 148 +++++++++++++++++++++++++++------------ 1 file changed, 102 insertions(+), 46 deletions(-) diff --git a/deploy/openmediavault.sh b/deploy/openmediavault.sh index b0bb4cb2..859eabe7 100644 --- a/deploy/openmediavault.sh +++ b/deploy/openmediavault.sh @@ -16,77 +16,133 @@ openmediavault_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - _getdeployconf DEPLOY_OMV_HOST - - if [ -z "$DEPLOY_OMV_HOST" ]; then - _debug "Using _cdomain as DEPLOY_OMV_HOST, please set if not correct." - DEPLOY_OMV_HOST="$_cdomain" - fi - _getdeployconf DEPLOY_OMV_WEBUI_ADMIN if [ -z "$DEPLOY_OMV_WEBUI_ADMIN" ]; then DEPLOY_OMV_WEBUI_ADMIN="admin" fi + _savedeployconf DEPLOY_OMV_WEBUI_ADMIN "$DEPLOY_OMV_WEBUI_ADMIN" + + _getdeployconf DEPLOY_OMV_HOST _getdeployconf DEPLOY_OMV_SSH_USER - if [ -z "$DEPLOY_OMV_SSH_USER" ]; then - DEPLOY_OMV_SSH_USER="root" + if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then + _info "[OMV deploy-hook] Deploy certificate remotely through ssh." + _savedeployconf DEPLOY_OMV_HOST "$DEPLOY_OMV_HOST" + _savedeployconf DEPLOY_OMV_SSH_USER "$DEPLOY_OMV_SSH_USER" + else + _info "[OMV deploy-hook] Deploy certificate locally." fi - _savedeployconf DEPLOY_OMV_HOST "$DEPLOY_OMV_HOST" - _savedeployconf DEPLOY_OMV_WEBUI_ADMIN "$DEPLOY_OMV_WEBUI_ADMIN" - _savedeployconf DEPLOY_OMV_SSH_USER "$DEPLOY_OMV_SSH_USER" + if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then - _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'" - # shellcheck disable=SC2029 - _uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") - _debug _command "$_command" - - if [ -z "$_uuid" ]; then - _info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" - _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'" + _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'" # shellcheck disable=SC2029 _uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") _debug _command "$_command" if [ -z "$_uuid" ]; then - _err "[OMB deploy-hook] An error occured while creating the certificate" - return 1 + _info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" + _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'" + # shellcheck disable=SC2029 + _uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") + _debug _command "$_command" + + if [ -z "$_uuid" ]; then + _err "[OMV deploy-hook] An error occured while creating the certificate" + return 1 + fi fi - fi - _info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid" - _fullchain=$(jq <"$_cfullchain" -aRs .) - _key=$(jq <"$_ckey" -aRs .) + _info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid" + _fullchain=$(jq <"$_cfullchain" -aRs .) + _key=$(jq <"$_ckey" -aRs .) + + _debug _fullchain "$_fullchain" + _debug _key "$_key" + + _info "[OMV deploy-hook] Updating key and certificate in openmediavault" + _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" + # shellcheck disable=SC2029 + _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") + + _debug _command "$_command" + _debug _result "$_result" + + _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')" + # shellcheck disable=SC2029 + _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") + + _debug _command "$_command" + _debug _result "$_result" + + _info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)" + _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" + # shellcheck disable=SC2029 + _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") + + _debug _command "$_command" + _debug _result "$_result" + + _info "[OMV deploy-hook] Asking nginx to reload" + _command="nginx -s reload" + # shellcheck disable=SC2029 + _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") + + _debug _command "$_command" + _debug _result "$_result" + + else + + # shellcheck disable=SC2086 + _uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{"start": 0, "limit": -1}' | jq -r '.data[] | select(.name=="/CN='$_cdomain'") | .uuid') + if [ -z "$_uuid" ]; then + _info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" + # shellcheck disable=SC2086 + _uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{"cn": "test.example.com", "size": 4096, "days": 3650, "c": "", "st": "", "l": "", "o": "", "ou": "", "email": ""}' | jq -r '.uuid') + + if [ -z "$_uuid" ]; then + _err "[OMB deploy-hook] An error occured while creating the certificate" + return 1 + fi + fi + + _info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid" + _fullchain=$(jq <"$_cfullchain" -aRs .) + _key=$(jq <"$_ckey" -aRs .) + + _debug _fullchain "$_fullchain" + _debug _key "$_key" + + _info "[OMV deploy-hook] Updating key and certificate in openmediavault" + _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" + _result=$(eval "$_command") + + _debug _command "$_command" + _debug _result "$_result" - _debug _fullchain "$_fullchain" - _debug _key "$_key" + _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')" + _result=$(eval "$_command") - _info "[OMV deploy-hook] Updating key and certificate in openmediavault" - _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" - # shellcheck disable=SC2029 - _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") + _debug _command "$_command" + _debug _result "$_result" - _debug _command "$_command" - _debug _result "$_result" + _info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)" + _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" + _result=$(eval "$_command") - _info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)" - _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" - # shellcheck disable=SC2029 - _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") + _debug _command "$_command" + _debug _result "$_result" - _debug _command "$_command" - _debug _result "$_result" + _info "[OMV deploy-hook] Asking nginx to reload" + _command="nginx -s reload" + _result=$(eval "$_command") - _info "[OMV deploy-hook] Asking nginx to reload" - _command="nginx -s reload" - # shellcheck disable=SC2029 - _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") + _debug _command "$_command" + _debug _result "$_result" - _debug _command "$_command" - _debug _result "$_result" + fi return 0 } From 67c990e8cfd6503bc8bdeb19a71b53d34b32090e Mon Sep 17 00:00:00 2001 From: Ross Shen Date: Thu, 20 Jan 2022 17:46:47 +0800 Subject: [PATCH 0665/1526] omv deploy hook: add usage comments --- deploy/openmediavault.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/deploy/openmediavault.sh b/deploy/openmediavault.sh index 859eabe7..cfc2d332 100644 --- a/deploy/openmediavault.sh +++ b/deploy/openmediavault.sh @@ -1,5 +1,13 @@ #!/usr/bin/env sh +# This deploy hook is tested on OpenMediaVault 5.x. It supports both local and remote deployment. +# The way it works is that if a cert with the matching domain name is not found, it will firstly create a dummy cert to get its uuid, and then replace it with your cert. +# +# DEPLOY_OMV_WEBUI_ADMIN - This is OMV web gui admin account. Default value is admin. It's required as the user parameter (-u) for the omv-rpc command. +# DEPLOY_OMV_HOST and DEPLOY_OMV_SSH_USER are optional. They are used for remote deployment through ssh (support public key authentication only). Per design, OMV web gui admin doesn't have ssh permission, so another account is needed for ssh. +# +# returns 0 means success, otherwise error. + ######## Public functions ##################### #domain keyfile certfile cafile fullchain From 7250a300df82ef79b9fce9d1f8287aef6686fe2e Mon Sep 17 00:00:00 2001 From: michal Date: Tue, 14 Dec 2021 20:27:40 +0100 Subject: [PATCH 0666/1526] add managed identity support for azure dns --- dnsapi/dns_azure.sh | 182 ++++++++++++++++++++++++++------------------ 1 file changed, 106 insertions(+), 76 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index ce8a3fa7..1c33c13a 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -9,57 +9,72 @@ WIKI="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Azure-DNS" # # Ref: https://docs.microsoft.com/en-us/rest/api/dns/recordsets/createorupdate # + dns_azure_add() { fulldomain=$1 txtvalue=$2 AZUREDNS_SUBSCRIPTIONID="${AZUREDNS_SUBSCRIPTIONID:-$(_readaccountconf_mutable AZUREDNS_SUBSCRIPTIONID)}" - AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" - AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" - AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" - if [ -z "$AZUREDNS_SUBSCRIPTIONID" ]; then AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_TENANTID="" AZUREDNS_APPID="" AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure Subscription ID " + _err "You didn't specify the Azure Subscription ID" return 1 fi + #save subscription id to account conf file. + _saveaccountconf_mutable AZUREDNS_SUBSCRIPTIONID "$AZUREDNS_SUBSCRIPTIONID" - if [ -z "$AZUREDNS_TENANTID" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure Tenant ID " - return 1 - fi + AZUREDNS_MANAGEDIDENTITY="${AZUREDNS_MANAGEDIDENTITY:-$(_readaccountconf_mutable AZUREDNS_MANAGEDIDENTITY)}" + if [ "$AZUREDNS_MANAGEDIDENTITY" = true ]; then + _info "Using Azure managed identity" + #save managed identity as preferred authentication method, clear service principal credentials from conf file. + _saveaccountconf_mutable AZUREDNS_MANAGEDIDENTITY "$AZUREDNS_MANAGEDIDENTITY" + _saveaccountconf_mutable AZUREDNS_TENANTID "" + _saveaccountconf_mutable AZUREDNS_APPID "" + _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "" + else + _info "You didn't ask to use Azure managed identity, checking service principal credentials" + AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" + AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" + AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" + + if [ -z "$AZUREDNS_TENANTID" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + _err "You didn't specify the Azure Tenant ID " + return 1 + fi - if [ -z "$AZUREDNS_APPID" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure App ID" - return 1 - fi + if [ -z "$AZUREDNS_APPID" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + _err "You didn't specify the Azure App ID" + return 1 + fi - if [ -z "$AZUREDNS_CLIENTSECRET" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure Client Secret" - return 1 + if [ -z "$AZUREDNS_CLIENTSECRET" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + _err "You didn't specify the Azure Client Secret" + return 1 + fi + + #save account details to account conf file, don't opt in for azure manages identity check. + _saveaccountconf_mutable AZUREDNS_MANAGEDIDENTITY "false" + _saveaccountconf_mutable AZUREDNS_TENANTID "$AZUREDNS_TENANTID" + _saveaccountconf_mutable AZUREDNS_APPID "$AZUREDNS_APPID" + _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" fi - #save account details to account conf file. - _saveaccountconf_mutable AZUREDNS_SUBSCRIPTIONID "$AZUREDNS_SUBSCRIPTIONID" - _saveaccountconf_mutable AZUREDNS_TENANTID "$AZUREDNS_TENANTID" - _saveaccountconf_mutable AZUREDNS_APPID "$AZUREDNS_APPID" - _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" - accesstoken=$(_azure_getaccess_token "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") + accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then _err "invalid domain" @@ -116,10 +131,6 @@ dns_azure_rm() { txtvalue=$2 AZUREDNS_SUBSCRIPTIONID="${AZUREDNS_SUBSCRIPTIONID:-$(_readaccountconf_mutable AZUREDNS_SUBSCRIPTIONID)}" - AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" - AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" - AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" - if [ -z "$AZUREDNS_SUBSCRIPTIONID" ]; then AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_TENANTID="" @@ -129,34 +140,44 @@ dns_azure_rm() { return 1 fi - if [ -z "$AZUREDNS_TENANTID" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure Tenant ID " - return 1 - fi + AZUREDNS_MANAGEDIDENTITY="${AZUREDNS_MANAGEDIDENTITY:-$(_readaccountconf_mutable AZUREDNS_MANAGEDIDENTITY)}" + if [ "$AZUREDNS_MANAGEDIDENTITY" = true ]; then + _info "Using Azure managed identity" + else + _info "You didn't ask to use Azure managed identity, checking service principal credentials" + AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}" + AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}" + AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}" + + if [ -z "$AZUREDNS_TENANTID" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + _err "You didn't specify the Azure Tenant ID " + return 1 + fi - if [ -z "$AZUREDNS_APPID" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure App ID" - return 1 - fi + if [ -z "$AZUREDNS_APPID" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + _err "You didn't specify the Azure App ID" + return 1 + fi - if [ -z "$AZUREDNS_CLIENTSECRET" ]; then - AZUREDNS_SUBSCRIPTIONID="" - AZUREDNS_TENANTID="" - AZUREDNS_APPID="" - AZUREDNS_CLIENTSECRET="" - _err "You didn't specify the Azure Client Secret" - return 1 + if [ -z "$AZUREDNS_CLIENTSECRET" ]; then + AZUREDNS_SUBSCRIPTIONID="" + AZUREDNS_TENANTID="" + AZUREDNS_APPID="" + AZUREDNS_CLIENTSECRET="" + _err "You didn't specify the Azure Client Secret" + return 1 + fi fi - accesstoken=$(_azure_getaccess_token "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") + accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then _err "invalid domain" @@ -258,9 +279,10 @@ _azure_rest() { ## Ref: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service#request-an-access-token _azure_getaccess_token() { - tenantID=$1 - clientID=$2 - clientSecret=$3 + managedIdentity=$1 + tenantID=$2 + clientID=$3 + clientSecret=$4 accesstoken="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" expires_on="${AZUREDNS_TOKENVALIDTO:-$(_readaccountconf_mutable AZUREDNS_TOKENVALIDTO)}" @@ -278,17 +300,25 @@ _azure_getaccess_token() { fi _debug "getting new bearer token" - export _H1="accept: application/json" - export _H2="Content-Type: application/x-www-form-urlencoded" - - body="resource=$(printf "%s" 'https://management.core.windows.net/' | _url_encode)&client_id=$(printf "%s" "$clientID" | _url_encode)&client_secret=$(printf "%s" "$clientSecret" | _url_encode)&grant_type=client_credentials" - _secure_debug2 "data $body" - response="$(_post "$body" "https://login.microsoftonline.com/$tenantID/oauth2/token" "" "POST")" - _ret="$?" - _secure_debug2 "response $response" - response="$(echo "$response" | _normalizeJson)" - accesstoken=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") - expires_on=$(echo "$response" | _egrep_o "\"expires_on\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") + if [ "$managedIdentity" = true ]; then + # https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http + export _H1="Metadata: true" + response="$(_get http://169.254.169.254/metadata/identity/oauth2/token\?api-version=2018-02-01\&resource=https://management.azure.com/)" + response="$(echo "$response" | _normalizeJson)" + accesstoken=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") + expires_on=$(echo "$response" | _egrep_o "\"expires_on\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") + else + export _H1="accept: application/json" + export _H2="Content-Type: application/x-www-form-urlencoded" + body="resource=$(printf "%s" 'https://management.core.windows.net/' | _url_encode)&client_id=$(printf "%s" "$clientID" | _url_encode)&client_secret=$(printf "%s" "$clientSecret" | _url_encode)&grant_type=client_credentials" + _secure_debug2 "data $body" + response="$(_post "$body" "https://login.microsoftonline.com/$tenantID/oauth2/token" "" "POST")" + _ret="$?" + _secure_debug2 "response $response" + response="$(echo "$response" | _normalizeJson)" + accesstoken=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") + expires_on=$(echo "$response" | _egrep_o "\"expires_on\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") + fi if [ -z "$accesstoken" ]; then _err "no acccess token received. Check your Azure settings see $WIKI" From 190ec0c14c4f7816a3227fa07ca99007d24c34fb Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Mon, 24 Jan 2022 16:47:47 +0100 Subject: [PATCH 0667/1526] Adapt dns_world4you to new world4you website behaviour --- dnsapi/dns_world4you.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 231c34b3..fd124754 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -24,7 +24,7 @@ dns_world4you_add() { fi export _H1="Cookie: W4YSESSID=$sessid" - form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") + form=$(_get "$WORLD4YOU_API/") _get_paketnr "$fqdn" "$form" paketnr="$PAKETNR" if [ -z "$paketnr" ]; then @@ -87,7 +87,7 @@ dns_world4you_rm() { fi export _H1="Cookie: W4YSESSID=$sessid" - form=$(_get "$WORLD4YOU_API/dashboard/paketuebersicht") + form=$(_get "$WORLD4YOU_API/") _get_paketnr "$fqdn" "$form" paketnr="$PAKETNR" if [ -z "$paketnr" ]; then @@ -184,7 +184,7 @@ _get_paketnr() { fqdn="$1" form="$2" - domains=$(echo "$form" | grep '^ *[A-Za-z0-9_\.-]*\.[A-Za-z0-9_-]*$' | sed 's/^ *\(.*\)$/\1/') + domains=$(echo "$form" | grep 'header-paket-domain' | sed 's/<[^>]*>//g' | sed 's/^.*>\([^>]*\)$/\1/') domain='' for domain in $domains; do if _contains "$fqdn" "$domain\$"; then From 90b65c6618dbb00f1718667979f8aa375df67fd0 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 27 Jan 2022 18:00:44 +0800 Subject: [PATCH 0668/1526] fix https://github.com/acmesh-official/acme.sh/issues/3898 https://github.com/acmesh-official/acme.sh/issues/3898 --- acme.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 78684267..11286130 100755 --- a/acme.sh +++ b/acme.sh @@ -1253,7 +1253,8 @@ _createcsr() { domainlist="$(_idn "$domainlist")" _debug2 domainlist "$domainlist" alt="$(_getIdType "$domain" | _upper_case):$(_idn "$domain")" - for dl in $(echo "$domainlist" | tr "," ' '); do + for dl in $(echo "'$domainlist'" | sed "s/,/' '/g"); do + dl=$(echo "$dl" | tr -d "'") alt="$alt,$(_getIdType "$dl" | _upper_case):$dl" done #multi From a7f2d89e3fcb3afeb219a5ffd29cc24c3bd1ec75 Mon Sep 17 00:00:00 2001 From: Andreas Scherer Date: Tue, 1 Feb 2022 14:46:20 +0100 Subject: [PATCH 0669/1526] Added united-domains Reselling DNS API --- dnsapi/dns_udr.sh | 160 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100644 dnsapi/dns_udr.sh diff --git a/dnsapi/dns_udr.sh b/dnsapi/dns_udr.sh new file mode 100644 index 00000000..5215e193 --- /dev/null +++ b/dnsapi/dns_udr.sh @@ -0,0 +1,160 @@ +#!/usr/bin/env sh + +# united-domains Reselling (https://www.ud-reselling.com/) DNS API +# Author: Andreas Scherer (https://github.com/andischerer) +# Created: 2021-02-01 +# +# Set the environment variables as below: +# +# export UDR_USER="your_username_goes_here" +# export UDR_PASS="some_password_goes_here" +# + +UDR_API="https://api.domainreselling.de/api/call.cgi" +UDR_TTL="300" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "some_long_string_of_characters_go_here_from_lets_encrypt" +dns_udr_add() { + fulldomain=$1 + txtvalue=$2 + export txtvalue + UDR_USER="${UDR_USER:-$(_readaccountconf_mutable UDR_USER)}" + UDR_PASS="${UDR_PASS:-$(_readaccountconf_mutable UDR_PASS)}" + if [ -z "$UDR_USER" ] || [ -z "$UDR_PASS" ]; then + UDR_USER="" + UDR_PASS="" + _err "You didn't specify an UD-Reselling username and password yet" + return 1 + fi + # save the username and password to the account conf file. + _saveaccountconf_mutable UDR_USER "$UDR_USER" + _saveaccountconf_mutable UDR_PASS "$UDR_PASS" + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + _debug _dnszone "${_dnszone}" + + _debug "Getting txt records" + if ! _udr_rest "QueryDNSZoneRRList" "dnszone=${_dnszone}"; then + return 1 + fi + + rr="${fulldomain}. ${UDR_TTL} IN TXT ${txtvalue}" + _debug resource_record "${rr}" + if _contains "$response" "$rr" >/dev/null; then + _err "Error, it would appear that this record already exists. Please review existing TXT records for this domain." + return 1 + fi + + _info "Adding record" + if ! _udr_rest "UpdateDNSZone" "dnszone=${_dnszone}&addrr0=${rr}"; then + _err "Adding the record did not succeed, please verify/check." + return 1 + fi + + _info "Added, OK" + return 0 +} + +dns_udr_rm() { + fulldomain=$1 + txtvalue=$2 + export txtvalue + UDR_USER="${UDR_USER:-$(_readaccountconf_mutable UDR_USER)}" + UDR_PASS="${UDR_PASS:-$(_readaccountconf_mutable UDR_PASS)}" + if [ -z "$UDR_USER" ] || [ -z "$UDR_PASS" ]; then + UDR_USER="" + UDR_PASS="" + _err "You didn't specify an UD-Reselling username and password yet" + return 1 + fi + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _dnszone "${_dnszone}" + + _debug "Getting txt records" + if ! _udr_rest "QueryDNSZoneRRList" "dnszone=${_dnszone}"; then + return 1 + fi + + rr="${fulldomain}. ${UDR_TTL} IN TXT ${txtvalue}" + _debug resource_record "${rr}" + if _contains "$response" "$rr" >/dev/null; then + if ! _udr_rest "UpdateDNSZone" "dnszone=${_dnszone}&delrr0=${rr}"; then + _err "Deleting the record did not succeed, please verify/check." + return 1 + fi + _info "Removed, OK" + return 0 + else + _info "Text record is not present, will not delete anything." + return 0 + fi +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +_get_root() { + domain=$1 + i=2 + + if ! _udr_rest "QueryDNSZoneList" ""; then + return 1 + fi + + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if _contains "${response}" "${h}." >/dev/null; then + _dnszone=$(echo "$response" | _egrep_o "${h}") + if [ "$_dnszone" ]; then + return 0 + fi + return 1 + fi + i=$(_math "$i" + 1) + done + return 1 +} + +_udr_rest() { + if [ -n "$2" ]; then + data="command=$1&$2" + else + data="command=$1" + fi + + _debug data "${data}" + response="$(_post "${data}" "${UDR_API}?s_login=${UDR_USER}&s_pw=${UDR_PASS}" "" "POST")" + + _code=$(echo "$response" | _egrep_o "code = ([0-9]+)" | _head_n 1 | cut -d = -f 2 | xargs) + _description=$(echo "$response" | _egrep_o "description = .*" | _head_n 1 | cut -d = -f 2 | xargs) + + _debug response_code "$_code" + _debug response_description "$_description" + + if [ ! "$_code" = "200" ]; then + _err "DNS-API-Error: $_description" + return 1 + fi + + return 0 +} From 36752cb6a88d5beb347a7951d14ee64ec5f5d19a Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Feb 2022 13:49:58 +0800 Subject: [PATCH 0670/1526] Update acme.sh fix zerossl endpoint --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 11286130..18456968 100755 --- a/acme.sh +++ b/acme.sh @@ -29,7 +29,7 @@ CA_BUYPASS="https://api.buypass.com/acme/directory" CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory" CA_ZEROSSL="https://acme.zerossl.com/v2/DV90" -_ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email" +_ZERO_EAB_ENDPOINT="https://api.zerossl.com/acme/eab-credentials-email" CA_SSLCOM_RSA="https://acme.ssl.com/sslcom-dv-rsa" CA_SSLCOM_ECC="https://acme.ssl.com/sslcom-dv-ecc" From 0f762d98a43546c82aa8eb14fdcffbea1e5cd358 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 4 Feb 2022 13:52:23 +0800 Subject: [PATCH 0671/1526] Update Linux.yml use centos:7 --- .github/workflows/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index 7b24eac9..63e3136c 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -20,7 +20,7 @@ jobs: Linux: strategy: matrix: - os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"] + os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:7", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"] runs-on: ubuntu-latest env: TEST_LOCAL: 1 From 9ec4b59afb13dd081b114d43eb44ccf6a3eabe3f Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 5 Feb 2022 21:28:07 +0800 Subject: [PATCH 0672/1526] start v3.0.3 start v3.0.3 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 18456968..f355372d 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=3.0.2 +VER=3.0.3 PROJECT_NAME="acme.sh" From 38a19fa574a5df27e2537dd3d4bcde49c92b3a7b Mon Sep 17 00:00:00 2001 From: peterlh Date: Sat, 5 Feb 2022 20:54:30 +0100 Subject: [PATCH 0673/1526] created dns_curanet.sh --- dnsapi/dns_curanet.sh | 142 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 142 insertions(+) create mode 100644 dnsapi/dns_curanet.sh diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh new file mode 100644 index 00000000..0cdf9592 --- /dev/null +++ b/dnsapi/dns_curanet.sh @@ -0,0 +1,142 @@ +#!/usr/bin/env sh + +#Script to use with curanet.dk, scannet.dk, wannafind.dk, dandomain.dk DNS management. +# +#Author: Peter L. Hansen + +CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains" +CURANET_AUTH_URL="https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token" +CURANET_ACCESS_TOKEN="" + +######## Public functions ##################### + +#Usage: dns_curanet_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_curanet_add() { + fulldomain=$1 + txtvalue=$2 + _info "Using curanet" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}" + CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}" + if [ -z "$CURANET_AUTHCLIENTID" ] || [ -z "$CURANET_AUTHSECRET" ]; then + CURANET_AUTHCLIENTID="" + CURANET_AUTHSECRET="" + _err "You don't specify curanet api client and secret." + _err "Please create your auth info and try again." + return 1 + fi + + #save the credentials to the account conf file. + _saveaccountconf_mutable CURANET_AUTHCLIENTID "$CURANET_AUTHCLIENTID" + _saveaccountconf_mutable CURANET_AUTHSECRET "$CURANET_AUTHSECRET" + + gettoken + + _get_root "$fulldomain" + + export _H1="Content-Type: application/json-patch+json" + export _H2="Accept: application/json" + export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN" + data="{\"name\": \"$fulldomain\",\"type\": \"TXT\",\"ttl\": 60,\"priority\": 0,\"data\": \"$txtvalue\"}" + response="$(_post "$data" "$CURANET_REST_URL/${_domain}/Records" "" "")" + + if _contains "$response" "$txtvalue"; then + _debug "TXT record added OK" + else + _err "Unable to add TXT record" + return 1 + fi + + return 0 +} + +#Usage: fulldomain txtvalue +#Remove the txt record after validation. +dns_curanet_rm() { + fulldomain=$1 + txtvalue=$2 + _info "Using curanet" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}" + CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}" + + gettoken + + _get_root "$fulldomain" + + _debug "Getting current record list to identify TXT to delete" + + export _H1="Content-Type: application/json" + export _H2="Accept: application/json" + export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN" + + response="$(_get "$CURANET_REST_URL/${_domain}/Records" "" "")" + + if ! _contains "$response" "$txtvalue"; then + _err "Unable to delete record (does not contain $txtvalue )" + return 1 + fi + + recordid=$(echo "$response" | _egrep_o "{\"id\":[0-9]+,\"name\":\"$fulldomain\"" | _egrep_o "id\":[0-9]+" | cut -c 5-) + + re='^[0-9]+$' + if ! [[ $recordid =~ $re ]] ; then + err "Unable to delete record (did not find recordID to delete)" + return 1 + fi + + _debug "Deleting recordID $recordid" + + response="$(_post "" "$CURANET_REST_URL/${_domain}/Records/$recordid" "" "DELETE")" + + return 0; + +} + +#################### Private functions below ################################## + +gettoken() { + CURANET_ACCESS_TOKEN=$(curl -s $CURANET_AUTH_URL -d "grant_type=client_credentials&client_id=$CURANET_AUTHCLIENTID&client_secret=$CURANET_AUTHSECRET&scope=dns" | jq -r '.access_token') + +} + + +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=1 + p=1 + + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + + export _H1="Content-Type: application/json" + export _H2="Accept: application/json" + export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN" + response="$(_get "$CURANET_REST_URL/$h/Records" "" "")" + + if [ ! "$(echo "$response" | _egrep_o "Entity not found")" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain=$h + return 0 + fi + + p=$i + i=$(_math "$i" + 1) + done + return 1 +} + From a2bb6a4f1f2b0824a7a74725c977a17ce0e77b31 Mon Sep 17 00:00:00 2001 From: peterlh Date: Sat, 5 Feb 2022 21:07:04 +0100 Subject: [PATCH 0674/1526] changed gettoken to use _post changed gettoken to use _post instead of curl+jq --- dnsapi/dns_curanet.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index 0cdf9592..3d2fdb14 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -100,7 +100,16 @@ dns_curanet_rm() { #################### Private functions below ################################## gettoken() { - CURANET_ACCESS_TOKEN=$(curl -s $CURANET_AUTH_URL -d "grant_type=client_credentials&client_id=$CURANET_AUTHCLIENTID&client_secret=$CURANET_AUTHSECRET&scope=dns" | jq -r '.access_token') + + response="$(_post "grant_type=client_credentials&client_id=$CURANET_AUTHCLIENTID&client_secret=$CURANET_AUTHSECRET&scope=dns" "$CURANET_AUTH_URL" "" "")" + + if ! _contains "$response" "access_token"; then + _err "Unable get access token" + return 1 + fi + + CURANET_ACCESS_TOKEN=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]+\"" | cut -c 17-) + CURANET_ACCESS_TOKEN=${CURANET_ACCESS_TOKEN::-1} } From 10a15e1188b51faa004823079070b3d84b5e3329 Mon Sep 17 00:00:00 2001 From: peter Date: Sat, 5 Feb 2022 21:12:36 +0100 Subject: [PATCH 0675/1526] nothing --- dnsapi/dns_curanet.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index 3d2fdb14..e8804767 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -1,7 +1,6 @@ #!/usr/bin/env sh #Script to use with curanet.dk, scannet.dk, wannafind.dk, dandomain.dk DNS management. -# #Author: Peter L. Hansen CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains" From dc61c9e277f4d34d34e141e4fe56afdb0e44fab6 Mon Sep 17 00:00:00 2001 From: peter Date: Sat, 5 Feb 2022 22:21:18 +0100 Subject: [PATCH 0676/1526] description --- dnsapi/dns_curanet.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index e8804767..ab5462b1 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -1,6 +1,7 @@ #!/usr/bin/env sh #Script to use with curanet.dk, scannet.dk, wannafind.dk, dandomain.dk DNS management. +#Requires api credentials with scope: dns #Author: Peter L. Hansen CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains" From af193291faf5b9765feedaae12f237b0f16fa518 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 6 Feb 2022 16:16:59 +0800 Subject: [PATCH 0677/1526] Update acme.sh fix https://github.com/acmesh-official/acme.sh/issues/3127#issuecomment-1030742187 --- acme.sh | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/acme.sh b/acme.sh index f355372d..55fa4467 100755 --- a/acme.sh +++ b/acme.sh @@ -1141,13 +1141,19 @@ _createkey() { _debug "Use length $length" - if ! touch "$f" >/dev/null 2>&1; then - _f_path="$(dirname "$f")" - _debug _f_path "$_f_path" - if ! mkdir -p "$_f_path"; then - _err "Can not create path: $_f_path" + if ! [ -e "$f" ]; then + if ! touch "$f" >/dev/null 2>&1; then + _f_path="$(dirname "$f")" + _debug _f_path "$_f_path" + if ! mkdir -p "$_f_path"; then + _err "Can not create path: $_f_path" + return 1 + fi + fi + if ! touch "$f" >/dev/null 2>&1; then return 1 fi + chmod 600 "$f" fi if _isEccKey "$length"; then @@ -1495,7 +1501,6 @@ _create_account_key() { else #generate account key if _createkey "$length" "$ACCOUNT_KEY_PATH"; then - chmod 600 "$ACCOUNT_KEY_PATH" _info "Create account key ok." return 0 else @@ -5611,8 +5616,9 @@ _installcert() { if [ -f "$_real_key" ]; then cat "$CERT_KEY_PATH" >"$_real_key" || return 1 else - cat "$CERT_KEY_PATH" >"$_real_key" || return 1 + touch "$_real_key" || return 1 chmod 600 "$_real_key" + cat "$CERT_KEY_PATH" >"$_real_key" || return 1 fi fi From 5ae3a020bd056bd5e595c0c0bd3cef57754c974a Mon Sep 17 00:00:00 2001 From: John Elliott Date: Fri, 4 Feb 2022 18:25:02 -0800 Subject: [PATCH 0678/1526] Add err log for missing oathtool in Synology Alerts the user that the oathtool is missing and the TOTP can't be generated. --- deploy/synology_dsm.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 66e28f93..3ef243ca 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -94,6 +94,11 @@ synology_dsm_deploy() { otp_code="" if [ -n "$SYNO_TOTP_SECRET" ]; then + if ! command -v oathtool &> /dev/null + then + _err "oathtool could not be found, install oathtool to use SYNO_TOTP_SECRET" + exit 1 + fi otp_code="$(oathtool --base32 --totp "${SYNO_TOTP_SECRET}" 2>/dev/null)" fi From 5ce8050e46202c1f2466a1714794a664358a983e Mon Sep 17 00:00:00 2001 From: John Elliott Date: Mon, 7 Feb 2022 11:55:55 -0800 Subject: [PATCH 0679/1526] Update missing oathtool check --- deploy/synology_dsm.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 3ef243ca..29e7de65 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -94,12 +94,12 @@ synology_dsm_deploy() { otp_code="" if [ -n "$SYNO_TOTP_SECRET" ]; then - if ! command -v oathtool &> /dev/null - then + if _exists oathtool; then + otp_code="$(oathtool --base32 --totp "${SYNO_TOTP_SECRET}" 2>/dev/null)" + else _err "oathtool could not be found, install oathtool to use SYNO_TOTP_SECRET" exit 1 fi - otp_code="$(oathtool --base32 --totp "${SYNO_TOTP_SECRET}" 2>/dev/null)" fi if [ -n "$SYNO_DID" ]; then From 3a99a77104861c7cb24c401f99e7f3ed23033856 Mon Sep 17 00:00:00 2001 From: John Elliott Date: Mon, 7 Feb 2022 21:55:12 -0800 Subject: [PATCH 0680/1526] Update return statement --- deploy/synology_dsm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 29e7de65..f30f82c0 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -98,7 +98,7 @@ synology_dsm_deploy() { otp_code="$(oathtool --base32 --totp "${SYNO_TOTP_SECRET}" 2>/dev/null)" else _err "oathtool could not be found, install oathtool to use SYNO_TOTP_SECRET" - exit 1 + return 1 fi fi From f3a0a25380dcd2e741f8715cd499f152556bdddf Mon Sep 17 00:00:00 2001 From: Andreas Scherer Date: Tue, 8 Feb 2022 08:05:48 +0100 Subject: [PATCH 0681/1526] FIX dns_udr api: ttl, xargs, cleanup --- dnsapi/dns_udr.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_udr.sh b/dnsapi/dns_udr.sh index 5215e193..305fc2b3 100644 --- a/dnsapi/dns_udr.sh +++ b/dnsapi/dns_udr.sh @@ -11,7 +11,7 @@ # UDR_API="https://api.domainreselling.de/api/call.cgi" -UDR_TTL="300" +UDR_TTL="30" ######## Public functions ##################### @@ -19,7 +19,7 @@ UDR_TTL="300" dns_udr_add() { fulldomain=$1 txtvalue=$2 - export txtvalue + UDR_USER="${UDR_USER:-$(_readaccountconf_mutable UDR_USER)}" UDR_PASS="${UDR_PASS:-$(_readaccountconf_mutable UDR_PASS)}" if [ -z "$UDR_USER" ] || [ -z "$UDR_PASS" ]; then @@ -64,7 +64,7 @@ dns_udr_add() { dns_udr_rm() { fulldomain=$1 txtvalue=$2 - export txtvalue + UDR_USER="${UDR_USER:-$(_readaccountconf_mutable UDR_USER)}" UDR_PASS="${UDR_PASS:-$(_readaccountconf_mutable UDR_PASS)}" if [ -z "$UDR_USER" ] || [ -z "$UDR_PASS" ]; then @@ -145,8 +145,8 @@ _udr_rest() { _debug data "${data}" response="$(_post "${data}" "${UDR_API}?s_login=${UDR_USER}&s_pw=${UDR_PASS}" "" "POST")" - _code=$(echo "$response" | _egrep_o "code = ([0-9]+)" | _head_n 1 | cut -d = -f 2 | xargs) - _description=$(echo "$response" | _egrep_o "description = .*" | _head_n 1 | cut -d = -f 2 | xargs) + _code=$(echo "$response" | _egrep_o "code = ([0-9]+)" | _head_n 1 | cut -d = -f 2 | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') + _description=$(echo "$response" | _egrep_o "description = .*" | _head_n 1 | cut -d = -f 2 | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//') _debug response_code "$_code" _debug response_description "$_description" From fac4e151cc739cc9993ff9f5ea7a08e4b37f2e13 Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 8 Feb 2022 13:19:22 +0100 Subject: [PATCH 0682/1526] description --- dnsapi/dns_curanet.sh | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index ab5462b1..92147bc7 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -83,12 +83,6 @@ dns_curanet_rm() { recordid=$(echo "$response" | _egrep_o "{\"id\":[0-9]+,\"name\":\"$fulldomain\"" | _egrep_o "id\":[0-9]+" | cut -c 5-) - re='^[0-9]+$' - if ! [[ $recordid =~ $re ]] ; then - err "Unable to delete record (did not find recordID to delete)" - return 1 - fi - _debug "Deleting recordID $recordid" response="$(_post "" "$CURANET_REST_URL/${_domain}/Records/$recordid" "" "DELETE")" @@ -108,8 +102,7 @@ gettoken() { return 1 fi - CURANET_ACCESS_TOKEN=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]+\"" | cut -c 17-) - CURANET_ACCESS_TOKEN=${CURANET_ACCESS_TOKEN::-1} + CURANET_ACCESS_TOKEN=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]+" | cut -c 17-) } From f8532ba812298274f544a1702faec014704fea8c Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 8 Feb 2022 13:21:02 +0100 Subject: [PATCH 0683/1526] removed unused variable --- dnsapi/dns_curanet.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index 92147bc7..98f2edd5 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -109,7 +109,6 @@ gettoken() { #_acme-challenge.www.domain.com #returns -# _sub_domain=_acme-challenge.www # _domain=domain.com # _domain_id=sdjkglgdfewsdfg _get_root() { @@ -131,7 +130,6 @@ _get_root() { response="$(_get "$CURANET_REST_URL/$h/Records" "" "")" if [ ! "$(echo "$response" | _egrep_o "Entity not found")" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h return 0 fi From a5f943e22751cf52d90e800a9b918d9bf4be9617 Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 8 Feb 2022 13:24:31 +0100 Subject: [PATCH 0684/1526] removed unused variable --- dnsapi/dns_curanet.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index 98f2edd5..3df0bf44 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -114,7 +114,6 @@ gettoken() { _get_root() { domain=$1 i=1 - p=1 while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) @@ -134,7 +133,6 @@ _get_root() { return 0 fi - p=$i i=$(_math "$i" + 1) done return 1 From af5c36e4ad3f36367f19a8eaa1af8702235a48b0 Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 8 Feb 2022 13:32:15 +0100 Subject: [PATCH 0685/1526] shfmt' --- dnsapi/dns_curanet.sh | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index 3df0bf44..7c5f2fca 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -35,7 +35,7 @@ dns_curanet_add() { gettoken _get_root "$fulldomain" - + export _H1="Content-Type: application/json-patch+json" export _H2="Accept: application/json" export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN" @@ -43,7 +43,7 @@ dns_curanet_add() { response="$(_post "$data" "$CURANET_REST_URL/${_domain}/Records" "" "")" if _contains "$response" "$txtvalue"; then - _debug "TXT record added OK" + _debug "TXT record added OK" else _err "Unable to add TXT record" return 1 @@ -60,14 +60,14 @@ dns_curanet_rm() { _info "Using curanet" _debug fulldomain "$fulldomain" _debug txtvalue "$txtvalue" - + CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}" CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}" gettoken _get_root "$fulldomain" - + _debug "Getting current record list to identify TXT to delete" export _H1="Content-Type: application/json" @@ -88,25 +88,19 @@ dns_curanet_rm() { response="$(_post "" "$CURANET_REST_URL/${_domain}/Records/$recordid" "" "DELETE")" return 0; - } #################### Private functions below ################################## gettoken() { - response="$(_post "grant_type=client_credentials&client_id=$CURANET_AUTHCLIENTID&client_secret=$CURANET_AUTHSECRET&scope=dns" "$CURANET_AUTH_URL" "" "")" - if ! _contains "$response" "access_token"; then _err "Unable get access token" return 1 fi - CURANET_ACCESS_TOKEN=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]+" | cut -c 17-) - } - #_acme-challenge.www.domain.com #returns # _domain=domain.com @@ -132,9 +126,8 @@ _get_root() { _domain=$h return 0 fi - + i=$(_math "$i" + 1) done return 1 -} - +} \ No newline at end of file From 9fb89d7fd2155f113c65c2a31d70efe631647bef Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 8 Feb 2022 13:33:43 +0100 Subject: [PATCH 0686/1526] shfmt --- dnsapi/dns_curanet.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index 7c5f2fca..a4e9bd97 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -82,11 +82,8 @@ dns_curanet_rm() { fi recordid=$(echo "$response" | _egrep_o "{\"id\":[0-9]+,\"name\":\"$fulldomain\"" | _egrep_o "id\":[0-9]+" | cut -c 5-) - _debug "Deleting recordID $recordid" - response="$(_post "" "$CURANET_REST_URL/${_domain}/Records/$recordid" "" "DELETE")" - return 0; } From ee0fadf2470d3c0e2197c9d495e95634cec76336 Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 8 Feb 2022 13:34:42 +0100 Subject: [PATCH 0687/1526] shfmt --- dnsapi/dns_curanet.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index a4e9bd97..9cf7171e 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -84,7 +84,7 @@ dns_curanet_rm() { recordid=$(echo "$response" | _egrep_o "{\"id\":[0-9]+,\"name\":\"$fulldomain\"" | _egrep_o "id\":[0-9]+" | cut -c 5-) _debug "Deleting recordID $recordid" response="$(_post "" "$CURANET_REST_URL/${_domain}/Records/$recordid" "" "DELETE")" - return 0; + return 0 } #################### Private functions below ################################## @@ -127,4 +127,4 @@ _get_root() { i=$(_math "$i" + 1) done return 1 -} \ No newline at end of file +} From 2c0cc87b4cfa6352d3dfebbf9aa86ab4a5ce0ac0 Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 8 Feb 2022 13:49:04 +0100 Subject: [PATCH 0688/1526] final commit --- dnsapi/dns_curanet.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index 9cf7171e..90560c3c 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -3,6 +3,7 @@ #Script to use with curanet.dk, scannet.dk, wannafind.dk, dandomain.dk DNS management. #Requires api credentials with scope: dns #Author: Peter L. Hansen +#Version 1.0 CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains" CURANET_AUTH_URL="https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token" From 888d91d14a693c80069ad128a0df10b5bb77cbf3 Mon Sep 17 00:00:00 2001 From: Andreas Scherer Date: Tue, 8 Feb 2022 15:57:19 +0100 Subject: [PATCH 0689/1526] FIX dns_udr api: loop variable --- dnsapi/dns_udr.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_udr.sh b/dnsapi/dns_udr.sh index 305fc2b3..caada826 100644 --- a/dnsapi/dns_udr.sh +++ b/dnsapi/dns_udr.sh @@ -108,7 +108,7 @@ dns_udr_rm() { # _domain=domain.com _get_root() { domain=$1 - i=2 + i=1 if ! _udr_rest "QueryDNSZoneList" ""; then return 1 From 0c9a6da623460b77f025d988573b53ad4666a67f Mon Sep 17 00:00:00 2001 From: peter Date: Tue, 8 Feb 2022 17:18:48 +0100 Subject: [PATCH 0690/1526] more specific delete of records --- dnsapi/dns_curanet.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index 90560c3c..b7726b77 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -82,7 +82,7 @@ dns_curanet_rm() { return 1 fi - recordid=$(echo "$response" | _egrep_o "{\"id\":[0-9]+,\"name\":\"$fulldomain\"" | _egrep_o "id\":[0-9]+" | cut -c 5-) + recordid=$(echo "$response" | _egrep_o "{\"id\":[0-9]+,\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":60,\"priority\":0,\"data\":\"..$txtvalue" | _egrep_o "id\":[0-9]+" | cut -c 5-) _debug "Deleting recordID $recordid" response="$(_post "" "$CURANET_REST_URL/${_domain}/Records/$recordid" "" "DELETE")" return 0 From 2c2a43e1ecfc8482888d392cef793f4980a73adc Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 9 Feb 2022 18:08:55 +0800 Subject: [PATCH 0691/1526] Update dns_cf.sh if CF_Zone_ID is used, save it to domain conf instead. --- dnsapi/dns_cf.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_cf.sh b/dnsapi/dns_cf.sh index 36799dcd..c2430086 100755 --- a/dnsapi/dns_cf.sh +++ b/dnsapi/dns_cf.sh @@ -25,9 +25,15 @@ dns_cf_add() { CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}" if [ "$CF_Token" ]; then - _saveaccountconf_mutable CF_Token "$CF_Token" - _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID" - _saveaccountconf_mutable CF_Zone_ID "$CF_Zone_ID" + if [ "$CF_Zone_ID" ]; then + _savedomainconf CF_Token "$CF_Token" + _savedomainconf CF_Account_ID "$CF_Account_ID" + _savedomainconf CF_Zone_ID "$CF_Zone_ID" + else + _saveaccountconf_mutable CF_Token "$CF_Token" + _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID" + _saveaccountconf_mutable CF_Zone_ID "$CF_Zone_ID" + fi else if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then CF_Key="" From 205e95a246c43dd7a6994ed891ef034081c9be74 Mon Sep 17 00:00:00 2001 From: Mac_Zhou Date: Thu, 10 Feb 2022 11:29:09 +0800 Subject: [PATCH 0692/1526] Add environment variables ROUTER_OS_PORT --- deploy/routeros.sh | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/deploy/routeros.sh b/deploy/routeros.sh index 9965d65c..456107c8 100644 --- a/deploy/routeros.sh +++ b/deploy/routeros.sh @@ -23,6 +23,7 @@ # ```sh # export ROUTER_OS_USERNAME=certuser # export ROUTER_OS_HOST=router.example.com +# export ROUTER_OS_PORT=22 # # acme.sh --deploy -d ftp.example.com --deploy-hook routeros # ``` @@ -80,6 +81,13 @@ routeros_deploy() { return 1 fi + _getdeployconf ROUTER_OS_PORT + + if [ -z "$ROUTER_OS_PORT" ]; then + _debug "Using default port 22 as ROUTER_OS_PORT, please set if not correct." + ROUTER_OS_PORT=22 + fi + _getdeployconf ROUTER_OS_ADDITIONAL_SERVICES if [ -z "$ROUTER_OS_ADDITIONAL_SERVICES" ]; then @@ -89,12 +97,13 @@ routeros_deploy() { _savedeployconf ROUTER_OS_HOST "$ROUTER_OS_HOST" _savedeployconf ROUTER_OS_USERNAME "$ROUTER_OS_USERNAME" + _savedeployconf ROUTER_OS_PORT "$ROUTER_OS_PORT" _savedeployconf ROUTER_OS_ADDITIONAL_SERVICES "$ROUTER_OS_ADDITIONAL_SERVICES" _info "Trying to push key '$_ckey' to router" - scp "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key" + scp -P "$ROUTER_OS_PORT" "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key" _info "Trying to push cert '$_cfullchain' to router" - scp "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer" + scp -P "$ROUTER_OS_PORT" "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer" DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=admin policy=ftp,read,write,password,sensitive \ source=\"## generated by routeros deploy script in acme.sh;\ \n/certificate remove [ find name=$_cdomain.cer_0 ];\ @@ -111,11 +120,11 @@ source=\"## generated by routeros deploy script in acme.sh;\ \n\" " # shellcheck disable=SC2029 - ssh "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "$DEPLOY_SCRIPT_CMD" + ssh -p "$ROUTER_OS_PORT" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "$DEPLOY_SCRIPT_CMD" # shellcheck disable=SC2029 - ssh "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script run \"LE Cert Deploy - $_cdomain\"" + ssh -p "$ROUTER_OS_PORT" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script run \"LE Cert Deploy - $_cdomain\"" # shellcheck disable=SC2029 - ssh "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script remove \"LE Cert Deploy - $_cdomain\"" + ssh -p "$ROUTER_OS_PORT" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script remove \"LE Cert Deploy - $_cdomain\"" return 0 } From 01ace11293f4cf27f8e761114f48148bbcbad063 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 11 Feb 2022 21:11:04 +0800 Subject: [PATCH 0693/1526] Update dns_ispconfig.sh fix https://github.com/acmesh-official/acme.sh/issues/3895#issuecomment-1035409954 --- dnsapi/dns_ispconfig.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_ispconfig.sh b/dnsapi/dns_ispconfig.sh index 765e0eb5..e68ddd49 100755 --- a/dnsapi/dns_ispconfig.sh +++ b/dnsapi/dns_ispconfig.sh @@ -32,7 +32,7 @@ dns_ispconfig_rm() { #################### Private functions below ################################## _ISPC_credentials() { - if [ -z "${ISPC_User}" ] || [ -z "$ISPC_Password" ] || [ -z "${ISPC_Api}" ] || [ -n "${ISPC_Api_Insecure}" ]; then + if [ -z "${ISPC_User}" ] || [ -z "$ISPC_Password" ] || [ -z "${ISPC_Api}" ] || [ -z "${ISPC_Api_Insecure}" ]; then ISPC_User="" ISPC_Password="" ISPC_Api="" From aaae83efec5eed7182a0dca78c313cde27100de2 Mon Sep 17 00:00:00 2001 From: peter Date: Sat, 12 Feb 2022 20:18:08 +0100 Subject: [PATCH 0694/1526] check for return values --- dnsapi/dns_curanet.sh | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index b7726b77..d446c64a 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -33,9 +33,15 @@ dns_curanet_add() { _saveaccountconf_mutable CURANET_AUTHCLIENTID "$CURANET_AUTHCLIENTID" _saveaccountconf_mutable CURANET_AUTHSECRET "$CURANET_AUTHSECRET" - gettoken + if ! _get_token; then + _err "Unable to get token" + return 1 + fi - _get_root "$fulldomain" + if ! _get_root "$fulldomain"; then + _err "Invalid domain" + return 1 + fi export _H1="Content-Type: application/json-patch+json" export _H2="Accept: application/json" @@ -65,9 +71,15 @@ dns_curanet_rm() { CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}" CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}" - gettoken + if ! _get_token; then + _err "Unable to get token" + return 1 + fi - _get_root "$fulldomain" + if ! _get_root "$fulldomain"; then + _err "Invalid domain" + return 1 + fi _debug "Getting current record list to identify TXT to delete" @@ -90,13 +102,19 @@ dns_curanet_rm() { #################### Private functions below ################################## -gettoken() { +_get_token() { response="$(_post "grant_type=client_credentials&client_id=$CURANET_AUTHCLIENTID&client_secret=$CURANET_AUTHSECRET&scope=dns" "$CURANET_AUTH_URL" "" "")" if ! _contains "$response" "access_token"; then _err "Unable get access token" return 1 fi CURANET_ACCESS_TOKEN=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]+" | cut -c 17-) + + if [ -z "$CURANET_ACCESS_TOKEN" ]; then + _err "Unable to get token" + return 1 + fi + } #_acme-challenge.www.domain.com From a2901d61ea4be6ca3a390f82f84ecde5c7ab7549 Mon Sep 17 00:00:00 2001 From: peter Date: Sat, 12 Feb 2022 23:39:33 +0100 Subject: [PATCH 0695/1526] check for return values --- dnsapi/dns_curanet.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index d446c64a..c59c2350 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -115,6 +115,8 @@ _get_token() { return 1 fi + return 0; + } #_acme-challenge.www.domain.com From af08d67fadc0382abdd066d1b8c97b32c33aef0f Mon Sep 17 00:00:00 2001 From: peter Date: Sat, 12 Feb 2022 23:41:26 +0100 Subject: [PATCH 0696/1526] rem. ; --- dnsapi/dns_curanet.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index c59c2350..ef6b0dc3 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -115,7 +115,7 @@ _get_token() { return 1 fi - return 0; + return 0 } From 9a677534a7dea0e8a9efdb996979bcfa0b0a12ff Mon Sep 17 00:00:00 2001 From: peter Date: Sun, 13 Feb 2022 14:00:14 +0100 Subject: [PATCH 0697/1526] added more debug info when rm recordid is empty --- dnsapi/dns_curanet.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index ef6b0dc3..4b39f365 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -95,6 +95,14 @@ dns_curanet_rm() { fi recordid=$(echo "$response" | _egrep_o "{\"id\":[0-9]+,\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":60,\"priority\":0,\"data\":\"..$txtvalue" | _egrep_o "id\":[0-9]+" | cut -c 5-) + + if [ -z "$recordid" ]; then + _err "Unable to get recordid" + _debug "regex {\"id\":[0-9]+,\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":60,\"priority\":0,\"data\":\"..$txtvalue" + _debug "response $response" + return 1 + fi + _debug "Deleting recordID $recordid" response="$(_post "" "$CURANET_REST_URL/${_domain}/Records/$recordid" "" "DELETE")" return 0 From 2982e9943e522773dd7e84d5f7252c0d6051b0d8 Mon Sep 17 00:00:00 2001 From: Marvo2011 Date: Thu, 17 Feb 2022 19:02:35 +0100 Subject: [PATCH 0698/1526] Add custom option to map multidomain RIDs --- dnsapi/dns_selfhost.sh | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 8c6e9a91..1ebc6596 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -2,7 +2,7 @@ # # Author: Marvin Edeler # Report Bugs here: https://github.com/Marvo2011/acme.sh/issues/1 -# Last Edit: 09.01.2022 +# Last Edit: 17.02.2022 dns_selfhost_add() { domain=$1 @@ -14,6 +14,7 @@ dns_selfhost_add() { SELFHOSTDNS_UPDATE_URL="https://selfhost.de/cgi-bin/api.pl" SELFHOSTDNS_USERNAME="${SELFHOSTDNS_USERNAME:-$(_readaccountconf_mutable SELFHOSTDNS_USERNAME)}" SELFHOSTDNS_PASSWORD="${SELFHOSTDNS_PASSWORD:-$(_readaccountconf_mutable SELFHOSTDNS_PASSWORD)}" + SELFHOSTDNS_MAP="${SELFHOSTDNS_MAP:-$(_readaccountconf_mutable SELFHOSTDNS_MAP)}" SELFHOSTDNS_RID="${SELFHOSTDNS_RID:-$(_readaccountconf_mutable SELFHOSTDNS_RID)}" SELFHOSTDNS_RID2="${SELFHOSTDNS_RID2:-$(_readaccountconf_mutable SELFHOSTDNS_RID2)}" SELFHOSTDNS_LAST_SLOT="$(_readaccountconf_mutable SELFHOSTDNS_LAST_SLOT)" @@ -24,15 +25,19 @@ dns_selfhost_add() { _saveaccountconf_mutable SELFHOSTDNS_USERNAME "$SELFHOSTDNS_USERNAME" _saveaccountconf_mutable SELFHOSTDNS_PASSWORD "$SELFHOSTDNS_PASSWORD" + _saveaccountconf_mutable SELFHOSTDNS_MAP "$SELFHOSTDNS_MAP" _saveaccountconf_mutable SELFHOSTDNS_RID "$SELFHOSTDNS_RID" _saveaccountconf_mutable SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" - if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then - rid=$SELFHOSTDNS_RID - SELFHOSTDNS_LAST_SLOT=1 - else - rid=$SELFHOSTDNS_RID2 - SELFHOSTDNS_LAST_SLOT=2 + rid=$(echo $SELFHOSTDNS_MAP | grep -Eoi "$domain:(\d+)" | tr -d "$domain:") + if test -z "$rid"; then + if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then + rid=$SELFHOSTDNS_RID + SELFHOSTDNS_LAST_SLOT=1 + else + rid=$SELFHOSTDNS_RID2 + SELFHOSTDNS_LAST_SLOT=2 + fi fi _saveaccountconf_mutable SELFHOSTDNS_LAST_SLOT "$SELFHOSTDNS_LAST_SLOT" From 947085025882a0dda7ea7297e4320bef385e1ff1 Mon Sep 17 00:00:00 2001 From: Marvo2011 Date: Thu, 17 Feb 2022 19:08:58 +0100 Subject: [PATCH 0699/1526] Fix shellcheck, use double quote --- dnsapi/dns_selfhost.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 1ebc6596..7ad92e20 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -29,7 +29,7 @@ dns_selfhost_add() { _saveaccountconf_mutable SELFHOSTDNS_RID "$SELFHOSTDNS_RID" _saveaccountconf_mutable SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" - rid=$(echo $SELFHOSTDNS_MAP | grep -Eoi "$domain:(\d+)" | tr -d "$domain:") + rid=$(echo "$SELFHOSTDNS_MAP" | grep -Eoi "$domain:(\d+)" | tr -d "$domain:") if test -z "$rid"; then if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then rid=$SELFHOSTDNS_RID From ac0dd90c37db0105fc07b16c41ffebfc245ee738 Mon Sep 17 00:00:00 2001 From: Marvo2011 Date: Thu, 17 Feb 2022 19:30:56 +0100 Subject: [PATCH 0700/1526] Fix shfmt --- dnsapi/dns_selfhost.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 7ad92e20..d5ecd278 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -29,7 +29,8 @@ dns_selfhost_add() { _saveaccountconf_mutable SELFHOSTDNS_RID "$SELFHOSTDNS_RID" _saveaccountconf_mutable SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" - rid=$(echo "$SELFHOSTDNS_MAP" | grep -Eoi "$domain:(\d+)" | tr -d "$domain:") + rid=$(echo "$SELFHOSTDNS_MAP" | grep -Eoi "$domain:(\d+)" | tr -d "$domain:") + if test -z "$rid"; then if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then rid=$SELFHOSTDNS_RID From 8a2f673903f4386ab3f1e19f012222d713620fca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Bie=C3=9Fmann?= Date: Sat, 19 Feb 2022 13:42:32 +0100 Subject: [PATCH 0701/1526] deploy/routeros.sh: make ssh/scp configurable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In order to modify ssh/scp commands make them configurable via environment variables. Signed-off-by: Andreas Bießmann --- deploy/routeros.sh | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/deploy/routeros.sh b/deploy/routeros.sh index 456107c8..b25bd100 100644 --- a/deploy/routeros.sh +++ b/deploy/routeros.sh @@ -49,6 +49,16 @@ # One optional thing to do as well is to create a script that updates # all the required services and run that script in a single command. # +# To adopt parameters to `scp` and/or `ssh` set the optional +# `ROUTER_OS_SSH_CMD` and `ROUTER_OS_SCP_CMD` variables accordingly, +# see ssh(1) and scp(1) for parameters to those commands. +# +# Example: +# ```ssh +# export ROUTER_OS_SSH_CMD="ssh -i /acme.sh/.ssh/router.example.com -o UserKnownHostsFile=/acme.sh/.ssh/known_hosts" +# export ROUTER_OS_SCP_CMD="scp -i /acme.sh/.ssh/router.example.com -o UserKnownHostsFile=/acme.sh/.ssh/known_hosts" +# ```` +# # returns 0 means success, otherwise error. ######## Public functions ##################### @@ -88,6 +98,20 @@ routeros_deploy() { ROUTER_OS_PORT=22 fi + _getdeployconf ROUTER_OS_SSH_CMD + + if [ -z "$ROUTER_OS_SSH_CMD" ]; then + _debug "Use default ssh setup." + ROUTER_OS_SSH_CMD="ssh -p $ROUTER_OS_PORT" + fi + + _getdeployconf ROUTER_OS_SCP_CMD + + if [ -z "$ROUTER_OS_SCP_CMD" ]; then + _debug "USe default scp setup." + ROUTER_OS_SCP_CMD="scp -P $ROUTER_OS_PORT" + fi + _getdeployconf ROUTER_OS_ADDITIONAL_SERVICES if [ -z "$ROUTER_OS_ADDITIONAL_SERVICES" ]; then @@ -98,12 +122,14 @@ routeros_deploy() { _savedeployconf ROUTER_OS_HOST "$ROUTER_OS_HOST" _savedeployconf ROUTER_OS_USERNAME "$ROUTER_OS_USERNAME" _savedeployconf ROUTER_OS_PORT "$ROUTER_OS_PORT" + _savedeployconf ROUTER_OS_SSH_CMD "$ROUTER_OS_SSH_CMD" + _savedeployconf ROUTER_OS_SCP_CMD "$ROUTER_OS_SCP_CMD" _savedeployconf ROUTER_OS_ADDITIONAL_SERVICES "$ROUTER_OS_ADDITIONAL_SERVICES" _info "Trying to push key '$_ckey' to router" - scp -P "$ROUTER_OS_PORT" "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key" + $ROUTER_OS_SCP_CMD "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key" _info "Trying to push cert '$_cfullchain' to router" - scp -P "$ROUTER_OS_PORT" "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer" + $ROUTER_OS_SCP_CMD "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer" DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=admin policy=ftp,read,write,password,sensitive \ source=\"## generated by routeros deploy script in acme.sh;\ \n/certificate remove [ find name=$_cdomain.cer_0 ];\ @@ -120,11 +146,11 @@ source=\"## generated by routeros deploy script in acme.sh;\ \n\" " # shellcheck disable=SC2029 - ssh -p "$ROUTER_OS_PORT" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "$DEPLOY_SCRIPT_CMD" + $ROUTER_OS_SSH_CMD "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "$DEPLOY_SCRIPT_CMD" # shellcheck disable=SC2029 - ssh -p "$ROUTER_OS_PORT" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script run \"LE Cert Deploy - $_cdomain\"" + $ROUTER_OS_SSH_CMD "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script run \"LE Cert Deploy - $_cdomain\"" # shellcheck disable=SC2029 - ssh -p "$ROUTER_OS_PORT" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script remove \"LE Cert Deploy - $_cdomain\"" + $ROUTER_OS_SSH_CMD "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script remove \"LE Cert Deploy - $_cdomain\"" return 0 } From 92e4ecce3b94ead392e0e1283ba14ce8bbad4bbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Bie=C3=9Fmann?= Date: Sat, 19 Feb 2022 13:44:51 +0100 Subject: [PATCH 0702/1526] deploy/routeros.sh: remove all certificates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As the script is applying the fullchain which includes three certificates, delete all of them before applying updated certificate. Signed-off-by: Andreas Bießmann --- deploy/routeros.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/routeros.sh b/deploy/routeros.sh index b25bd100..3c74f592 100644 --- a/deploy/routeros.sh +++ b/deploy/routeros.sh @@ -134,6 +134,7 @@ routeros_deploy() { source=\"## generated by routeros deploy script in acme.sh;\ \n/certificate remove [ find name=$_cdomain.cer_0 ];\ \n/certificate remove [ find name=$_cdomain.cer_1 ];\ +\n/certificate remove [ find name=$_cdomain.cer_2 ];\ \ndelay 1;\ \n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\";\ \n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\";\ From c46ceb06b49ae32a3c51d88756941fa94642dbe7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Bie=C3=9Fmann?= Date: Sat, 19 Feb 2022 13:56:07 +0100 Subject: [PATCH 0703/1526] deploy/routeros.sh: change DEPLOY_SCRIPT_CMD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This set the owner of script to ssh user, have the comment line in script as real comment and removes policy since this is set from current user, at least for RouterOS 7.x. Signed-off-by: Andreas Bießmann --- deploy/routeros.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/routeros.sh b/deploy/routeros.sh index 3c74f592..b2b18c5e 100644 --- a/deploy/routeros.sh +++ b/deploy/routeros.sh @@ -130,9 +130,9 @@ routeros_deploy() { $ROUTER_OS_SCP_CMD "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key" _info "Trying to push cert '$_cfullchain' to router" $ROUTER_OS_SCP_CMD "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer" - DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=admin policy=ftp,read,write,password,sensitive \ -source=\"## generated by routeros deploy script in acme.sh;\ -\n/certificate remove [ find name=$_cdomain.cer_0 ];\ + DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=$ROUTER_OS_USER \ +comment=\"generated by routeros deploy script in acme.sh\" \ +source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\ \n/certificate remove [ find name=$_cdomain.cer_1 ];\ \n/certificate remove [ find name=$_cdomain.cer_2 ];\ \ndelay 1;\ From 8752d08ce95e7edd938f5de1262038805424bd78 Mon Sep 17 00:00:00 2001 From: richard-9000 <53876487+richard-9000@users.noreply.github.com> Date: Sat, 19 Feb 2022 10:52:24 -0800 Subject: [PATCH 0704/1526] dns_opnsense.sh - Fixed the domain parse regex Extended the regex to skip the new transferkey and hmac sections of opnsense bind. --- dnsapi/dns_opnsense.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh index 26a422f8..eb95902f 100755 --- a/dnsapi/dns_opnsense.sh +++ b/dnsapi/dns_opnsense.sh @@ -150,8 +150,7 @@ _get_root() { return 1 fi _debug h "$h" - id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":{\"\":{[^}]*}}(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) - + id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":{\"[^\"]*\":{[^}]*}},\"transferkeyalgo\":{[^{]*{[^{]*{[^{]*{[^{]*{[^{]*{[^{]*{[^{]*{[^}]*}},\"transferkey\":\"[^\"]*\"(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) if [ -n "$id" ]; then _debug id "$id" _host=$(printf "%s" "$domain" | cut -d . -f 1-$p) From bcf63b5d270a4535347e64e7f25f24970e474e6f Mon Sep 17 00:00:00 2001 From: Martin Arndt <5111490+Eagle3386@users.noreply.github.com> Date: Sun, 27 Feb 2022 14:17:34 +0100 Subject: [PATCH 0705/1526] Add ArtFiles.de DNS API plugin --- dnsapi/dns_artfiles.sh | 176 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 176 insertions(+) create mode 100644 dnsapi/dns_artfiles.sh diff --git a/dnsapi/dns_artfiles.sh b/dnsapi/dns_artfiles.sh new file mode 100644 index 00000000..c857060a --- /dev/null +++ b/dnsapi/dns_artfiles.sh @@ -0,0 +1,176 @@ +#!/usr/bin/env sh + +################################################################################ +# ACME.sh 3rd party DNS API plugin for ArtFiles.de +################################################################################ +# Author: Martin Arndt, https://troublezone.net/ +# Released: 2022-02-27 +# Issues: https://github.com/acmesh-official/acme.sh/issues/XXXX +################################################################################ +# Usage: +# 1. export AF_API_Username="api12345678" +# 2. export AF_API_Password="apiPassword" +# 3. acme.sh --issue -d example.com --dns dns_artfiles +################################################################################ + +########## API configuration ################################################### +AF_API_SUCCESS='status":"OK' +AF_URL_DCP='https://dcp.c.artfiles.de/api/' +AF_URL_DNS=${AF_URL_DCP}'dns/{*}_dns.html?domain=' +AF_URL_DOMAINS=${AF_URL_BASE}'domain/get_domains.html' + +########## Public functions #################################################### + +# Adds a new TXT record for given ACME challenge value & domain. +# Usage: dns_artfiles_add _acme-challenge.www.example.com "ACME challenge value" +dns_artfiles_add() { + domain="$1" + txtValue="$2" + _info 'Using ArtFiles.de DNS addition API' + _debug 'Domain' "$domain" + _debug 'txtValue' "$txtValue" + + AF_API_USERNAME="${AF_API_USERNAME:-$(_readaccountconf_mutable AF_API_USERNAME)}" + AF_API_PASSWORD="${AF_API_PASSWORD:-$(_readaccountconf_mutable AF_API_PASSWORD)}" + if [ -z "$AF_API_USERNAME" ] || [ -z "$AF_API_PASSWORD" ]; then + _err 'Missing ArtFiles.de username and/or password.' + _err 'Please ensure both are set via export command & try again.' + + return 1 + fi + + _saveaccountconf_mutable 'AF_API_USERNAME' "$AF_API_USERNAME" + _saveaccountconf_mutable 'AF_API_PASSWORD' "$AF_API_PASSWORD" + + _set_headers + _get_zone "$domain" + _dns 'GET' + if ! _contains "$response" 'TXT'; then + _err 'Retrieving TXT records failed.' + + return 1 + fi + + _clean_records + _dns 'SET' "$(printf -- '%s\n_acme-challenge "%s"' "$response" "$txtValue")" + if ! _contains "$response" "$AF_API_SUCCESS"; then + _err 'Adding ACME challenge value failed.' + + return 1 + fi +} + +# Removes the existing TXT record for given ACME challenge value & domain. +# Usage: dns_artfiles_rm _acme-challenge.www.example.com "ACME challenge value" +dns_artfiles_rm() { + domain="$1" + txtValue="$2" + _info 'Using ArtFiles.de DNS removal API' + _debug 'Domain' "$domain" + _debug 'txtValue' "$txtValue" + + _set_headers + _get_zone "$domain" + if ! _dns 'GET'; then + return 1 + fi + + if ! _contains "$response" "$txtValue"; then + _err 'Retrieved TXT records are missing given ACME challenge value.' + + return 1 + fi + + _clean_records + response="$(printf -- '%s' "$response" | sed '$d')" + _dns 'SET' "$response" + if ! _contains "$response" "$AF_API_SUCCESS"; then + _err 'Removing ACME challenge value failed.' + + return 1 + fi +} + +########## Private functions ################################################### + +# Cleans awful TXT records response of ArtFiles's API & pretty prints it. +# Usage: _clean_records +_clean_records() +{ + # Extract TXT part, strip trailing quote sign (ACME.sh API guidelines forbid + # usage of SED's GNU extensions, hence couldn't omit it via regex), strip '\' + # from '\"' & turn '\n' into real LF characters. + # Yup, awful API to use - but that's all we got to get this working, so... ;) + _debug2 'Raw ' "$response" + response="$(printf -- '%s' "$response" + \ | sed 's/^\(.*TXT":"\)\([^,}]*\)\(.*\)$/\2/;s/.$//;s/\\"/"/g;s/\\n/\n/g')" + _debug2 'Clean' "$response" +} + +# Executes an HTTP GET or POST request for getting or setting DNS records, +# containing given payload upon POST. +# Usage: _dns [GET | SET] [payload] +_dns() +{ + action="$1" + payload="$(printf -- '%s' "$2" | _url_encode)" + url="$(printf -- '%s%s' "$AF_URL_DNS" "$domain" + \ | sed 's/{\*}/'"$(printf -- '%s' "$action" | _lower_case)"'/')" + + if [ "$action" = 'SET' ]; then + _debug2 'Payload' "$payload" + response="$(_post '' "$url&TXT=$payload" '' 'POST' 'application/x-www-form-urlencoded')" + else + response="$(_get "$url" '' 10)" + fi + + if ! _contains "$response" "$AF_API_SUCCESS"; then + _err "DNS API error: $response" + + return 1 + fi + + _debug 'Response' "$response" + + return 0 +} + +# Gets the root domain zone for given domain. +# Usage: _get_zone _acme-challenge.www.example.com +_get_zone() +{ + _info 'Getting domain zone...' + _debug2 'Initial FQDN' "$1" + fqdn="$1" + fqdn="${fqdn#*.}" # Strip "_acme-challenge" right away + _debug2 'Reduced FQDN' "$fqdn" + + domains="$(_get "$AF_URL_DOMAINS" '' 10)" + while true; do + if _contains "$domains" "$fqdn"; then + domain="$fqdn" + _info "Found root domain zone: $domain" + break + else + fqdn="${fqdn#*.}" + _debug2 'FQDN' "$fqdn" + fi + done + + if [ "$domain" = "$fqdn" ]; then + return 0 + fi + + _err "Couldn't find root domain zone." + + return 1 +} + +# Adds the HTTP Authorization & Content-Type headers to a follow-up request. +# Usage: _set_headers +_set_headers() +{ + encoded="$(printf -- '%s:%s' "$AF_API_USERNAME" "$AF_API_PASSWORD" | _base64)" + export _H1="Authorization: Basic $encoded" + export _H2='Content-Type: application/json' +} From 72d02f442e2e8528afb04a0e55c88185bb99a7e9 Mon Sep 17 00:00:00 2001 From: Martin Arndt <5111490+Eagle3386@users.noreply.github.com> Date: Sun, 27 Feb 2022 14:35:21 +0100 Subject: [PATCH 0706/1526] Fix formatting according to Shellcheck --- dnsapi/dns_artfiles.sh | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_artfiles.sh b/dnsapi/dns_artfiles.sh index c857060a..4598854d 100644 --- a/dnsapi/dns_artfiles.sh +++ b/dnsapi/dns_artfiles.sh @@ -95,8 +95,7 @@ dns_artfiles_rm() { # Cleans awful TXT records response of ArtFiles's API & pretty prints it. # Usage: _clean_records -_clean_records() -{ +_clean_records() { # Extract TXT part, strip trailing quote sign (ACME.sh API guidelines forbid # usage of SED's GNU extensions, hence couldn't omit it via regex), strip '\' # from '\"' & turn '\n' into real LF characters. @@ -110,8 +109,7 @@ _clean_records() # Executes an HTTP GET or POST request for getting or setting DNS records, # containing given payload upon POST. # Usage: _dns [GET | SET] [payload] -_dns() -{ +_dns() { action="$1" payload="$(printf -- '%s' "$2" | _url_encode)" url="$(printf -- '%s%s' "$AF_URL_DNS" "$domain" @@ -137,8 +135,7 @@ _dns() # Gets the root domain zone for given domain. # Usage: _get_zone _acme-challenge.www.example.com -_get_zone() -{ +_get_zone() { _info 'Getting domain zone...' _debug2 'Initial FQDN' "$1" fqdn="$1" @@ -168,8 +165,7 @@ _get_zone() # Adds the HTTP Authorization & Content-Type headers to a follow-up request. # Usage: _set_headers -_set_headers() -{ +_set_headers() { encoded="$(printf -- '%s:%s' "$AF_API_USERNAME" "$AF_API_PASSWORD" | _base64)" export _H1="Authorization: Basic $encoded" export _H2='Content-Type: application/json' From 0bea2e2b94e49f59e05c7507bcec548c50a4abac Mon Sep 17 00:00:00 2001 From: Martin Arndt <5111490+Eagle3386@users.noreply.github.com> Date: Sun, 27 Feb 2022 14:37:22 +0100 Subject: [PATCH 0707/1526] Fix formatting according to Shellcheck 2/2 --- dnsapi/dns_artfiles.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_artfiles.sh b/dnsapi/dns_artfiles.sh index 4598854d..f83ce64a 100644 --- a/dnsapi/dns_artfiles.sh +++ b/dnsapi/dns_artfiles.sh @@ -101,8 +101,9 @@ _clean_records() { # from '\"' & turn '\n' into real LF characters. # Yup, awful API to use - but that's all we got to get this working, so... ;) _debug2 'Raw ' "$response" - response="$(printf -- '%s' "$response" - \ | sed 's/^\(.*TXT":"\)\([^,}]*\)\(.*\)$/\2/;s/.$//;s/\\"/"/g;s/\\n/\n/g')" + response="$( + printf -- '%s' "$response" + \ | sed 's/^\(.*TXT":"\)\([^,}]*\)\(.*\)$/\2/;s/.$//;s/\\"/"/g;s/\\n/\n/g')" _debug2 'Clean' "$response" } @@ -112,8 +113,9 @@ _clean_records() { _dns() { action="$1" payload="$(printf -- '%s' "$2" | _url_encode)" - url="$(printf -- '%s%s' "$AF_URL_DNS" "$domain" - \ | sed 's/{\*}/'"$(printf -- '%s' "$action" | _lower_case)"'/')" + url="$( + printf -- '%s%s' "$AF_URL_DNS" "$domain" + \ | sed 's/{\*}/'"$(printf -- '%s' "$action" | _lower_case)"'/')" if [ "$action" = 'SET' ]; then _debug2 'Payload' "$payload" From fb457968ecae380bc17914f22d134bcfba93d304 Mon Sep 17 00:00:00 2001 From: Martin Arndt <5111490+Eagle3386@users.noreply.github.com> Date: Sun, 27 Feb 2022 14:38:24 +0100 Subject: [PATCH 0708/1526] Fix formatting according to Shellcheck 3/3 --- dnsapi/dns_artfiles.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_artfiles.sh b/dnsapi/dns_artfiles.sh index f83ce64a..9c1a4338 100644 --- a/dnsapi/dns_artfiles.sh +++ b/dnsapi/dns_artfiles.sh @@ -103,7 +103,8 @@ _clean_records() { _debug2 'Raw ' "$response" response="$( printf -- '%s' "$response" - \ | sed 's/^\(.*TXT":"\)\([^,}]*\)\(.*\)$/\2/;s/.$//;s/\\"/"/g;s/\\n/\n/g')" + \ | sed 's/^\(.*TXT":"\)\([^,}]*\)\(.*\)$/\2/;s/.$//;s/\\"/"/g;s/\\n/\n/g' + )" _debug2 'Clean' "$response" } @@ -115,7 +116,8 @@ _dns() { payload="$(printf -- '%s' "$2" | _url_encode)" url="$( printf -- '%s%s' "$AF_URL_DNS" "$domain" - \ | sed 's/{\*}/'"$(printf -- '%s' "$action" | _lower_case)"'/')" + \ | sed 's/{\*}/'"$(printf -- '%s' "$action" | _lower_case)"'/' + )" if [ "$action" = 'SET' ]; then _debug2 'Payload' "$payload" From ed56d52af309a4d90747169a321dbd3698a4b71a Mon Sep 17 00:00:00 2001 From: Martin Arndt <5111490+Eagle3386@users.noreply.github.com> Date: Sun, 27 Feb 2022 15:12:05 +0100 Subject: [PATCH 0709/1526] Changed GitHub issues URL --- dnsapi/dns_artfiles.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_artfiles.sh b/dnsapi/dns_artfiles.sh index 9c1a4338..8e0a6151 100644 --- a/dnsapi/dns_artfiles.sh +++ b/dnsapi/dns_artfiles.sh @@ -5,7 +5,7 @@ ################################################################################ # Author: Martin Arndt, https://troublezone.net/ # Released: 2022-02-27 -# Issues: https://github.com/acmesh-official/acme.sh/issues/XXXX +# Issues: https://github.com/Eagle3386/acme.sh/issues ################################################################################ # Usage: # 1. export AF_API_Username="api12345678" From b37bf06de87ab41d495e0a3156f538c5baf9c679 Mon Sep 17 00:00:00 2001 From: fradev Date: Tue, 1 Mar 2022 17:57:59 +0100 Subject: [PATCH 0710/1526] Update ssh.sh --- deploy/ssh.sh | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/deploy/ssh.sh b/deploy/ssh.sh index 604d8642..7d9e82e8 100644 --- a/deploy/ssh.sh +++ b/deploy/ssh.sh @@ -24,7 +24,7 @@ # export DEPLOY_SSH_BACKUP_PATH=".acme_ssh_deploy" # path on remote system. Defaults to .acme_ssh_deploy # export DEPLOY_SSH_MULTI_CALL="" # yes or no, default to no or previously saved value # export DEPLOY_SSH_USE_SCP="" yes or no , default to no -# export DEPLOY_SSH_SCP_CMD="" defaults to "scp -T -q " +# export DEPLOY_SSH_SCP_CMD="" defaults to "scp -q " # ######## Public functions ##################### @@ -53,7 +53,7 @@ ssh_deploy() { fi else Le_Deploy_ssh_user="$DEPLOY_SSH_USER" - _savedomainconf Le_Deploy_ssh_user "$Le_Deploy_ssh_user" + _savedeployconf Le_Deploy_ssh_user "$Le_Deploy_ssh_user" fi # SERVER is optional. If not provided then use _cdomain @@ -61,7 +61,7 @@ ssh_deploy() { _debug2 DEPLOY_SSH_SERVER "$DEPLOY_SSH_SERVER" if [ -n "$DEPLOY_SSH_SERVER" ]; then Le_Deploy_ssh_server="$DEPLOY_SSH_SERVER" - _savedomainconf Le_Deploy_ssh_server "$Le_Deploy_ssh_server" + _savedeployconf Le_Deploy_ssh_server "$Le_Deploy_ssh_server" elif [ -z "$Le_Deploy_ssh_server" ]; then Le_Deploy_ssh_server="$_cdomain" fi @@ -71,7 +71,7 @@ ssh_deploy() { _debug2 DEPLOY_SSH_CMD "$DEPLOY_SSH_CMD" if [ -n "$DEPLOY_SSH_CMD" ]; then Le_Deploy_ssh_cmd="$DEPLOY_SSH_CMD" - _savedomainconf Le_Deploy_ssh_cmd "$Le_Deploy_ssh_cmd" + _savedeployconf Le_Deploy_ssh_cmd "$Le_Deploy_ssh_cmd" elif [ -z "$Le_Deploy_ssh_cmd" ]; then Le_Deploy_ssh_cmd="ssh -T" fi @@ -80,7 +80,7 @@ ssh_deploy() { # value (which may be undefined... equivalent to "no"). if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then Le_Deploy_ssh_use_scp="yes" - _savedomainconf Le_Deploy_ssh_use_scp "$Le_Deploy_ssh_use_scp" + _savedeployconf Le_Deploy_ssh_use_scp "$Le_Deploy_ssh_use_scp" elif [ "$DEPLOY_SSH_USE_SCP" = "no" ]; then Le_Deploy_ssh_use_scp="" _cleardomainconf Le_Deploy_ssh_use_scp @@ -89,9 +89,9 @@ ssh_deploy() { # SCP_CMD is optional. If not provided then use scp if [ -n "$DEPLOY_SSH_SCP_CMD" ]; then Le_Deploy_ssh_scp_cmd="$DEPLOY_SSH_SCP_CMD" - _savedomainconf Le_Deploy_ssh_scp_cmd "$Le_Deploy_ssh_scp_cmd" + _savedeployconf Le_Deploy_ssh_scp_cmd "$Le_Deploy_ssh_scp_cmd" elif [ -z "$Le_Deploy_ssh_scp_cmd" ]; then - Le_Deploy_ssh_scp_cmd="scp -T" + Le_Deploy_ssh_scp_cmd="scp -q" fi # BACKUP is optional. If not provided then default to previously saved value or yes. @@ -102,7 +102,7 @@ ssh_deploy() { elif [ -z "$Le_Deploy_ssh_backup" ] || [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then Le_Deploy_ssh_backup="yes" fi - _savedomainconf Le_Deploy_ssh_backup "$Le_Deploy_ssh_backup" + _savedeployconf Le_Deploy_ssh_backup "$Le_Deploy_ssh_backup" # BACKUP_PATH is optional. If not provided then default to previously saved value or .acme_ssh_deploy _getdeployconf DEPLOY_SSH_BACKUP_PATH @@ -112,7 +112,7 @@ ssh_deploy() { elif [ -z "$Le_Deploy_ssh_backup_path" ]; then Le_Deploy_ssh_backup_path=".acme_ssh_deploy" fi - _savedomainconf Le_Deploy_ssh_backup_path "$Le_Deploy_ssh_backup_path" + _savedeployconf Le_Deploy_ssh_backup_path "$Le_Deploy_ssh_backup_path" # MULTI_CALL is optional. If not provided then default to previously saved # value (which may be undefined... equivalent to "no"). @@ -120,7 +120,7 @@ ssh_deploy() { _debug2 DEPLOY_SSH_MULTI_CALL "$DEPLOY_SSH_MULTI_CALL" if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then Le_Deploy_ssh_multi_call="yes" - _savedomainconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call" + _savedeployconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call" elif [ "$DEPLOY_SSH_MULTI_CALL" = "no" ]; then Le_Deploy_ssh_multi_call="" _cleardomainconf Le_Deploy_ssh_multi_call @@ -130,9 +130,9 @@ ssh_deploy() { # value (which may be undefined... equivalent to "no"). if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then Le_Deploy_ssh_use_scp="yes" - _savedomainconf Le_Deploy_ssh_use_scp "$Le_Deploy_ssh_use_scp" + _savedeployconf Le_Deploy_ssh_use_scp "$Le_Deploy_ssh_use_scp" Le_Deploy_ssh_multi_call="yes" - _savedomainconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call" + _savedeployconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call" elif [ "$DEPLOY_SSH_USE_SCP" = "no" ]; then Le_Deploy_ssh_use_scp="" _cleardomainconf Le_Deploy_ssh_use_scp @@ -141,7 +141,7 @@ ssh_deploy() { # SCP_CMD is optional. If not provided then use scp if [ -n "$DEPLOY_SSH_SCP_CMD" ]; then Le_Deploy_ssh_scp_cmd="$DEPLOY_SSH_SCP_CMD" - _savedomainconf Le_Deploy_ssh_scp_cmd "$Le_Deploy_ssh_scp_cmd" + _savedeployconf Le_Deploy_ssh_scp_cmd "$Le_Deploy_ssh_scp_cmd" elif [ -z "$Le_Deploy_ssh_scp_cmd" ]; then Le_Deploy_ssh_scp_cmd="scp -T -q " fi @@ -165,7 +165,7 @@ _ssh_deploy() { if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then _info "Using scp as alternate method for copying files. Multicall Mode is implicit" Le_Deploy_ssh_multi_call="yes" - _savedomainconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call" + _savedeployconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call" fi if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then _info "Using MULTI_CALL mode... Required commands sent in multiple calls to remote host" @@ -200,7 +200,7 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d _debug2 DEPLOY_SSH_KEYFILE "$DEPLOY_SSH_KEYFILE" if [ -n "$DEPLOY_SSH_KEYFILE" ]; then Le_Deploy_ssh_keyfile="$DEPLOY_SSH_KEYFILE" - _savedomainconf Le_Deploy_ssh_keyfile "$Le_Deploy_ssh_keyfile" + _savedeployconf Le_Deploy_ssh_keyfile "$Le_Deploy_ssh_keyfile" fi if [ -n "$Le_Deploy_ssh_keyfile" ]; then if [ "$Le_Deploy_ssh_backup" = "yes" ]; then @@ -238,7 +238,7 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d _debug2 DEPLOY_SSH_CERTFILE "$DEPLOY_SSH_CERTFILE" if [ -n "$DEPLOY_SSH_CERTFILE" ]; then Le_Deploy_ssh_certfile="$DEPLOY_SSH_CERTFILE" - _savedomainconf Le_Deploy_ssh_certfile "$Le_Deploy_ssh_certfile" + _savedeployconf Le_Deploy_ssh_certfile "$Le_Deploy_ssh_certfile" fi if [ -n "$Le_Deploy_ssh_certfile" ]; then _pipe=">" @@ -288,7 +288,7 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d _debug2 DEPLOY_SSH_CAFILE "$DEPLOY_SSH_CAFILE" if [ -n "$DEPLOY_SSH_CAFILE" ]; then Le_Deploy_ssh_cafile="$DEPLOY_SSH_CAFILE" - _savedomainconf Le_Deploy_ssh_cafile "$Le_Deploy_ssh_cafile" + _savedeployconf Le_Deploy_ssh_cafile "$Le_Deploy_ssh_cafile" fi if [ -n "$Le_Deploy_ssh_cafile" ]; then _pipe=">" @@ -346,7 +346,7 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d _debug2 DEPLOY_SSH_FULLCHAIN "$DEPLOY_SSH_FULLCHAIN" if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then Le_Deploy_ssh_fullchain="$DEPLOY_SSH_FULLCHAIN" - _savedomainconf Le_Deploy_ssh_fullchain "$Le_Deploy_ssh_fullchain" + _savedeployconf Le_Deploy_ssh_fullchain "$Le_Deploy_ssh_fullchain" fi if [ -n "$Le_Deploy_ssh_fullchain" ]; then _pipe=">" @@ -418,7 +418,7 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d _debug2 DEPLOY_SSH_REMOTE_CMD "$DEPLOY_SSH_REMOTE_CMD" if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then Le_Deploy_ssh_remote_cmd="$DEPLOY_SSH_REMOTE_CMD" - _savedomainconf Le_Deploy_ssh_remote_cmd "$Le_Deploy_ssh_remote_cmd" + _savedeployconf Le_Deploy_ssh_remote_cmd "$Le_Deploy_ssh_remote_cmd" fi if [ -n "$Le_Deploy_ssh_remote_cmd" ]; then _cmdstr="$_cmdstr $Le_Deploy_ssh_remote_cmd;" From 0ed4fc6a12fabf4fa01de07e391ea2daa0284b67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20Th=C3=B6rnblad?= Date: Fri, 4 Mar 2022 13:38:05 +0100 Subject: [PATCH 0711/1526] Update dns_loopia.sh Loopia API is now less tolerant so we need another tag surrounding the --- dnsapi/dns_loopia.sh | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/dnsapi/dns_loopia.sh b/dnsapi/dns_loopia.sh index 7760b53e..e8f99185 100644 --- a/dnsapi/dns_loopia.sh +++ b/dnsapi/dns_loopia.sh @@ -206,24 +206,26 @@ _loopia_add_record() { %s - - - type - TXT - - - priority - 0 - - - ttl - 300 - - - rdata - %s - - + + + + type + TXT + + + priority + 0 + + + ttl + 300 + + + rdata + %s + + + ' $LOOPIA_User $LOOPIA_Password "$domain" "$sub_domain" "$txtval") From 13f80acb2d92801867c415d55dff2fb8dfb42272 Mon Sep 17 00:00:00 2001 From: waldner Date: Sat, 5 Mar 2022 01:03:04 +0100 Subject: [PATCH 0712/1526] geoscaling DNS API --- dnsapi/dns_geoscaling.sh | 221 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 221 insertions(+) create mode 100755 dnsapi/dns_geoscaling.sh diff --git a/dnsapi/dns_geoscaling.sh b/dnsapi/dns_geoscaling.sh new file mode 100755 index 00000000..6d61312d --- /dev/null +++ b/dnsapi/dns_geoscaling.sh @@ -0,0 +1,221 @@ +#!/usr/bin/env sh + +######################################################################## +# Geoscaling hook script for acme.sh +# +# Environment variables: +# +# - $GEOSCALING_Username (your Geoscaling username - this is usually NOT an amail address) +# - $GEOSCALING_Password (your Geoscaling password) + +#-- dns_geoscaling_add() - Add TXT record -------------------------------------- +# Usage: dns_geoscaling_add _acme-challenge.subdomain.domain.com "XyZ123..." + +dns_geoscaling_add() { + full_domain=$1 + txt_value=$2 + _info "Using DNS-01 Geoscaling DNS2 hook" + + GEOSCALING_Username="${GEOSCALING_Username:-$(_readaccountconf_mutable GEOSCALING_Username)}" + GEOSCALING_Password="${GEOSCALING_Password:-$(_readaccountconf_mutable GEOSCALING_Password)}" + if [ -z "$GEOSCALING_Username" ] || [ -z "$GEOSCALING_Password" ]; then + GEOSCALING_Username= + GEOSCALING_Password= + _err "No auth details provided. Please set user credentials using the \$GEOSCALING_Username and \$GEOSCALING_Password environment variables." + return 1 + fi + _saveaccountconf_mutable GEOSCALING_Username "${GEOSCALING_Username}" + _saveaccountconf_mutable GEOSCALING_Password "${GEOSCALING_Password}" + + # Fills in the $zone_id and $zone_name + find_zone "${full_domain}" || return 1 + _debug "Zone id '${zone_id}' will be used." + + # We're logged in here + + # we should add ${full_domain} minus the trailing ${zone_name} + + prefix=$(echo "${full_domain}" | sed "s|\\.${zone_name}\$||") + + body="id=${zone_id}&name=${prefix}&type=TXT&content=${txt_value}&ttl=300&prio=0" + + do_post "$body" "https://www.geoscaling.com/dns2/ajax/add_record.php" + exit_code="$?" + if [ "${exit_code}" -eq 0 ]; then + _info "TXT record added successfully." + else + _err "Couldn't add the TXT record." + fi + do_logout + return "${exit_code}" +} + +#-- dns_geoscaling_rm() - Remove TXT record ------------------------------------ +# Usage: dns_geoscaling_rm _acme-challenge.subdomain.domain.com "XyZ123..." + +dns_geoscaling_rm() { + full_domain=$1 + txt_value=$2 + _info "Cleaning up after DNS-01 Geoscaling DNS2 hook" + + # fills in the $zone_id + find_zone "${full_domain}" || return 1 + _debug "Zone id '${zone_id}' will be used." + + # Here we're logged in + # Find the record id to clean + + # get the domain + response=$(do_get "https://www.geoscaling.com/dns2/index.php?module=domain&id=${zone_id}") + _debug2 "response" "$response" + + table="$(echo "${response}" | tr -d '\n' | sed 's|.*
Basic Records
.*||')" + _debug2 table "${table}" + names=$(echo "${table}" | _egrep_o 'id="[0-9]+\.name">[^<]*' | sed 's|||; s|.*>||') + ids=$(echo "${table}" | _egrep_o 'id="[0-9]+\.name">[^<]*' | sed 's|\.name">.*||; s|id="||') + types=$(echo "${table}" | _egrep_o 'id="[0-9]+\.type">[^<]*' | sed 's|||; s|.*>||') + values=$(echo "${table}" | _egrep_o 'id="[0-9]+\.content">[^<]*' | sed 's|||; s|.*>||') + + _debug2 names "${names}" + _debug2 ids "${ids}" + _debug2 types "${types}" + _debug2 values "${values}" + + # look for line whose name is ${full_domain}, whose type is TXT, and whose value is ${txt_value} + line_num="$(echo "${values}" | grep -F -n -- "${txt_value}" | _head_n 1 | cut -d ':' -f 1)" + _debug2 line_num "${line_num}" + found_id= + if [ -n "$line_num" ]; then + type=$(echo "${types}" | sed -n "${line_num}p") + name=$(echo "${names}" | sed -n "${line_num}p") + id=$(echo "${ids}" | sed -n "${line_num}p") + + _debug2 type "$type" + _debug2 name "$name" + _debug2 id "$id" + _debug2 full_domain "$full_domain" + + if [ "${type}" = "TXT" ] && [ "${name}" = "${full_domain}" ]; then + found_id=${id} + fi + fi + + if [ "${found_id}" = "" ]; then + _err "Can not find record id." + return 0 + fi + + # Remove the record + body="id=${zone_id}&record_id=${found_id}" + response=$(do_post "$body" "https://www.geoscaling.com/dns2/ajax/delete_record.php") + exit_code="$?" + if [ "$exit_code" -eq 0 ]; then + _info "Record removed successfully." + else + _err "Could not clean (remove) up the record. Please go to Geoscaling administration interface and clean it by hand." + fi + do_logout + return "${exit_code}" +} + +########################## PRIVATE FUNCTIONS ########################### + +do_get() { + _url=$1 + export _H1="Cookie: $geoscaling_phpsessid_cookie" + _get "${_url}" +} + +do_post() { + _body=$1 + _url=$2 + export _H1="Cookie: $geoscaling_phpsessid_cookie" + _post "${_body}" "${_url}" +} + +do_login() { + + _info "Logging in..." + + username_encoded="$(printf "%s" "${GEOSCALING_Username}" | _url_encode)" + password_encoded="$(printf "%s" "${GEOSCALING_Password}" | _url_encode)" + body="username=${username_encoded}&password=${password_encoded}" + + response=$(_post "$body" "https://www.geoscaling.com/dns2/index.php?module=auth") + _debug2 response "${response}" + + #retcode=$(grep '^HTTP[^ ]*' "${HTTP_HEADER}" | _head_n 1 | _egrep_o '[0-9]+$') + retcode=$(grep '^HTTP[^ ]*' "${HTTP_HEADER}" | _head_n 1 | cut -d ' ' -f 2) + + if [ "$retcode" != "302" ]; then + _err "Geoscaling login failed for user ${GEOSCALING_Username}. Check ${HTTP_HEADER} file" + return 1 + fi + + geoscaling_phpsessid_cookie="$(grep -i '^set-cookie:' "${HTTP_HEADER}" | _egrep_o 'PHPSESSID=[^;]*;' | tr -d ';')" + return 0 + +} + +do_logout() { + _info "Logging out." + response="$(do_get "https://www.geoscaling.com/dns2/index.php?module=auth")" + _debug2 response "$response" + return 0 +} + +find_zone() { + domain="$1" + + # do login + do_login || return 1 + + # get zones + response="$(do_get "https://www.geoscaling.com/dns2/index.php?module=domains")" + + table="$(echo "${response}" | tr -d '\n' | sed 's|.*
Your domains
.*||')" + _debug2 table "${table}" + zone_names="$(echo "${table}" | _egrep_o '[^<]*' | sed 's|||;s|||')" + _debug2 _matches "${zone_names}" + # Zone names and zone IDs are in same order + zone_ids=$(echo "${table}" | _egrep_o '' | sed 's|.*id=||;s|. .*||') + + _debug2 "These are the zones on this Geoscaling account:" + _debug2 "zone_names" "${zone_names}" + _debug2 "And these are their respective IDs:" + _debug2 "zone_ids" "${zone_ids}" + if [ -z "${zone_names}" ] || [ -z "${zone_ids}" ]; then + _err "Can not get zone names or IDs." + return 1 + fi + # Walk through all possible zone names + strip_counter=1 + while true; do + attempted_zone=$(echo "${domain}" | cut -d . -f ${strip_counter}-) + + # All possible zone names have been tried + if [ -z "${attempted_zone}" ]; then + _err "No zone for domain '${domain}' found." + return 1 + fi + + _debug "Looking for zone '${attempted_zone}'" + + line_num="$(echo "${zone_names}" | grep -n "^${attempted_zone}\$" | _head_n 1 | cut -d : -f 1)" + _debug2 line_num "${line_num}" + if [ "$line_num" ]; then + zone_id=$(echo "${zone_ids}" | sed -n "${line_num}p") + zone_name=$(echo "${zone_names}" | sed -n "${line_num}p") + if [ -z "${zone_id}" ]; then + _err "Can not find zone id." + return 1 + fi + _debug "Found relevant zone '${attempted_zone}' with id '${zone_id}' - will be used for domain '${domain}'." + return 0 + fi + + _debug "Zone '${attempted_zone}' doesn't exist, let's try a less specific zone." + strip_counter=$(_math "${strip_counter}" + 1) + done +} +# vim: et:ts=2:sw=2: From b75e90f8c92e34676f571e295c4f304c6379e455 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20Th=C3=B6rnblad?= Date: Mon, 7 Mar 2022 10:28:09 +0100 Subject: [PATCH 0714/1526] Double quote variables (shellcheck suggestions) --- dnsapi/dns_loopia.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_loopia.sh b/dnsapi/dns_loopia.sh index e8f99185..73327335 100644 --- a/dnsapi/dns_loopia.sh +++ b/dnsapi/dns_loopia.sh @@ -133,7 +133,7 @@ _loopia_get_records() { %s - ' $LOOPIA_User $LOOPIA_Password "$domain" "$sub_domain") + ' "$LOOPIA_User" "$LOOPIA_Password" "$domain" "$sub_domain") response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" if ! _contains "$response" ""; then @@ -162,7 +162,7 @@ _get_root() { %s - ' $LOOPIA_User $LOOPIA_Password) + ' "$LOOPIA_User" "$LOOPIA_Password") response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" while true; do @@ -228,7 +228,7 @@ _loopia_add_record() { - ' $LOOPIA_User $LOOPIA_Password "$domain" "$sub_domain" "$txtval") + ' "$LOOPIA_User" "$LOOPIA_Password" "$domain" "$sub_domain" "$txtval") response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" @@ -257,7 +257,7 @@ _sub_domain_exists() { %s - ' $LOOPIA_User $LOOPIA_Password "$domain") + ' "$LOOPIA_User" "$LOOPIA_Password" "$domain") response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" @@ -292,7 +292,7 @@ _loopia_add_sub_domain() { %s - ' $LOOPIA_User $LOOPIA_Password "$domain" "$sub_domain") + ' "$LOOPIA_User" "$LOOPIA_Password" "$domain" "$sub_domain") response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" From ea3c37d754801b289fa6a5abcbeadea1c773b147 Mon Sep 17 00:00:00 2001 From: lufi42 <101186892+lufi42@users.noreply.github.com> Date: Wed, 9 Mar 2022 01:36:06 +0100 Subject: [PATCH 0715/1526] Corrected use of Plesk API calls to fetch all domain for all Plesk editions This implementation of the Plesk API will add support for Plesk web admin edition and will now discover all domains managed by the specific plesk instance. The existing implementation of the Plesk API uses the customer API. This brings two problems: 1. The current API call only fetches the domains of resellers/customers and not the domains that are managed by administrative users. compare: https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-customer-accounts/retrieving-the-list-of-customer%E2%80%99s-domains.75309/ https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-plesk-server/getting-server-information/response-packet-structure-and-samples/list-of-domains.75294/ 2. The customer API is only available in the pro/admin editions. The most common license on VPS/Dedicated Servers is the web host edition. See: https://www.plesk.com/editions/ The correct way to get all domains in all Plesk editions is to use the Sites (Domains) API: https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-sites-domains/getting-information-about-sites.66583/ --- dnsapi/dns_pleskxml.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh index f5986827..0f7dc241 100644 --- a/dnsapi/dns_pleskxml.sh +++ b/dnsapi/dns_pleskxml.sh @@ -41,7 +41,7 @@ pleskxml_init_checks_done=0 NEWLINE='\ ' -pleskxml_tplt_get_domains="" +pleskxml_tplt_get_domains="" # Get a list of domains that PLESK can manage, so we can check root domain + host for acme.sh # Also used to test credentials and URI. # No params. @@ -375,7 +375,7 @@ _pleskxml_get_root_domain() { # Output will be one line per known domain, containing 2 tages and a single tag # We don't actually need to check for type, name, *and* id, but it guarantees only usable lines are returned. - output="$(_api_response_split "$pleskxml_prettyprint_result" 'domain' 'domain' | sed 's///g;s/<\/ascii-name>/<\/name>/g' | grep '' | grep '')" + output="$(_api_response_split "$pleskxml_prettyprint_result" 'result' 'ok' | sed 's///g;s/<\/ascii-name>/<\/name>/g' | grep '' | grep '')" _debug 'Domains managed by Plesk server are (ignore the hacked output):' _debug "$output" From a6b58bc88d390a21baf3cf457f3d3daba314222b Mon Sep 17 00:00:00 2001 From: lufi42 <101186892+lufi42@users.noreply.github.com> Date: Wed, 9 Mar 2022 01:36:06 +0100 Subject: [PATCH 0716/1526] Corrected use of Plesk API calls to fetch all domain for all Plesk editions This implementation of the Plesk API will add support for Plesk web admin edition and will now discover all domains ( of customers & administrative users) managed by the specific plesk instance. The previous implementation of the Plesk API uses the customer API. This brings two problems: 1. The current API call only fetches the domains of resellers/customers and not the domains that are managed by administrative users. compare: https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-customer-accounts/retrieving-the-list-of-customer%E2%80%99s-domains.75309/ https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-plesk-server/getting-server-information/response-packet-structure-and-samples/list-of-domains.75294/ 2. The customer API is only available in the web pro/host editions. The most common license on VPS/Dedicated Servers is nowadays the web admin edition. See: https://www.plesk.com/editions/ The correct way to get all domains in all Plesk editions is to use the Sites (Domains) API: https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-sites-domains/getting-information-about-sites.66583/ This way is working for all plesk editions the same way. --- dnsapi/dns_pleskxml.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh index f5986827..0f7dc241 100644 --- a/dnsapi/dns_pleskxml.sh +++ b/dnsapi/dns_pleskxml.sh @@ -41,7 +41,7 @@ pleskxml_init_checks_done=0 NEWLINE='\ ' -pleskxml_tplt_get_domains="" +pleskxml_tplt_get_domains="" # Get a list of domains that PLESK can manage, so we can check root domain + host for acme.sh # Also used to test credentials and URI. # No params. @@ -375,7 +375,7 @@ _pleskxml_get_root_domain() { # Output will be one line per known domain, containing 2 tages and a single tag # We don't actually need to check for type, name, *and* id, but it guarantees only usable lines are returned. - output="$(_api_response_split "$pleskxml_prettyprint_result" 'domain' 'domain' | sed 's///g;s/<\/ascii-name>/<\/name>/g' | grep '' | grep '')" + output="$(_api_response_split "$pleskxml_prettyprint_result" 'result' 'ok' | sed 's///g;s/<\/ascii-name>/<\/name>/g' | grep '' | grep '')" _debug 'Domains managed by Plesk server are (ignore the hacked output):' _debug "$output" From 6ead01987310cda3183f9f15ce33733bccc8ee9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20Th=C3=B6rnblad?= Date: Wed, 9 Mar 2022 17:12:09 +0100 Subject: [PATCH 0717/1526] Accept some special characters in password and added a little bit better error handling --- dnsapi/dns_loopia.sh | 46 ++++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/dnsapi/dns_loopia.sh b/dnsapi/dns_loopia.sh index 73327335..e95d8999 100644 --- a/dnsapi/dns_loopia.sh +++ b/dnsapi/dns_loopia.sh @@ -32,8 +32,12 @@ dns_loopia_add() { _info "Adding record" - _loopia_add_sub_domain "$_domain" "$_sub_domain" - _loopia_add_record "$_domain" "$_sub_domain" "$txtvalue" + if ! _loopia_add_sub_domain "$_domain" "$_sub_domain"; then + return 1 + fi + if ! _loopia_add_record "$_domain" "$_sub_domain" "$txtvalue"; then + return 1 + fi } @@ -70,12 +74,13 @@ dns_loopia_rm() { %s - ' "$LOOPIA_User" "$LOOPIA_Password" "$_domain" "$_sub_domain") + ' "$LOOPIA_User" "$Encoded_Password" "$_domain" "$_sub_domain") response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" if ! _contains "$response" "OK"; then - _err "Error could not get txt records" + err_response=$(echo "$response" | grep -oPm1 "(?<=)[^<]+") + _err "Error could not get txt records: $err_response" return 1 fi } @@ -101,6 +106,12 @@ _loopia_load_config() { return 1 fi + if _contains "$LOOPIA_Password" "'" || _contains "$LOOPIA_Password" '"'; then + _err "Password contains quoute or double quoute and this is not supported by dns_loopia.sh" + return 1 + fi + + Encoded_Password=$(_xml_encode "$LOOPIA_Password") return 0 } @@ -133,11 +144,12 @@ _loopia_get_records() { %s - ' "$LOOPIA_User" "$LOOPIA_Password" "$domain" "$sub_domain") + ' "$LOOPIA_User" "$Encoded_Password" "$domain" "$sub_domain") response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" if ! _contains "$response" ""; then - _err "Error" + err_response=$(echo "$response" | grep -oPm1 "(?<=)[^<]+") + _err "Error: $err_response" return 1 fi return 0 @@ -162,7 +174,7 @@ _get_root() { %s - ' "$LOOPIA_User" "$LOOPIA_Password") + ' "$LOOPIA_User" "$Encoded_Password") response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" while true; do @@ -228,12 +240,13 @@ _loopia_add_record() { - ' "$LOOPIA_User" "$LOOPIA_Password" "$domain" "$sub_domain" "$txtval") + ' "$LOOPIA_User" "$Encoded_Password" "$domain" "$sub_domain" "$txtval") response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" if ! _contains "$response" "OK"; then - _err "Error" + err_response=$(echo "$response" | grep -oPm1 "(?<=)[^<]+") + _err "Error: $err_response" return 1 fi return 0 @@ -257,7 +270,7 @@ _sub_domain_exists() { %s - ' "$LOOPIA_User" "$LOOPIA_Password" "$domain") + ' "$LOOPIA_User" "$Encoded_Password" "$domain") response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" @@ -292,13 +305,22 @@ _loopia_add_sub_domain() { %s - ' "$LOOPIA_User" "$LOOPIA_Password" "$domain" "$sub_domain") + ' "$LOOPIA_User" "$Encoded_Password" "$domain" "$sub_domain") response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" if ! _contains "$response" "OK"; then - _err "Error" + err_response=$(echo "$response" | grep -oPm1 "(?<=)[^<]+") + _err "Error: $err_response" return 1 fi return 0 } + +_xml_encode() { + encoded_string=$1 + encoded_string=$(echo "$encoded_string" | sed 's/&/\&/') + encoded_string=$(echo "$encoded_string" | sed 's//\>/') + printf "%s" "$encoded_string" +} From 227d62a5dce420c24cea210a6ff46be64656d18c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikolaj=20Brinch=20J=C3=B8rgensen?= Date: Thu, 10 Mar 2022 11:13:38 +0100 Subject: [PATCH 0718/1526] Fixes Simply.com to use REST API version 2 with Basic Auth --- dnsapi/dns_simply.sh | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 437e5e5c..6a8d0e18 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -5,8 +5,8 @@ #SIMPLY_AccountName="accountname" #SIMPLY_ApiKey="apikey" # -#SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]" -SIMPLY_Api_Default="https://api.simply.com/1" +#SIMPLY_Api="https://api.simply.com/2/" +SIMPLY_Api_Default="https://api.simply.com/2" #This is used for determining success of REST call SIMPLY_SUCCESS_CODE='"status":200' @@ -237,12 +237,18 @@ _simply_rest() { _debug2 ep "$ep" _debug2 m "$m" - export _H1="Content-Type: application/json" + basicauth=$(printf "%s:%s" "$SIMPLY_AccountName" "$SIMPLY_ApiKey" | _base64) + + if [ "$basicauth" ]; then + export _H1="Authorization: Basic $basicauth" + fi + + export _H2="Content-Type: application/json" if [ "$m" != "GET" ]; then - response="$(_post "$data" "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep" "" "$m")" + response="$(_post "$data" "$SIMPLY_Api/$ep" "" "$m")" else - response="$(_get "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep")" + response="$(_get "$SIMPLY_Api/$ep")" fi if [ "$?" != "0" ]; then From b209f666547382eb5730ba11ca455f6e4fceb92d Mon Sep 17 00:00:00 2001 From: bosong Date: Fri, 11 Mar 2022 13:41:12 +0800 Subject: [PATCH 0719/1526] =?UTF-8?q?fix(notify)=EF=BC=9Aremove=20nofity,m?= =?UTF-8?q?ove=20weixin=5Fwork.sh=20to=20notify?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- {nofity => notify}/weixin_work.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {nofity => notify}/weixin_work.sh (100%) diff --git a/nofity/weixin_work.sh b/notify/weixin_work.sh similarity index 100% rename from nofity/weixin_work.sh rename to notify/weixin_work.sh From 8d574ecb34af21814983ce174cb8224b19e7639e Mon Sep 17 00:00:00 2001 From: waldner Date: Tue, 15 Mar 2022 18:48:14 +0100 Subject: [PATCH 0720/1526] Geoscaling: get creds for removal too --- dnsapi/dns_geoscaling.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/dnsapi/dns_geoscaling.sh b/dnsapi/dns_geoscaling.sh index 6d61312d..6ccf4daf 100755 --- a/dnsapi/dns_geoscaling.sh +++ b/dnsapi/dns_geoscaling.sh @@ -58,6 +58,17 @@ dns_geoscaling_rm() { txt_value=$2 _info "Cleaning up after DNS-01 Geoscaling DNS2 hook" + GEOSCALING_Username="${GEOSCALING_Username:-$(_readaccountconf_mutable GEOSCALING_Username)}" + GEOSCALING_Password="${GEOSCALING_Password:-$(_readaccountconf_mutable GEOSCALING_Password)}" + if [ -z "$GEOSCALING_Username" ] || [ -z "$GEOSCALING_Password" ]; then + GEOSCALING_Username= + GEOSCALING_Password= + _err "No auth details provided. Please set user credentials using the \$GEOSCALING_Username and \$GEOSCALING_Password environment variables." + return 1 + fi + _saveaccountconf_mutable GEOSCALING_Username "${GEOSCALING_Username}" + _saveaccountconf_mutable GEOSCALING_Password "${GEOSCALING_Password}" + # fills in the $zone_id find_zone "${full_domain}" || return 1 _debug "Zone id '${zone_id}' will be used." From 9d6d96adf3620094aae1b460ac74297a278de295 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Bie=C3=9Fmann?= Date: Thu, 17 Mar 2022 12:22:58 +0100 Subject: [PATCH 0721/1526] deploy/routeros.sh: fix routeros script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit c46ceb06b49ae32a3c51d88756941fa94642dbe7 introduced an error in routeros script. Fix it! Signed-off-by: Andreas Bießmann --- deploy/routeros.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/deploy/routeros.sh b/deploy/routeros.sh index b2b18c5e..ec088f80 100644 --- a/deploy/routeros.sh +++ b/deploy/routeros.sh @@ -130,7 +130,7 @@ routeros_deploy() { $ROUTER_OS_SCP_CMD "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key" _info "Trying to push cert '$_cfullchain' to router" $ROUTER_OS_SCP_CMD "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer" - DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=$ROUTER_OS_USER \ + DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=$ROUTER_OS_USERNAME \ comment=\"generated by routeros deploy script in acme.sh\" \ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\ \n/certificate remove [ find name=$_cdomain.cer_1 ];\ @@ -146,6 +146,8 @@ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\ \n$ROUTER_OS_ADDITIONAL_SERVICES;\ \n\" " + _debug DEPLOY_SCRIPT_CMD "${DEPLOY_SCRIPT_CMD}" + # shellcheck disable=SC2029 $ROUTER_OS_SSH_CMD "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "$DEPLOY_SCRIPT_CMD" # shellcheck disable=SC2029 From c603b9c40b625f17a1cd921162a9d01512bbd90c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Bie=C3=9Fmann?= Date: Thu, 17 Mar 2022 14:31:01 +0100 Subject: [PATCH 0722/1526] deploy/routeros: add error handling for ssh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In order to detect errorneous scripts on remote side, catch return code and handle it respectively. Signed-off-by: Andreas Bießmann Reviewed-by: Ross Shen @sjtuross --- deploy/routeros.sh | 36 +++++++++++++++++++++++++++++------- 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/deploy/routeros.sh b/deploy/routeros.sh index ec088f80..394856e6 100644 --- a/deploy/routeros.sh +++ b/deploy/routeros.sh @@ -70,6 +70,7 @@ routeros_deploy() { _ccert="$3" _cca="$4" _cfullchain="$5" + _err_code=0 _debug _cdomain "$_cdomain" _debug _ckey "$_ckey" @@ -146,14 +147,35 @@ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\ \n$ROUTER_OS_ADDITIONAL_SERVICES;\ \n\" " - _debug DEPLOY_SCRIPT_CMD "${DEPLOY_SCRIPT_CMD}" - # shellcheck disable=SC2029 - $ROUTER_OS_SSH_CMD "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "$DEPLOY_SCRIPT_CMD" - # shellcheck disable=SC2029 - $ROUTER_OS_SSH_CMD "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script run \"LE Cert Deploy - $_cdomain\"" - # shellcheck disable=SC2029 - $ROUTER_OS_SSH_CMD "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script remove \"LE Cert Deploy - $_cdomain\"" + if ! _ssh_remote_cmd "$DEPLOY_SCRIPT_CMD"; then + return $_err_code + fi + + if ! _ssh_remote_cmd "/system script run \"LE Cert Deploy - $_cdomain\""; then + return $_err_code + fi + + if ! _ssh_remote_cmd "/system script remove \"LE Cert Deploy - $_cdomain\""; then + return $_err_code + fi return 0 } + +# inspired by deploy/ssh.sh +_ssh_remote_cmd() { + _cmd="$1" + _secure_debug "Remote commands to execute: $_cmd" + _info "Submitting sequence of commands to routeros" + # quotations in bash cmd below intended. Squash travis spellcheck error + # shellcheck disable=SC2029 + $ROUTER_OS_SSH_CMD "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "$_cmd" + _err_code="$?" + + if [ "$_err_code" != "0" ]; then + _err "Error code $_err_code returned from routeros" + fi + + return $_err_code +} From 3411b736dd4b868bc1e0a5e24899fdb32a729721 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Bie=C3=9Fmann?= Date: Fri, 18 Mar 2022 07:58:57 +0100 Subject: [PATCH 0723/1526] deploy/routeros: add error handling for scp MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In order to stop processing on failure to copy certificate to remote side, fail on error of scp command. Signed-off-by: Andreas Bießmann --- deploy/routeros.sh | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/deploy/routeros.sh b/deploy/routeros.sh index 394856e6..c4c9470d 100644 --- a/deploy/routeros.sh +++ b/deploy/routeros.sh @@ -127,10 +127,16 @@ routeros_deploy() { _savedeployconf ROUTER_OS_SCP_CMD "$ROUTER_OS_SCP_CMD" _savedeployconf ROUTER_OS_ADDITIONAL_SERVICES "$ROUTER_OS_ADDITIONAL_SERVICES" - _info "Trying to push key '$_ckey' to router" - $ROUTER_OS_SCP_CMD "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key" - _info "Trying to push cert '$_cfullchain' to router" - $ROUTER_OS_SCP_CMD "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer" + # push key to routeros + if ! _scp_certificate "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key"; then + return $_err_code + fi + + # push certificate chain to routeros + if ! _scp_certificate "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer"; then + return $_err_code + fi + DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=$ROUTER_OS_USERNAME \ comment=\"generated by routeros deploy script in acme.sh\" \ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\ @@ -179,3 +185,19 @@ _ssh_remote_cmd() { return $_err_code } + +_scp_certificate() { + _src="$1" + _dst="$2" + _secure_debug "scp '$_src' to '$_dst'" + _info "Push key '$_src' to routeros" + + $ROUTER_OS_SCP_CMD "$_src" "$_dst" + _err_code="$?" + + if [ "$_err_code" != "0" ]; then + _err "Error code $_err_code returned from scp" + fi + + return $_err_code +} From c3f6112443b6f547e3403410010992bbff3f1f81 Mon Sep 17 00:00:00 2001 From: Ian Grant Date: Sat, 19 Mar 2022 20:36:11 +0000 Subject: [PATCH 0724/1526] feat: Configure certificate for TrueNAS S3 service (MinIO) --- deploy/truenas.sh | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 6f1a31b0..b1ed9281 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -159,7 +159,30 @@ truenas_deploy() { fi _debug3 _activate_ftp_cert "$_activate_ftp_cert" else - _info "FTP certificate not set or not the same as Web UI" + _info "FTP certificate is not configured or is not the same as TrueNAS web UI" + fi + + _info "Checking if S3 certificate is the same as the TrueNAS web UI" + _s3_list=$(_get "$_api_url/s3") + _s3_cert_id=$(echo "$_s3_list" | grep '"certificate":' | tr -d -- '"certifa:_ ,') + + if [ "$_s3_cert_id" = "$_active_cert_id" ]; then + _info "Updating the S3 certificate" + _debug _s3_cert_id "$_s3_cert_id" + _s3_data="{\"certificate\": \"${_cert_id}\"}" + _activate_s3_cert="$(_post "$_s3_data" "$_api_url/s3" "" "PUT" "application/json")" + _s3_new_cert_id=$(echo "$_activate_s3_cert" | _json_decode | grep '"certificate":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') + if [ "$_s3_new_cert_id" -eq "$_cert_id" ]; then + _info "S3 certificate updated successfully" + else + _err "Unable to set S3 certificate" + _debug3 _activate_s3_cert "$_activate_s3_cert" + _debug3 _s3_new_cert_id "$_s3_new_cert_id" + return 1 + fi + _debug3 _activate_s3_cert "$_activate_s3_cert" + else + _info "S3 certificate is not configured or is not the same as TrueNAS web UI" fi _info "Delete old Certificate" From d4a6d9c076e96cbe0571eacedcba9be5a33408d8 Mon Sep 17 00:00:00 2001 From: Ian Grant Date: Sat, 19 Mar 2022 20:38:47 +0000 Subject: [PATCH 0725/1526] fix: Adjust the sed extraction of certificate ID from JSON response Prior to this, an error in the regex didn't match. Resolves #3992 (TrueNAS deploy hook fails to set certificate for FTP or WebDAV) --- deploy/truenas.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index b1ed9281..379a7538 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -125,7 +125,7 @@ truenas_deploy() { _debug _webdav_cert_id "$_webdav_cert_id" _webdav_data="{\"certssl\": \"${_cert_id}\"}" _activate_webdav_cert="$(_post "$_webdav_data" "$_api_url/webdav" "" "PUT" "application/json")" - _webdav_new_cert_id=$(echo "$_activate_webdav_cert" | _json_decode | sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p') + _webdav_new_cert_id=$(echo "$_activate_webdav_cert" | _json_decode | grep '"certssl":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') if [ "$_webdav_new_cert_id" -eq "$_cert_id" ]; then _info "WebDAV Certificate update successfully" else @@ -148,7 +148,7 @@ truenas_deploy() { _debug _ftp_cert_id "$_ftp_cert_id" _ftp_data="{\"ssltls_certificate\": \"${_cert_id}\"}" _activate_ftp_cert="$(_post "$_ftp_data" "$_api_url/ftp" "" "PUT" "application/json")" - _ftp_new_cert_id=$(echo "$_activate_ftp_cert" | _json_decode | sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p') + _ftp_new_cert_id=$(echo "$_activate_ftp_cert" | _json_decode | grep '"ssltls_certificate":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') if [ "$_ftp_new_cert_id" -eq "$_cert_id" ]; then _info "FTP Certificate update successfully" else From afa06267a2eda9920f077c0e544293c888706051 Mon Sep 17 00:00:00 2001 From: Ian Grant Date: Sat, 19 Mar 2022 20:39:48 +0000 Subject: [PATCH 0726/1526] style: Neaten up some of the info & error messages, fix some typos --- deploy/truenas.sh | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/deploy/truenas.sh b/deploy/truenas.sh index 379a7538..84cfd5f4 100644 --- a/deploy/truenas.sh +++ b/deploy/truenas.sh @@ -38,7 +38,7 @@ truenas_deploy() { _getdeployconf DEPLOY_TRUENAS_APIKEY if [ -z "$DEPLOY_TRUENAS_APIKEY" ]; then - _err "TrueNAS Api Key is not found, please define DEPLOY_TRUENAS_APIKEY." + _err "TrueNAS API key not found, please set the DEPLOY_TRUENAS_APIKEY environment variable." return 1 fi _secure_debug2 DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY" @@ -62,15 +62,14 @@ truenas_deploy() { _info "Testing Connection TrueNAS" _response=$(_get "$_api_url/system/state") - _info "TrueNAS System State: $_response." + _info "TrueNAS system state: $_response." if [ -z "$_response" ]; then _err "Unable to authenticate to $_api_url." - _err 'Check your Connection and set DEPLOY_TRUENAS_HOSTNAME="192.168.178.x".' - _err 'or' - _err 'set DEPLOY_TRUENAS_HOSTNAME="".' - _err 'Check your Connection and set DEPLOY_TRUENAS_SCHEME="https".' - _err "Check your Api Key." + _err 'Check your connection settings are correct, e.g.' + _err 'DEPLOY_TRUENAS_HOSTNAME="192.168.x.y" or DEPLOY_TRUENAS_HOSTNAME="truenas.example.com".' + _err 'DEPLOY_TRUENAS_SCHEME="https" or DEPLOY_TRUENAS_SCHEME="http".' + _err "Verify your TrueNAS API key is valid and set correctly, e.g. DEPLOY_TRUENAS_APIKEY=xxxx...." return 1 fi @@ -78,7 +77,7 @@ truenas_deploy() { _savedeployconf DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME" _savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" - _info "Getting active certificate from TrueNAS" + _info "Getting current active certificate from TrueNAS" _response=$(_get "$_api_url/system/general") _active_cert_id=$(echo "$_response" | grep -B2 '"name":' | grep 'id' | tr -d -- '"id: ,') _active_cert_name=$(echo "$_response" | grep '"name":' | sed -n 's/.*: "\(.\{1,\}\)",$/\1/p') @@ -88,14 +87,14 @@ truenas_deploy() { _debug Active_UI_http_redirect "$_param_httpsredirect" if [ "$DEPLOY_TRUENAS_SCHEME" = "http" ] && [ "$_param_httpsredirect" = "true" ]; then - _info "http Redirect active" + _info "HTTP->HTTPS redirection is enabled" _info "Setting DEPLOY_TRUENAS_SCHEME to 'https'" DEPLOY_TRUENAS_SCHEME="https" _api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0" _savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" fi - _info "Upload new certifikate to TrueNAS" + _info "Uploading new certificate to TrueNAS" _certname="Letsencrypt_$(_utc_date | tr ' ' '_' | tr -d -- ':')" _debug3 _certname "$_certname" @@ -104,30 +103,30 @@ truenas_deploy() { _debug3 _add_cert_result "$_add_cert_result" - _info "Getting Certificate list to get new Cert ID" + _info "Fetching list of installed certificates" _cert_list=$(_get "$_api_url/system/general/ui_certificate_choices") _cert_id=$(echo "$_cert_list" | grep "$_certname" | sed -n 's/.*"\([0-9]\{1,\}\)".*$/\1/p') _debug3 _cert_id "$_cert_id" - _info "Activate Certificate ID: $_cert_id" + _info "Current activate certificate ID: $_cert_id" _activateData="{\"ui_certificate\": \"${_cert_id}\"}" _activate_result="$(_post "$_activateData" "$_api_url/system/general" "" "PUT" "application/json")" _debug3 _activate_result "$_activate_result" - _info "Check if WebDAV certificate is the same as the WEB UI" + _info "Checking if WebDAV certificate is the same as the TrueNAS web UI" _webdav_list=$(_get "$_api_url/webdav") _webdav_cert_id=$(echo "$_webdav_list" | grep '"certssl":' | tr -d -- '"certsl: ,') if [ "$_webdav_cert_id" = "$_active_cert_id" ]; then - _info "Update the WebDAV Certificate" + _info "Updating the WebDAV certificate" _debug _webdav_cert_id "$_webdav_cert_id" _webdav_data="{\"certssl\": \"${_cert_id}\"}" _activate_webdav_cert="$(_post "$_webdav_data" "$_api_url/webdav" "" "PUT" "application/json")" _webdav_new_cert_id=$(echo "$_activate_webdav_cert" | _json_decode | grep '"certssl":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') if [ "$_webdav_new_cert_id" -eq "$_cert_id" ]; then - _info "WebDAV Certificate update successfully" + _info "WebDAV certificate updated successfully" else _err "Unable to set WebDAV certificate" _debug3 _activate_webdav_cert "$_activate_webdav_cert" @@ -136,21 +135,21 @@ truenas_deploy() { fi _debug3 _webdav_new_cert_id "$_webdav_new_cert_id" else - _info "WebDAV certificate not set or not the same as Web UI" + _info "WebDAV certificate is not configured or is not the same as TrueNAS web UI" fi - _info "Check if FTP certificate is the same as the WEB UI" + _info "Checking if FTP certificate is the same as the TrueNAS web UI" _ftp_list=$(_get "$_api_url/ftp") _ftp_cert_id=$(echo "$_ftp_list" | grep '"ssltls_certificate":' | tr -d -- '"certislfa:_ ,') if [ "$_ftp_cert_id" = "$_active_cert_id" ]; then - _info "Update the FTP Certificate" + _info "Updating the FTP certificate" _debug _ftp_cert_id "$_ftp_cert_id" _ftp_data="{\"ssltls_certificate\": \"${_cert_id}\"}" _activate_ftp_cert="$(_post "$_ftp_data" "$_api_url/ftp" "" "PUT" "application/json")" _ftp_new_cert_id=$(echo "$_activate_ftp_cert" | _json_decode | grep '"ssltls_certificate":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') if [ "$_ftp_new_cert_id" -eq "$_cert_id" ]; then - _info "FTP Certificate update successfully" + _info "FTP certificate updated successfully" else _err "Unable to set FTP certificate" _debug3 _activate_ftp_cert "$_activate_ftp_cert" @@ -185,19 +184,19 @@ truenas_deploy() { _info "S3 certificate is not configured or is not the same as TrueNAS web UI" fi - _info "Delete old Certificate" + _info "Deleting old certificate" _delete_result="$(_post "" "$_api_url/certificate/id/$_active_cert_id" "" "DELETE" "application/json")" _debug3 _delete_result "$_delete_result" - _info "Reload WebUI from TrueNAS" + _info "Reloading TrueNAS web UI" _restart_UI=$(_get "$_api_url/system/general/ui_restart") _debug2 _restart_UI "$_restart_UI" if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ]; then return 0 else - _err "Certupdate was not succesfull, please use --debug" + _err "Certificate update was not succesful, please try again with --debug" return 1 fi } From 451b290b7911a38602111f1e7cb76710b4fa8684 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 20 Mar 2022 12:42:35 +0800 Subject: [PATCH 0727/1526] Update discord.sh --- notify/discord.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/notify/discord.sh b/notify/discord.sh index 3cce4ee5..8df42e15 100644 --- a/notify/discord.sh +++ b/notify/discord.sh @@ -23,12 +23,12 @@ discord_send() { _saveaccountconf_mutable DISCORD_WEBHOOK_URL "$DISCORD_WEBHOOK_URL" DISCORD_USERNAME="${DISCORD_USERNAME:-$(_readaccountconf_mutable DISCORD_USERNAME)}" - if [ -n "$DISCORD_USERNAME" ]; then + if [ "$DISCORD_USERNAME" ]; then _saveaccountconf_mutable DISCORD_USERNAME "$DISCORD_USERNAME" fi DISCORD_AVATAR_URL="${DISCORD_AVATAR_URL:-$(_readaccountconf_mutable DISCORD_AVATAR_URL)}" - if [ -n "$DISCORD_AVATAR_URL" ]; then + if [ "$DISCORD_AVATAR_URL" ]; then _saveaccountconf_mutable DISCORD_AVATAR_URL "$DISCORD_AVATAR_URL" fi @@ -36,10 +36,10 @@ discord_send() { _content="$(printf "**%s**\n%s" "$_subject" "$_content" | _json_encode)" _data="{\"content\": \"$_content\" " - if [ -n "$DISCORD_USERNAME" ]; then + if [ "$DISCORD_USERNAME" ]; then _data="$_data, \"username\": \"$DISCORD_USERNAME\" " fi - if [ -n "$DISCORD_AVATAR_URL" ]; then + if [ "$DISCORD_AVATAR_URL" ]; then _data="$_data, \"avatar_url\": \"$DISCORD_AVATAR_URL\" " fi _data="$_data}" From 97a45e3b02e6cfefddbc7cda69febce967952b65 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 20 Mar 2022 12:43:23 +0800 Subject: [PATCH 0728/1526] Update discord.sh --- notify/discord.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/discord.sh b/notify/discord.sh index 8df42e15..58362a4e 100644 --- a/notify/discord.sh +++ b/notify/discord.sh @@ -46,7 +46,7 @@ discord_send() { if _post "$_data" "$DISCORD_WEBHOOK_URL?wait=true"; then # shellcheck disable=SC2154 - if [ -n "$response" ]; then + if [ "$response" ]; then _info "discord send success." return 0 fi From 7278fd25e54cc828b5bcf164d6e45e1c72ef5be2 Mon Sep 17 00:00:00 2001 From: Timur Umarov Date: Sun, 20 Mar 2022 21:50:39 +0300 Subject: [PATCH 0729/1526] Added fornex.com api --- dnsapi/dns_fornex.sh | 145 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 dnsapi/dns_fornex.sh diff --git a/dnsapi/dns_fornex.sh b/dnsapi/dns_fornex.sh new file mode 100644 index 00000000..80fb68e9 --- /dev/null +++ b/dnsapi/dns_fornex.sh @@ -0,0 +1,145 @@ +#!/usr/bin/env sh + +#Author: Timur Umarov + +FORNEX_API_URL="https://fornex.com/api/dns/v0.1" + +######## Public functions ##################### + +#Usage: dns_fornex_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_fornex_add() { + fulldomain=$1 + txtvalue=$2 + + if ! _Fornex_API; then + return 1 + fi + + if ! _get_root "$fulldomain"; then + _err "Unable to determine root domain" + return 1 + else + _debug _domain "$_domain" + fi + + _info "Adding record" + if _rest POST "$_domain/entry_set/add/" "host=$fulldomain&type=TXT&value=$txtvalue&apikey=$FORNEX_API_KEY"; then + _debug _response "$response" + if _contains "$response" '"ok": true' || _contains "$response" 'Такая запись уже существует.'; then + _info "Added, OK" + return 0 + fi + fi + _err "Add txt record error." + return 1 +} + +#Usage: dns_fornex_rm _acme-challenge.www.domain.com +dns_fornex_rm() { + fulldomain=$1 + txtvalue=$2 + + if ! _Fornex_API; then + return 1 + fi + + if ! _get_root "$fulldomain"; then + _err "Unable to determine root domain" + return 1 + else + _debug _domain "$_domain" + fi + + _debug "Getting txt records" + _rest GET "$_domain/entry_set.json?apikey=$FORNEX_API_KEY" + + if ! _contains "$response" "$txtvalue"; then + _err "Txt record not found" + return 1 + fi + + _record_id="$(echo "$response" | _egrep_o "{[^{]*\"value\"*:*\"$txtvalue\"[^}]*}" | sed -n -e 's#.*"id": \([0-9]*\).*#\1#p')" + _debug "_record_id" "$_record_id" + if [ -z "$_record_id" ]; then + _err "can not find _record_id" + return 1 + fi + + if ! _rest POST "$_domain/entry_set/$_record_id/delete/" "apikey=$FORNEX_API_KEY"; then + _err "Delete record error." + return 1 + fi + return 0 +} + +#################### Private functions below ################################## + +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +_get_root() { + domain=$1 + + i=2 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if ! _rest GET "domain_list.json?q=$h&apikey=$FORNEX_API_KEY"; then + return 1 + fi + + if _contains "$response" "\"$h\"" >/dev/null; then + _domain=$h + return 0 + else + _debug "$h not found" + fi + i=$(_math "$i" + 1) + done + + return 1 +} + +_Fornex_API() { + if [ -z "$FORNEX_API_KEY" ]; then + FORNEX_API_KEY="" + + _err "You didn't specify the Fornex API key yet." + _err "Please create your key and try again." + + return 1 + fi + + _saveaccountconf FORNEX_API_KEY "$FORNEX_API_KEY" +} + +#method method action data +_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + export _H1="Accept: application/json" + + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$FORNEX_API_URL/$ep" "" "$m")" + else + response="$(_get "$FORNEX_API_URL/$ep" | _normalizeJson)" + fi + + _ret="$?" + if [ "$_ret" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From a300df0020847fea6e978ff653e9f537399b4be3 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 25 Mar 2022 15:48:17 +0800 Subject: [PATCH 0730/1526] Update dns_fornex.sh --- dnsapi/dns_fornex.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_fornex.sh b/dnsapi/dns_fornex.sh index 80fb68e9..1910f332 100644 --- a/dnsapi/dns_fornex.sh +++ b/dnsapi/dns_fornex.sh @@ -81,7 +81,7 @@ dns_fornex_rm() { _get_root() { domain=$1 - i=2 + i=1 while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) _debug h "$h" From 0d05f9ba800b94b455d3d57954b5f24db84da709 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 27 Mar 2022 12:08:24 +0800 Subject: [PATCH 0731/1526] Update acme.sh fix https://github.com/acmesh-official/acme.sh/issues/4001 --- acme.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 55fa4467..b4cf3e63 100755 --- a/acme.sh +++ b/acme.sh @@ -1845,7 +1845,9 @@ _inithttp() { _ACME_WGET="$_ACME_WGET --max-redirect 0 " fi if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then - _ACME_WGET="$_ACME_WGET -d " + if [ "$_ACME_WGET" ] && _contains "$($_ACME_WGET --help 2>&1)" "--debug"; then + _ACME_WGET="$_ACME_WGET -d " + fi fi if [ "$CA_PATH" ]; then _ACME_WGET="$_ACME_WGET --ca-directory=$CA_PATH " From d6c68f1a843f28cb2a451890d07bee63d53b9e72 Mon Sep 17 00:00:00 2001 From: Marvo2011 Date: Mon, 28 Mar 2022 13:03:02 +0200 Subject: [PATCH 0732/1526] Rename delete function, add info --- dnsapi/dns_selfhost.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index d5ecd278..d51608c9 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -54,9 +54,10 @@ dns_selfhost_add() { fi } -dns_acmedns_rm() { +dns_selfhost_rm() { domain=$1 txt=$2 _debug fulldomain "$domain" _debug txtvalue "$txt" + _info "Creating and removing of records is not supported by selfhost API, will not delete anything." } From fb5091a388c6cb4280cd095ab74056697be21a54 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 30 Mar 2022 22:47:12 +0800 Subject: [PATCH 0733/1526] support Google ACME server see: https://github.com/acmesh-official/acme.sh/wiki/Server --- acme.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index b4cf3e63..c68ff7a9 100755 --- a/acme.sh +++ b/acme.sh @@ -34,6 +34,9 @@ _ZERO_EAB_ENDPOINT="https://api.zerossl.com/acme/eab-credentials-email" CA_SSLCOM_RSA="https://acme.ssl.com/sslcom-dv-rsa" CA_SSLCOM_ECC="https://acme.ssl.com/sslcom-dv-ecc" +CA_GOOGLE="https://dv.acme-v02.api.pki.goog/directory" +CA_GOOGLE_TEST="https://dv.acme-v02.test-api.pki.goog/directory" + DEFAULT_CA=$CA_ZEROSSL DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST @@ -44,9 +47,11 @@ LetsEncrypt.org_test,letsencrypt_test,letsencrypttest BuyPass.com,buypass BuyPass.com_test,buypass_test,buypasstest SSL.com,sslcom +Google.com,google +Google.com_test,googletest,google_test " -CA_SERVERS="$CA_ZEROSSL,$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_SSLCOM_RSA" +CA_SERVERS="$CA_ZEROSSL,$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_SSLCOM_RSA,$CA_GOOGLE,$CA_GOOGLE_TEST" DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)" From 3fb67629c13b96a57717471a9e257a7ffe7cc40b Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 30 Mar 2022 23:06:07 +0800 Subject: [PATCH 0734/1526] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 91a18985..097dd7a8 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,7 @@ https://github.com/acmesh-official/acmetest - Letsencrypt.org CA - [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA) - [SSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA) +- [Google.com Public CA](https://github.com/acmesh-official/acme.sh/wiki/Google-public-CA) - [Pebble strict Mode](https://github.com/letsencrypt/pebble) - Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA From 532e44bceae38ba37634ac5331bfda740a84381f Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 30 Mar 2022 23:37:38 +0800 Subject: [PATCH 0735/1526] normalize domains fix https://github.com/acmesh-official/acme.sh/issues/4005 --- acme.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index c68ff7a9..5566074f 100755 --- a/acme.sh +++ b/acme.sh @@ -4263,7 +4263,13 @@ issue() { _debug _saved_domain "$_saved_domain" _saved_alt=$(_readdomainconf Le_Alt) _debug _saved_alt "$_saved_alt" - if [ "$_saved_domain,$_saved_alt" = "$_main_domain,$_alt_domains" ]; then + _normized_saved_domains="$(echo "$_saved_domain,$_saved_alt" | tr "," "\n" | sort | tr '\n' ',')" + _debug _normized_saved_domains "$_normized_saved_domains" + + _normized_domains="$(echo "$_main_domain,$_alt_domains" | tr "," "\n" | sort | tr '\n' ',')" + _debug _normized_domains "$_normized_domains" + + if [ "$_normized_saved_domains" = "$_normized_domains" ]; then _info "Domains not changed." _info "Skip, Next renewal time is: $(__green "$(_readdomainconf Le_NextRenewTimeStr)")" _info "Add '$(__red '--force')' to force to renew." From d53262fab68ae24c44e572840e166a8e1cbfd8ab Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 31 Mar 2022 09:35:32 +0800 Subject: [PATCH 0736/1526] fix update account fix https://github.com/acmesh-official/acme.sh/issues/4009 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 5566074f..3860c301 100755 --- a/acme.sh +++ b/acme.sh @@ -3758,7 +3758,7 @@ updateaccount() { _email="$(_getAccountEmail)" - if [ "$ACCOUNT_EMAIL" ]; then + if [ "$_email" ]; then updjson='{"contact": ["mailto:'$_email'"]}' else updjson='{"contact": []}' From bcc984fc09ef319b0da74e02e0edc681dab2c866 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 31 Mar 2022 09:46:42 +0800 Subject: [PATCH 0737/1526] minor --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 097dd7a8..4a12d46a 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ https://github.com/acmesh-official/acmetest - Letsencrypt.org CA - [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA) - [SSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA) -- [Google.com Public CA](https://github.com/acmesh-official/acme.sh/wiki/Google-public-CA) +- [Google.com Public CA](https://github.com/acmesh-official/acme.sh/wiki/Google-Public-CA) - [Pebble strict Mode](https://github.com/letsencrypt/pebble) - Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA From de4c4eedd835f7235dd20c3f127ef8da76273e31 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 1 Apr 2022 21:22:42 +0800 Subject: [PATCH 0738/1526] Support NotBefore and NotAfter Add `--valid-from` and `--valid-to`: https://github.com/acmesh-official/acme.sh/wiki/Validity --- acme.sh | 135 +++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 123 insertions(+), 12 deletions(-) diff --git a/acme.sh b/acme.sh index 3860c301..665dc022 100755 --- a/acme.sh +++ b/acme.sh @@ -177,6 +177,8 @@ _SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server" _PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain" +_VALIDITY_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Validity" + _DNSCHECK_WIKI="https://github.com/acmesh-official/acme.sh/wiki/dnscheck" _DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead." @@ -1603,12 +1605,12 @@ _durl_replace_base64() { _time2str() { #BSD - if date -u -r "$1" 2>/dev/null; then + if date -u -r "$1" -j "+%Y-%m-%dT%H:%M:%SZ" 2>/dev/null; then return fi #Linux - if date -u -d@"$1" 2>/dev/null; then + if date -u --date=@"$1" "+%Y-%m-%dT%H:%M:%SZ" 2>/dev/null; then return fi @@ -1619,7 +1621,7 @@ _time2str() { fi #Busybox - if echo "$1" | awk '{ print strftime("%c", $0); }' 2>/dev/null; then + if echo "$1" | awk '{ print strftime("%Y-%m-%dT%H:%M:%SZ", $0); }' 2>/dev/null; then return fi } @@ -1778,6 +1780,22 @@ _time() { date -u "+%s" } +#support 2 formats: +# 2022-04-01 08:10:33 to 1648800633 +#or 2022-04-01T08:10:33Z to 1648800633 +_date2time() { + #Linux + if date -u -d "$(echo "$1" | tr -d "Z" | tr "T" ' ')" +"%s" 2>/dev/null; then + return + fi + #Mac/BSD + if date -u -j -f "%Y-%m-%d %H:%M:%S" "$(echo "$1" | tr -d "Z" | tr "T" ' ')" +"%s" 2>/dev/null; then + return + fi + _err "Can not parse _date2time $1" + return 1 +} + _utc_date() { date -u "+%Y-%m-%d %H:%M:%S" } @@ -3768,7 +3786,7 @@ updateaccount() { if [ "$code" = '200' ]; then echo "$response" >"$ACCOUNT_JSON_PATH" - _info "account update success for $_accUri." + _info "Account update success for $_accUri." else _info "Error. The account was not updated." return 1 @@ -4207,6 +4225,40 @@ _getIdType() { fi } +# beginTime dateTo +# beginTime is full string format("2022-04-01T08:10:33Z"), beginTime can be empty, to use current time +# dateTo can be ether in full string format("2022-04-01T08:10:33Z") or in delta format(+5d or +20h) +_convertValidaty() { + _beginTime="$1" + _dateTo="$2" + _debug2 "_beginTime" "$_beginTime" + _debug2 "_dateTo" "$_dateTo" + + if _startswith "$_dateTo" "+"; then + _v_begin=$(_time) + if [ "$_beginTime" ]; then + _v_begin="$(_date2time "$_beginTime")" + fi + _debug2 "_v_begin" "$_v_begin" + if _endswith "$_dateTo" "h"; then + _v_end=$(_math "$_v_begin + 60 * 60 * $(echo "$_dateTo" | tr -d '+h')") + elif _endswith "$_dateTo" "d"; then + _v_end=$(_math "$_v_begin + 60 * 60 * 24 * $(echo "$_dateTo" | tr -d '+d')") + else + _err "Not recognized format for _dateTo: $_dateTo" + return 1 + fi + _debug2 "_v_end" "$_v_end" + _time2str "$_v_end" + else + if [ "$(_time)" -gt "$(_date2time "$_dateTo")" ]; then + _err "The validaty to is in the past: _dateTo = $_dateTo" + return 1 + fi + echo "$_dateTo" + fi +} + #webroot, domain domainlist keylength issue() { if [ -z "$2" ]; then @@ -4240,6 +4292,8 @@ issue() { _local_addr="${13}" _challenge_alias="${14}" _preferred_chain="${15}" + _valid_from="${16}" + _valid_to="${17}" if [ -z "$_ACME_IS_RENEW" ]; then _initpath "$_main_domain" "$_key_length" @@ -4381,12 +4435,52 @@ issue() { _identifiers="$_identifiers,{\"type\":\"$(_getIdType "$d")\",\"value\":\"$(_idn "$d")\"}" done _debug2 _identifiers "$_identifiers" - if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then + _notBefore="" + _notAfter="" + + if [ "$_valid_from" ]; then + _savedomainconf "Le_Valid_From" "$_valid_from" + _debug2 "_valid_from" "$_valid_from" + _notBefore="$(_convertValidaty "" "$_valid_from")" + if [ "$?" != "0" ]; then + _err "Can not parse _valid_from: $_valid_from" + return 1 + fi + if [ "$(_time)" -gt "$(_date2time "$_notBefore")" ]; then + _notBefore="" + fi + else + _cleardomainconf "Le_Valid_From" + fi + _debug2 _notBefore "$_notBefore" + + if [ "$_valid_to" ]; then + _debug2 "_valid_to" "$_valid_to" + _savedomainconf "Le_Valid_To" "$_valid_to" + _notAfter="$(_convertValidaty "$_notBefore" "$_valid_to")" + if [ "$?" != "0" ]; then + _err "Can not parse _valid_to: $_valid_to" + return 1 + fi + else + _cleardomainconf "Le_Valid_To" + fi + _debug2 "_notAfter" "$_notAfter" + + _newOrderObj="{\"identifiers\": [$_identifiers]" + if [ "$_notBefore" ]; then + _newOrderObj="$_newOrderObj,\"notBefore\": \"$_notBefore\"" + fi + if [ "$_notAfter" ]; then + _newOrderObj="$_newOrderObj,\"notAfter\": \"$_notAfter\"" + fi + if ! _send_signed_request "$ACME_NEW_ORDER" "$_newOrderObj}"; then _err "Create new order error." _clearup _on_issue_err "$_post_hook" return 1 fi + Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n " | cut -d ":" -f 2-)" _debug Le_LinkOrder "$Le_LinkOrder" Le_OrderFinalize="$(echo "$response" | _egrep_o '"finalize" *: *"[^"]*"' | cut -d '"' -f 4)" @@ -5086,13 +5180,15 @@ $_authorizations_map" else _cleardomainconf Le_ForceNewDomainKey fi - - Le_NextRenewTime=$(_math "$Le_CertCreateTime" + "$Le_RenewalDays" \* 24 \* 60 \* 60) - - Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime") + if [ "$_notAfter" ]; then + Le_NextRenewTime=$(_date2time "$_notAfter") + Le_NextRenewTimeStr="$_notAfter" + else + Le_NextRenewTime=$(_math "$Le_CertCreateTime" + "$Le_RenewalDays" \* 24 \* 60 \* 60) + Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime") + Le_NextRenewTime=$(_math "$Le_NextRenewTime" - 86400) + fi _savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr" - - Le_NextRenewTime=$(_math "$Le_NextRenewTime" - 86400) _savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" if [ "$_real_cert$_real_key$_real_ca$_reload_cmd$_real_fullchain" ]; then @@ -6629,6 +6725,11 @@ Parameters: If no match, the default offered chain will be used. (default: empty) See: $_PREFERRED_CHAIN_WIKI + --valid-to Request the NotAfter field of the cert. + See: $_VALIDITY_WIKI + --valid-from Request the NotBefore field of the cert. + See: $_VALIDITY_WIKI + -f, --force Force install, force cert renewal or override sudo restrictions. --staging, --test Use staging server, for testing. --debug [0|1|2|3] Output debug info. Defaults to 1 if argument is omitted. @@ -6989,6 +7090,8 @@ _process() { _eab_kid="" _eab_hmac_key="" _preferred_chain="" + _valid_from="" + _valid_to="" while [ ${#} -gt 0 ]; do case "${1}" in @@ -7296,6 +7399,14 @@ _process() { Le_RenewalDays="$_days" shift ;; + --valid-from) + _valid_from="$2" + shift + ;; + --valid-to) + _valid_to="$2" + shift + ;; --httpport) _httpport="$2" Le_HTTPPort="$_httpport" @@ -7557,7 +7668,7 @@ _process() { uninstall) uninstall "$_nocron" ;; upgrade) upgrade ;; issue) - issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" + issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain" "$_valid_from" "$_valid_to" ;; deploy) deploy "$_domain" "$_deploy_hook" "$_ecc" From b49999721c6897730cf48f8688cc14f294893a58 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 1 Apr 2022 21:58:29 +0800 Subject: [PATCH 0739/1526] Update acme.sh --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 665dc022..4b4c7af9 100755 --- a/acme.sh +++ b/acme.sh @@ -1789,7 +1789,7 @@ _date2time() { return fi #Mac/BSD - if date -u -j -f "%Y-%m-%d %H:%M:%S" "$(echo "$1" | tr -d "Z" | tr "T" ' ')" +"%s" 2>/dev/null; then + if date -u -j -f "%Y-%m-%d %H:%M:%S" "$(echo "$1" | tr -d "Z" | tr "T" ' ')" +"%s" 2>/dev/null; then return fi _err "Can not parse _date2time $1" From 0f607413d08a3e067a4852b27faf096d846854bf Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 3 Apr 2022 20:05:30 +0800 Subject: [PATCH 0741/1526] fix for solaris time format --- acme.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index 4b4c7af9..c4ca029f 100755 --- a/acme.sh +++ b/acme.sh @@ -1615,9 +1615,8 @@ _time2str() { fi #Solaris - if _exists adb; then - _t_s_a=$(echo "0t${1}=Y" | adb) - echo "$_t_s_a" + if printf "%(%Y-%m-%dT%H:%M:%SZ)T\n" $1 2>/dev/null; then + return fi #Busybox @@ -1788,6 +1787,11 @@ _date2time() { if date -u -d "$(echo "$1" | tr -d "Z" | tr "T" ' ')" +"%s" 2>/dev/null; then return fi + + #Solaris + if gdate -u -d "$(echo "$1" | tr -d "Z" | tr "T" ' ')" +"%s" 2>/dev/null; then + return + fi #Mac/BSD if date -u -j -f "%Y-%m-%d %H:%M:%S" "$(echo "$1" | tr -d "Z" | tr "T" ' ')" +"%s" 2>/dev/null; then return From 225adcc83698cbd8a6de9580b64a7daa725db062 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 3 Apr 2022 21:58:41 +0800 Subject: [PATCH 0742/1526] fix renewal for validto fix renewal for validto --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index c4ca029f..25e7ad20 100755 --- a/acme.sh +++ b/acme.sh @@ -5293,7 +5293,7 @@ renew() { Le_PostHook="$(_readdomainconf Le_PostHook)" Le_RenewHook="$(_readdomainconf Le_RenewHook)" Le_Preferred_Chain="$(_readdomainconf Le_Preferred_Chain)" - issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain" + issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain" "$Le_Valid_From" "$Le_Valid_To" res="$?" if [ "$res" != "0" ]; then return "$res" From 6a90856f0eac62f5e5d7d2d0f791edebdde1496a Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 5 Apr 2022 17:05:33 +0800 Subject: [PATCH 0743/1526] don't renew cert if valid-to is set to an absolute date don't renew cert if valid-to is set to an absolute date --- acme.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/acme.sh b/acme.sh index 25e7ad20..fe390659 100755 --- a/acme.sh +++ b/acme.sh @@ -4317,6 +4317,13 @@ issue() { Le_NextRenewTime=$(_readdomainconf Le_NextRenewTime) _debug Le_NextRenewTime "$Le_NextRenewTime" if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then + _valid_to_saved=$(_readdomainconf Le_Valid_to) + if [ "$_valid_to_saved" ] && ! _startswith "$_valid_to_saved" "+"; then + _info "The domain is set to be valid to: $_valid_to_saved" + _info "It can not be renewed automatically" + _info "See: $_VALIDITY_WIKI" + return $RENEW_SKIP + fi _saved_domain=$(_readdomainconf Le_Domain) _debug _saved_domain "$_saved_domain" _saved_alt=$(_readdomainconf Le_Alt) @@ -5187,6 +5194,11 @@ $_authorizations_map" if [ "$_notAfter" ]; then Le_NextRenewTime=$(_date2time "$_notAfter") Le_NextRenewTimeStr="$_notAfter" + if [ "$_valid_to" ] && ! _startswith "$_valid_to" "+"; then + _info "The domain is set to be valid to: $_valid_to" + _info "It can not be renewed automatically" + _info "See: $_VALIDITY_WIKI" + fi else Le_NextRenewTime=$(_math "$Le_CertCreateTime" + "$Le_RenewalDays" \* 24 \* 60 \* 60) Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime") From 481f02de88208c6066426a23cadf0d5cf786d929 Mon Sep 17 00:00:00 2001 From: Kevin Brown Date: Wed, 6 Apr 2022 14:29:25 +1000 Subject: [PATCH 0744/1526] Also check for the closing quote so that only exact domain matches are found. --- dnsapi/dns_netlify.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_netlify.sh b/dnsapi/dns_netlify.sh index 2ce13e2b..65e803c5 100644 --- a/dnsapi/dns_netlify.sh +++ b/dnsapi/dns_netlify.sh @@ -114,7 +114,7 @@ _get_root() { fi if _contains "$response" "\"name\":\"$h\"" >/dev/null; then - _domain_id=$(echo "$response" | _egrep_o "\"[^\"]*\",\"name\":\"$h" | cut -d , -f 1 | tr -d \") + _domain_id=$(echo "$response" | _egrep_o "\"[^\"]*\",\"name\":\"$h\"" | cut -d , -f 1 | tr -d \") if [ "$_domain_id" ]; then if [ "$i" = 1 ]; then #create the record at the domain apex (@) if only the domain name was provided as --domain-alias From 40e7eca1eedab8d89df6a301533085f591dce659 Mon Sep 17 00:00:00 2001 From: hyper_ch Date: Thu, 7 Apr 2022 11:07:06 +0200 Subject: [PATCH 0745/1526] dns_ispconfig: adding missing brackets --- dnsapi/dns_ispconfig.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_ispconfig.sh b/dnsapi/dns_ispconfig.sh index e68ddd49..6f0e920f 100755 --- a/dnsapi/dns_ispconfig.sh +++ b/dnsapi/dns_ispconfig.sh @@ -32,7 +32,7 @@ dns_ispconfig_rm() { #################### Private functions below ################################## _ISPC_credentials() { - if [ -z "${ISPC_User}" ] || [ -z "$ISPC_Password" ] || [ -z "${ISPC_Api}" ] || [ -z "${ISPC_Api_Insecure}" ]; then + if [ -z "${ISPC_User}" ] || [ -z "${ISPC_Password}" ] || [ -z "${ISPC_Api}" ] || [ -z "${ISPC_Api_Insecure}" ]; then ISPC_User="" ISPC_Password="" ISPC_Api="" From 439defca429fa53c163058d26df9d8443f24f024 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 8 Apr 2022 22:15:26 +0800 Subject: [PATCH 0746/1526] switch from staging api to production api https://github.com/acmesh-official/acme.sh/issues/2401 --- acme.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/acme.sh b/acme.sh index fe390659..273d399f 100755 --- a/acme.sh +++ b/acme.sh @@ -5270,6 +5270,23 @@ renew() { Le_API="$CA_LETSENCRYPT_V2" fi + #revert from staging CAs back to production CAs + case "$Le_API" in + + "$CA_LETSENCRYPT_V2_TEST") + _info "Switching back to $CA_LETSENCRYPT_V2" + Le_API="$CA_LETSENCRYPT_V2" + ;; + "$CA_BUYPASS_TEST") + _info "Switching back to $CA_BUYPASS" + Le_API="$CA_BUYPASS" + ;; + "$CA_GOOGLE_TEST") + _info "Switching back to $CA_GOOGLE" + Le_API="$CA_GOOGLE" + ;; + esac + if [ "$Le_API" ]; then if [ "$Le_API" != "$ACME_DIRECTORY" ]; then _clearAPI From 6be2bb228958f12ccae4bb7cca5aacc90d009cf4 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 8 Apr 2022 22:28:21 +0800 Subject: [PATCH 0747/1526] Update acme.sh revert only when there is no `--server` specified. --- acme.sh | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/acme.sh b/acme.sh index 273d399f..49a1b0f1 100755 --- a/acme.sh +++ b/acme.sh @@ -5271,21 +5271,23 @@ renew() { fi #revert from staging CAs back to production CAs - case "$Le_API" in + if [ -z "$ACME_DIRECTORY" ]; then + case "$Le_API" in - "$CA_LETSENCRYPT_V2_TEST") - _info "Switching back to $CA_LETSENCRYPT_V2" - Le_API="$CA_LETSENCRYPT_V2" - ;; - "$CA_BUYPASS_TEST") - _info "Switching back to $CA_BUYPASS" - Le_API="$CA_BUYPASS" - ;; - "$CA_GOOGLE_TEST") - _info "Switching back to $CA_GOOGLE" - Le_API="$CA_GOOGLE" - ;; - esac + "$CA_LETSENCRYPT_V2_TEST") + _info "Switching back to $CA_LETSENCRYPT_V2" + Le_API="$CA_LETSENCRYPT_V2" + ;; + "$CA_BUYPASS_TEST") + _info "Switching back to $CA_BUYPASS" + Le_API="$CA_BUYPASS" + ;; + "$CA_GOOGLE_TEST") + _info "Switching back to $CA_GOOGLE" + Le_API="$CA_GOOGLE" + ;; + esac + fi if [ "$Le_API" ]; then if [ "$Le_API" != "$ACME_DIRECTORY" ]; then From 7cd6ff054bfbaf313d9b07b005a2f6592ed34a7a Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 10 Apr 2022 14:48:10 +0800 Subject: [PATCH 0748/1526] add --- .github/FUNDING.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 24be2c47..8905a651 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -3,7 +3,7 @@ github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] patreon: # Replace with a single Patreon username open_collective: acmesh -ko_fi: # Replace with a single Ko-fi username +ko_fi: neilpang tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry liberapay: # Replace with a single Liberapay username From 00483e8cdd40593bd47c9c045ae725c928b70e4c Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 10 Apr 2022 19:42:49 +0800 Subject: [PATCH 0749/1526] exclude zerossl tests in the CI It's not stable --- .github/workflows/FreeBSD.yml | 10 +++++----- .github/workflows/MacOS.yml | 10 +++++----- .github/workflows/Solaris.yml | 10 +++++----- .github/workflows/Windows.yml | 10 +++++----- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 5d032769..22f8b9af 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -25,11 +25,11 @@ jobs: CA: "" CA_EMAIL: "" TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - - TEST_ACME_Server: "ZeroSSL.com" - CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - CA: "ZeroSSL RSA Domain Secure Site CA" - CA_EMAIL: "githubtest@acme.sh" - TEST_PREFERRED_CHAIN: "" + #- TEST_ACME_Server: "ZeroSSL.com" + # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + # CA: "ZeroSSL RSA Domain Secure Site CA" + # CA_EMAIL: "githubtest@acme.sh" + # TEST_PREFERRED_CHAIN: "" runs-on: macos-10.15 env: TEST_LOCAL: 1 diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml index 4b529f6a..8d52b3f6 100644 --- a/.github/workflows/MacOS.yml +++ b/.github/workflows/MacOS.yml @@ -25,11 +25,11 @@ jobs: CA: "" CA_EMAIL: "" TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - - TEST_ACME_Server: "ZeroSSL.com" - CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - CA: "ZeroSSL RSA Domain Secure Site CA" - CA_EMAIL: "githubtest@acme.sh" - TEST_PREFERRED_CHAIN: "" + #- TEST_ACME_Server: "ZeroSSL.com" + # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + # CA: "ZeroSSL RSA Domain Secure Site CA" + # CA_EMAIL: "githubtest@acme.sh" + # TEST_PREFERRED_CHAIN: "" runs-on: macos-latest env: TEST_LOCAL: 1 diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 77fdcc9a..f8a3826c 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -25,11 +25,11 @@ jobs: CA: "" CA_EMAIL: "" TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - - TEST_ACME_Server: "ZeroSSL.com" - CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - CA: "ZeroSSL RSA Domain Secure Site CA" - CA_EMAIL: "githubtest@acme.sh" - TEST_PREFERRED_CHAIN: "" + #- TEST_ACME_Server: "ZeroSSL.com" + # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + # CA: "ZeroSSL RSA Domain Secure Site CA" + # CA_EMAIL: "githubtest@acme.sh" + # TEST_PREFERRED_CHAIN: "" runs-on: macos-10.15 env: TEST_LOCAL: 1 diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index 2d7eeeae..55d32519 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -25,11 +25,11 @@ jobs: CA: "" CA_EMAIL: "" TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 - - TEST_ACME_Server: "ZeroSSL.com" - CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" - CA: "ZeroSSL RSA Domain Secure Site CA" - CA_EMAIL: "githubtest@acme.sh" - TEST_PREFERRED_CHAIN: "" + #- TEST_ACME_Server: "ZeroSSL.com" + # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + # CA: "ZeroSSL RSA Domain Secure Site CA" + # CA_EMAIL: "githubtest@acme.sh" + # TEST_PREFERRED_CHAIN: "" runs-on: windows-latest env: TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} From 29e23ac9ce5e90039a00dd55ec273cb82855ad9c Mon Sep 17 00:00:00 2001 From: Bruce Lam Date: Sun, 10 Apr 2022 10:41:01 +0800 Subject: [PATCH 0750/1526] Due to down of cloudxns.net, remove `dns_cx.sh` --- dnsapi/dns_cx.sh | 185 ----------------------------------------------- 1 file changed, 185 deletions(-) delete mode 100755 dnsapi/dns_cx.sh diff --git a/dnsapi/dns_cx.sh b/dnsapi/dns_cx.sh deleted file mode 100755 index c287d507..00000000 --- a/dnsapi/dns_cx.sh +++ /dev/null @@ -1,185 +0,0 @@ -#!/usr/bin/env sh - -# CloudXNS Domain api -# -#CX_Key="1234" -# -#CX_Secret="sADDsdasdgdsf" - -CX_Api="https://www.cloudxns.net/api2" - -#REST_API -######## Public functions ##################### - -#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_cx_add() { - fulldomain=$1 - txtvalue=$2 - - CX_Key="${CX_Key:-$(_readaccountconf_mutable CX_Key)}" - CX_Secret="${CX_Secret:-$(_readaccountconf_mutable CX_Secret)}" - if [ -z "$CX_Key" ] || [ -z "$CX_Secret" ]; then - CX_Key="" - CX_Secret="" - _err "You don't specify cloudxns.net api key or secret yet." - _err "Please create you key and try again." - return 1 - fi - - REST_API="$CX_Api" - - #save the api key and email to the account conf file. - _saveaccountconf_mutable CX_Key "$CX_Key" - _saveaccountconf_mutable CX_Secret "$CX_Secret" - - _debug "First detect the root zone" - if ! _get_root "$fulldomain"; then - _err "invalid domain" - return 1 - fi - - add_record "$_domain" "$_sub_domain" "$txtvalue" -} - -#fulldomain txtvalue -dns_cx_rm() { - fulldomain=$1 - txtvalue=$2 - CX_Key="${CX_Key:-$(_readaccountconf_mutable CX_Key)}" - CX_Secret="${CX_Secret:-$(_readaccountconf_mutable CX_Secret)}" - REST_API="$CX_Api" - if _get_root "$fulldomain"; then - record_id="" - existing_records "$_domain" "$_sub_domain" "$txtvalue" - if [ "$record_id" ]; then - _rest DELETE "record/$record_id/$_domain_id" "{}" - _info "Deleted record ${fulldomain}" - fi - fi -} - -#usage: root sub -#return if the sub record already exists. -#echos the existing records count. -# '0' means doesn't exist -existing_records() { - _debug "Getting txt records" - root=$1 - sub=$2 - if ! _rest GET "record/$_domain_id?:domain_id?host_id=0&offset=0&row_num=100"; then - return 1 - fi - - seg=$(printf "%s\n" "$response" | _egrep_o '"record_id":[^{]*host":"'"$_sub_domain"'"[^}]*\}') - _debug seg "$seg" - if [ -z "$seg" ]; then - return 0 - fi - - if printf "%s" "$response" | grep '"type":"TXT"' >/dev/null; then - record_id=$(printf "%s\n" "$seg" | _egrep_o '"record_id":"[^"]*"' | cut -d : -f 2 | tr -d \" | _head_n 1) - _debug record_id "$record_id" - return 0 - fi - -} - -#add the txt record. -#usage: root sub txtvalue -add_record() { - root=$1 - sub=$2 - txtvalue=$3 - fulldomain="$sub.$root" - - _info "Adding record" - - if ! _rest POST "record" "{\"domain_id\": $_domain_id, \"host\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"type\":\"TXT\",\"ttl\":600, \"line_id\":1}"; then - return 1 - fi - - return 0 -} - -#################### Private functions below ################################## -#_acme-challenge.www.domain.com -#returns -# _sub_domain=_acme-challenge.www -# _domain=domain.com -# _domain_id=sdjkglgdfewsdfg -_get_root() { - domain=$1 - i=2 - p=1 - - if ! _rest GET "domain"; then - return 1 - fi - - while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) - _debug h "$h" - if [ -z "$h" ]; then - #not valid - return 1 - fi - - if _contains "$response" "$h."; then - seg=$(printf "%s\n" "$response" | _egrep_o '"id":[^{]*"'"$h"'."[^}]*}') - _debug seg "$seg" - _domain_id=$(printf "%s\n" "$seg" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") - _debug _domain_id "$_domain_id" - if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) - _debug _sub_domain "$_sub_domain" - _domain="$h" - _debug _domain "$_domain" - return 0 - fi - return 1 - fi - p="$i" - i=$(_math "$i" + 1) - done - return 1 -} - -#Usage: method URI data -_rest() { - m=$1 - ep="$2" - _debug ep "$ep" - url="$REST_API/$ep" - _debug url "$url" - - cdate=$(date -u "+%Y-%m-%d %H:%M:%S UTC") - _debug cdate "$cdate" - - data="$3" - _debug data "$data" - - sec="$CX_Key$url$data$cdate$CX_Secret" - _debug sec "$sec" - hmac=$(printf "%s" "$sec" | _digest md5 hex) - _debug hmac "$hmac" - - export _H1="API-KEY: $CX_Key" - export _H2="API-REQUEST-DATE: $cdate" - export _H3="API-HMAC: $hmac" - export _H4="Content-Type: application/json" - - if [ "$data" ]; then - response="$(_post "$data" "$url" "" "$m")" - else - response="$(_get "$url")" - fi - - if [ "$?" != "0" ]; then - _err "error $ep" - return 1 - fi - _debug2 response "$response" - - _contains "$response" '"code":1' - -} From 201673ca8aabcd4becd90119b3d0118078daedee Mon Sep 17 00:00:00 2001 From: quthla Date: Mon, 11 Apr 2022 00:29:55 +0200 Subject: [PATCH 0751/1526] Store Mailcow deploy parameters --- deploy/mailcow.sh | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/deploy/mailcow.sh b/deploy/mailcow.sh index c3535e7e..987f358b 100644 --- a/deploy/mailcow.sh +++ b/deploy/mailcow.sh @@ -20,18 +20,26 @@ mailcow_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - _mailcow_path="${DEPLOY_MAILCOW_PATH}" + _getdeployconf DEPLOY_MAILCOW_PATH + _getdeployconf DEPLOY_MAILCOW_RELOAD - if [ -z "$_mailcow_path" ]; then + _debug DEPLOY_MAILCOW_PATH "$DEPLOY_MAILCOW_PATH" + _debug DEPLOY_MAILCOW_RELOAD "$DEPLOY_MAILCOW_RELOAD" + + if [ -z "$DEPLOY_MAILCOW_PATH" ]; then _err "Mailcow path is not found, please define DEPLOY_MAILCOW_PATH." return 1 fi + _savedeployconf DEPLOY_MAILCOW_PATH "$DEPLOY_MAILCOW_PATH" + + [ -n "$DEPLOY_MAILCOW_RELOAD" ] && _savedeployconf DEPLOY_MAILCOW_RELOAD "$DEPLOY_MAILCOW_RELOAD" + #Tests if _ssl_path is the mailcow root directory. - if [ -f "${_mailcow_path}/generate_config.sh" ]; then - _ssl_path="${_mailcow_path}/data/assets/ssl/" + if [ -f "$DEPLOY_MAILCOW_PATH/generate_config.sh" ]; then + _ssl_path="$DEPLOY_MAILCOW_PATH/data/assets/ssl/" else - _ssl_path="${_mailcow_path}" + _ssl_path="$DEPLOY_MAILCOW_PATH" fi if [ ! -d "$_ssl_path" ]; then @@ -40,10 +48,7 @@ mailcow_deploy() { fi # ECC or RSA - if [ -z "${Le_Keylength}" ]; then - Le_Keylength="" - fi - if _isEccKey "${Le_Keylength}"; then + if _isEccKey "$Le_Keylength"; then _info "ECC key type detected" _cert_name_prefix="ecdsa-" else @@ -63,7 +68,7 @@ mailcow_deploy() { return 1 fi - DEFAULT_MAILCOW_RELOAD="docker restart $(docker ps -qaf name=postfix-mailcow); docker restart $(docker ps -qaf name=nginx-mailcow); docker restart $(docker ps -qaf name=dovecot-mailcow)" + DEFAULT_MAILCOW_RELOAD="docker restart \$(docker ps --quiet --filter name=nginx-mailcow --filter name=dovecot-mailcow)" _reload="${DEPLOY_MAILCOW_RELOAD:-$DEFAULT_MAILCOW_RELOAD}" _info "Run reload: $_reload" From 08ae8cc3cb76e1877464875e26ac4d43af5ffc6b Mon Sep 17 00:00:00 2001 From: quthla Date: Mon, 11 Apr 2022 11:39:21 +0200 Subject: [PATCH 0752/1526] Fix --- deploy/mailcow.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/deploy/mailcow.sh b/deploy/mailcow.sh index 987f358b..3492cea4 100644 --- a/deploy/mailcow.sh +++ b/deploy/mailcow.sh @@ -32,14 +32,11 @@ mailcow_deploy() { fi _savedeployconf DEPLOY_MAILCOW_PATH "$DEPLOY_MAILCOW_PATH" - [ -n "$DEPLOY_MAILCOW_RELOAD" ] && _savedeployconf DEPLOY_MAILCOW_RELOAD "$DEPLOY_MAILCOW_RELOAD" - #Tests if _ssl_path is the mailcow root directory. + _ssl_path="$DEPLOY_MAILCOW_PATH" if [ -f "$DEPLOY_MAILCOW_PATH/generate_config.sh" ]; then _ssl_path="$DEPLOY_MAILCOW_PATH/data/assets/ssl/" - else - _ssl_path="$DEPLOY_MAILCOW_PATH" fi if [ ! -d "$_ssl_path" ]; then @@ -48,13 +45,15 @@ mailcow_deploy() { fi # ECC or RSA - if _isEccKey "$Le_Keylength"; then + length=$(_readdomainconf Le_Keylength) + if _isEccKey "$length"; then _info "ECC key type detected" _cert_name_prefix="ecdsa-" else _info "RSA key type detected" _cert_name_prefix="" fi + _info "Copying key and cert" _real_key="$_ssl_path/${_cert_name_prefix}key.pem" if ! cat "$_ckey" >"$_real_key"; then From 2b891f7f1db192c4edd6079d97bbd1d7ba9bc17c Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 12 Apr 2022 10:11:05 +0800 Subject: [PATCH 0753/1526] Update dns_fornex.sh --- dnsapi/dns_fornex.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_fornex.sh b/dnsapi/dns_fornex.sh index 1910f332..53be307a 100644 --- a/dnsapi/dns_fornex.sh +++ b/dnsapi/dns_fornex.sh @@ -107,6 +107,7 @@ _get_root() { } _Fornex_API() { + FORNEX_API_KEY="${FORNEX_API_KEY:-$(_readaccountconf_mutable FORNEX_API_KEY)}" if [ -z "$FORNEX_API_KEY" ]; then FORNEX_API_KEY="" @@ -116,7 +117,7 @@ _Fornex_API() { return 1 fi - _saveaccountconf FORNEX_API_KEY "$FORNEX_API_KEY" + _saveaccountconf_mutable FORNEX_API_KEY "$FORNEX_API_KEY" } #method method action data From 2c28d6b10cb07d86efb63f41a4a4e5f3a65f0232 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 13 Apr 2022 20:20:28 +0800 Subject: [PATCH 0754/1526] fix for renew server --- acme.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index 49a1b0f1..8d8181dc 100755 --- a/acme.sh +++ b/acme.sh @@ -5151,7 +5151,7 @@ $_authorizations_map" Le_CertCreateTime=$(_time) _savedomainconf "Le_CertCreateTime" "$Le_CertCreateTime" - Le_CertCreateTimeStr=$(date -u) + Le_CertCreateTimeStr=$(_time2str "$Le_CertCreateTime") _savedomainconf "Le_CertCreateTimeStr" "$Le_CertCreateTimeStr" if [ -z "$Le_RenewalDays" ] || [ "$Le_RenewalDays" -lt "0" ]; then @@ -5289,11 +5289,10 @@ renew() { esac fi - if [ "$Le_API" ]; then + if [ "$Le_API" ] && [ "$ACME_DIRECTORY" ]; then if [ "$Le_API" != "$ACME_DIRECTORY" ]; then _clearAPI fi - export ACME_DIRECTORY="$Le_API" #reload ca configs ACCOUNT_KEY_PATH="" ACCOUNT_JSON_PATH="" From 03c83097033f4ef5362a3089c9306a1420fc16c8 Mon Sep 17 00:00:00 2001 From: Christopher Cope Date: Wed, 13 Apr 2022 15:41:44 -0400 Subject: [PATCH 0755/1526] Fix dns_loopia on FreeBSD --- dnsapi/dns_loopia.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_loopia.sh b/dnsapi/dns_loopia.sh index e95d8999..399c7867 100644 --- a/dnsapi/dns_loopia.sh +++ b/dnsapi/dns_loopia.sh @@ -79,7 +79,7 @@ dns_loopia_rm() { response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" if ! _contains "$response" "OK"; then - err_response=$(echo "$response" | grep -oPm1 "(?<=)[^<]+") + err_response=$(echo "$response" | sed 's/.*\(.*\)<\/string>.*/\1/') _err "Error could not get txt records: $err_response" return 1 fi @@ -148,7 +148,7 @@ _loopia_get_records() { response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" if ! _contains "$response" ""; then - err_response=$(echo "$response" | grep -oPm1 "(?<=)[^<]+") + err_response=$(echo "$response" | sed 's/.*\(.*\)<\/string>.*/\1/') _err "Error: $err_response" return 1 fi @@ -245,7 +245,7 @@ _loopia_add_record() { response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" if ! _contains "$response" "OK"; then - err_response=$(echo "$response" | grep -oPm1 "(?<=)[^<]+") + err_response=$(echo "$response" | sed 's/.*\(.*\)<\/string>.*/\1/') _err "Error: $err_response" return 1 fi @@ -310,7 +310,7 @@ _loopia_add_sub_domain() { response="$(_post "$xml_content" "$LOOPIA_Api" "" "POST")" if ! _contains "$response" "OK"; then - err_response=$(echo "$response" | grep -oPm1 "(?<=)[^<]+") + err_response=$(echo "$response" | sed 's/.*\(.*\)<\/string>.*/\1/') _err "Error: $err_response" return 1 fi From 515c9e7811bee4bb478b4b783f9d603a350ca23c Mon Sep 17 00:00:00 2001 From: Marcin Konicki Date: Fri, 15 Apr 2022 10:38:45 +0200 Subject: [PATCH 0756/1526] Fix DNS handling for MyDevil.net MyDevil updated their tool to require y|n confirmation when deleting record. --- dnsapi/dns_mydevil.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh index 2f398959..953290af 100755 --- a/dnsapi/dns_mydevil.sh +++ b/dnsapi/dns_mydevil.sh @@ -74,7 +74,7 @@ dns_mydevil_rm() { validRecords="^${num}${w}${fulldomain}${w}TXT${w}${any}${txtvalue}$" for id in $(devil dns list "$domain" | tail -n+2 | grep "${validRecords}" | cut -w -s -f 1); do _info "Removing record $id from domain $domain" - devil dns del "$domain" "$id" || _err "Could not remove DNS record." + echo "y" | devil dns del "$domain" "$id" || _err "Could not remove DNS record." done } @@ -87,7 +87,9 @@ mydevil_get_domain() { domain="" for domain in $(devil dns list | cut -w -s -f 1 | tail -n+2); do + _debug "Checking domain: $domain" if _endswith "$fulldomain" "$domain"; then + _debug "Fulldomain '$fulldomain' matches '$domain'" printf -- "%s" "$domain" return 0 fi From 5e465a298f69ad802a8accb4d22da7d7224b17fc Mon Sep 17 00:00:00 2001 From: DerVerruckteFuchs Date: Fri, 15 Apr 2022 23:04:10 -0400 Subject: [PATCH 0757/1526] Update 1984 Hosting's URL --- dnsapi/dns_1984hosting.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index db0cbe15..6accc597 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -42,7 +42,7 @@ dns_1984hosting_add() { _debug "Add TXT record $fulldomain with value '$txtvalue'" value="$(printf '%s' "$txtvalue" | _url_encode)" - url="https://management.1984hosting.com/domains/entry/" + url="https://1984.hosting/domains/entry/" postdata="entry=new" postdata="$postdata&type=TXT" @@ -95,7 +95,7 @@ dns_1984hosting_rm() { _debug _domain "$_domain" _debug "Delete $fulldomain TXT record" - url="https://management.1984hosting.com/domains" + url="https://1984.hosting/domains" if ! _get_zone_id "$url" "$_domain"; then _err "invalid zone" "$_domain" return 1 @@ -138,7 +138,7 @@ _1984hosting_login() { _debug "Login to 1984Hosting as user $One984HOSTING_Username" username=$(printf '%s' "$One984HOSTING_Username" | _url_encode) password=$(printf '%s' "$One984HOSTING_Password" | _url_encode) - url="https://management.1984hosting.com/accounts/checkuserauth/" + url="https://1984.hosting/accounts/checkuserauth/" response="$(_post "username=$username&password=$password&otpkey=" $url)" response="$(echo "$response" | _normalizeJson)" @@ -175,7 +175,7 @@ _check_cookies() { return 1 fi - _authget "https://management.1984hosting.com/accounts/loginstatus/" + _authget "https://1984.hosting/accounts/loginstatus/" if _contains "$response" '"ok": true'; then _debug "Cached cookies still valid" return 0 @@ -204,7 +204,7 @@ _get_root() { return 1 fi - _authget "https://management.1984hosting.com/domains/soacheck/?zone=$h&nameserver=ns0.1984.is." + _authget "https://1984.hosting/domains/soacheck/?zone=$h&nameserver=ns0.1984.is." if _contains "$_response" "serial" && ! _contains "$_response" "null"; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain="$h" @@ -251,11 +251,11 @@ _htmlget() { # add extra headers to request _authpost() { - url="https://management.1984hosting.com/domains" + url="https://1984.hosting/domains" _get_zone_id "$url" "$_domain" csrf_header="$(echo "$One984HOSTING_CSRFTOKEN_COOKIE" | _egrep_o "=[^=][0-9a-zA-Z]*" | tr -d "=")" export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE" - export _H2="Referer: https://management.1984hosting.com/domains/$_zone_id" + export _H2="Referer: https://1984.hosting/domains/$_zone_id" export _H3="X-CSRFToken: $csrf_header" _response=$(_post "$1" "$2") } From 3e8d9a1987f84ff42c8d69802983d437de172245 Mon Sep 17 00:00:00 2001 From: Bruce Lam Date: Tue, 19 Apr 2022 20:34:02 +0800 Subject: [PATCH 0758/1526] added: ipv6 identifier support --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 8d8181dc..358ddff5 100755 --- a/acme.sh +++ b/acme.sh @@ -4530,7 +4530,7 @@ issue() { response="$(echo "$response" | _normalizeJson)" _debug2 response "$response" - _d="$(echo "$response" | _egrep_o '"value" *: *"[^"]*"' | cut -d : -f 2 | tr -d ' "')" + _d="$(echo "$response" | _egrep_o '"value" *: *"[^"]*"' | cut -d : -f 2- | tr -d ' "')" if _contains "$response" "\"wildcard\" *: *true"; then _d="*.$_d" fi From c31027b2841786140cacd5e64e26a805621153d0 Mon Sep 17 00:00:00 2001 From: Sing Yu Chan Date: Sat, 16 Apr 2022 01:39:45 +0800 Subject: [PATCH 0759/1526] use `sleep infinity` instead `sleep 1` --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fa11ea8a..049649f6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -65,7 +65,8 @@ RUN for verb in help \ RUN printf "%b" '#!'"/usr/bin/env sh\n \ if [ \"\$1\" = \"daemon\" ]; then \n \ trap \"echo stop && killall crond && exit 0\" SIGTERM SIGINT \n \ - crond && while true; do sleep 1; done;\n \ + crond && sleep infinity &\n \ + wait \n \ else \n \ exec -- \"\$@\"\n \ fi" >/entry.sh && chmod +x /entry.sh From 4d89ce5d5008fc550c5acbc82cab28d9381b4d9d Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 20 Apr 2022 09:14:53 +0800 Subject: [PATCH 0760/1526] read csr with empty subject https://github.com/acmesh-official/acme.sh/issues/4024 --- acme.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 358ddff5..ad825435 100755 --- a/acme.sh +++ b/acme.sh @@ -5543,10 +5543,13 @@ showcsr() { _initpath _csrsubj=$(_readSubjectFromCSR "$_csrfile") - if [ "$?" != "0" ] || [ -z "$_csrsubj" ]; then + if [ "$?" != "0" ]; then _err "Can not read subject from csr: $_csrfile" return 1 fi + if [ -z "$_csrsubj" ]; then + _info "The Subject is empty" + fi _info "Subject=$_csrsubj" From 019a7bd66b421919dde76175f249fa94aced8651 Mon Sep 17 00:00:00 2001 From: "Hahn Axel (hahn)" Date: Wed, 20 Apr 2022 16:03:36 +0200 Subject: [PATCH 0761/1526] handle challenge-alias "false" --- acme.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/acme.sh b/acme.sh index 49a1b0f1..7103f7e4 100755 --- a/acme.sh +++ b/acme.sh @@ -4680,6 +4680,7 @@ $_authorizations_map" _dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')" fi _d_alias="$(_getfield "$_challenge_alias" "$_alias_index")" + test "$_d_alias" = "false" && _d_alias="" _alias_index="$(_math "$_alias_index" + 1)" _debug "_d_alias" "$_d_alias" if [ "$_d_alias" ]; then From 39bc4177068acb344653f7ccdf4cf967a1ea939e Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 21 Apr 2022 07:02:53 +0800 Subject: [PATCH 0762/1526] Update acme.sh --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 7103f7e4..7d211c37 100755 --- a/acme.sh +++ b/acme.sh @@ -4680,7 +4680,7 @@ $_authorizations_map" _dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')" fi _d_alias="$(_getfield "$_challenge_alias" "$_alias_index")" - test "$_d_alias" = "false" && _d_alias="" + test "$_d_alias" = "$NO_VALUE" && _d_alias="" _alias_index="$(_math "$_alias_index" + 1)" _debug "_d_alias" "$_d_alias" if [ "$_d_alias" ]; then From 9b27298d548ab912fe5aa8622165cb815d965712 Mon Sep 17 00:00:00 2001 From: Jakob Aarup Skov Date: Mon, 25 Apr 2022 09:43:38 +0200 Subject: [PATCH 0763/1526] Removed GratisDNS api --- dnsapi/dns_gdnsdk.sh | 177 ------------------------------------------- 1 file changed, 177 deletions(-) delete mode 100755 dnsapi/dns_gdnsdk.sh diff --git a/dnsapi/dns_gdnsdk.sh b/dnsapi/dns_gdnsdk.sh deleted file mode 100755 index 90842b25..00000000 --- a/dnsapi/dns_gdnsdk.sh +++ /dev/null @@ -1,177 +0,0 @@ -#!/usr/bin/env sh -#Author: Herman Sletteng -#Report Bugs here: https://github.com/loial/acme.sh -# -# -# Note, gratisdns requires a login first, so the script needs to handle -# temporary cookies. Since acme.sh _get/_post currently don't directly support -# cookies, I've defined wrapper functions _myget/_mypost to set the headers - -GDNSDK_API="https://admin.gratisdns.com" -######## Public functions ##################### -#Usage: dns_gdnsdk_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_gdnsdk_add() { - fulldomain=$1 - txtvalue=$2 - _info "Using gratisdns.dk" - _debug fulldomain "$fulldomain" - _debug txtvalue "$txtvalue" - if ! _gratisdns_login; then - _err "Login failed!" - return 1 - fi - #finding domain zone - if ! _get_domain; then - _err "No matching root domain for $fulldomain found" - return 1 - fi - # adding entry - _info "Adding the entry" - _mypost "action=dns_primary_record_added_txt&user_domain=$_domain&name=$fulldomain&txtdata=$txtvalue&ttl=1" - if _successful_update; then return 0; fi - _err "Couldn't create entry!" - return 1 -} - -#Usage: fulldomain txtvalue -#Remove the txt record after validation. -dns_gdnsdk_rm() { - fulldomain=$1 - txtvalue=$2 - _info "Using gratisdns.dk" - _debug fulldomain "$fulldomain" - _debug txtvalue "$txtvalue" - if ! _gratisdns_login; then - _err "Login failed!" - return 1 - fi - if ! _get_domain; then - _err "No matching root domain for $fulldomain found" - return 1 - fi - _findentry "$fulldomain" "$txtvalue" - if [ -z "$_id" ]; then - _info "Entry doesn't exist, nothing to delete" - return 0 - fi - _debug "Deleting record..." - _mypost "action=dns_primary_delete_txt&user_domain=$_domain&id=$_id" - # removing entry - - if _successful_update; then return 0; fi - _err "Couldn't delete entry!" - return 1 -} - -#################### Private functions below ################################## - -_checkcredentials() { - GDNSDK_Username="${GDNSDK_Username:-$(_readaccountconf_mutable GDNSDK_Username)}" - GDNSDK_Password="${GDNSDK_Password:-$(_readaccountconf_mutable GDNSDK_Password)}" - - if [ -z "$GDNSDK_Username" ] || [ -z "$GDNSDK_Password" ]; then - GDNSDK_Username="" - GDNSDK_Password="" - _err "You haven't specified gratisdns.dk username and password yet." - _err "Please add credentials and try again." - return 1 - fi - #save the credentials to the account conf file. - _saveaccountconf_mutable GDNSDK_Username "$GDNSDK_Username" - _saveaccountconf_mutable GDNSDK_Password "$GDNSDK_Password" - return 0 -} - -_checkcookie() { - GDNSDK_Cookie="${GDNSDK_Cookie:-$(_readaccountconf_mutable GDNSDK_Cookie)}" - if [ -z "$GDNSDK_Cookie" ]; then - _debug "No cached cookie found" - return 1 - fi - _myget "action=" - if (echo "$_result" | grep -q "logmeout"); then - _debug "Cached cookie still valid" - return 0 - fi - _debug "Cached cookie no longer valid" - GDNSDK_Cookie="" - _saveaccountconf_mutable GDNSDK_Cookie "$GDNSDK_Cookie" - return 1 -} - -_gratisdns_login() { - if ! _checkcredentials; then return 1; fi - - if _checkcookie; then - _debug "Already logged in" - return 0 - fi - _debug "Logging into GratisDNS with user $GDNSDK_Username" - - if ! _mypost "login=$GDNSDK_Username&password=$GDNSDK_Password&action=logmein"; then - _err "GratisDNS login failed for user $GDNSDK_Username bad RC from _post" - return 1 - fi - - GDNSDK_Cookie="$(grep -A 15 '302 Found' "$HTTP_HEADER" | _egrep_o 'Cookie: [^;]*' | _head_n 1 | cut -d ' ' -f2)" - - if [ -z "$GDNSDK_Cookie" ]; then - _err "GratisDNS login failed for user $GDNSDK_Username. Check $HTTP_HEADER file" - return 1 - fi - export GDNSDK_Cookie - _saveaccountconf_mutable GDNSDK_Cookie "$GDNSDK_Cookie" - return 0 -} - -_myget() { - #Adds cookie to request - export _H1="Cookie: $GDNSDK_Cookie" - _result=$(_get "$GDNSDK_API?$1") -} -_mypost() { - #Adds cookie to request - export _H1="Cookie: $GDNSDK_Cookie" - _result=$(_post "$1" "$GDNSDK_API") -} - -_get_domain() { - _myget 'action=dns_primarydns' - _domains=$(echo "$_result" | _egrep_o ' domain="[[:alnum:]._-]+' | sed 's/^.*"//') - if [ -z "$_domains" ]; then - _err "Primary domain list not found!" - return 1 - fi - for _domain in $_domains; do - if (_endswith "$fulldomain" "$_domain"); then - _debug "Root domain: $_domain" - return 0 - fi - done - return 1 -} - -_successful_update() { - if (echo "$_result" | grep -q 'table-success'); then return 0; fi - return 1 -} - -_findentry() { - #args $1: fulldomain, $2: txtvalue - #returns id of dns entry, if it exists - _myget "action=dns_primary_changeDNSsetup&user_domain=$_domain" - _debug3 "_result: $_result" - - _tmp_result=$(echo "$_result" | tr -d '\n\r' | _egrep_o "$1\s*$2[^?]*[^&]*&id=[^&]*") - _debug _tmp_result "$_tmp_result" - if [ -z "${_tmp_result:-}" ]; then - _debug "The variable is _tmp_result is not supposed to be empty, there may be something wrong with the script" - fi - - _id=$(echo "$_tmp_result" | sed 's/^.*=//') - if [ -n "$_id" ]; then - _debug "Entry found with _id=$_id" - return 0 - fi - return 1 -} From 14b59142332d4a5753c29707a25654caed307d05 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 28 Apr 2022 18:05:52 +0800 Subject: [PATCH 0764/1526] fix renew bug --- acme.sh | 48 ++++++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/acme.sh b/acme.sh index 74772b8b..a8c38a08 100755 --- a/acme.sh +++ b/acme.sh @@ -4975,7 +4975,7 @@ $_authorizations_map" return 1 fi _debug "sleep 2 secs to verify again" - sleep 2 + _sleep 2 _debug "checking" _send_signed_request "$uri" @@ -5250,7 +5250,8 @@ renew() { fi _isEcc="$2" - + #the server specified from commandline + _acme_server_back="$ACME_DIRECTORY" _initpath "$Le_Domain" "$_isEcc" _set_level=${NOTIFY_LEVEL:-$NOTIFY_LEVEL_DEFAULT} _info "$(__green "Renew: '$Le_Domain'")" @@ -5271,25 +5272,28 @@ renew() { Le_API="$CA_LETSENCRYPT_V2" fi - #revert from staging CAs back to production CAs - if [ -z "$ACME_DIRECTORY" ]; then - case "$Le_API" in - - "$CA_LETSENCRYPT_V2_TEST") - _info "Switching back to $CA_LETSENCRYPT_V2" - Le_API="$CA_LETSENCRYPT_V2" - ;; - "$CA_BUYPASS_TEST") - _info "Switching back to $CA_BUYPASS" - Le_API="$CA_BUYPASS" - ;; - "$CA_GOOGLE_TEST") - _info "Switching back to $CA_GOOGLE" - Le_API="$CA_GOOGLE" - ;; - esac + if [ "$_acme_server_back" ]; then + export ACME_DIRECTORY="$_acme_server_back" + else + export ACME_DIRECTORY="$Le_API" fi + case "$Le_API" in + "$CA_LETSENCRYPT_V2_TEST") + _info "Switching back to $CA_LETSENCRYPT_V2" + Le_API="$CA_LETSENCRYPT_V2" + ;; + "$CA_BUYPASS_TEST") + _info "Switching back to $CA_BUYPASS" + Le_API="$CA_BUYPASS" + ;; + "$CA_GOOGLE_TEST") + _info "Switching back to $CA_GOOGLE" + Le_API="$CA_GOOGLE" + ;; + esac + + if [ "$Le_API" ] && [ "$ACME_DIRECTORY" ]; then if [ "$Le_API" != "$ACME_DIRECTORY" ]; then _clearAPI @@ -5298,7 +5302,7 @@ renew() { ACCOUNT_KEY_PATH="" ACCOUNT_JSON_PATH="" CA_CONF="" - _debug3 "initpath again." + _debug2 "initpath again." _initpath "$Le_Domain" "$_isEcc" fi @@ -6959,6 +6963,10 @@ _processAccountConf() { } _checkSudo() { + if [ -z "__INTERACTIVE" ]; then + #don't check if it's not in an interactive shell + return 0 + fi if [ "$SUDO_GID" ] && [ "$SUDO_COMMAND" ] && [ "$SUDO_USER" ] && [ "$SUDO_UID" ]; then if [ "$SUDO_USER" = "root" ] && [ "$SUDO_UID" = "0" ]; then #it's root using sudo, no matter it's using sudo or not, just fine From 69040dd6685edd8c34ad949ef7867646870a4de0 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 28 Apr 2022 18:09:26 +0800 Subject: [PATCH 0765/1526] fix format --- acme.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/acme.sh b/acme.sh index a8c38a08..2a226e77 100755 --- a/acme.sh +++ b/acme.sh @@ -5293,7 +5293,6 @@ renew() { ;; esac - if [ "$Le_API" ] && [ "$ACME_DIRECTORY" ]; then if [ "$Le_API" != "$ACME_DIRECTORY" ]; then _clearAPI From 9b6f7752761d4c0993c844b531aa6823e723734e Mon Sep 17 00:00:00 2001 From: mrakopes Date: Thu, 28 Apr 2022 13:25:22 +0200 Subject: [PATCH 0766/1526] fix base64 decoding logic for single- ane multi-line encoded string --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 49a1b0f1..34f62afe 100755 --- a/acme.sh +++ b/acme.sh @@ -983,9 +983,9 @@ _base64() { #Usage: multiline _dbase64() { if [ "$1" ]; then - ${ACME_OPENSSL_BIN:-openssl} base64 -d -A - else ${ACME_OPENSSL_BIN:-openssl} base64 -d + else + ${ACME_OPENSSL_BIN:-openssl} base64 -d -A fi } From db83643c1ec04080edc27c136268edc9b537af95 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Thu, 28 Apr 2022 10:57:31 +0200 Subject: [PATCH 0767/1526] dns_world4you: fix _parse_paket_nr Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index fd124754..bcf256ff 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -54,15 +54,14 @@ dns_world4you_add() { if _contains "$res" "successfully"; then return 0 else - msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*

[^\t]*\t *\([^\t]*\)\t.*/\1/') - if _contains "$msg" '^<\!DOCTYPE html>'; then - msg='Unknown error' - fi - _err "Unable to add record: $msg" - if _contains "$msg" '^<\!DOCTYPE html>'; then + msg=$(echo "$res" | grep -A 15 'data-type="danger"' | grep "]*>[^<]" | sed 's/<[^>]*>\|^\s*//g') + if [ "$msg" = '' ]; then + _err "Unable to add record: Unknown error" echo "$ret" >'error-01.html' echo "$res" >'error-02.html' _err "View error-01.html and error-02.html for debugging" + else + _err "Unable to add record: my.world4you.com: $msg" fi return 1 fi @@ -119,15 +118,14 @@ dns_world4you_rm() { if _contains "$res" "successfully"; then return 0 else - msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*

[^\t]*\t *\([^\t]*\)\t.*/\1/') - if _contains "$msg" '^<\!DOCTYPE html>'; then - msg='Unknown error' - fi - _err "Unable to remove record: $msg" - if _contains "$msg" '^<\!DOCTYPE html>'; then + msg=$(echo "$res" | grep -A 15 'data-type="danger"' | grep "]*>[^<]" | sed 's/<[^>]*>\|^\s*//g') + if [ "$msg" = '' ]; then + _err "Unable to remove record: Unknown error" echo "$ret" >'error-01.html' echo "$res" >'error-02.html' _err "View error-01.html and error-02.html for debugging" + else + _err "Unable to remove record: my.world4you.com: $msg" fi return 1 fi @@ -199,6 +197,6 @@ _get_paketnr() { TLD="$domain" _debug domain "$domain" RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))") - PAKETNR=$(echo "$form" | grep "data-textfilter=\".* $domain " | _head_n 1 | sed 's/^.* \([0-9]*\) .*$/\1/') + PAKETNR=$(echo "$form" | grep "data-textfilter=\".* $domain " | _tail_n 1 | sed "s|.*$WORLD4YOU_API/\\([0-9]*\\)/.*|\\1|") return 0 } From 96d45cc34162347b236a3cbb252aec3f4246bbe2 Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Fri, 29 Apr 2022 22:23:39 +0200 Subject: [PATCH 0768/1526] Added variable checks --- dnsapi/dns_selfhost.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index d51608c9..601fca52 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -19,6 +19,11 @@ dns_selfhost_add() { SELFHOSTDNS_RID2="${SELFHOSTDNS_RID2:-$(_readaccountconf_mutable SELFHOSTDNS_RID2)}" SELFHOSTDNS_LAST_SLOT="$(_readaccountconf_mutable SELFHOSTDNS_LAST_SLOT)" + if [ -z "${SELFHOSTDNS_USERNAME:-}" ] || [ -z "${SELFHOSTDNS_PASSWORD:-}" ]; then + _err "SELFHOSTDNS_USERNAME and SELFHOSTDNS_PASSWORD must be set" + return 1 + fi + if test -z "$SELFHOSTDNS_LAST_SLOT"; then SELFHOSTDNS_LAST_SLOT=1 fi @@ -41,6 +46,11 @@ dns_selfhost_add() { fi fi + if test -z "$rid"; then + _err "SELFHOSTDNS_RID and SELFHOSTDNS_RID2, or SELFHOSTDNS_MAP must be set" + return 1 + fi + _saveaccountconf_mutable SELFHOSTDNS_LAST_SLOT "$SELFHOSTDNS_LAST_SLOT" _info "Trying to add $txt on selfhost for rid: $rid" From 610c3cf6811f4f152b5959ee451eae1f6e3fb929 Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Fri, 29 Apr 2022 22:26:36 +0200 Subject: [PATCH 0769/1526] Save domain dependent values in domain.conf after successfull use --- dnsapi/dns_selfhost.sh | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 601fca52..47e2f24c 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -12,12 +12,15 @@ dns_selfhost_add() { _debug txtvalue "$txt" SELFHOSTDNS_UPDATE_URL="https://selfhost.de/cgi-bin/api.pl" + + # Get values, but don't save until we successfully validated SELFHOSTDNS_USERNAME="${SELFHOSTDNS_USERNAME:-$(_readaccountconf_mutable SELFHOSTDNS_USERNAME)}" SELFHOSTDNS_PASSWORD="${SELFHOSTDNS_PASSWORD:-$(_readaccountconf_mutable SELFHOSTDNS_PASSWORD)}" - SELFHOSTDNS_MAP="${SELFHOSTDNS_MAP:-$(_readaccountconf_mutable SELFHOSTDNS_MAP)}" - SELFHOSTDNS_RID="${SELFHOSTDNS_RID:-$(_readaccountconf_mutable SELFHOSTDNS_RID)}" - SELFHOSTDNS_RID2="${SELFHOSTDNS_RID2:-$(_readaccountconf_mutable SELFHOSTDNS_RID2)}" - SELFHOSTDNS_LAST_SLOT="$(_readaccountconf_mutable SELFHOSTDNS_LAST_SLOT)" + # These values are domain dependent, so read them from there + _getdeployconf SELFHOSTDNS_MAP + _getdeployconf SELFHOSTDNS_RID + _getdeployconf SELFHOSTDNS_RID2 + _getdeployconf SELFHOSTDNS_LAST_SLOT if [ -z "${SELFHOSTDNS_USERNAME:-}" ] || [ -z "${SELFHOSTDNS_PASSWORD:-}" ]; then _err "SELFHOSTDNS_USERNAME and SELFHOSTDNS_PASSWORD must be set" @@ -28,12 +31,6 @@ dns_selfhost_add() { SELFHOSTDNS_LAST_SLOT=1 fi - _saveaccountconf_mutable SELFHOSTDNS_USERNAME "$SELFHOSTDNS_USERNAME" - _saveaccountconf_mutable SELFHOSTDNS_PASSWORD "$SELFHOSTDNS_PASSWORD" - _saveaccountconf_mutable SELFHOSTDNS_MAP "$SELFHOSTDNS_MAP" - _saveaccountconf_mutable SELFHOSTDNS_RID "$SELFHOSTDNS_RID" - _saveaccountconf_mutable SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" - rid=$(echo "$SELFHOSTDNS_MAP" | grep -Eoi "$domain:(\d+)" | tr -d "$domain:") if test -z "$rid"; then @@ -51,8 +48,6 @@ dns_selfhost_add() { return 1 fi - _saveaccountconf_mutable SELFHOSTDNS_LAST_SLOT "$SELFHOSTDNS_LAST_SLOT" - _info "Trying to add $txt on selfhost for rid: $rid" data="?username=$SELFHOSTDNS_USERNAME&password=$SELFHOSTDNS_PASSWORD&rid=$rid&content=$txt" @@ -62,6 +57,15 @@ dns_selfhost_add() { _err "Invalid response of acme-dns for selfhost" return 1 fi + + # Now that we know the values are good, save them + _saveaccountconf_mutable SELFHOSTDNS_USERNAME "$SELFHOSTDNS_USERNAME" + _saveaccountconf_mutable SELFHOSTDNS_PASSWORD "$SELFHOSTDNS_PASSWORD" + # These values are domain dependent, so store them there + _savedeployconf SELFHOSTDNS_MAP "$SELFHOSTDNS_MAP" + _savedeployconf SELFHOSTDNS_RID "$SELFHOSTDNS_RID" + _savedeployconf SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" + _savedeployconf SELFHOSTDNS_LAST_SLOT "$SELFHOSTDNS_LAST_SLOT" } dns_selfhost_rm() { From 1cbd5485e7d80fd184d3048972cc79e71ac1fffa Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Fri, 29 Apr 2022 22:53:36 +0200 Subject: [PATCH 0770/1526] Pseudo commit tp trigger Github Actions --- dnsapi/dns_selfhost.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 47e2f24c..33159c48 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -75,3 +75,4 @@ dns_selfhost_rm() { _debug txtvalue "$txt" _info "Creating and removing of records is not supported by selfhost API, will not delete anything." } + From 227eac10f1549f71e57e63721219cb8ba38e3062 Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Fri, 29 Apr 2022 23:05:46 +0200 Subject: [PATCH 0771/1526] Fix shfmt --- dnsapi/dns_selfhost.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 33159c48..47e2f24c 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -75,4 +75,3 @@ dns_selfhost_rm() { _debug txtvalue "$txt" _info "Creating and removing of records is not supported by selfhost API, will not delete anything." } - From 24ce7c19914917b4c78c4e49a442f0f40cf258fd Mon Sep 17 00:00:00 2001 From: nicolaspn Date: Mon, 2 May 2022 15:46:49 +0200 Subject: [PATCH 0772/1526] Add call dns OVH API for refresh domain after delete TXT record --- dnsapi/dns_ovh.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index e65babbd..b382e52f 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -198,6 +198,8 @@ dns_ovh_rm() { if ! _ovh_rest DELETE "domain/zone/$_domain/record/$rid"; then return 1 fi + _ovh_rest POST "domain/zone/$_domain/refresh" + _debug "Refresh:$response" return 0 fi done From 6aebaf6f47b0825cd8d6cc247214607ae7de25aa Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 5 Dec 2021 16:15:39 +0800 Subject: [PATCH 0773/1526] upgrade Solaris --- .github/workflows/Solaris.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index f8a3826c..567a22f9 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -40,7 +40,7 @@ jobs: TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} steps: - uses: actions/checkout@v2 - - uses: vmactions/cf-tunnel@v0.0.3 + - uses: vmactions/cf-tunnel@v0.0.4 id: tunnel with: protocol: http From 18de21f723605f4c8bc718dd1d126add2a47a205 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 13 Dec 2021 20:04:23 +0800 Subject: [PATCH 0774/1526] fix tunnel version --- .github/workflows/Solaris.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 567a22f9..f8a3826c 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -40,7 +40,7 @@ jobs: TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} steps: - uses: actions/checkout@v2 - - uses: vmactions/cf-tunnel@v0.0.4 + - uses: vmactions/cf-tunnel@v0.0.3 id: tunnel with: protocol: http From 3d312e2140652ad826617a4cdaa23626a0a9129c Mon Sep 17 00:00:00 2001 From: Marvo2011 Date: Wed, 5 Jan 2022 15:03:32 +0100 Subject: [PATCH 0775/1526] Added Selfhost DNS API +ShellCheck +ACME v2 compatible Example: - Fist create 2 new TXT records on _acme-challenge.example.com - Now note the ID in (...) from the edit page behind "_acme-challenge.example.com" export SELFHOSTDNS_USERNAME=myname export SELFHOSTDNS_PASSWORD=mypass export SELFHOSTDNS_RID=id_of_txt_record export SELFHOSTDNS_RID2=id_of_second_txt_record acme.sh --issue -d example.com --dns dns_selfhost --- dnsapi/dns_selfhost.sh | 55 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 dnsapi/dns_selfhost.sh diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh new file mode 100644 index 00000000..d7dfcca4 --- /dev/null +++ b/dnsapi/dns_selfhost.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env sh +# +# Author: Marvin Edeler +# Report Bugs here: https://github.com/Marvo2011/acme.sh/issues/1 + +dns_selfhost_add() { + domain=$1 + txt=$2 + _info "Calling acme-dns on selfhost" + _debug fulldomain "$domain" + _debug txtvalue "$txt" + + SELFHOSTDNS_UPDATE_URL="https://selfhost.de/cgi-bin/api.pl" + SELFHOSTDNS_USERNAME="${SELFHOSTDNS_USERNAME:-$(_readaccountconf_mutable SELFHOSTDNS_USERNAME)}" + SELFHOSTDNS_PASSWORD="${SELFHOSTDNS_PASSWORD:-$(_readaccountconf_mutable SELFHOSTDNS_PASSWORD)}" + SELFHOSTDNS_RID="${SELFHOSTDNS_RID:-$(_readaccountconf_mutable SELFHOSTDNS_RID)}" + SELFHOSTDNS_RID2="${SELFHOSTDNS_RID2:-$(_readaccountconf_mutable SELFHOSTDNS_RID2)}" + SELFHOSTDNS_LAST_SLOT="$(_readaccountconf_mutable SELFHOSTDNS_LAST_SLOT)" + + if test -z "$SELFHOSTDNS_LAST_SLOT"; then + SELFHOSTDNS_LAST_SLOT=1 + fi + + _saveaccountconf_mutable SELFHOSTDNS_USERNAME "$SELFHOSTDNS_USERNAME" + _saveaccountconf_mutable SELFHOSTDNS_PASSWORD "$SELFHOSTDNS_PASSWORD" + _saveaccountconf_mutable SELFHOSTDNS_RID "$SELFHOSTDNS_RID" + _saveaccountconf_mutable SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" + + if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then + rid=$SELFHOSTDNS_RID + SELFHOSTDNS_LAST_SLOT=1 + else + rid=$SELFHOSTDNS_RID2 + SELFHOSTDNS_LAST_SLOT=2 + fi + + _saveaccountconf_mutable SELFHOSTDNS_LAST_SLOT "$SELFHOSTDNS_LAST_SLOT" + + _info "Trying to add $txt on selfhost for rid: $rid" + + data="?username=$SELFHOSTDNS_USERNAME&password=$SELFHOSTDNS_PASSWORD&rid=$rid&content=$txt" + response="$(_get "$SELFHOSTDNS_UPDATE_URL$data")" + + if ! echo "$response" | grep "200 OK" >/dev/null; then + _err "Invalid response of acme-dns for selfhost" + return 1 + fi +} + +dns_acmedns_rm() { + domain=$1 + txt=$2 + _debug fulldomain "$domain" + _debug txtvalue "$txt" +} From e717c9dba248f141c37b614a6c53b2d699ff3591 Mon Sep 17 00:00:00 2001 From: Marvo2011 Date: Sun, 9 Jan 2022 11:04:15 +0100 Subject: [PATCH 0776/1526] Start ShellCheck and CI Test --- dnsapi/dns_selfhost.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index d7dfcca4..8c6e9a91 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -2,6 +2,7 @@ # # Author: Marvin Edeler # Report Bugs here: https://github.com/Marvo2011/acme.sh/issues/1 +# Last Edit: 09.01.2022 dns_selfhost_add() { domain=$1 From 77d606df34590e0b36233d759f7f595ab42d16c5 Mon Sep 17 00:00:00 2001 From: Marvo2011 Date: Thu, 17 Feb 2022 19:02:35 +0100 Subject: [PATCH 0777/1526] Add custom option to map multidomain RIDs --- dnsapi/dns_selfhost.sh | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 8c6e9a91..1ebc6596 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -2,7 +2,7 @@ # # Author: Marvin Edeler # Report Bugs here: https://github.com/Marvo2011/acme.sh/issues/1 -# Last Edit: 09.01.2022 +# Last Edit: 17.02.2022 dns_selfhost_add() { domain=$1 @@ -14,6 +14,7 @@ dns_selfhost_add() { SELFHOSTDNS_UPDATE_URL="https://selfhost.de/cgi-bin/api.pl" SELFHOSTDNS_USERNAME="${SELFHOSTDNS_USERNAME:-$(_readaccountconf_mutable SELFHOSTDNS_USERNAME)}" SELFHOSTDNS_PASSWORD="${SELFHOSTDNS_PASSWORD:-$(_readaccountconf_mutable SELFHOSTDNS_PASSWORD)}" + SELFHOSTDNS_MAP="${SELFHOSTDNS_MAP:-$(_readaccountconf_mutable SELFHOSTDNS_MAP)}" SELFHOSTDNS_RID="${SELFHOSTDNS_RID:-$(_readaccountconf_mutable SELFHOSTDNS_RID)}" SELFHOSTDNS_RID2="${SELFHOSTDNS_RID2:-$(_readaccountconf_mutable SELFHOSTDNS_RID2)}" SELFHOSTDNS_LAST_SLOT="$(_readaccountconf_mutable SELFHOSTDNS_LAST_SLOT)" @@ -24,15 +25,19 @@ dns_selfhost_add() { _saveaccountconf_mutable SELFHOSTDNS_USERNAME "$SELFHOSTDNS_USERNAME" _saveaccountconf_mutable SELFHOSTDNS_PASSWORD "$SELFHOSTDNS_PASSWORD" + _saveaccountconf_mutable SELFHOSTDNS_MAP "$SELFHOSTDNS_MAP" _saveaccountconf_mutable SELFHOSTDNS_RID "$SELFHOSTDNS_RID" _saveaccountconf_mutable SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" - if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then - rid=$SELFHOSTDNS_RID - SELFHOSTDNS_LAST_SLOT=1 - else - rid=$SELFHOSTDNS_RID2 - SELFHOSTDNS_LAST_SLOT=2 + rid=$(echo $SELFHOSTDNS_MAP | grep -Eoi "$domain:(\d+)" | tr -d "$domain:") + if test -z "$rid"; then + if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then + rid=$SELFHOSTDNS_RID + SELFHOSTDNS_LAST_SLOT=1 + else + rid=$SELFHOSTDNS_RID2 + SELFHOSTDNS_LAST_SLOT=2 + fi fi _saveaccountconf_mutable SELFHOSTDNS_LAST_SLOT "$SELFHOSTDNS_LAST_SLOT" From c23c40df8a5c27fbe130afc007913ba3b312583c Mon Sep 17 00:00:00 2001 From: Marvo2011 Date: Thu, 17 Feb 2022 19:08:58 +0100 Subject: [PATCH 0778/1526] Fix shellcheck, use double quote --- dnsapi/dns_selfhost.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 1ebc6596..7ad92e20 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -29,7 +29,7 @@ dns_selfhost_add() { _saveaccountconf_mutable SELFHOSTDNS_RID "$SELFHOSTDNS_RID" _saveaccountconf_mutable SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" - rid=$(echo $SELFHOSTDNS_MAP | grep -Eoi "$domain:(\d+)" | tr -d "$domain:") + rid=$(echo "$SELFHOSTDNS_MAP" | grep -Eoi "$domain:(\d+)" | tr -d "$domain:") if test -z "$rid"; then if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then rid=$SELFHOSTDNS_RID From ef8cb11707e2c1351563ebddd10e22f1e4ce5935 Mon Sep 17 00:00:00 2001 From: Marvo2011 Date: Thu, 17 Feb 2022 19:30:56 +0100 Subject: [PATCH 0779/1526] Fix shfmt --- dnsapi/dns_selfhost.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 7ad92e20..d5ecd278 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -29,7 +29,8 @@ dns_selfhost_add() { _saveaccountconf_mutable SELFHOSTDNS_RID "$SELFHOSTDNS_RID" _saveaccountconf_mutable SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" - rid=$(echo "$SELFHOSTDNS_MAP" | grep -Eoi "$domain:(\d+)" | tr -d "$domain:") + rid=$(echo "$SELFHOSTDNS_MAP" | grep -Eoi "$domain:(\d+)" | tr -d "$domain:") + if test -z "$rid"; then if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then rid=$SELFHOSTDNS_RID From 1054325b2dcd61ecdf55b2aad213f9878d38c530 Mon Sep 17 00:00:00 2001 From: Marvo2011 Date: Mon, 28 Mar 2022 13:03:02 +0200 Subject: [PATCH 0780/1526] Rename delete function, add info --- dnsapi/dns_selfhost.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index d5ecd278..d51608c9 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -54,9 +54,10 @@ dns_selfhost_add() { fi } -dns_acmedns_rm() { +dns_selfhost_rm() { domain=$1 txt=$2 _debug fulldomain "$domain" _debug txtvalue "$txt" + _info "Creating and removing of records is not supported by selfhost API, will not delete anything." } From 9bf37fde027dba6f03e7942a6398e50256d206e7 Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Fri, 29 Apr 2022 22:23:39 +0200 Subject: [PATCH 0781/1526] Added variable checks --- dnsapi/dns_selfhost.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index d51608c9..601fca52 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -19,6 +19,11 @@ dns_selfhost_add() { SELFHOSTDNS_RID2="${SELFHOSTDNS_RID2:-$(_readaccountconf_mutable SELFHOSTDNS_RID2)}" SELFHOSTDNS_LAST_SLOT="$(_readaccountconf_mutable SELFHOSTDNS_LAST_SLOT)" + if [ -z "${SELFHOSTDNS_USERNAME:-}" ] || [ -z "${SELFHOSTDNS_PASSWORD:-}" ]; then + _err "SELFHOSTDNS_USERNAME and SELFHOSTDNS_PASSWORD must be set" + return 1 + fi + if test -z "$SELFHOSTDNS_LAST_SLOT"; then SELFHOSTDNS_LAST_SLOT=1 fi @@ -41,6 +46,11 @@ dns_selfhost_add() { fi fi + if test -z "$rid"; then + _err "SELFHOSTDNS_RID and SELFHOSTDNS_RID2, or SELFHOSTDNS_MAP must be set" + return 1 + fi + _saveaccountconf_mutable SELFHOSTDNS_LAST_SLOT "$SELFHOSTDNS_LAST_SLOT" _info "Trying to add $txt on selfhost for rid: $rid" From b07e479840817af8adde56265c81e0267dc7f477 Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Fri, 29 Apr 2022 22:26:36 +0200 Subject: [PATCH 0782/1526] Save domain dependent values in domain.conf after successfull use --- dnsapi/dns_selfhost.sh | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 601fca52..47e2f24c 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -12,12 +12,15 @@ dns_selfhost_add() { _debug txtvalue "$txt" SELFHOSTDNS_UPDATE_URL="https://selfhost.de/cgi-bin/api.pl" + + # Get values, but don't save until we successfully validated SELFHOSTDNS_USERNAME="${SELFHOSTDNS_USERNAME:-$(_readaccountconf_mutable SELFHOSTDNS_USERNAME)}" SELFHOSTDNS_PASSWORD="${SELFHOSTDNS_PASSWORD:-$(_readaccountconf_mutable SELFHOSTDNS_PASSWORD)}" - SELFHOSTDNS_MAP="${SELFHOSTDNS_MAP:-$(_readaccountconf_mutable SELFHOSTDNS_MAP)}" - SELFHOSTDNS_RID="${SELFHOSTDNS_RID:-$(_readaccountconf_mutable SELFHOSTDNS_RID)}" - SELFHOSTDNS_RID2="${SELFHOSTDNS_RID2:-$(_readaccountconf_mutable SELFHOSTDNS_RID2)}" - SELFHOSTDNS_LAST_SLOT="$(_readaccountconf_mutable SELFHOSTDNS_LAST_SLOT)" + # These values are domain dependent, so read them from there + _getdeployconf SELFHOSTDNS_MAP + _getdeployconf SELFHOSTDNS_RID + _getdeployconf SELFHOSTDNS_RID2 + _getdeployconf SELFHOSTDNS_LAST_SLOT if [ -z "${SELFHOSTDNS_USERNAME:-}" ] || [ -z "${SELFHOSTDNS_PASSWORD:-}" ]; then _err "SELFHOSTDNS_USERNAME and SELFHOSTDNS_PASSWORD must be set" @@ -28,12 +31,6 @@ dns_selfhost_add() { SELFHOSTDNS_LAST_SLOT=1 fi - _saveaccountconf_mutable SELFHOSTDNS_USERNAME "$SELFHOSTDNS_USERNAME" - _saveaccountconf_mutable SELFHOSTDNS_PASSWORD "$SELFHOSTDNS_PASSWORD" - _saveaccountconf_mutable SELFHOSTDNS_MAP "$SELFHOSTDNS_MAP" - _saveaccountconf_mutable SELFHOSTDNS_RID "$SELFHOSTDNS_RID" - _saveaccountconf_mutable SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" - rid=$(echo "$SELFHOSTDNS_MAP" | grep -Eoi "$domain:(\d+)" | tr -d "$domain:") if test -z "$rid"; then @@ -51,8 +48,6 @@ dns_selfhost_add() { return 1 fi - _saveaccountconf_mutable SELFHOSTDNS_LAST_SLOT "$SELFHOSTDNS_LAST_SLOT" - _info "Trying to add $txt on selfhost for rid: $rid" data="?username=$SELFHOSTDNS_USERNAME&password=$SELFHOSTDNS_PASSWORD&rid=$rid&content=$txt" @@ -62,6 +57,15 @@ dns_selfhost_add() { _err "Invalid response of acme-dns for selfhost" return 1 fi + + # Now that we know the values are good, save them + _saveaccountconf_mutable SELFHOSTDNS_USERNAME "$SELFHOSTDNS_USERNAME" + _saveaccountconf_mutable SELFHOSTDNS_PASSWORD "$SELFHOSTDNS_PASSWORD" + # These values are domain dependent, so store them there + _savedeployconf SELFHOSTDNS_MAP "$SELFHOSTDNS_MAP" + _savedeployconf SELFHOSTDNS_RID "$SELFHOSTDNS_RID" + _savedeployconf SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" + _savedeployconf SELFHOSTDNS_LAST_SLOT "$SELFHOSTDNS_LAST_SLOT" } dns_selfhost_rm() { From 199d846acba357f11908dfc4219668dca5e9a459 Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Fri, 29 Apr 2022 22:53:36 +0200 Subject: [PATCH 0783/1526] Pseudo commit tp trigger Github Actions --- dnsapi/dns_selfhost.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 47e2f24c..33159c48 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -75,3 +75,4 @@ dns_selfhost_rm() { _debug txtvalue "$txt" _info "Creating and removing of records is not supported by selfhost API, will not delete anything." } + From fe3523f47a0f05173ac2b1ac1620cbc3c671e9da Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Fri, 29 Apr 2022 23:05:46 +0200 Subject: [PATCH 0784/1526] Fix shfmt --- dnsapi/dns_selfhost.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 33159c48..47e2f24c 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -75,4 +75,3 @@ dns_selfhost_rm() { _debug txtvalue "$txt" _info "Creating and removing of records is not supported by selfhost API, will not delete anything." } - From 64847afc3ff8cfe214aca7db7f793d96bee95e5e Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 3 May 2022 21:19:29 +0800 Subject: [PATCH 0785/1526] save the default key length --- acme.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/acme.sh b/acme.sh index de472865..6bdd7b7c 100755 --- a/acme.sh +++ b/acme.sh @@ -4382,10 +4382,6 @@ issue() { _alt_domains="" fi - if [ "$_key_length" = "$NO_VALUE" ]; then - _key_length="" - fi - if ! _on_before_issue "$_web_roots" "$_main_domain" "$_alt_domains" "$_pre_hook" "$_local_addr"; then _err "_on_before_issue." return 1 @@ -5327,6 +5323,10 @@ renew() { Le_PostHook="$(_readdomainconf Le_PostHook)" Le_RenewHook="$(_readdomainconf Le_RenewHook)" Le_Preferred_Chain="$(_readdomainconf Le_Preferred_Chain)" + #when renew from an old version, the empty Le_Keylength means 2048 + if [ -z "$Le_Keylength" ]; then + Le_Keylength=2048 + fi issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias" "$Le_Preferred_Chain" "$Le_Valid_From" "$Le_Valid_To" res="$?" if [ "$res" != "0" ]; then @@ -7087,8 +7087,8 @@ _process() { _altdomains="$NO_VALUE" _webroot="" _challenge_alias="" - _keylength="" - _accountkeylength="" + _keylength="$DEFAULT_DOMAIN_KEY_LENGTH" + _accountkeylength="$DEFAULT_ACCOUNT_KEY_LENGTH" _cert_file="" _key_file="" _ca_file="" From 7f9074adbf2f2aeba61db36a3233730c4768c033 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 3 May 2022 21:35:26 +0800 Subject: [PATCH 0786/1526] fix format --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 6bdd7b7c..c5985f2e 100755 --- a/acme.sh +++ b/acme.sh @@ -5323,7 +5323,7 @@ renew() { Le_PostHook="$(_readdomainconf Le_PostHook)" Le_RenewHook="$(_readdomainconf Le_RenewHook)" Le_Preferred_Chain="$(_readdomainconf Le_Preferred_Chain)" - #when renew from an old version, the empty Le_Keylength means 2048 + #when renew from an old version, the empty Le_Keylength means 2048 if [ -z "$Le_Keylength" ]; then Le_Keylength=2048 fi From f03098551ecfb26a0fdd0acbb11bee590cd49263 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 4 May 2022 18:44:37 +0800 Subject: [PATCH 0787/1526] start 3.0.4 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index c5985f2e..eb9ba7ef 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=3.0.3 +VER=3.0.4 PROJECT_NAME="acme.sh" From 8d783e8e1f1ced348068a714f1b4576f335b4132 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 6 May 2022 18:04:29 +0800 Subject: [PATCH 0788/1526] fix https://github.com/acmesh-official/acme.sh/issues/4069 --- acme.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/acme.sh b/acme.sh index eb9ba7ef..b958a02b 100755 --- a/acme.sh +++ b/acme.sh @@ -2691,6 +2691,13 @@ _initAPI() { return 1 } +_clearCA() { + export ACME_DIRECTORY= + export CA_CONF= + export ACCOUNT_KEY_PATH= + export ACCOUNT_JSON_PATH= +} + #[domain] [keylength or isEcc flag] _initpath() { domain="$1" @@ -5357,6 +5364,7 @@ renew() { #renewAll [stopRenewOnError] renewAll() { _initpath + _clearCA _stopRenewOnError="$1" _debug "_stopRenewOnError" "$_stopRenewOnError" _ret="0" From 2cf72bad30766960149c7111495cf1e1af6e6883 Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Tue, 10 May 2022 07:09:31 +0200 Subject: [PATCH 0789/1526] domain lookup for DNS_MAP changed. --- dnsapi/dns_selfhost.sh | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 47e2f24c..7fa685fa 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -4,11 +4,13 @@ # Report Bugs here: https://github.com/Marvo2011/acme.sh/issues/1 # Last Edit: 17.02.2022 +DNS_CHALLENGE_PREFIX_ESCAPED="_acme-challenge\." + dns_selfhost_add() { - domain=$1 + fulldomain=$1 txt=$2 _info "Calling acme-dns on selfhost" - _debug fulldomain "$domain" + _debug fulldomain "$fulldomain" _debug txtvalue "$txt" SELFHOSTDNS_UPDATE_URL="https://selfhost.de/cgi-bin/api.pl" @@ -31,7 +33,16 @@ dns_selfhost_add() { SELFHOSTDNS_LAST_SLOT=1 fi - rid=$(echo "$SELFHOSTDNS_MAP" | grep -Eoi "$domain:(\d+)" | tr -d "$domain:") + # cut DNS_CHALLENGE_PREFIX_ESCAPED from fulldomain if present at the beginning of the string + lookupdomain=$(echo "$fulldomain" | sed "s/^$DNS_CHALLENGE_PREFIX_ESCAPED//") + _debug lookupdomain "$lookupdomain" + + # get the RID for lookupdomain or fulldomain from SELFHOSTDNS_MAP + # only match full domains (at the beginning of the string or with a leading whitespace), + # e.g. don't match mytest.example.com or sub.test.example.com for test.example.com + # replace the whole string with the RID (matching group 3) for assignment + # if the domain is defined multiple times only the last occurance will be matched + rid=$(echo "$SELFHOSTDNS_MAP" | sed -n "s/\(^\|^.*\s\)\($lookupdomain:\|$fulldomain:\)\([0-9][0-9]*\)\(.*\)/\3/Ip") if test -z "$rid"; then if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then @@ -69,9 +80,9 @@ dns_selfhost_add() { } dns_selfhost_rm() { - domain=$1 + fulldomain=$1 txt=$2 - _debug fulldomain "$domain" + _debug fulldomain "$fulldomain" _debug txtvalue "$txt" _info "Creating and removing of records is not supported by selfhost API, will not delete anything." } From 619bae745b36e885072c7bbf29fb0e08f4577bf3 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 9 May 2022 20:08:38 +0800 Subject: [PATCH 0790/1526] start 3.0.5 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index b958a02b..6e07c023 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=3.0.4 +VER=3.0.5 PROJECT_NAME="acme.sh" From 8b7a86bd174ca065fe28042f84205843162fb83f Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 9 May 2022 21:48:31 +0800 Subject: [PATCH 0791/1526] support "server" for renew and renewall --- acme.sh | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/acme.sh b/acme.sh index 6e07c023..eadcda48 100755 --- a/acme.sh +++ b/acme.sh @@ -5244,17 +5244,18 @@ _split_cert_chain() { fi } -#domain [isEcc] +#domain [isEcc] [server] renew() { Le_Domain="$1" if [ -z "$Le_Domain" ]; then - _usage "Usage: $PROJECT_ENTRY --renew --domain [--ecc]" + _usage "Usage: $PROJECT_ENTRY --renew --domain [--ecc] [--server server]" return 1 fi _isEcc="$2" - #the server specified from commandline - _acme_server_back="$ACME_DIRECTORY" + _renewServer="$3" + _debug "_renewServer" "$_renewServer" + _initpath "$Le_Domain" "$_isEcc" _set_level=${NOTIFY_LEVEL:-$NOTIFY_LEVEL_DEFAULT} _info "$(__green "Renew: '$Le_Domain'")" @@ -5269,14 +5270,9 @@ renew() { . "$DOMAIN_CONF" _debug Le_API "$Le_API" - if [ -z "$Le_API" ] || [ "$CA_LETSENCRYPT_V1" = "$Le_API" ]; then - #if this is from an old version, Le_API is empty, - #so, we force to use letsencrypt server - Le_API="$CA_LETSENCRYPT_V2" - fi - if [ "$_acme_server_back" ]; then - export ACME_DIRECTORY="$_acme_server_back" + if [ "$_renewServer" ]; then + export ACME_DIRECTORY="$_renewServer" else export ACME_DIRECTORY="$Le_API" fi @@ -5299,6 +5295,7 @@ renew() { if [ "$Le_API" ] && [ "$ACME_DIRECTORY" ]; then if [ "$Le_API" != "$ACME_DIRECTORY" ]; then _clearAPI + _clearCA fi #reload ca configs ACCOUNT_KEY_PATH="" @@ -5361,12 +5358,16 @@ renew() { return "$res" } -#renewAll [stopRenewOnError] +#renewAll [stopRenewOnError] [server] renewAll() { _initpath _clearCA _stopRenewOnError="$1" _debug "_stopRenewOnError" "$_stopRenewOnError" + + _server="$2" + _debug "_server" "$_server" + _ret="0" _success_msg="" _error_msg="" @@ -5389,7 +5390,7 @@ renewAll() { _isEcc=$(echo "$d" | cut -d "$ECC_SEP" -f 2) d=$(echo "$d" | cut -d "$ECC_SEP" -f 1) fi - renew "$d" "$_isEcc" + renew "$d" "$_isEcc" "$_server" ) rc="$?" _debug "Return code: $rc" @@ -7662,6 +7663,7 @@ _process() { if [ "$_server" ]; then _selectServer "$_server" "${_ecc:-$_keylength}" + _server="$ACME_DIRECTORY" fi if [ "${_CMD}" != "install" ]; then @@ -7736,10 +7738,10 @@ _process() { installcert "$_domain" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_ecc" ;; renew) - renew "$_domain" "$_ecc" + renew "$_domain" "$_ecc" "$_server" ;; renewAll) - renewAll "$_stopRenewOnError" + renewAll "$_stopRenewOnError" "$_server" ;; revoke) revoke "$_domain" "$_ecc" "$_revoke_reason" From 38778f8adca0d016b27ad0f2a2fc367055c90091 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 9 May 2022 22:12:07 +0800 Subject: [PATCH 0792/1526] fix renew server --- acme.sh | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/acme.sh b/acme.sh index eadcda48..20412f7a 100755 --- a/acme.sh +++ b/acme.sh @@ -20,8 +20,6 @@ _SUB_FOLDER_DEPLOY="deploy" _SUB_FOLDERS="$_SUB_FOLDER_DNSAPI $_SUB_FOLDER_DEPLOY $_SUB_FOLDER_NOTIFY" -CA_LETSENCRYPT_V1="https://acme-v01.api.letsencrypt.org/directory" - CA_LETSENCRYPT_V2="https://acme-v02.api.letsencrypt.org/directory" CA_LETSENCRYPT_V2_TEST="https://acme-staging-v02.api.letsencrypt.org/directory" @@ -5257,6 +5255,7 @@ renew() { _debug "_renewServer" "$_renewServer" _initpath "$Le_Domain" "$_isEcc" + _set_level=${NOTIFY_LEVEL:-$NOTIFY_LEVEL_DEFAULT} _info "$(__green "Renew: '$Le_Domain'")" if [ ! -f "$DOMAIN_CONF" ]; then @@ -5271,12 +5270,6 @@ renew() { . "$DOMAIN_CONF" _debug Le_API "$Le_API" - if [ "$_renewServer" ]; then - export ACME_DIRECTORY="$_renewServer" - else - export ACME_DIRECTORY="$Le_API" - fi - case "$Le_API" in "$CA_LETSENCRYPT_V2_TEST") _info "Switching back to $CA_LETSENCRYPT_V2" @@ -5292,18 +5285,21 @@ renew() { ;; esac - if [ "$Le_API" ] && [ "$ACME_DIRECTORY" ]; then - if [ "$Le_API" != "$ACME_DIRECTORY" ]; then - _clearAPI - _clearCA - fi - #reload ca configs - ACCOUNT_KEY_PATH="" - ACCOUNT_JSON_PATH="" - CA_CONF="" - _debug2 "initpath again." - _initpath "$Le_Domain" "$_isEcc" + if [ "$_server" ]; then + Le_API="$_server" fi + _info "Renew to Le_API=$Le_API" + + export ACME_DIRECTORY="$Le_API" + _clearAPI + _clearCA + + #reload ca configs + ACCOUNT_KEY_PATH="" + ACCOUNT_JSON_PATH="" + CA_CONF="" + _debug2 "initpath again." + _initpath "$Le_Domain" "$_isEcc" if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then _info "Skip, Next renewal time is: $(__green "$Le_NextRenewTimeStr")" From e1d7a6b9acdcd06f928e0fec6e1e36746924cfc6 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 9 May 2022 22:21:07 +0800 Subject: [PATCH 0793/1526] fix renew server --- acme.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/acme.sh b/acme.sh index 20412f7a..cd545aa4 100755 --- a/acme.sh +++ b/acme.sh @@ -2690,7 +2690,6 @@ _initAPI() { } _clearCA() { - export ACME_DIRECTORY= export CA_CONF= export ACCOUNT_KEY_PATH= export ACCOUNT_JSON_PATH= @@ -5290,14 +5289,11 @@ renew() { fi _info "Renew to Le_API=$Le_API" - export ACME_DIRECTORY="$Le_API" _clearAPI _clearCA + export ACME_DIRECTORY="$Le_API" #reload ca configs - ACCOUNT_KEY_PATH="" - ACCOUNT_JSON_PATH="" - CA_CONF="" _debug2 "initpath again." _initpath "$Le_Domain" "$_isEcc" From 5b42aea9e77d2f145b2777bb334bb575e77d51f6 Mon Sep 17 00:00:00 2001 From: Sandeep Mittal Date: Thu, 5 May 2022 17:50:29 +0530 Subject: [PATCH 0794/1526] Create callmebotWhatsApp.sh --- notify/callmebotWhatsApp.sh | 59 +++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 notify/callmebotWhatsApp.sh diff --git a/notify/callmebotWhatsApp.sh b/notify/callmebotWhatsApp.sh new file mode 100644 index 00000000..a65149ef --- /dev/null +++ b/notify/callmebotWhatsApp.sh @@ -0,0 +1,59 @@ +#!/usr/bin/env sh + +#Support CallMeBot Whatsapp webhooks + +#CallMeBot_Phone_No="" +#CallMeBot_apikey="" +#SLACK_USERNAME="" + +#SLACK_WEBHOOK_URL="" +#SLACK_CHANNEL="" +#SLACK_USERNAME="" + +slack_send() { + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_statusCode" "$_statusCode" + + SLACK_WEBHOOK_URL="${SLACK_WEBHOOK_URL:-$(_readaccountconf_mutable SLACK_WEBHOOK_URL)}" + if [ -z "$SLACK_WEBHOOK_URL" ]; then + SLACK_WEBHOOK_URL="" + _err "You didn't specify a Slack webhook url SLACK_WEBHOOK_URL yet." + return 1 + fi + _saveaccountconf_mutable SLACK_WEBHOOK_URL "$SLACK_WEBHOOK_URL" + + SLACK_CHANNEL="${SLACK_CHANNEL:-$(_readaccountconf_mutable SLACK_CHANNEL)}" + if [ -n "$SLACK_CHANNEL" ]; then + _saveaccountconf_mutable SLACK_CHANNEL "$SLACK_CHANNEL" + fi + + SLACK_USERNAME="${SLACK_USERNAME:-$(_readaccountconf_mutable SLACK_USERNAME)}" + if [ -n "$SLACK_USERNAME" ]; then + _saveaccountconf_mutable SLACK_USERNAME "$SLACK_USERNAME" + fi + + export _H1="Content-Type: application/json" + + _content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" + _data="{\"text\": \"$_content\", " + if [ -n "$SLACK_CHANNEL" ]; then + _data="$_data\"channel\": \"$SLACK_CHANNEL\", " + fi + if [ -n "$SLACK_USERNAME" ]; then + _data="$_data\"username\": \"$SLACK_USERNAME\", " + fi + _data="$_data\"mrkdwn\": \"true\"}" + + if _post "$_data" "$SLACK_WEBHOOK_URL"; then + # shellcheck disable=SC2154 + if [ "$response" = "ok" ]; then + _info "wa send success." + return 0 + fi + fi + _err "wa send error." + _err "$response" + return 1 +} From d440b2f2b2eca447cac33a893cdc59cbeee650a3 Mon Sep 17 00:00:00 2001 From: Sandeep Mittal Date: Fri, 6 May 2022 02:42:52 +0530 Subject: [PATCH 0795/1526] Update callmebotWhatsApp.sh Added CallMeBot API for WhatsApp Notifications. --- notify/callmebotWhatsApp.sh | 67 ++++++++++++++----------------------- 1 file changed, 26 insertions(+), 41 deletions(-) diff --git a/notify/callmebotWhatsApp.sh b/notify/callmebotWhatsApp.sh index a65149ef..e8f5b659 100644 --- a/notify/callmebotWhatsApp.sh +++ b/notify/callmebotWhatsApp.sh @@ -1,59 +1,44 @@ -#!/usr/bin/env sh +#!/usr/bin/bash #Support CallMeBot Whatsapp webhooks #CallMeBot_Phone_No="" #CallMeBot_apikey="" -#SLACK_USERNAME="" -#SLACK_WEBHOOK_URL="" -#SLACK_CHANNEL="" -#SLACK_USERNAME="" - -slack_send() { +callmebotWhatsApp_send() { _subject="$1" _content="$2" _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped _debug "_statusCode" "$_statusCode" - SLACK_WEBHOOK_URL="${SLACK_WEBHOOK_URL:-$(_readaccountconf_mutable SLACK_WEBHOOK_URL)}" - if [ -z "$SLACK_WEBHOOK_URL" ]; then - SLACK_WEBHOOK_URL="" - _err "You didn't specify a Slack webhook url SLACK_WEBHOOK_URL yet." + CallMeBot_Phone_No="${CallMeBot_Phone_No:-$(_readaccountconf_mutable CallMeBot_Phone_No)}" + if [ -z "$CallMeBot_Phone_No" ]; then + CallMeBot_Phone_No="" + _err "You didn't specify a Slack webhook url CallMeBot_Phone_No yet." return 1 fi - _saveaccountconf_mutable SLACK_WEBHOOK_URL "$SLACK_WEBHOOK_URL" - - SLACK_CHANNEL="${SLACK_CHANNEL:-$(_readaccountconf_mutable SLACK_CHANNEL)}" - if [ -n "$SLACK_CHANNEL" ]; then - _saveaccountconf_mutable SLACK_CHANNEL "$SLACK_CHANNEL" - fi - - SLACK_USERNAME="${SLACK_USERNAME:-$(_readaccountconf_mutable SLACK_USERNAME)}" - if [ -n "$SLACK_USERNAME" ]; then - _saveaccountconf_mutable SLACK_USERNAME "$SLACK_USERNAME" - fi - - export _H1="Content-Type: application/json" + _saveaccountconf_mutable CallMeBot_Phone_No "$CallMeBot_Phone_No" - _content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" - _data="{\"text\": \"$_content\", " - if [ -n "$SLACK_CHANNEL" ]; then - _data="$_data\"channel\": \"$SLACK_CHANNEL\", " + CallMeBot_apikey="${CallMeBot_apikey:-$(_readaccountconf_mutable CallMeBot_apikey)}" + if [ -n "$CallMeBot_apikey" ]; then + _saveaccountconf_mutable CallMeBot_apikey "$CallMeBot_apikey" fi - if [ -n "$SLACK_USERNAME" ]; then - _data="$_data\"username\": \"$SLACK_USERNAME\", " - fi - _data="$_data\"mrkdwn\": \"true\"}" - - if _post "$_data" "$SLACK_WEBHOOK_URL"; then - # shellcheck disable=SC2154 - if [ "$response" = "ok" ]; then - _info "wa send success." - return 0 - fi + + _waUrl="https://api.callmebot.com/whatsapp.php" + + _Phone_No="$(printf "%s" "$CallMeBot_Phone_No" | _url_encode)" + _apikey="$(printf "%s" "$CallMeBot_apikey" | _url_encode)" + _message="$(printf "$CQHTTP_CUSTOM_MSGHEAD *%s*\\n%s" "$_subject" "$_content" | _url_encode)" + + _finalUrl="$_waUrl?phone=$_Phone_No&apikey=$_apikey&text=$_message" + response="$(_get "$_finalUrl")" + + if [ "$?" = "0" ] && _contains ".

Message queued. You will receive it in a few seconds."; then + _info "wa send success." + return 0 fi _err "wa send error." - _err "$response" + _debug "URL" "$_finalUrl" + _debug "Response" "$response" return 1 -} +} \ No newline at end of file From 4381657c5e5fa8a3967c82029ae00f0701076ff4 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 7 May 2022 09:40:42 +0800 Subject: [PATCH 0796/1526] Update callmebotWhatsApp.sh --- notify/callmebotWhatsApp.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/notify/callmebotWhatsApp.sh b/notify/callmebotWhatsApp.sh index e8f5b659..e60eff8c 100644 --- a/notify/callmebotWhatsApp.sh +++ b/notify/callmebotWhatsApp.sh @@ -23,13 +23,13 @@ callmebotWhatsApp_send() { if [ -n "$CallMeBot_apikey" ]; then _saveaccountconf_mutable CallMeBot_apikey "$CallMeBot_apikey" fi - + _waUrl="https://api.callmebot.com/whatsapp.php" - + _Phone_No="$(printf "%s" "$CallMeBot_Phone_No" | _url_encode)" _apikey="$(printf "%s" "$CallMeBot_apikey" | _url_encode)" _message="$(printf "$CQHTTP_CUSTOM_MSGHEAD *%s*\\n%s" "$_subject" "$_content" | _url_encode)" - + _finalUrl="$_waUrl?phone=$_Phone_No&apikey=$_apikey&text=$_message" response="$(_get "$_finalUrl")" @@ -41,4 +41,4 @@ callmebotWhatsApp_send() { _debug "URL" "$_finalUrl" _debug "Response" "$response" return 1 -} \ No newline at end of file +} From b5a7f46ecc6f90e89adb02a095b1ca9ff344dcf6 Mon Sep 17 00:00:00 2001 From: Sandeep Mittal <67865536+sm622@users.noreply.github.com> Date: Sat, 7 May 2022 19:52:33 +0530 Subject: [PATCH 0797/1526] Update callmebotWhatsApp.sh variable updated to caps --- notify/callmebotWhatsApp.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/notify/callmebotWhatsApp.sh b/notify/callmebotWhatsApp.sh index e60eff8c..e5a2e97c 100644 --- a/notify/callmebotWhatsApp.sh +++ b/notify/callmebotWhatsApp.sh @@ -2,8 +2,8 @@ #Support CallMeBot Whatsapp webhooks -#CallMeBot_Phone_No="" -#CallMeBot_apikey="" +#CALLMEBOT_YOUR_PHONE_NO="" +#CALLMEBOT_API_KEY="" callmebotWhatsApp_send() { _subject="$1" @@ -11,23 +11,23 @@ callmebotWhatsApp_send() { _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped _debug "_statusCode" "$_statusCode" - CallMeBot_Phone_No="${CallMeBot_Phone_No:-$(_readaccountconf_mutable CallMeBot_Phone_No)}" - if [ -z "$CallMeBot_Phone_No" ]; then - CallMeBot_Phone_No="" - _err "You didn't specify a Slack webhook url CallMeBot_Phone_No yet." + CALLMEBOT_YOUR_PHONE_NO="${CALLMEBOT_YOUR_PHONE_NO:-$(_readaccountconf_mutable CALLMEBOT_YOUR_PHONE_NO)}" + if [ -z "$CALLMEBOT_YOUR_PHONE_NO" ]; then + CALLMEBOT_YOUR_PHONE_NO="" + _err "You didn't specify a Slack webhook url CALLMEBOT_YOUR_PHONE_NO yet." return 1 fi - _saveaccountconf_mutable CallMeBot_Phone_No "$CallMeBot_Phone_No" + _saveaccountconf_mutable CALLMEBOT_YOUR_PHONE_NO "$CALLMEBOT_YOUR_PHONE_NO" - CallMeBot_apikey="${CallMeBot_apikey:-$(_readaccountconf_mutable CallMeBot_apikey)}" - if [ -n "$CallMeBot_apikey" ]; then - _saveaccountconf_mutable CallMeBot_apikey "$CallMeBot_apikey" + CALLMEBOT_API_KEY="${CALLMEBOT_API_KEY:-$(_readaccountconf_mutable CALLMEBOT_API_KEY)}" + if [ -n "$CALLMEBOT_API_KEY" ]; then + _saveaccountconf_mutable CALLMEBOT_API_KEY "$CALLMEBOT_API_KEY" fi _waUrl="https://api.callmebot.com/whatsapp.php" - _Phone_No="$(printf "%s" "$CallMeBot_Phone_No" | _url_encode)" - _apikey="$(printf "%s" "$CallMeBot_apikey" | _url_encode)" + _Phone_No="$(printf "%s" "$CALLMEBOT_YOUR_PHONE_NO" | _url_encode)" + _apikey="$(printf "%s" "$CALLMEBOT_API_KEY" | _url_encode)" _message="$(printf "$CQHTTP_CUSTOM_MSGHEAD *%s*\\n%s" "$_subject" "$_content" | _url_encode)" _finalUrl="$_waUrl?phone=$_Phone_No&apikey=$_apikey&text=$_message" From 5a36b9075fde180d824dc89ad5bdcafe62b68cd4 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 9 May 2022 10:40:36 +0800 Subject: [PATCH 0798/1526] Update callmebotWhatsApp.sh --- notify/callmebotWhatsApp.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/callmebotWhatsApp.sh b/notify/callmebotWhatsApp.sh index e5a2e97c..389932db 100644 --- a/notify/callmebotWhatsApp.sh +++ b/notify/callmebotWhatsApp.sh @@ -1,4 +1,4 @@ -#!/usr/bin/bash +#!/usr/bin/env sh #Support CallMeBot Whatsapp webhooks From 915ced7b9273e0ef6024f9a1a9191b8d312ca84d Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 9 May 2022 10:43:23 +0800 Subject: [PATCH 0799/1526] Update callmebotWhatsApp.sh --- notify/callmebotWhatsApp.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/callmebotWhatsApp.sh b/notify/callmebotWhatsApp.sh index 389932db..60835161 100644 --- a/notify/callmebotWhatsApp.sh +++ b/notify/callmebotWhatsApp.sh @@ -20,7 +20,7 @@ callmebotWhatsApp_send() { _saveaccountconf_mutable CALLMEBOT_YOUR_PHONE_NO "$CALLMEBOT_YOUR_PHONE_NO" CALLMEBOT_API_KEY="${CALLMEBOT_API_KEY:-$(_readaccountconf_mutable CALLMEBOT_API_KEY)}" - if [ -n "$CALLMEBOT_API_KEY" ]; then + if [ "$CALLMEBOT_API_KEY" ]; then _saveaccountconf_mutable CALLMEBOT_API_KEY "$CALLMEBOT_API_KEY" fi From 9aaae24583e5d9fc82a5ef052c06b9e8b821f30b Mon Sep 17 00:00:00 2001 From: Sandeep Mittal <67865536+sm622@users.noreply.github.com> Date: Mon, 9 May 2022 16:33:26 +0530 Subject: [PATCH 0800/1526] Update callmebotWhatsApp.sh unused variable removed and cleaned. --- notify/callmebotWhatsApp.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/callmebotWhatsApp.sh b/notify/callmebotWhatsApp.sh index 60835161..1c15b283 100644 --- a/notify/callmebotWhatsApp.sh +++ b/notify/callmebotWhatsApp.sh @@ -28,7 +28,7 @@ callmebotWhatsApp_send() { _Phone_No="$(printf "%s" "$CALLMEBOT_YOUR_PHONE_NO" | _url_encode)" _apikey="$(printf "%s" "$CALLMEBOT_API_KEY" | _url_encode)" - _message="$(printf "$CQHTTP_CUSTOM_MSGHEAD *%s*\\n%s" "$_subject" "$_content" | _url_encode)" + _message="$(printf "*%s*\\n%s" "$_subject" "$_content" | _url_encode)" _finalUrl="$_waUrl?phone=$_Phone_No&apikey=$_apikey&text=$_message" response="$(_get "$_finalUrl")" From f16e060e871c407d8963b3d5be233b967579b0f0 Mon Sep 17 00:00:00 2001 From: denkristoffer Date: Mon, 9 May 2022 21:59:27 +0200 Subject: [PATCH 0801/1526] Create dns_vercel.sh --- dnsapi/dns_vercel.sh | 142 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 142 insertions(+) create mode 100644 dnsapi/dns_vercel.sh diff --git a/dnsapi/dns_vercel.sh b/dnsapi/dns_vercel.sh new file mode 100644 index 00000000..7bf6b0e5 --- /dev/null +++ b/dnsapi/dns_vercel.sh @@ -0,0 +1,142 @@ +#!/usr/bin/env sh + +# Vercel DNS API +# +# This is your API token which can be acquired on the account page. +# https://vercel.com/account/tokens +# +# VERCEL_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje" + +VERCEL_API="https://api.vercel.com" + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_vercel_add() { + fulldomain=$1 + txtvalue=$2 + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + VERCEL_TOKEN="${VERCEL_TOKEN:-$(_readaccountconf_mutable VERCEL_TOKEN)}" + + if [ -z "$VERCEL_TOKEN" ]; then + VERCEL_TOKEN="" + _err "You have not set the Vercel API token yet." + _err "Please visit https://vercel.com/account/tokens to generate it." + return 1 + fi + + _saveaccountconf_mutable VERCEL_TOKEN "$VERCEL_TOKEN" + + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _info "Adding record" + if _vercel_rest POST "v2/domains/$_domain/records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\"}"; then + if printf -- "%s" "$response" | grep "\"uid\":\"" >/dev/null; then + _info "Added" + return 0 + else + _err "Unexpected response while adding text record." + return 1 + fi + fi + _err "Add txt record error." +} + +dns_vercel_rm() { + fulldomain=$1 + txtvalue=$2 + + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + _vercel_rest GET "v2/domains/$_domain/records" + + count=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$_sub_domain\",[^{]*\"type\":\"TXT\"" | wc -l | tr -d " ") + + if [ "$count" = "0" ]; then + _info "Don't need to remove." + else + _record_id=$(printf "%s" "$response" | _egrep_o "\"id\":[^,]*,\"slug\":\"[^,]*\",\"name\":\"$_sub_domain\",[^{]*\"type\":\"TXT\",\"value\":\"$txtvalue\"" | cut -d: -f2 | cut -d, -f1 | tr -d '"') + + if [ "$_record_id" ]; then + echo "$_record_id" | while read -r item; do + if _vercel_rest DELETE "v2/domains/$_domain/records/$item"; then + _info "removed record" "$item" + return 0 + else + _err "failed to remove record" "$item" + return 1 + fi + done + fi + fi +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +_get_root() { + domain="$1" + ep="$2" + i=1 + p=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if ! _vercel_rest GET "v4/domains/$h"; then + return 1 + fi + + if _contains "$response" "\"name\":\"$h\"" >/dev/null; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain=$h + return 0 + fi + p=$i + i=$(_math "$i" + 1) + done + return 1 +} + +_vercel_rest() { + m="$1" + ep="$2" + data="$3" + + path="$VERCEL_API/$ep" + + export _H1="Content-Type: application/json" + export _H2="Authorization: Bearer $VERCEL_TOKEN" + + if [ "$m" != "GET" ]; then + _secure_debug2 data "$data" + response="$(_post "$data" "$path" "" "$m")" + else + response="$(_get "$path")" + fi + _ret="$?" + _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" + _debug "http response code $_code" + _secure_debug2 response "$response" + if [ "$_ret" != "0" ]; then + _err "error $ep" + return 1 + fi + + response="$(printf "%s" "$response" | _normalizeJson)" + return 0 +} From b376dfa1e65b2614848974648f74566ab77242cb Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Tue, 10 May 2022 10:42:19 -0700 Subject: [PATCH 0802/1526] Fix Le_Keylength checks during renewals When performing renewals acme.sh checks key length values to determine if a new key should be created with createDomainKey(). However, older acme.sh stored key length as an empty value if the default of 2048 was desired. Now it is explicit and the explict check of 2048 against "" is causing createDomainKey() to always be called with fails without --force. Fix this by converting the keylength value to 2048 if an empty string is returned from the config file. acme.sh will then write out 2048 updating old keys and configs to the explicit version. Issue: 4077 --- acme.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index cd545aa4..260733a2 100755 --- a/acme.sh +++ b/acme.sh @@ -4406,7 +4406,13 @@ issue() { if [ -f "$CSR_PATH" ] && [ ! -f "$CERT_KEY_PATH" ]; then _info "Signing from existing CSR." else + # When renewing from an old version, the empty Le_Keylength means 2048. + # Note, do not use DEFAULT_DOMAIN_KEY_LENGTH as that value may change over + # time but an empty value implies 2048 specifically. _key=$(_readdomainconf Le_Keylength) + if [ -z "$_key" ]; then + _key=2048 + fi _debug "Read key length:$_key" if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ] || [ "$Le_ForceNewDomainKey" = "1" ]; then if ! createDomainKey "$_main_domain" "$_key_length"; then @@ -5319,7 +5325,10 @@ renew() { Le_PostHook="$(_readdomainconf Le_PostHook)" Le_RenewHook="$(_readdomainconf Le_RenewHook)" Le_Preferred_Chain="$(_readdomainconf Le_Preferred_Chain)" - #when renew from an old version, the empty Le_Keylength means 2048 + # When renewing from an old version, the empty Le_Keylength means 2048. + # Note, do not use DEFAULT_DOMAIN_KEY_LENGTH as that value may change over + # time but an empty value implies 2048 specifically. + Le_Keylength="$(_readdomainconf Le_Keylength)" if [ -z "$Le_Keylength" ]; then Le_Keylength=2048 fi From bee5cb55a133905c49794a4962fdb1b16b9c92f9 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 11 May 2022 10:20:35 +0800 Subject: [PATCH 0803/1526] fix test --- .github/workflows/Linux.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index 63e3136c..c665652a 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -25,6 +25,7 @@ jobs: env: TEST_LOCAL: 1 TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_ACME_Server: "LetsEncrypt.org_test" steps: - uses: actions/checkout@v2 - name: Clone acmetest From 2280e66d7366d51a937ebaf2fe126c759c721395 Mon Sep 17 00:00:00 2001 From: Manuel Sanchez Pinar Date: Thu, 12 May 2022 10:51:15 +0200 Subject: [PATCH 0804/1526] dns_aws: Fix when _acme-challenge is a hostedzone The function '_get_root' tries to retrieve the hostedzone iterating the domains, eg: 1. srv.prod.example.com 2. prod.example.com 3. example.com This doesn't work if '_acme-challenge' is in it's own hostedzone for security reasons. Starting that iteration with '_acme-challenge.srv.prod.example.com' fixes this issue. --- dnsapi/dns_aws.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 14a4594d..78008f5b 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -151,8 +151,8 @@ dns_aws_rm() { #################### Private functions below ################################## _get_root() { - domain=$1 - i=2 + domain=_acme-challenge.$1 + i=1 p=1 if aws_rest GET "2013-04-01/hostedzone"; then From 873b113cb3625746b3010bcdf47d86d03f78f009 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 12 May 2022 17:36:19 +0800 Subject: [PATCH 0805/1526] Update dns_aws.sh --- dnsapi/dns_aws.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 78008f5b..376936f5 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -151,7 +151,7 @@ dns_aws_rm() { #################### Private functions below ################################## _get_root() { - domain=_acme-challenge.$1 + domain=$1 i=1 p=1 From 6d5743c506b13edc35cb0b2b2bee35b1d3b783e0 Mon Sep 17 00:00:00 2001 From: Paul Lettington Date: Thu, 12 May 2022 18:57:32 +0100 Subject: [PATCH 0806/1526] Squash new lines in API response --- dnsapi/dns_aws.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 14a4594d..37ac5156 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -179,7 +179,7 @@ _get_root() { fi if _contains "$response" "$h."; then - hostedzone="$(echo "$response" | sed 's//#&/g' | tr '#' '\n' | _egrep_o "[^<]*<.Id>$h.<.Name>.*false<.PrivateZone>.*<.HostedZone>")" + hostedzone="$(echo "$response" | tr -d '\n' | sed 's//#&/g' | tr '#' '\n' | _egrep_o "[^<]*<.Id>$h.<.Name>.*false<.PrivateZone>.*<.HostedZone>")" _debug hostedzone "$hostedzone" if [ "$hostedzone" ]; then _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o ".*<.Id>" | head -n 1 | _egrep_o ">.*<" | tr -d "<>") From 9fb5bb620d2ffa51eabb0354dfccc29ea9d88315 Mon Sep 17 00:00:00 2001 From: PM Extra Date: Sat, 14 May 2022 22:13:24 +0800 Subject: [PATCH 0807/1526] refact ssh hook to use deploy config --- acme.sh | 20 +++ deploy/ssh.sh | 414 +++++++++++++++++++++++--------------------------- 2 files changed, 210 insertions(+), 224 deletions(-) diff --git a/acme.sh b/acme.sh index 260733a2..37c625d2 100755 --- a/acme.sh +++ b/acme.sh @@ -2332,6 +2332,26 @@ _readdomainconf() { _read_conf "$DOMAIN_CONF" "$1" } +#_migratedomainconf oldkey newkey base64encode +_migratedomainconf() { + _old_key="$1" + _new_key="$2" + _b64encode="$3" + _value=$(_readdomainconf "$_old_key") + if [ -z "$_value" ]; then + return 1 # oldkey is not found + fi + _savedomainconf "$_new_key" "$_value" "$_b64encode" + _cleardomainconf "$_old_key" + _debug "Domain config $_old_key has been migrated to $_new_key" +} + +#_migratedeployconf oldkey newkey base64encode +_migratedeployconf() { + _migratedomainconf "$1" "SAVED_$2" "$3" || + _migratedomainconf "SAVED_$1" "SAVED_$2" "$3" # try only when oldkey itself is not found +} + #key value base64encode _savedeployconf() { _savedomainconf "SAVED_$1" "$2" "$3" diff --git a/deploy/ssh.sh b/deploy/ssh.sh index 7d9e82e8..73d71597 100644 --- a/deploy/ssh.sh +++ b/deploy/ssh.sh @@ -23,8 +23,8 @@ # export DEPLOY_SSH_BACKUP="" # yes or no, default to yes or previously saved value # export DEPLOY_SSH_BACKUP_PATH=".acme_ssh_deploy" # path on remote system. Defaults to .acme_ssh_deploy # export DEPLOY_SSH_MULTI_CALL="" # yes or no, default to no or previously saved value -# export DEPLOY_SSH_USE_SCP="" yes or no , default to no -# export DEPLOY_SSH_SCP_CMD="" defaults to "scp -q " +# export DEPLOY_SSH_USE_SCP="" yes or no, default to no +# export DEPLOY_SSH_SCP_CMD="" defaults to "scp -q" # ######## Public functions ##################### @@ -44,110 +44,134 @@ ssh_deploy() { _debug _cfullchain "$_cfullchain" # USER is required to login by SSH to remote host. + _migratedeployconf Le_Deploy_ssh_user DEPLOY_SSH_USER _getdeployconf DEPLOY_SSH_USER _debug2 DEPLOY_SSH_USER "$DEPLOY_SSH_USER" if [ -z "$DEPLOY_SSH_USER" ]; then - if [ -z "$Le_Deploy_ssh_user" ]; then - _err "DEPLOY_SSH_USER not defined." - return 1 - fi - else - Le_Deploy_ssh_user="$DEPLOY_SSH_USER" - _savedeployconf Le_Deploy_ssh_user "$Le_Deploy_ssh_user" + _err "DEPLOY_SSH_USER not defined." + return 1 fi + _savedeployconf DEPLOY_SSH_USER "$DEPLOY_SSH_USER" # SERVER is optional. If not provided then use _cdomain + _migratedeployconf Le_Deploy_ssh_server DEPLOY_SSH_SERVER _getdeployconf DEPLOY_SSH_SERVER _debug2 DEPLOY_SSH_SERVER "$DEPLOY_SSH_SERVER" - if [ -n "$DEPLOY_SSH_SERVER" ]; then - Le_Deploy_ssh_server="$DEPLOY_SSH_SERVER" - _savedeployconf Le_Deploy_ssh_server "$Le_Deploy_ssh_server" - elif [ -z "$Le_Deploy_ssh_server" ]; then - Le_Deploy_ssh_server="$_cdomain" + if [ -z "$DEPLOY_SSH_SERVER" ]; then + DEPLOY_SSH_SERVER="$_cdomain" fi + _savedeployconf DEPLOY_SSH_SERVER "$DEPLOY_SSH_SERVER" # CMD is optional. If not provided then use ssh + _migratedeployconf Le_Deploy_ssh_cmd DEPLOY_SSH_CMD _getdeployconf DEPLOY_SSH_CMD _debug2 DEPLOY_SSH_CMD "$DEPLOY_SSH_CMD" - if [ -n "$DEPLOY_SSH_CMD" ]; then - Le_Deploy_ssh_cmd="$DEPLOY_SSH_CMD" - _savedeployconf Le_Deploy_ssh_cmd "$Le_Deploy_ssh_cmd" - elif [ -z "$Le_Deploy_ssh_cmd" ]; then - Le_Deploy_ssh_cmd="ssh -T" - fi - - # USE_SCP is optional. If not provided then default to previously saved - # value (which may be undefined... equivalent to "no"). - if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then - Le_Deploy_ssh_use_scp="yes" - _savedeployconf Le_Deploy_ssh_use_scp "$Le_Deploy_ssh_use_scp" - elif [ "$DEPLOY_SSH_USE_SCP" = "no" ]; then - Le_Deploy_ssh_use_scp="" - _cleardomainconf Le_Deploy_ssh_use_scp - fi - - # SCP_CMD is optional. If not provided then use scp - if [ -n "$DEPLOY_SSH_SCP_CMD" ]; then - Le_Deploy_ssh_scp_cmd="$DEPLOY_SSH_SCP_CMD" - _savedeployconf Le_Deploy_ssh_scp_cmd "$Le_Deploy_ssh_scp_cmd" - elif [ -z "$Le_Deploy_ssh_scp_cmd" ]; then - Le_Deploy_ssh_scp_cmd="scp -q" + if [ -z "$DEPLOY_SSH_CMD" ]; then + DEPLOY_SSH_CMD="ssh -T" fi + _savedeployconf DEPLOY_SSH_CMD "$DEPLOY_SSH_CMD" # BACKUP is optional. If not provided then default to previously saved value or yes. + _migratedeployconf Le_Deploy_ssh_backup DEPLOY_SSH_BACKUP _getdeployconf DEPLOY_SSH_BACKUP _debug2 DEPLOY_SSH_BACKUP "$DEPLOY_SSH_BACKUP" - if [ "$DEPLOY_SSH_BACKUP" = "no" ]; then - Le_Deploy_ssh_backup="no" - elif [ -z "$Le_Deploy_ssh_backup" ] || [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then - Le_Deploy_ssh_backup="yes" + if [ -z "$DEPLOY_SSH_BACKUP" ]; then + DEPLOY_SSH_BACKUP="yes" fi - _savedeployconf Le_Deploy_ssh_backup "$Le_Deploy_ssh_backup" + _savedeployconf DEPLOY_SSH_BACKUP "$DEPLOY_SSH_BACKUP" # BACKUP_PATH is optional. If not provided then default to previously saved value or .acme_ssh_deploy + _migratedeployconf Le_Deploy_ssh_backup_path DEPLOY_SSH_BACKUP_PATH _getdeployconf DEPLOY_SSH_BACKUP_PATH _debug2 DEPLOY_SSH_BACKUP_PATH "$DEPLOY_SSH_BACKUP_PATH" - if [ -n "$DEPLOY_SSH_BACKUP_PATH" ]; then - Le_Deploy_ssh_backup_path="$DEPLOY_SSH_BACKUP_PATH" - elif [ -z "$Le_Deploy_ssh_backup_path" ]; then - Le_Deploy_ssh_backup_path=".acme_ssh_deploy" + if [ -z "$DEPLOY_SSH_BACKUP_PATH" ]; then + DEPLOY_SSH_BACKUP_PATH=".acme_ssh_deploy" fi - _savedeployconf Le_Deploy_ssh_backup_path "$Le_Deploy_ssh_backup_path" + _savedeployconf DEPLOY_SSH_BACKUP_PATH "$DEPLOY_SSH_BACKUP_PATH" # MULTI_CALL is optional. If not provided then default to previously saved # value (which may be undefined... equivalent to "no"). + _migratedeployconf Le_Deploy_ssh_multi_call DEPLOY_SSH_MULTI_CALL _getdeployconf DEPLOY_SSH_MULTI_CALL _debug2 DEPLOY_SSH_MULTI_CALL "$DEPLOY_SSH_MULTI_CALL" - if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then - Le_Deploy_ssh_multi_call="yes" - _savedeployconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call" - elif [ "$DEPLOY_SSH_MULTI_CALL" = "no" ]; then - Le_Deploy_ssh_multi_call="" - _cleardomainconf Le_Deploy_ssh_multi_call + if [ -z "$DEPLOY_SSH_MULTI_CALL" ]; then + DEPLOY_SSH_MULTI_CALL="no" + fi + _savedeployconf DEPLOY_SSH_MULTI_CALL "$DEPLOY_SSH_MULTI_CALL" + + # KEYFILE is optional. + # If provided then private key will be copied to provided filename. + _migratedeployconf Le_Deploy_ssh_keyfile DEPLOY_SSH_KEYFILE + _getdeployconf DEPLOY_SSH_KEYFILE + _debug2 DEPLOY_SSH_KEYFILE "$DEPLOY_SSH_KEYFILE" + if [ -n "$DEPLOY_SSH_KEYFILE" ]; then + _savedeployconf DEPLOY_SSH_KEYFILE "$DEPLOY_SSH_KEYFILE" + fi + + # CERTFILE is optional. + # If provided then certificate will be copied or appended to provided filename. + _migratedeployconf Le_Deploy_ssh_certfile DEPLOY_SSH_CERTFILE + _getdeployconf DEPLOY_SSH_CERTFILE + _debug2 DEPLOY_SSH_CERTFILE "$DEPLOY_SSH_CERTFILE" + if [ -n "$DEPLOY_SSH_CERTFILE" ]; then + _savedeployconf DEPLOY_SSH_CERTFILE "$DEPLOY_SSH_CERTFILE" + fi + + # CAFILE is optional. + # If provided then CA intermediate certificate will be copied or appended to provided filename. + _migratedeployconf Le_Deploy_ssh_cafile DEPLOY_SSH_CAFILE + _getdeployconf DEPLOY_SSH_CAFILE + _debug2 DEPLOY_SSH_CAFILE "$DEPLOY_SSH_CAFILE" + if [ -n "$DEPLOY_SSH_CAFILE" ]; then + _savedeployconf DEPLOY_SSH_CAFILE "$DEPLOY_SSH_CAFILE" + fi + + # FULLCHAIN is optional. + # If provided then fullchain certificate will be copied or appended to provided filename. + _migratedeployconf Le_Deploy_ssh_fullchain DEPLOY_SSH_FULLCHAIN + _getdeployconf DEPLOY_SSH_FULLCHAIN + _debug2 DEPLOY_SSH_FULLCHAIN "$DEPLOY_SSH_FULLCHAIN" + if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then + _savedeployconf DEPLOY_SSH_FULLCHAIN "$DEPLOY_SSH_FULLCHAIN" + fi + + # REMOTE_CMD is optional. + # If provided then this command will be executed on remote host. + _migratedeployconf Le_Deploy_ssh_remote_cmd DEPLOY_SSH_REMOTE_CMD + _getdeployconf DEPLOY_SSH_REMOTE_CMD + _debug2 DEPLOY_SSH_REMOTE_CMD "$DEPLOY_SSH_REMOTE_CMD" + if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then + _savedeployconf DEPLOY_SSH_REMOTE_CMD "$DEPLOY_SSH_REMOTE_CMD" fi # USE_SCP is optional. If not provided then default to previously saved # value (which may be undefined... equivalent to "no"). - if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then - Le_Deploy_ssh_use_scp="yes" - _savedeployconf Le_Deploy_ssh_use_scp "$Le_Deploy_ssh_use_scp" - Le_Deploy_ssh_multi_call="yes" - _savedeployconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call" - elif [ "$DEPLOY_SSH_USE_SCP" = "no" ]; then - Le_Deploy_ssh_use_scp="" - _cleardomainconf Le_Deploy_ssh_use_scp + _getdeployconf DEPLOY_SSH_USE_SCP + _debug2 DEPLOY_SSH_USE_SCP "$DEPLOY_SSH_USE_SCP" + if [ -z "$DEPLOY_SSH_USE_SCP" ]; then + DEPLOY_SSH_USE_SCP="no" fi + _savedeployconf DEPLOY_SSH_USE_SCP "$DEPLOY_SSH_USE_SCP" # SCP_CMD is optional. If not provided then use scp - if [ -n "$DEPLOY_SSH_SCP_CMD" ]; then - Le_Deploy_ssh_scp_cmd="$DEPLOY_SSH_SCP_CMD" - _savedeployconf Le_Deploy_ssh_scp_cmd "$Le_Deploy_ssh_scp_cmd" - elif [ -z "$Le_Deploy_ssh_scp_cmd" ]; then - Le_Deploy_ssh_scp_cmd="scp -T -q " + _getdeployconf DEPLOY_SSH_SCP_CMD + _debug2 DEPLOY_SSH_SCP_CMD "$DEPLOY_SSH_SCP_CMD" + if [ -z "$DEPLOY_SSH_SCP_CMD" ]; then + DEPLOY_SSH_SCP_CMD="scp -q" + fi + _savedeployconf DEPLOY_SSH_SCP_CMD "$DEPLOY_SSH_SCP_CMD" + + if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then + DEPLOY_SSH_MULTI_CALL="yes" + _info "Using scp as alternate method for copying files. Multicall Mode is implicit" + elif [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then + _info "Using MULTI_CALL mode... Required commands sent in multiple calls to remote host" + else + _info "Required commands batched and sent in single call to remote host" fi - _deploy_ssh_servers=$Le_Deploy_ssh_server - for Le_Deploy_ssh_server in $_deploy_ssh_servers; do + _deploy_ssh_servers=$DEPLOY_SSH_SERVER + for DEPLOY_SSH_SERVER in $_deploy_ssh_servers; do _ssh_deploy done } @@ -161,20 +185,10 @@ _ssh_deploy() { _local_ca_file="" _local_full_file="" - _info "Deploy certificates to remote server $Le_Deploy_ssh_user@$Le_Deploy_ssh_server" - if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then - _info "Using scp as alternate method for copying files. Multicall Mode is implicit" - Le_Deploy_ssh_multi_call="yes" - _savedeployconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call" - fi - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then - _info "Using MULTI_CALL mode... Required commands sent in multiple calls to remote host" - else - _info "Required commands batched and sent in single call to remote host" - fi + _info "Deploy certificates to remote server $DEPLOY_SSH_USER@$DEPLOY_SSH_SERVER" - if [ "$Le_Deploy_ssh_backup" = "yes" ]; then - _backupprefix="$Le_Deploy_ssh_backup_path/$_cdomain-backup" + if [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then + _backupprefix="$DEPLOY_SSH_BACKUP_PATH/$_cdomain-backup" _backupdir="$_backupprefix-$(_utc_date | tr ' ' '-')" # run cleanup on the backup directory, erase all older # than 180 days (15552000 seconds). @@ -186,7 +200,7 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d _cmdstr="mkdir -p $_backupdir; $_cmdstr" _info "Backup of old certificate files will be placed in remote directory $_backupdir" _info "Backup directories erased after 180 days." - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then if ! _ssh_remote_cmd "$_cmdstr"; then return $_err_code fi @@ -194,19 +208,11 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi fi - # KEYFILE is optional. - # If provided then private key will be copied to provided filename. - _getdeployconf DEPLOY_SSH_KEYFILE - _debug2 DEPLOY_SSH_KEYFILE "$DEPLOY_SSH_KEYFILE" if [ -n "$DEPLOY_SSH_KEYFILE" ]; then - Le_Deploy_ssh_keyfile="$DEPLOY_SSH_KEYFILE" - _savedeployconf Le_Deploy_ssh_keyfile "$Le_Deploy_ssh_keyfile" - fi - if [ -n "$Le_Deploy_ssh_keyfile" ]; then - if [ "$Le_Deploy_ssh_backup" = "yes" ]; then + if [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then # backup file we are about to overwrite. - _cmdstr="$_cmdstr cp $Le_Deploy_ssh_keyfile $_backupdir >/dev/null;" - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + _cmdstr="$_cmdstr cp $DEPLOY_SSH_KEYFILE $_backupdir >/dev/null;" + if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then if ! _ssh_remote_cmd "$_cmdstr"; then return $_err_code fi @@ -215,15 +221,16 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi # copy new key into file. - if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then + if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then # scp the file - if ! _scp_remote_cmd "$_ckey" "$Le_Deploy_ssh_keyfile"; then + if ! _scp_remote_cmd "$_ckey" "$DEPLOY_SSH_KEYFILE"; then return $_err_code fi else - _cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $Le_Deploy_ssh_keyfile;" - _info "will copy private key to remote file $Le_Deploy_ssh_keyfile" - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + # ssh echo to the file + _cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $DEPLOY_SSH_KEYFILE;" + _info "will copy private key to remote file $DEPLOY_SSH_KEYFILE" + if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then if ! _ssh_remote_cmd "$_cmdstr"; then return $_err_code fi @@ -232,26 +239,15 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi fi - # CERTFILE is optional. - # If provided then certificate will be copied or appended to provided filename. - _getdeployconf DEPLOY_SSH_CERTFILE - _debug2 DEPLOY_SSH_CERTFILE "$DEPLOY_SSH_CERTFILE" if [ -n "$DEPLOY_SSH_CERTFILE" ]; then - Le_Deploy_ssh_certfile="$DEPLOY_SSH_CERTFILE" - _savedeployconf Le_Deploy_ssh_certfile "$Le_Deploy_ssh_certfile" - fi - if [ -n "$Le_Deploy_ssh_certfile" ]; then _pipe=">" - if [ "$Le_Deploy_ssh_certfile" = "$Le_Deploy_ssh_keyfile" ]; then + if [ "$DEPLOY_SSH_CERTFILE" = "$DEPLOY_SSH_KEYFILE" ]; then # if filename is same as previous file then append. _pipe=">>" - _local_cert_file=$(_mktemp) - cat "$_ckey" >"$_local_cert_file" - cat "$_ccert" >>"$_local_cert_file" - elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then + elif [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then # backup file we are about to overwrite. - _cmdstr="$_cmdstr cp $Le_Deploy_ssh_certfile $_backupdir >/dev/null;" - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + _cmdstr="$_cmdstr cp $DEPLOY_SSH_CERTFILE $_backupdir >/dev/null;" + if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then if ! _ssh_remote_cmd "$_cmdstr"; then return $_err_code fi @@ -259,21 +255,22 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi fi - if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then - if [ -n "$_local_cert_file" ]; then - if ! _scp_remote_cmd "$_local_cert_file" "$Le_Deploy_ssh_certfile"; then - return $_err_code - fi - else - if ! _scp_remote_cmd "$_ccert" "$Le_Deploy_ssh_certfile"; then - return $_err_code - fi + # copy new certificate into file. + if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then + # scp the file + _local_cert_file=$(_mktemp) + if [ "$DEPLOY_SSH_CERTFILE" = "$DEPLOY_SSH_KEYFILE" ]; then + cat "$_ckey" >> "$_local_cert_file" + fi + cat "$_ccert" >> "$_local_cert_file" + if ! _scp_remote_cmd "$_local_cert_file" "$DEPLOY_SSH_CERTFILE"; then + return $_err_code fi else - # copy new certificate into file. - _cmdstr="$_cmdstr echo \"$(cat "$_ccert")\" $_pipe $Le_Deploy_ssh_certfile;" - _info "will copy certificate to remote file $Le_Deploy_ssh_certfile" - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + # ssh echo to the file + _cmdstr="$_cmdstr echo \"$(cat "$_ccert")\" $_pipe $DEPLOY_SSH_CERTFILE;" + _info "will copy certificate to remote file $DEPLOY_SSH_CERTFILE" + if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then if ! _ssh_remote_cmd "$_cmdstr"; then return $_err_code fi @@ -282,34 +279,16 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi fi - # CAFILE is optional. - # If provided then CA intermediate certificate will be copied or appended to provided filename. - _getdeployconf DEPLOY_SSH_CAFILE - _debug2 DEPLOY_SSH_CAFILE "$DEPLOY_SSH_CAFILE" if [ -n "$DEPLOY_SSH_CAFILE" ]; then - Le_Deploy_ssh_cafile="$DEPLOY_SSH_CAFILE" - _savedeployconf Le_Deploy_ssh_cafile "$Le_Deploy_ssh_cafile" - fi - if [ -n "$Le_Deploy_ssh_cafile" ]; then _pipe=">" - if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] || - [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then + if [ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_KEYFILE" ] || + [ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_CERTFILE" ]; then # if filename is same as previous file then append. _pipe=">>" - _local_ca_file=$(_mktemp) - if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ]; then - cat "$_ckey" >>"$_local_ca_file" - fi - if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then - cat "$_ccert" >>"$_local_ca_file" - fi - - cat "$_cca" >>"$_local_ca_file" - - elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then + elif [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then # backup file we are about to overwrite. - _cmdstr="$_cmdstr cp $Le_Deploy_ssh_cafile $_backupdir >/dev/null;" - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + _cmdstr="$_cmdstr cp $DEPLOY_SSH_CAFILE $_backupdir >/dev/null;" + if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then if ! _ssh_remote_cmd "$_cmdstr"; then return $_err_code fi @@ -317,21 +296,25 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi fi - if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then - if [ -n "$_local_ca_file" ]; then - if ! _scp_remote_cmd "$_local_ca_file" "$Le_Deploy_ssh_cafile"; then - return $_err_code - fi - else - if ! _scp_remote_cmd "$_cca" "$Le_Deploy_ssh_cafile"; then - return $_err_code - fi + # copy new certificate into file. + if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then + # scp the file + _local_ca_file=$(_mktemp) + if [ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_KEYFILE" ]; then + cat "$_ckey" >> "$_local_ca_file" + fi + if [ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_CERTFILE" ]; then + cat "$_ccert" >> "$_local_ca_file" + fi + cat "$_cca" >>"$_local_ca_file" + if ! _scp_remote_cmd "$_local_ca_file" "$DEPLOY_SSH_CAFILE"; then + return $_err_code fi else - # copy new certificate into file. - _cmdstr="$_cmdstr echo \"$(cat "$_cca")\" $_pipe $Le_Deploy_ssh_cafile;" - _info "will copy CA file to remote file $Le_Deploy_ssh_cafile" - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + # ssh echo to the file + _cmdstr="$_cmdstr echo \"$(cat "$_cca")\" $_pipe $DEPLOY_SSH_CAFILE;" + _info "will copy CA file to remote file $DEPLOY_SSH_CAFILE" + if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then if ! _ssh_remote_cmd "$_cmdstr"; then return $_err_code fi @@ -340,37 +323,17 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi fi - # FULLCHAIN is optional. - # If provided then fullchain certificate will be copied or appended to provided filename. - _getdeployconf DEPLOY_SSH_FULLCHAIN - _debug2 DEPLOY_SSH_FULLCHAIN "$DEPLOY_SSH_FULLCHAIN" if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then - Le_Deploy_ssh_fullchain="$DEPLOY_SSH_FULLCHAIN" - _savedeployconf Le_Deploy_ssh_fullchain "$Le_Deploy_ssh_fullchain" - fi - if [ -n "$Le_Deploy_ssh_fullchain" ]; then _pipe=">" - if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] || - [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ] || - [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then + if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_KEYFILE" ] || + [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CERTFILE" ] || + [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CAFILE" ]; then # if filename is same as previous file then append. _pipe=">>" - _local_full_file=$(_mktemp) - if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ]; then - cat "$_ckey" >>"$_local_full_file" - fi - if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ]; then - cat "$_ccert" >>"$_local_full_file" - fi - if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then - cat "$_cca" >>"$_local_full_file" - fi - cat "$_cfullchain" >>"$_local_full_file" - - elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then + elif [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then # backup file we are about to overwrite. - _cmdstr="$_cmdstr cp $Le_Deploy_ssh_fullchain $_backupdir >/dev/null;" - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + _cmdstr="$_cmdstr cp $DEPLOY_SSH_FULLCHAIN $_backupdir >/dev/null;" + if [ "$DEPLOY_SSH_FULLCHAIN" = "yes" ]; then if ! _ssh_remote_cmd "$_cmdstr"; then return $_err_code fi @@ -378,21 +341,28 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi fi - if [ "$Le_Deploy_ssh_use_scp" = "yes" ]; then - if [ -n "$_local_full_file" ]; then - if ! _scp_remote_cmd "$_local_full_file" "$Le_Deploy_ssh_fullchain"; then - return $_err_code - fi - else - if ! _scp_remote_cmd "$_cfullchain" "$Le_Deploy_ssh_fullchain"; then - return $_err_code - fi + # copy new certificate into file. + if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then + # scp the file + _local_full_file=$(_mktemp) + if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_KEYFILE" ]; then + cat "$_ckey" >> "$_local_full_file" + fi + if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CERTFILE" ]; then + cat "$_ccert" >> "$_local_full_file" + fi + if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CAFILE" ]; then + cat "$_cca" >> "$_local_full_file" + fi + cat "$_cfullchain" >> "$_local_full_file" + if ! _scp_remote_cmd "$_local_full_file" "$DEPLOY_SSH_FULLCHAIN"; then + return $_err_code fi else - # copy new certificate into file. - _cmdstr="$_cmdstr echo \"$(cat "$_cfullchain")\" $_pipe $Le_Deploy_ssh_fullchain;" - _info "will copy fullchain to remote file $Le_Deploy_ssh_fullchain" - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + # ssh echo to the file + _cmdstr="$_cmdstr echo \"$(cat "$_cfullchain")\" $_pipe $DEPLOY_SSH_FULLCHAIN;" + _info "will copy fullchain to remote file $DEPLOY_SSH_FULLCHAIN" + if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then if ! _ssh_remote_cmd "$_cmdstr"; then return $_err_code fi @@ -400,30 +370,22 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d fi fi fi - # cleanup local files if any - if [ -n "$_local_cert_file" ]; then - rm "$_local_cert_file" >/dev/null 1>&2 + # cleanup local files if any + if [ -f "$_local_cert_file" ]; then + rm -f "$_local_cert_file" fi - if [ -n "$_local_ca_file" ]; then - rm "$_local_ca_file" >/dev/null 1>&2 + if [ -f "$_local_ca_file" ]; then + rm -f "$_local_ca_file" fi - if [ -n "$_local_full_file" ]; then - rm "$_local_full_file" >/dev/null 1>&2 + if [ -f "$_local_full_file" ]; then + rm -f "$_local_full_file" fi - # REMOTE_CMD is optional. - # If provided then this command will be executed on remote host. - _getdeployconf DEPLOY_SSH_REMOTE_CMD - _debug2 DEPLOY_SSH_REMOTE_CMD "$DEPLOY_SSH_REMOTE_CMD" if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then - Le_Deploy_ssh_remote_cmd="$DEPLOY_SSH_REMOTE_CMD" - _savedeployconf Le_Deploy_ssh_remote_cmd "$Le_Deploy_ssh_remote_cmd" - fi - if [ -n "$Le_Deploy_ssh_remote_cmd" ]; then - _cmdstr="$_cmdstr $Le_Deploy_ssh_remote_cmd;" - _info "Will execute remote command $Le_Deploy_ssh_remote_cmd" - if [ "$Le_Deploy_ssh_multi_call" = "yes" ]; then + _cmdstr="$_cmdstr $DEPLOY_SSH_REMOTE_CMD;" + _info "Will execute remote command $DEPLOY_SSH_REMOTE_CMD" + if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then if ! _ssh_remote_cmd "$_cmdstr"; then return $_err_code fi @@ -445,10 +407,11 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d _ssh_remote_cmd() { _cmd="$1" _secure_debug "Remote commands to execute: $_cmd" - _info "Submitting sequence of commands to remote server by ssh" + _info "Submitting sequence of commands to remote server by $DEPLOY_SSH_CMD" + # quotations in bash cmd below intended. Squash travis spellcheck error # shellcheck disable=SC2029 - $Le_Deploy_ssh_cmd "$Le_Deploy_ssh_user@$Le_Deploy_ssh_server" sh -c "'$_cmd'" + $DEPLOY_SSH_CMD "$DEPLOY_SSH_USER@$DEPLOY_SSH_SERVER" sh -c "'$_cmd'" _err_code="$?" if [ "$_err_code" != "0" ]; then @@ -460,9 +423,12 @@ _ssh_remote_cmd() { # cmd scp _scp_remote_cmd() { - _secure_debug "Remote scp source $1 and destination $2 using : $Le_Deploy_ssh_scp_cmd" - _info "Submitting secure copy command : $Le_Deploy_ssh_scp_cmd" - $Le_Deploy_ssh_scp_cmd "$1" "$Le_Deploy_ssh_user"@"$Le_Deploy_ssh_server":"$2" + _src=$1 + _dest=$2 + _secure_debug "Remote copy source $_src to destination $_dest using: $DEPLOY_SSH_SCP_CMD" + _info "Submitting secure copy command: $DEPLOY_SSH_SCP_CMD" + + $DEPLOY_SSH_SCP_CMD "$_src" "$DEPLOY_SSH_USER"@"$DEPLOY_SSH_SERVER":"$_dest" _err_code="$?" if [ "$_err_code" != "0" ]; then From c8929ca0cb13abb2213cd5da7abd9bd1b140af9a Mon Sep 17 00:00:00 2001 From: PM Extra Date: Sat, 14 May 2022 22:29:19 +0800 Subject: [PATCH 0808/1526] support specifying port for each host --- deploy/ssh.sh | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/deploy/ssh.sh b/deploy/ssh.sh index 73d71597..2de0d325 100644 --- a/deploy/ssh.sh +++ b/deploy/ssh.sh @@ -14,7 +14,7 @@ # The following examples are for QNAP NAS running QTS 4.2 # export DEPLOY_SSH_CMD="" # defaults to "ssh -T" # export DEPLOY_SSH_USER="admin" # required -# export DEPLOY_SSH_SERVER="qnap" # defaults to domain name +# export DEPLOY_SSH_SERVER="qnap" # defaults to domain name, support multiple servers with optional port (eg. "host1 host2:8022") # export DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem" # export DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem" # export DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem" @@ -185,7 +185,12 @@ _ssh_deploy() { _local_ca_file="" _local_full_file="" - _info "Deploy certificates to remote server $DEPLOY_SSH_USER@$DEPLOY_SSH_SERVER" + case $DEPLOY_SSH_SERVER in + (*:*) _host=${DEPLOY_SSH_SERVER%:*} _port=${DEPLOY_SSH_SERVER##*:};; + (*) _host=$DEPLOY_SSH_SERVER _port=;; + esac + + _info "Deploy certificates to remote server $DEPLOY_SSH_USER@$_host:$_port" if [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then _backupprefix="$DEPLOY_SSH_BACKUP_PATH/$_cdomain-backup" @@ -406,12 +411,18 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d #cmd _ssh_remote_cmd() { _cmd="$1" + + _ssh_cmd="$DEPLOY_SSH_CMD" + if [ -n "$_port" ]; then + _ssh_cmd="$_ssh_cmd -p $_port" + fi + _secure_debug "Remote commands to execute: $_cmd" - _info "Submitting sequence of commands to remote server by $DEPLOY_SSH_CMD" + _info "Submitting sequence of commands to remote server by $_ssh_cmd" # quotations in bash cmd below intended. Squash travis spellcheck error # shellcheck disable=SC2029 - $DEPLOY_SSH_CMD "$DEPLOY_SSH_USER@$DEPLOY_SSH_SERVER" sh -c "'$_cmd'" + $_ssh_cmd "$DEPLOY_SSH_USER@$_host" sh -c "'$_cmd'" _err_code="$?" if [ "$_err_code" != "0" ]; then @@ -425,10 +436,16 @@ _ssh_remote_cmd() { _scp_remote_cmd() { _src=$1 _dest=$2 - _secure_debug "Remote copy source $_src to destination $_dest using: $DEPLOY_SSH_SCP_CMD" - _info "Submitting secure copy command: $DEPLOY_SSH_SCP_CMD" - $DEPLOY_SSH_SCP_CMD "$_src" "$DEPLOY_SSH_USER"@"$DEPLOY_SSH_SERVER":"$_dest" + _scp_cmd="$DEPLOY_SSH_SCP_CMD" + if [ -n "$_port" ]; then + _scp_cmd="$_scp_cmd -P $_port" + fi + + _secure_debug "Remote copy source $_src to destination $_dest" + _info "Submitting secure copy by $_scp_cmd" + + $_scp_cmd "$_src" "$DEPLOY_SSH_USER"@"$_host":"$_dest" _err_code="$?" if [ "$_err_code" != "0" ]; then From f90cbb636a101625b118fbdb57b64f7d4d0bdabb Mon Sep 17 00:00:00 2001 From: PM Extra Date: Sat, 14 May 2022 22:41:59 +0800 Subject: [PATCH 0809/1526] fix format --- acme.sh | 2 +- deploy/ssh.sh | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/acme.sh b/acme.sh index 37c625d2..4366501b 100755 --- a/acme.sh +++ b/acme.sh @@ -2349,7 +2349,7 @@ _migratedomainconf() { #_migratedeployconf oldkey newkey base64encode _migratedeployconf() { _migratedomainconf "$1" "SAVED_$2" "$3" || - _migratedomainconf "SAVED_$1" "SAVED_$2" "$3" # try only when oldkey itself is not found + _migratedomainconf "SAVED_$1" "SAVED_$2" "$3" # try only when oldkey itself is not found } #key value base64encode diff --git a/deploy/ssh.sh b/deploy/ssh.sh index 2de0d325..d40bba43 100644 --- a/deploy/ssh.sh +++ b/deploy/ssh.sh @@ -186,8 +186,8 @@ _ssh_deploy() { _local_full_file="" case $DEPLOY_SSH_SERVER in - (*:*) _host=${DEPLOY_SSH_SERVER%:*} _port=${DEPLOY_SSH_SERVER##*:};; - (*) _host=$DEPLOY_SSH_SERVER _port=;; + *:*) _host=${DEPLOY_SSH_SERVER%:*} _port=${DEPLOY_SSH_SERVER##*:};; + *) _host=$DEPLOY_SSH_SERVER _port=;; esac _info "Deploy certificates to remote server $DEPLOY_SSH_USER@$_host:$_port" @@ -265,9 +265,9 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # scp the file _local_cert_file=$(_mktemp) if [ "$DEPLOY_SSH_CERTFILE" = "$DEPLOY_SSH_KEYFILE" ]; then - cat "$_ckey" >> "$_local_cert_file" + cat "$_ckey" >>"$_local_cert_file" fi - cat "$_ccert" >> "$_local_cert_file" + cat "$_ccert" >>"$_local_cert_file" if ! _scp_remote_cmd "$_local_cert_file" "$DEPLOY_SSH_CERTFILE"; then return $_err_code fi @@ -306,10 +306,10 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # scp the file _local_ca_file=$(_mktemp) if [ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_KEYFILE" ]; then - cat "$_ckey" >> "$_local_ca_file" + cat "$_ckey" >>"$_local_ca_file" fi if [ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_CERTFILE" ]; then - cat "$_ccert" >> "$_local_ca_file" + cat "$_ccert" >>"$_local_ca_file" fi cat "$_cca" >>"$_local_ca_file" if ! _scp_remote_cmd "$_local_ca_file" "$DEPLOY_SSH_CAFILE"; then @@ -351,15 +351,15 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d # scp the file _local_full_file=$(_mktemp) if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_KEYFILE" ]; then - cat "$_ckey" >> "$_local_full_file" + cat "$_ckey" >>"$_local_full_file" fi if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CERTFILE" ]; then - cat "$_ccert" >> "$_local_full_file" + cat "$_ccert" >>"$_local_full_file" fi if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CAFILE" ]; then - cat "$_cca" >> "$_local_full_file" + cat "$_cca" >>"$_local_full_file" fi - cat "$_cfullchain" >> "$_local_full_file" + cat "$_cfullchain" >>"$_local_full_file" if ! _scp_remote_cmd "$_local_full_file" "$DEPLOY_SSH_FULLCHAIN"; then return $_err_code fi From 74f28021e701c53665774c4861d68863775bb206 Mon Sep 17 00:00:00 2001 From: PM Extra Date: Sat, 14 May 2022 22:49:40 +0800 Subject: [PATCH 0810/1526] fix format again --- deploy/ssh.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/deploy/ssh.sh b/deploy/ssh.sh index d40bba43..074af84f 100644 --- a/deploy/ssh.sh +++ b/deploy/ssh.sh @@ -186,8 +186,14 @@ _ssh_deploy() { _local_full_file="" case $DEPLOY_SSH_SERVER in - *:*) _host=${DEPLOY_SSH_SERVER%:*} _port=${DEPLOY_SSH_SERVER##*:};; - *) _host=$DEPLOY_SSH_SERVER _port=;; + *:*) + _host=${DEPLOY_SSH_SERVER%:*} + _port=${DEPLOY_SSH_SERVER##*:} + ;; + *) + _host=$DEPLOY_SSH_SERVER + _port= + ;; esac _info "Deploy certificates to remote server $DEPLOY_SSH_USER@$_host:$_port" From 3ce7d410c8ee18d4ed1049ccdc500a6624613df7 Mon Sep 17 00:00:00 2001 From: PM Extra Date: Sat, 14 May 2022 22:59:02 +0800 Subject: [PATCH 0811/1526] improve doc comments --- deploy/ssh.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/ssh.sh b/deploy/ssh.sh index 074af84f..1aed7d3e 100644 --- a/deploy/ssh.sh +++ b/deploy/ssh.sh @@ -14,7 +14,7 @@ # The following examples are for QNAP NAS running QTS 4.2 # export DEPLOY_SSH_CMD="" # defaults to "ssh -T" # export DEPLOY_SSH_USER="admin" # required -# export DEPLOY_SSH_SERVER="qnap" # defaults to domain name, support multiple servers with optional port (eg. "host1 host2:8022") +# export DEPLOY_SSH_SERVER="host1 host2:8022 192.168.0.1:9022" # defaults to domain name, support multiple servers with optional port # export DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem" # export DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem" # export DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem" From 5ba2068fc22c0ec816e4f1ed09ba507c27f9455b Mon Sep 17 00:00:00 2001 From: Sebastiaan Hoogeveen Date: Mon, 16 May 2022 14:27:24 +0200 Subject: [PATCH 0812/1526] Fix dns_nederhost to work correctly with wget instead of curl. The dns_nederhost DNS API relies on the exact HTTP status code to be returned (e.g. 204); however, the _get function always returns 200 for a succesful call when using wget instead of curl. This patch fixes this by using the _post function for all requests done by dns_nederhost. --- dnsapi/dns_nederhost.sh | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/dnsapi/dns_nederhost.sh b/dnsapi/dns_nederhost.sh index 0954ab65..61839cc7 100755 --- a/dnsapi/dns_nederhost.sh +++ b/dnsapi/dns_nederhost.sh @@ -112,12 +112,8 @@ _nederhost_rest() { export _H1="Authorization: Bearer $NederHost_Key" export _H2="Content-Type: application/json" - if [ "$m" != "GET" ]; then - _debug data "$data" - response="$(_post "$data" "$NederHost_Api/$ep" "" "$m")" - else - response="$(_get "$NederHost_Api/$ep")" - fi + _debug data "$data" + response="$(_post "$data" "$NederHost_Api/$ep" "" "$m")" _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" _debug "http response code $_code" From d4cf03c9fd0c5dbfaf2292c0f5552382ee4640a0 Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Wed, 18 May 2022 11:48:48 +0200 Subject: [PATCH 0813/1526] changes due to inkompabilities of some distros --- dnsapi/dns_selfhost.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 7fa685fa..b4284f51 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -42,7 +42,7 @@ dns_selfhost_add() { # e.g. don't match mytest.example.com or sub.test.example.com for test.example.com # replace the whole string with the RID (matching group 3) for assignment # if the domain is defined multiple times only the last occurance will be matched - rid=$(echo "$SELFHOSTDNS_MAP" | sed -n "s/\(^\|^.*\s\)\($lookupdomain:\|$fulldomain:\)\([0-9][0-9]*\)\(.*\)/\3/Ip") + rid=$(echo "$SELFHOSTDNS_MAP" | sed -E "s/(^|^.*[[:space:]])($lookupdomain:|$fulldomain:)([0-9][0-9]*)(.*)/\3/") if test -z "$rid"; then if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then From 4047adcc35eb66abbddff5a2ea8efa0b27ceb95b Mon Sep 17 00:00:00 2001 From: Sebastiaan Hoogeveen Date: Wed, 18 May 2022 16:12:37 +0200 Subject: [PATCH 0814/1526] Force a commit. --- dnsapi/dns_nederhost.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_nederhost.sh b/dnsapi/dns_nederhost.sh index 61839cc7..abaae42b 100755 --- a/dnsapi/dns_nederhost.sh +++ b/dnsapi/dns_nederhost.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -#NederHost_Key="sdfgikogfdfghjklkjhgfcdcfghjk" +#NederHost_Key="sdfgikogfdfghjklkjhgfcdcfghj" NederHost_Api="https://api.nederhost.nl/dns/v1" From 32adc38e94fa4a699801e289d19fa6d36199af3b Mon Sep 17 00:00:00 2001 From: Avi Miller Date: Sat, 21 May 2022 14:36:10 +1000 Subject: [PATCH 0815/1526] Fix _dbase64 decode of OCI_CLI_KEY The change made in #4057 broke the decoding of OCI_CLI_KEY from the encoded OCI_CLI_KEY_FILE content so this removes the multiline parameter to fix it. Signed-off-by: Avi Miller --- dnsapi/dns_oci.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_oci.sh b/dnsapi/dns_oci.sh index eb006120..18d74410 100644 --- a/dnsapi/dns_oci.sh +++ b/dnsapi/dns_oci.sh @@ -159,7 +159,7 @@ _oci_config() { fi if [ "$(printf "%s\n" "$OCI_CLI_KEY" | wc -l)" -eq 1 ]; then - OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64 multiline) + OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64) fi return 0 From 58a89edad7e88886dd980f5b91f9144111e89c9b Mon Sep 17 00:00:00 2001 From: Lukas Brocke Date: Sun, 22 May 2022 13:24:18 +0200 Subject: [PATCH 0816/1526] dnsapi/ionos: Update to API version 1.0.1 The REST API now sends back response bodies for UPDATE and CREATE operations. --- dnsapi/dns_ionos.sh | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index c2c431bb..e4ad3318 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -# Supports IONOS DNS API Beta v1.0.0 +# Supports IONOS DNS API v1.0.1 # # Usage: # Export IONOS_PREFIX and IONOS_SECRET before calling acme.sh: @@ -26,7 +26,7 @@ dns_ionos_add() { _body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" - if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ -z "$response" ]; then + if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "201" ]; then _info "TXT record has been created successfully." return 0 fi @@ -47,7 +47,7 @@ dns_ionos_rm() { return 1 fi - if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ -z "$response" ]; then + if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "200" ]; then _info "TXT record has been deleted successfully." return 0 fi @@ -85,7 +85,7 @@ _get_root() { p=1 if _ionos_rest GET "$IONOS_ROUTE_ZONES"; then - response="$(echo "$response" | tr -d "\n")" + _response="$(echo "$_response" | tr -d "\n")" while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) @@ -93,7 +93,7 @@ _get_root() { return 1 fi - _zone="$(echo "$response" | _egrep_o "\"name\":\"$h\".*\}")" + _zone="$(echo "$_response" | _egrep_o "\"name\":\"$h\".*\}")" if [ "$_zone" ]; then _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') if [ "$_zone_id" ]; then @@ -120,9 +120,9 @@ _ionos_get_record() { txtrecord=$3 if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then - response="$(echo "$response" | tr -d "\n")" + _response="$(echo "$_response" | tr -d "\n")" - _record="$(echo "$response" | _egrep_o "\"name\":\"$fulldomain\"[^\}]*\"type\":\"TXT\"[^\}]*\"content\":\"\\\\\"$txtrecord\\\\\"\".*\}")" + _record="$(echo "$_response" | _egrep_o "\"name\":\"$fulldomain\"[^\}]*\"type\":\"TXT\"[^\}]*\"content\":\"\\\\\"$txtrecord\\\\\"\".*\}")" if [ "$_record" ]; then _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') @@ -142,22 +142,30 @@ _ionos_rest() { export _H1="X-API-Key: $IONOS_API_KEY" + # clear headers + : >"$HTTP_HEADER" + if [ "$method" != "GET" ]; then export _H2="Accept: application/json" export _H3="Content-Type: application/json" - response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")" + _response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")" else export _H2="Accept: */*" export _H3= - response="$(_get "$IONOS_API$route")" + + _response="$(_get "$IONOS_API$route")" fi + _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" + if [ "$?" != "0" ]; then - _err "Error $route: $response" + _err "Error $route: $_response" return 1 fi - _debug2 "response" "$response" + + _debug2 "_response" "$_response" + _debug2 "_code" "$_code" return 0 } From d2a9d731edbc5d6dcfc434560ba605bef9039ed2 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 24 May 2022 22:25:44 +0800 Subject: [PATCH 0817/1526] Update ssh.sh --- deploy/ssh.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/ssh.sh b/deploy/ssh.sh index 1aed7d3e..c66e2e19 100644 --- a/deploy/ssh.sh +++ b/deploy/ssh.sh @@ -170,7 +170,7 @@ ssh_deploy() { _info "Required commands batched and sent in single call to remote host" fi - _deploy_ssh_servers=$DEPLOY_SSH_SERVER + _deploy_ssh_servers="$DEPLOY_SSH_SERVER" for DEPLOY_SSH_SERVER in $_deploy_ssh_servers; do _ssh_deploy done From 606e59a5d0a6b3fc1963aeae2b23898cb2715a8f Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 29 May 2022 14:56:30 +0800 Subject: [PATCH 0818/1526] fix https://github.com/acmesh-official/acme.sh/issues/4110 fix https://github.com/acmesh-official/acme.sh/issues/4110 --- dnsapi/dns_selectel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_selectel.sh b/dnsapi/dns_selectel.sh index 94252d81..bfe501fe 100644 --- a/dnsapi/dns_selectel.sh +++ b/dnsapi/dns_selectel.sh @@ -120,7 +120,7 @@ _get_root() { return 1 fi - if _contains "$response" "\"name\": \"$h\","; then + if _contains "$response" "\"name\": *\"$h\","; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h _debug "Getting domain id for $h" From 3ce67b282fafd42a1807f556a742fb5b23a60f21 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 29 May 2022 15:03:09 +0800 Subject: [PATCH 0819/1526] merge https://github.com/acmesh-official/acme.sh/pull/4108 merge https://github.com/acmesh-official/acme.sh/pull/4108 --- dnsapi/dns_selectel.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_selectel.sh b/dnsapi/dns_selectel.sh index bfe501fe..1b09882d 100644 --- a/dnsapi/dns_selectel.sh +++ b/dnsapi/dns_selectel.sh @@ -76,7 +76,7 @@ dns_selectel_rm() { return 1 fi - _record_seg="$(echo "$response" | _egrep_o "\"content\" *: *\"$txtvalue\"[^}]*}")" + _record_seg="$(echo "$response" | _egrep_o "[^{]*\"content\" *: *\"$txtvalue\"[^}]*}")" _debug2 "_record_seg" "$_record_seg" if [ -z "$_record_seg" ]; then _err "can not find _record_seg" @@ -120,7 +120,7 @@ _get_root() { return 1 fi - if _contains "$response" "\"name\": *\"$h\","; then + if _contains "$response" "\"name\" *: *\"$h\","; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h _debug "Getting domain id for $h" From 993c187e375477f7ac6cc18a3cbdcb43e732c6b0 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 29 May 2022 15:08:15 +0800 Subject: [PATCH 0820/1526] fix https://github.com/acmesh-official/acme.sh/issues/4105 fix https://github.com/acmesh-official/acme.sh/issues/4105 --- dnsapi/dns_edgedns.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 2e5c7d30..11c132fa 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -176,6 +176,7 @@ _EDGEDNS_credentials() { _debug "GettingEdge DNS credentials" _log "$(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION})" args_missing=0 + AKAMAI_ACCESS_TOKEN="${AKAMAI_ACCESS_TOKEN:-$(_readaccountconf_mutable AKAMAI_ACCESS_TOKEN)}" if [ -z "$AKAMAI_ACCESS_TOKEN" ]; then AKAMAI_ACCESS_TOKEN="" AKAMAI_CLIENT_TOKEN="" @@ -184,6 +185,7 @@ _EDGEDNS_credentials() { _err "AKAMAI_ACCESS_TOKEN is missing" args_missing=1 fi + AKAMAI_CLIENT_TOKEN="${AKAMAI_CLIENT_TOKEN:-$(_readaccountconf_mutable AKAMAI_CLIENT_TOKEN)}" if [ -z "$AKAMAI_CLIENT_TOKEN" ]; then AKAMAI_ACCESS_TOKEN="" AKAMAI_CLIENT_TOKEN="" @@ -192,6 +194,7 @@ _EDGEDNS_credentials() { _err "AKAMAI_CLIENT_TOKEN is missing" args_missing=1 fi + AKAMAI_HOST="${AKAMAI_HOST:-$(_readaccountconf_mutable AKAMAI_HOST)}" if [ -z "$AKAMAI_HOST" ]; then AKAMAI_ACCESS_TOKEN="" AKAMAI_CLIENT_TOKEN="" @@ -200,6 +203,7 @@ _EDGEDNS_credentials() { _err "AKAMAI_HOST is missing" args_missing=1 fi + AKAMAI_CLIENT_SECRET="${AKAMAI_CLIENT_SECRET:-$(_readaccountconf_mutable AKAMAI_CLIENT_SECRET)}" if [ -z "$AKAMAI_CLIENT_SECRET" ]; then AKAMAI_ACCESS_TOKEN="" AKAMAI_CLIENT_TOKEN="" From 444a0282d7ac7e2fba871011823c00dd374f215e Mon Sep 17 00:00:00 2001 From: Bob Belnap Date: Tue, 31 May 2022 11:41:22 -0400 Subject: [PATCH 0821/1526] rename _error _err When there are errors with namecheap hosts, acme.sh fails with: dns_namecheap.sh: line 262: _error: command not found Based on usage elsewhere in the file, I believe this should be _err --- dnsapi/dns_namecheap.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh index d15d6b0e..dcd87723 100755 --- a/dnsapi/dns_namecheap.sh +++ b/dnsapi/dns_namecheap.sh @@ -259,7 +259,7 @@ _set_namecheap_TXT() { _debug hosts "$hosts" if [ -z "$hosts" ]; then - _error "Hosts not found" + _err "Hosts not found" return 1 fi @@ -313,7 +313,7 @@ _del_namecheap_TXT() { _debug hosts "$hosts" if [ -z "$hosts" ]; then - _error "Hosts not found" + _err "Hosts not found" return 1 fi From 5440fcdf54e3402c6089c79a3e5c5c79758280c3 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 1 Jun 2022 18:05:51 +0800 Subject: [PATCH 0822/1526] check the file path before copying --- acme.sh | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/acme.sh b/acme.sh index 260733a2..bc667359 100755 --- a/acme.sh +++ b/acme.sh @@ -5752,7 +5752,9 @@ _installcert() { if [ -f "$_real_cert" ] && [ ! "$_ACME_IS_RENEW" ]; then cp "$_real_cert" "$_backup_path/cert.bak" fi - cat "$CERT_PATH" >"$_real_cert" || return 1 + if [ "$CERT_PATH" != "$_real_cert" ]; then + cat "$CERT_PATH" >"$_real_cert" || return 1 + fi fi if [ "$_real_ca" ]; then @@ -5764,7 +5766,9 @@ _installcert() { if [ -f "$_real_ca" ] && [ ! "$_ACME_IS_RENEW" ]; then cp "$_real_ca" "$_backup_path/ca.bak" fi - cat "$CA_CERT_PATH" >"$_real_ca" || return 1 + if [ "$CA_CERT_PATH" != "$_real_ca" ]; then + cat "$CA_CERT_PATH" >"$_real_ca" || return 1 + fi fi fi @@ -5773,12 +5777,14 @@ _installcert() { if [ -f "$_real_key" ] && [ ! "$_ACME_IS_RENEW" ]; then cp "$_real_key" "$_backup_path/key.bak" fi - if [ -f "$_real_key" ]; then - cat "$CERT_KEY_PATH" >"$_real_key" || return 1 - else - touch "$_real_key" || return 1 - chmod 600 "$_real_key" - cat "$CERT_KEY_PATH" >"$_real_key" || return 1 + if [ "$CERT_KEY_PATH" != "$_real_key" ]; then + if [ -f "$_real_key" ]; then + cat "$CERT_KEY_PATH" >"$_real_key" || return 1 + else + touch "$_real_key" || return 1 + chmod 600 "$_real_key" + cat "$CERT_KEY_PATH" >"$_real_key" || return 1 + fi fi fi @@ -5787,7 +5793,9 @@ _installcert() { if [ -f "$_real_fullchain" ] && [ ! "$_ACME_IS_RENEW" ]; then cp "$_real_fullchain" "$_backup_path/fullchain.bak" fi - cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1 + if [ "$_real_fullchain" != "$CERT_FULLCHAIN_PATH" ]; then + cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1 + fi fi if [ "$_reload_cmd" ]; then From 8a144ebfee0b0ffba5a7712cb97086ae1da79fde Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 1 Jun 2022 18:06:14 +0800 Subject: [PATCH 0823/1526] fix https://github.com/acmesh-official/acme.sh/issues/4117 --- dnsapi/dns_cyon.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cyon.sh b/dnsapi/dns_cyon.sh index 2c08812b..830e8831 100644 --- a/dnsapi/dns_cyon.sh +++ b/dnsapi/dns_cyon.sh @@ -44,7 +44,7 @@ dns_cyon_rm() { _cyon_load_credentials() { # Convert loaded password to/from base64 as needed. if [ "${CY_Password_B64}" ]; then - CY_Password="$(printf "%s" "${CY_Password_B64}" | _dbase64 "multiline")" + CY_Password="$(printf "%s" "${CY_Password_B64}" | _dbase64)" elif [ "${CY_Password}" ]; then CY_Password_B64="$(printf "%s" "${CY_Password}" | _base64)" fi From c2b14d307587f46cf305a8c73cebb8315673b2d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reto=20Sch=C3=BCttel?= Date: Wed, 1 Jun 2022 16:51:01 +0200 Subject: [PATCH 0824/1526] dns_gcloud: disable argument parsing for challenges fixes #3596 --- dnsapi/dns_gcloud.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index d560996c..bda5cbd7 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -98,7 +98,7 @@ _dns_gcloud_remove_rrs() { --ttl="$ttl" \ --type=TXT \ --zone="$managedZone" \ - --transaction-file="$tr"; then + --transaction-file="$tr" --; then _debug tr "$(cat "$tr")" rm -r "$trd" _err "_dns_gcloud_remove_rrs: failed to remove RRs" @@ -113,7 +113,7 @@ _dns_gcloud_add_rrs() { --ttl="$ttl" \ --type=TXT \ --zone="$managedZone" \ - --transaction-file="$tr"; then + --transaction-file="$tr" --; then _debug tr "$(cat "$tr")" rm -r "$trd" _err "_dns_gcloud_add_rrs: failed to add RRs" From f426940bd2723647c03d936f6e166c3c51f1c57f Mon Sep 17 00:00:00 2001 From: rm Date: Sat, 4 Jun 2022 20:24:33 +0200 Subject: [PATCH 0825/1526] check all pages first, the go up --- dnsapi/dns_aws.sh | 46 +++++++++++++++++++++------------------------- 1 file changed, 21 insertions(+), 25 deletions(-) diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 376936f5..c5241258 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -155,29 +155,16 @@ _get_root() { i=1 p=1 - if aws_rest GET "2013-04-01/hostedzone"; then - while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) - _debug2 "Checking domain: $h" - if [ -z "$h" ]; then - if _contains "$response" "true" && _contains "$response" ""; then - _debug "IsTruncated" - _nextMarker="$(echo "$response" | _egrep_o ".*" | cut -d '>' -f 2 | cut -d '<' -f 1)" - _debug "NextMarker" "$_nextMarker" - if aws_rest GET "2013-04-01/hostedzone" "marker=$_nextMarker"; then - _debug "Truncated request OK" - i=2 - p=1 - continue - else - _err "Truncated request error." - fi - fi - #not valid - _err "Invalid domain" - return 1 - fi + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug "Checking domain: $h" + if [ -z "$h" ]; then + _error "invalid domain" + return 1 + fi + aws_rest GET "2013-04-01/hostedzone" + while true; do if _contains "$response" "$h."; then hostedzone="$(echo "$response" | sed 's//#&/g' | tr '#' '\n' | _egrep_o "[^<]*<.Id>$h.<.Name>.*false<.PrivateZone>.*<.HostedZone>")" _debug hostedzone "$hostedzone" @@ -192,10 +179,19 @@ _get_root() { return 1 fi fi - p=$i - i=$(_math "$i" + 1) + if _contains "$response" "true" && _contains "$response" ""; then + _debug "IsTruncated" + _nextMarker="$(echo "$response" | _egrep_o ".*" | cut -d '>' -f 2 | cut -d '<' -f 1)" + _debug "NextMarker" "$_nextMarker" + else + break + fi + _debug "Checking domain: $h - Next Page " + aws_rest GET "2013-04-01/hostedzone" "marker=$_nextMarker" done - fi + p=$i + i=$(_math "$i" + 1) + done return 1 } From e48d7de7636e10f7ab667766a703babd5eb74643 Mon Sep 17 00:00:00 2001 From: rm Date: Sun, 5 Jun 2022 15:46:42 +0200 Subject: [PATCH 0826/1526] push to run actions --- dnsapi/dns_aws.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index c5241258..1fcdb149 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -155,6 +155,7 @@ _get_root() { i=1 p=1 + # iterate over names (a.b.c.d -> b.c.d -> c.d -> d) while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) _debug "Checking domain: $h" @@ -163,6 +164,7 @@ _get_root() { return 1 fi + # iterate over paginated result for list_hosted_zones aws_rest GET "2013-04-01/hostedzone" while true; do if _contains "$response" "$h."; then From b5f49d9563e3daab9fdc24af3e2e27edcc42d956 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guilherme=20Capil=C3=A9?= Date: Mon, 6 Jun 2022 19:57:35 -0300 Subject: [PATCH 0827/1526] fixed compatibility for UltraDNS API v3: https://docs.ultradns.neustar/Content/REST%20API/Content/REST%20API/Zone%20API/Zone%20API.htm; also a minor bugfix for fecthing the domain_id using egrep --- dnsapi/dns_ultra.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/dnsapi/dns_ultra.sh b/dnsapi/dns_ultra.sh index 0100b3b7..9337ad4a 100644 --- a/dnsapi/dns_ultra.sh +++ b/dnsapi/dns_ultra.sh @@ -5,7 +5,8 @@ # # ULTRA_PWD="some_password_goes_here" -ULTRA_API="https://restapi.ultradns.com/v2/" +ULTRA_API="https://api.ultradns.com/v3/" +ULTRA_AUTH_API="https://api.ultradns.com/v2/" #Usage: add _acme-challenge.www.domain.com "some_long_string_of_characters_go_here_from_lets_encrypt" dns_ultra_add() { @@ -121,7 +122,7 @@ _get_root() { return 1 fi if _contains "${response}" "${h}." >/dev/null; then - _domain_id=$(echo "$response" | _egrep_o "${h}") + _domain_id=$(echo "$response" | _egrep_o "${h}" | head -1) if [ "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain="${h}" @@ -142,23 +143,25 @@ _ultra_rest() { ep="$2" data="$3" _debug "$ep" + if [ -z "$AUTH_TOKEN" ]; then + _ultra_login + fi _debug TOKEN "${AUTH_TOKEN}" - _ultra_login export _H1="Content-Type: application/json" export _H2="Authorization: Bearer ${AUTH_TOKEN}" if [ "$m" != "GET" ]; then _debug data "${data}" - response="$(_post "${data}" "${ULTRA_API}"/"${ep}" "" "${m}")" + response="$(_post "${data}" "${ULTRA_API}${ep}" "" "${m}")" else - response="$(_get "$ULTRA_API/$ep")" + response="$(_get "$ULTRA_API$ep")" fi } _ultra_login() { export _H1="" export _H2="" - AUTH_TOKEN=$(_post "grant_type=password&username=${ULTRA_USR}&password=${ULTRA_PWD}" "${ULTRA_API}authorization/token" | cut -d, -f3 | cut -d\" -f4) + AUTH_TOKEN=$(_post "grant_type=password&username=${ULTRA_USR}&password=${ULTRA_PWD}" "${ULTRA_AUTH_API}authorization/token" | cut -d, -f3 | cut -d\" -f4) export AUTH_TOKEN } From 4f816c06b01950559916eb0ad2f7205749c8729f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guilherme=20Capil=C3=A9?= Date: Tue, 7 Jun 2022 11:59:34 -0300 Subject: [PATCH 0828/1526] variable expansion consistency & actions push --- dnsapi/dns_ultra.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_ultra.sh b/dnsapi/dns_ultra.sh index 9337ad4a..0f26bd97 100644 --- a/dnsapi/dns_ultra.sh +++ b/dnsapi/dns_ultra.sh @@ -146,14 +146,14 @@ _ultra_rest() { if [ -z "$AUTH_TOKEN" ]; then _ultra_login fi - _debug TOKEN "${AUTH_TOKEN}" + _debug TOKEN "$AUTH_TOKEN" export _H1="Content-Type: application/json" - export _H2="Authorization: Bearer ${AUTH_TOKEN}" + export _H2="Authorization: Bearer $AUTH_TOKEN" if [ "$m" != "GET" ]; then - _debug data "${data}" - response="$(_post "${data}" "${ULTRA_API}${ep}" "" "${m}")" + _debug data "$data" + response="$(_post "$data" "$ULTRA_API$ep" "" "$m")" else response="$(_get "$ULTRA_API$ep")" fi From b169a5c707786b50ef9a71a8e1e13e3ee9a20ee3 Mon Sep 17 00:00:00 2001 From: Debian Bear Date: Wed, 8 Jun 2022 22:44:10 +0800 Subject: [PATCH 0829/1526] change _dbase64 to single line --- deploy/qiniu.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/qiniu.sh b/deploy/qiniu.sh index 70669917..02250ed3 100644 --- a/deploy/qiniu.sh +++ b/deploy/qiniu.sh @@ -53,7 +53,7 @@ qiniu_deploy() { sslcert_access_token="$(_make_access_token "$sslcert_path")" _debug sslcert_access_token "$sslcert_access_token" export _H1="Authorization: QBox $sslcert_access_token" - sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64 "multiline") + sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64) if ! _contains "$sslcert_response" "certID"; then _err "Error in creating certificate:" @@ -75,7 +75,7 @@ qiniu_deploy() { update_access_token="$(_make_access_token "$update_path")" _debug update_access_token "$update_access_token" export _H1="Authorization: QBox $update_access_token" - update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64 "multiline") + update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64) if _contains "$update_response" "error"; then _err "Error in updating domain $domain httpsconf:" From c8d0d475e4f79f48877048fc6dfb45e1b28c5404 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 11 Jun 2022 13:49:31 -0400 Subject: [PATCH 0830/1526] deploy api script to upload certs to proxmox using proxmox api --- deploy/proxmoxve.sh | 123 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 deploy/proxmoxve.sh diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh new file mode 100644 index 00000000..8a5893b7 --- /dev/null +++ b/deploy/proxmoxve.sh @@ -0,0 +1,123 @@ +#!/usr/bin/env bash + +# Deploy certificates to a proxmox virtual environment node using the API. +# +# Environment variables that can be set are: +# `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to +# _cdomain. +# `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on. +# Defaults to 8006. +# `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to. +# Defaults to the host portion of the server +# domain name. +# `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root. +# `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates +# with. Defaults to pam. +# `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the +# user account. Defaults to acme. +# `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required. + +proxmoxve_deploy(){ + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + # "Sane" defaults. + _target_hostname="$_cdomain" + if [ ! -z "$DEPLOY_PROXMOXVE_SERVER" ];then + _target_hostname="$DEPLOY_PROXMOXVE_SERVER" + fi + + _target_port="8006" + if [ ! -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ];then + _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" + fi + + if [ ! -z "$DEPLOY_PROXMOXVE_NODE_NAME" ];then + _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" + else + _node_name=$(echo "$_target_hostname"|cut -d. -f1) + fi + + # Complete URL. + _target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom" + + # More "sane" defaults. + _proxmoxve_user="root" + if [ ! -z "$_proxmoxve_user" ];then + _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" + fi + + _proxmoxve_user_realm="pam" + if [ ! -z "$DEPLOY_PROXMOXVE_USER_REALM" ];then + _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" + fi + + _proxmoxve_api_token_name="acme" + if [ ! -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ];then + _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" + fi + + # This is required. + _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" + if [ -z "$_proxmoxve_api_token_key" ];then + _err "API key not provided." + return 1 + fi + + # PVE API Token header value. Used in "Authorization: PVEAPIToken". + _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" + + # Generate the data file curl will pass as the data. + _proxmoxve_temp_data="/tmp/proxmoxve_api/$_cdomain" + _proxmoxve_temp_data_file="$_proxmoxve_temp_data/body.json" + # We delete this directory at the end of the script to avoid any conflicts. + if [ ! -d "$_proxmoxve_temp_data" ];then + mkdir -p "$_proxmoxve_temp_data" + # Set to 700 since this file will contain the private key contents. + chmod 700 "$_proxmoxve_temp_data" + fi + # Ugly. I hate putting heredocs inside functions because heredocs don't account + # for whitespace correctly but it _does_ work and is several times cleaner + # than anything else I had here. + # + # This creates a temporary data file that curl will use as the data being + # posted to the webserver. + cat << HEREDOC > "$_proxmoxve_temp_data_file" +{ + "certificates": "$(cat $_cfullchain|tr '\n' ':'|sed 's/:/\\n/g')", + "key": "$(cat $_ckey|tr '\n' ':'|sed 's/:/\\n/g')", + "node":"$_node_name", + "restart":"1", + "force":"1" +} +HEREDOC + + # Push certificates to server. + # + # --insecure is to ignore certificate errors. + # --fail is to fail the script if the http return code is not 200. + if curl -X "POST" --header "Content-Type: application/json" \ + --header "Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" \ + --data "@${_proxmoxve_temp_data_file}" \ + --insecure --fail \ + "${_target_url}" + then + _info "Successfully updated certificate for $_cdomain." + rm -r "$_proxmoxve_temp_data" + return 0 + else + _err "Unable to update certificate for $_cdomain." + rm -r "$_proxmoxve_temp_data" + return 1 + fi + +} From 6652138d3e2965ddadfbfd9d385e98973f7a4cc0 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Tue, 14 Jun 2022 22:33:38 -0400 Subject: [PATCH 0831/1526] fixed per shellcheck's preference for `-n` instead of `! -z` --- deploy/proxmoxve.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 8a5893b7..c783d248 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -32,16 +32,16 @@ proxmoxve_deploy(){ # "Sane" defaults. _target_hostname="$_cdomain" - if [ ! -z "$DEPLOY_PROXMOXVE_SERVER" ];then + if [ -n "$DEPLOY_PROXMOXVE_SERVER" ];then _target_hostname="$DEPLOY_PROXMOXVE_SERVER" fi _target_port="8006" - if [ ! -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ];then + if [ -n "$DEPLOY_PROXMOXVE_SERVER_PORT" ];then _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" fi - if [ ! -z "$DEPLOY_PROXMOXVE_NODE_NAME" ];then + if [ -n "$DEPLOY_PROXMOXVE_NODE_NAME" ];then _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" else _node_name=$(echo "$_target_hostname"|cut -d. -f1) @@ -52,17 +52,17 @@ proxmoxve_deploy(){ # More "sane" defaults. _proxmoxve_user="root" - if [ ! -z "$_proxmoxve_user" ];then + if [ -n "$_proxmoxve_user" ];then _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" fi _proxmoxve_user_realm="pam" - if [ ! -z "$DEPLOY_PROXMOXVE_USER_REALM" ];then + if [ -n "$DEPLOY_PROXMOXVE_USER_REALM" ];then _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" fi _proxmoxve_api_token_name="acme" - if [ ! -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ];then + if [ -n "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ];then _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" fi From 4351110082cd3cfc6a11891f4296bf5c32468da5 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Tue, 14 Jun 2022 22:38:06 -0400 Subject: [PATCH 0832/1526] properly quoted variable names --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index c783d248..664a04cd 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -93,8 +93,8 @@ proxmoxve_deploy(){ # posted to the webserver. cat << HEREDOC > "$_proxmoxve_temp_data_file" { - "certificates": "$(cat $_cfullchain|tr '\n' ':'|sed 's/:/\\n/g')", - "key": "$(cat $_ckey|tr '\n' ':'|sed 's/:/\\n/g')", + "certificates": "$(cat "$_cfullchain"|tr '\n' ':'|sed 's/:/\\n/g')", + "key": "$(cat "$_ckey"|tr '\n' ':'|sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", "force":"1" From 6d640982885c849172656ddcb68d01c98dbacea5 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Tue, 14 Jun 2022 23:46:09 -0400 Subject: [PATCH 0833/1526] shell check war warning against unnecessary use of cat --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 664a04cd..459c909a 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -93,8 +93,8 @@ proxmoxve_deploy(){ # posted to the webserver. cat << HEREDOC > "$_proxmoxve_temp_data_file" { - "certificates": "$(cat "$_cfullchain"|tr '\n' ':'|sed 's/:/\\n/g')", - "key": "$(cat "$_ckey"|tr '\n' ':'|sed 's/:/\\n/g')", + "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", + "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", "force":"1" From 7be758697133b15cd4f8410df8e114252eeb4198 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 18 Jun 2022 15:01:38 +0800 Subject: [PATCH 0834/1526] Update proxmoxve.sh --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 459c909a..30f8b0b6 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh # Deploy certificates to a proxmox virtual environment node using the API. # From 13c71829485aac03e1d0da98784ea50e983e73cd Mon Sep 17 00:00:00 2001 From: Martin Arndt <5111490+Eagle3386@users.noreply.github.com> Date: Sat, 18 Jun 2022 17:32:56 +0200 Subject: [PATCH 0835/1526] Fix usage docs in file's header comment --- dnsapi/dns_artfiles.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_artfiles.sh b/dnsapi/dns_artfiles.sh index 8e0a6151..2f8e158f 100644 --- a/dnsapi/dns_artfiles.sh +++ b/dnsapi/dns_artfiles.sh @@ -8,8 +8,8 @@ # Issues: https://github.com/Eagle3386/acme.sh/issues ################################################################################ # Usage: -# 1. export AF_API_Username="api12345678" -# 2. export AF_API_Password="apiPassword" +# 1. export AF_API_USERNAME="api12345678" +# 2. export AF_API_PASSWORD="apiPassword" # 3. acme.sh --issue -d example.com --dns dns_artfiles ################################################################################ From 5f3cb9019b6fa182837fe1f9c97f8e2106e86d9b Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 12:18:33 -0400 Subject: [PATCH 0836/1526] fixed to use _post function instead of curl --- deploy/proxmoxve.sh | 34 ++++++++++------------------------ 1 file changed, 10 insertions(+), 24 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 459c909a..a7f11d20 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -85,13 +85,13 @@ proxmoxve_deploy(){ # Set to 700 since this file will contain the private key contents. chmod 700 "$_proxmoxve_temp_data" fi - # Ugly. I hate putting heredocs inside functions because heredocs don't account - # for whitespace correctly but it _does_ work and is several times cleaner - # than anything else I had here. + # Ugly. I hate putting heredocs inside functions because heredocs don't + # account for whitespace correctly but it _does_ work and is several times + # cleaner than anything else I had here. # - # This creates a temporary data file that curl will use as the data being - # posted to the webserver. - cat << HEREDOC > "$_proxmoxve_temp_data_file" + # This dumps the json payload to a variable that should be passable to the + # _psot function. + _json_payload=$(cat << HEREDOC { "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", @@ -100,24 +100,10 @@ proxmoxve_deploy(){ "force":"1" } HEREDOC - +) # Push certificates to server. - # - # --insecure is to ignore certificate errors. - # --fail is to fail the script if the http return code is not 200. - if curl -X "POST" --header "Content-Type: application/json" \ - --header "Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" \ - --data "@${_proxmoxve_temp_data_file}" \ - --insecure --fail \ - "${_target_url}" - then - _info "Successfully updated certificate for $_cdomain." - rm -r "$_proxmoxve_temp_data" - return 0 - else - _err "Unable to update certificate for $_cdomain." - rm -r "$_proxmoxve_temp_data" - return 1 - fi + export _HTTPS_INSECURE=1 + export ="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" + _post "$_json_payload" "$_target_url" } From daffc4e6a4818da714ee73f4ed25a824b931f466 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 12:21:14 -0400 Subject: [PATCH 0837/1526] typo, using _H1 to provide header keys. --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index a7f11d20..fafa3cb4 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -103,7 +103,7 @@ HEREDOC ) # Push certificates to server. export _HTTPS_INSECURE=1 - export ="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" + export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" _post "$_json_payload" "$_target_url" } From ca41ea2d5c792178d1f434ccfb0723825d139244 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 15:40:05 -0400 Subject: [PATCH 0838/1526] added _getdeployconf to set all of the environment variables --- deploy/proxmoxve.sh | 50 ++++++++++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 14 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index fafa3cb4..7cc0b850 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -31,50 +31,72 @@ proxmoxve_deploy(){ _debug _cfullchain "$_cfullchain" # "Sane" defaults. - _target_hostname="$_cdomain" - if [ -n "$DEPLOY_PROXMOXVE_SERVER" ];then + _getdeployconf DEPLOY_PROXMOXVE_SERVER + if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then _target_hostname="$DEPLOY_PROXMOXVE_SERVER" + else + _target_hostname="$_cdomain" fi + _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname" - _target_port="8006" - if [ -n "$DEPLOY_PROXMOXVE_SERVER_PORT" ];then + _getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT + if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then + _target_port="8006" + else _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" fi + _debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port" - if [ -n "$DEPLOY_PROXMOXVE_NODE_NAME" ];then - _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" - else + _getdeployconf DEPLOY_PROXMOXVE_NODE_NAME + if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then _node_name=$(echo "$_target_hostname"|cut -d. -f1) + else + _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" fi + _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name" # Complete URL. _target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom" + _debug TARGET_URL "$_target_url" # More "sane" defaults. - _proxmoxve_user="root" - if [ -n "$_proxmoxve_user" ];then + _getdeployconf DEPLOY_PROXMOXVE_USER + if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then + _proxmoxve_user="root" + else _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" fi + _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_proxmoxve_user" - _proxmoxve_user_realm="pam" - if [ -n "$DEPLOY_PROXMOXVE_USER_REALM" ];then + _getdeployconf DEPLOY_PROXMOXVE_USER_REALM + if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then + _proxmoxve_user_realm="pam" + else _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" fi + _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm" - _proxmoxve_api_token_name="acme" - if [ -n "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ];then + _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME + if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then + _proxmoxve_api_token_name="acme" + else _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" fi + _debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name" # This is required. - _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" + _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY if [ -z "$_proxmoxve_api_token_key" ];then _err "API key not provided." return 1 + else + _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" fi + _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key # PVE API Token header value. Used in "Authorization: PVEAPIToken". _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" + _debug2 "Auth Header" _proxmoxve_header_api_token # Generate the data file curl will pass as the data. _proxmoxve_temp_data="/tmp/proxmoxve_api/$_cdomain" From 35cf98fff2e69c8afabce3f8444e1c94ed0f9da5 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 15:41:38 -0400 Subject: [PATCH 0839/1526] sensititive things debugged at a higher level --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 7cc0b850..2c99ab9f 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -25,7 +25,7 @@ proxmoxve_deploy(){ _cfullchain="$5" _debug _cdomain "$_cdomain" - _debug _ckey "$_ckey" + _debug2 _ckey "$_ckey" _debug _ccert "$_ccert" _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" From 3cc283cbee2b3ac0997ee0b5a0c1793b0647efd8 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 15:44:25 -0400 Subject: [PATCH 0840/1526] not generating files any more --- deploy/proxmoxve.sh | 9 --------- 1 file changed, 9 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 2c99ab9f..80be4a3c 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -98,15 +98,6 @@ proxmoxve_deploy(){ _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" _debug2 "Auth Header" _proxmoxve_header_api_token - # Generate the data file curl will pass as the data. - _proxmoxve_temp_data="/tmp/proxmoxve_api/$_cdomain" - _proxmoxve_temp_data_file="$_proxmoxve_temp_data/body.json" - # We delete this directory at the end of the script to avoid any conflicts. - if [ ! -d "$_proxmoxve_temp_data" ];then - mkdir -p "$_proxmoxve_temp_data" - # Set to 700 since this file will contain the private key contents. - chmod 700 "$_proxmoxve_temp_data" - fi # Ugly. I hate putting heredocs inside functions because heredocs don't # account for whitespace correctly but it _does_ work and is several times # cleaner than anything else I had here. From 37031721dd23db54900e7d9f0a20f00f7903b667 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 15:52:18 -0400 Subject: [PATCH 0841/1526] typo --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 80be4a3c..b15f06df 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -86,7 +86,7 @@ proxmoxve_deploy(){ # This is required. _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY - if [ -z "$_proxmoxve_api_token_key" ];then + if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ];then _err "API key not provided." return 1 else From 76fe5d8831dbf0a8169f607430a3dd061971840d Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:39:32 -0400 Subject: [PATCH 0842/1526] those where flipped by mistake --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index b15f06df..2366b34d 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -33,9 +33,9 @@ proxmoxve_deploy(){ # "Sane" defaults. _getdeployconf DEPLOY_PROXMOXVE_SERVER if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then - _target_hostname="$DEPLOY_PROXMOXVE_SERVER" - else _target_hostname="$_cdomain" + else + _target_hostname="$DEPLOY_PROXMOXVE_SERVER" fi _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname" From 7900c493af1d035a79c54c8ad429350d7acc8041 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:43:25 -0400 Subject: [PATCH 0843/1526] debugging for the payload --- deploy/proxmoxve.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 2366b34d..3b6a5a4e 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -114,6 +114,8 @@ proxmoxve_deploy(){ } HEREDOC ) + _debug2 Payload "$_json_payload" + # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" From a5d5113be34bace02dc9370bed102187aa52e7fe Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:55:12 -0400 Subject: [PATCH 0844/1526] seems like the escaped new lines aren't remaining escaped new lines with the new version of curl --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 3b6a5a4e..9b01b7c0 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -107,7 +107,7 @@ proxmoxve_deploy(){ _json_payload=$(cat << HEREDOC { "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", - "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", + "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\\n/g')", "node":"$_node_name", "restart":"1", "force":"1" @@ -115,7 +115,7 @@ proxmoxve_deploy(){ HEREDOC ) _debug2 Payload "$_json_payload" - + # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" From 4e625c18dc233a77517bb4be830acc0924972ce0 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:56:46 -0400 Subject: [PATCH 0845/1526] Revert "seems like the escaped new lines aren't remaining escaped new lines with the new version of curl" This reverts commit a5d5113be34bace02dc9370bed102187aa52e7fe. --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 9b01b7c0..3b6a5a4e 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -107,7 +107,7 @@ proxmoxve_deploy(){ _json_payload=$(cat << HEREDOC { "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", - "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\\n/g')", + "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", "force":"1" @@ -115,7 +115,7 @@ proxmoxve_deploy(){ HEREDOC ) _debug2 Payload "$_json_payload" - + # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" From 149310e1ecdec3343757296cab9ebf6975693d5d Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:58:15 -0400 Subject: [PATCH 0846/1526] '+' are being converted to ' ' at some point --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 3b6a5a4e..a7123bf1 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -106,7 +106,7 @@ proxmoxve_deploy(){ # _psot function. _json_payload=$(cat << HEREDOC { - "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", + "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g' -e 's/+/\+/g')", "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", From c0da80158005bb40f793f639c12a2d604dbddb7e Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 17:00:36 -0400 Subject: [PATCH 0847/1526] Revert "'+' are being converted to ' ' at some point" This reverts commit 149310e1ecdec3343757296cab9ebf6975693d5d. --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index a7123bf1..3b6a5a4e 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -106,7 +106,7 @@ proxmoxve_deploy(){ # _psot function. _json_payload=$(cat << HEREDOC { - "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g' -e 's/+/\+/g')", + "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", From b876128635542d12e7214619994bf1c1947c7fc5 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sun, 19 Jun 2022 01:46:10 -0400 Subject: [PATCH 0848/1526] forced content-type to json --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 3b6a5a4e..f003d2b6 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -119,6 +119,6 @@ HEREDOC # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" - _post "$_json_payload" "$_target_url" + _post "$_json_payload" "$_target_url" "" POST "application/json" } From b3b4811b2c4b9fa875d4744da6152422f55d1c20 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sun, 19 Jun 2022 22:01:56 -0400 Subject: [PATCH 0849/1526] added savedeployconf to preserve environment variables usedi in initial deployments --- deploy/proxmoxve.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 5f44a147..40012c75 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -36,6 +36,7 @@ proxmoxve_deploy(){ _target_hostname="$_cdomain" else _target_hostname="$DEPLOY_PROXMOXVE_SERVER" + _savedeployconf DEPLOY_PROXMOXVE_SERVER "$DEPLOY_PROXMOXVE_SERVER" fi _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname" @@ -44,6 +45,7 @@ proxmoxve_deploy(){ _target_port="8006" else _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" + _savedeployconf DEPLOY_PROXMOXVE_SERVER_PORT "$DEPLOY_PROXMOXVE_SERVER_PORT" fi _debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port" @@ -52,6 +54,7 @@ proxmoxve_deploy(){ _node_name=$(echo "$_target_hostname"|cut -d. -f1) else _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" + _savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME" fi _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name" @@ -65,14 +68,16 @@ proxmoxve_deploy(){ _proxmoxve_user="root" else _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" + _savedeployconf DEPLOY_PROXMOXVE_USER "$DEPLOY_PROXMOXVE_USER" fi - _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_proxmoxve_user" + _debug2 DEPLOY_PROXMOXVE_USER "$_proxmoxve_user" _getdeployconf DEPLOY_PROXMOXVE_USER_REALM if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then _proxmoxve_user_realm="pam" else _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" + _savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALMz" fi _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm" @@ -81,6 +86,7 @@ proxmoxve_deploy(){ _proxmoxve_api_token_name="acme" else _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" + _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" fi _debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name" @@ -91,6 +97,7 @@ proxmoxve_deploy(){ return 1 else _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" + _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" fi _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key From 6ccf617d62f1d73dc9fa2afbea8ca080be294194 Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 21 Jun 2022 10:12:06 +0800 Subject: [PATCH 0850/1526] clear CF_Zone_ID --- dnsapi/dns_cf.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_cf.sh b/dnsapi/dns_cf.sh index c2430086..cd8d9a8d 100755 --- a/dnsapi/dns_cf.sh +++ b/dnsapi/dns_cf.sh @@ -32,7 +32,8 @@ dns_cf_add() { else _saveaccountconf_mutable CF_Token "$CF_Token" _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID" - _saveaccountconf_mutable CF_Zone_ID "$CF_Zone_ID" + _clearaccountconf_mutable CF_Zone_ID + _clearaccountconf CF_Zone_ID fi else if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then @@ -51,6 +52,14 @@ dns_cf_add() { #save the api key and email to the account conf file. _saveaccountconf_mutable CF_Key "$CF_Key" _saveaccountconf_mutable CF_Email "$CF_Email" + + _clearaccountconf_mutable CF_Token + _clearaccountconf_mutable CF_Account_ID + _clearaccountconf_mutable CF_Zone_ID + _clearaccountconf CF_Token + _clearaccountconf CF_Account_ID + _clearaccountconf CF_Zone_ID + fi _debug "First detect the root zone" From 095697900b94e05f3ba8176c53632d6d3a7769e0 Mon Sep 17 00:00:00 2001 From: Marcel Hellkamp Date: Wed, 22 Jun 2022 17:54:49 +0200 Subject: [PATCH 0851/1526] fix: Challenge not skipped for pre-validated wildcard domain orders Some CAs auto-validate orders based on account-level rules and do not require a challenge at all. Sectigo introduced a non-standard challenges named 'sectigo-dns-01', presumably to work around this issue in certbot. This also works for non-wildcard domains in acme.sh, but wildcard domains are rejected because acme.sh hard-codes 'dns-01' as the only allowed challenge for wildcard domains, which is not offered by Sectigo. This change simply moves the '"status":"valid"' check up a bit and ignores challenge type mismatches or missing tokens if no challenge is needed anyway. --- acme.sh | 42 +++++++++++++++++------------------------- 1 file changed, 17 insertions(+), 25 deletions(-) diff --git a/acme.sh b/acme.sh index 260733a2..3210efd6 100755 --- a/acme.sh +++ b/acme.sh @@ -4600,28 +4600,26 @@ $_authorizations_map" thumbprint="$(__calc_account_thumbprint)" fi + keyauthorization="" + + if echo "$response" | grep '"status":"valid"' >/dev/null 2>&1; then + _debug "$d is already valid." + keyauthorization="$STATE_VERIFIED" + _debug keyauthorization "$keyauthorization" + fi + entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" _debug entry "$entry" - keyauthorization="" - if [ -z "$entry" ]; then - if ! _startswith "$d" '*.'; then - _debug "Not a wildcard domain, lets check whether the validation is already valid." - if echo "$response" | grep '"status":"valid"' >/dev/null 2>&1; then - _debug "$d is already valid." - keyauthorization="$STATE_VERIFIED" - _debug keyauthorization "$keyauthorization" - fi - fi - if [ -z "$keyauthorization" ]; then - _err "Error, can not get domain token entry $d for $vtype" - _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')" - if [ "$_supported_vtypes" ]; then - _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype" - fi - _clearup - _on_issue_err "$_post_hook" - return 1 + + if [ -z "$keyauthorization" -a -z "$entry" ]; then + _err "Error, can not get domain token entry $d for $vtype" + _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')" + if [ "$_supported_vtypes" ]; then + _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype" fi + _clearup + _on_issue_err "$_post_hook" + return 1 fi if [ -z "$keyauthorization" ]; then @@ -4647,12 +4645,6 @@ $_authorizations_map" fi keyauthorization="$token.$thumbprint" _debug keyauthorization "$keyauthorization" - - if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then - _debug "$d is already verified." - keyauthorization="$STATE_VERIFIED" - _debug keyauthorization "$keyauthorization" - fi fi dvlist="$d$sep$keyauthorization$sep$uri$sep$vtype$sep$_currentRoot" From 688a2341273df7c6efda960fcc854c3697805786 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Wed, 22 Jun 2022 18:56:25 +0200 Subject: [PATCH 0852/1526] Added new 'dns' provider script for https://dns.services --- dnsapi/dns_dnsservices.sh | 239 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 239 insertions(+) create mode 100755 dnsapi/dns_dnsservices.sh diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh new file mode 100755 index 00000000..d5654793 --- /dev/null +++ b/dnsapi/dns_dnsservices.sh @@ -0,0 +1,239 @@ +#!/usr/bin/env sh + +#This file name is "dns_dnsservices.sh" +#Script for Danish DNS registra and DNS hosting provider https://dns.services +# +#Author: Bjarke Bruun +#Report Bugs here: https://github.com/bbruun/acme.sh + +# Global variable to connect to the DNS Services API +DNSServices_API=https://dns.services/api + +######## Public functions ##################### + +#Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_dnsservices_add() { + fulldomain=$1 + txtvalue=$2 + + _info "Using dns.services to create ACME DNS challenge" + _debug2 add_fulldomain "$fulldomain" + _debug2 add_txtvalue "$txtvalue" + + # Read username/password from environment or .acme.sh/accounts.conf + DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" + DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + DnsServices_Username="" + DnsServices_Password="" + _err "You didn't specify dns.services api username and password yet." + _err "Set environment variables DnsServices_Username and DnsServices_Password" + return 1 + fi + + # Setup GET/POST/DELETE headers + _setup_headers + + #save the credentials to the account conf file. + _saveaccountconf_mutable DnsServices_Username "$DnsServices_Username" + _saveaccountconf_mutable DnsServices_Password "$DnsServices_Password" + + if ! _contains "$DnsServices_Username" "@"; then + _err "It seems that the username variable DnsServices_Username has not been set/left blank" + _err "or is not a valid email. Please correct and try again." + return 1 + fi + + if ! _get_root "${fulldomain}"; then + _err "Invalid domain ${fulldomain}" + return 1 + fi + + if ! createRecord "$fulldomain" "${txtvalue}"; then + _err "Error creating TXT record in domain $fulldomain in $rootZoneName" + return 1 + fi + + _debug2 challenge-created "Created $fulldomain" + return 0 +} + +#Usage: fulldomain txtvalue +#Description: Remove the txt record after validation. +dns_dnsservices_rm() { + fulldomain=$1 + txtvalue=$2 + + _info "Using dns.services to delete challenge $fulldomain TXT $txtvalue" + _debug rm_fulldomain "$fulldomain" + _debug rm_txtvalue "$txtvalue" + + # Read username/password from environment or .acme.sh/accounts.conf + DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" + DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + DnsServices_Username="" + DnsServices_Password="" + _err "You didn't specify dns.services api username and password yet." + _err "Set environment variables DnsServices_Username and DnsServices_Password" + return 1 + fi + + # Setup GET/POST/DELETE headers + _setup_headers + + if ! _get_root "${fulldomain}"; then + _err "Invalid domain ${fulldomain}" + return 1 + fi + + _debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain" + + if ! deleteRecord "${fulldomain}" "${txtvalue}"; then + _err "Error removing record: $fulldomain TXT ${txtvalue}" + return 1 + fi + + return 0 +} + +#################### Private functions below ################################## + +_setup_headers() { + # Set up API Headers for _get() and _post() + # The _add or _rm must have been called before to work + + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + _err "Could not setup BASIC authentication headers, they are missing" + return 1 + fi + + DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)" + export _H1="Authorization: Basic $DnsServiceCredentials" + export _H2="Content-Type: application/json" + + # Just return if headers are set + return 0 +} + +_get_root() { + domain=$1 + _debug2 _get_root "Get the root domain of ${domain} for DNS API" + + # Setup _get() and _post() headers + #_setup_headers + + result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns") + _debug2 _get_root "Got the following root domain(s) $result" + _debug2 _get_root "- JSON: $result" + + if [ "$(echo "$result" | grep -c '"name"')" -gt "1" ]; then + checkMultiZones="true" + _debug2 _get_root "- multiple zones found" + else + checkMultiZones="false" + + fi + + # Find/isolate the root zone to work with in createRecord() and deleteRecord() + rootZone="" + if [ "$checkMultiZones" == "true" ]; then + rootZone=$(for zone in $(echo "$result" | tr -d '\n' ' '); do + if [[ "$zone" =~ "$domain" ]]; then + _debug2 _get_root "- trying to figure out if $zone is in $domain" + echo "$zone" + break + fi + done) + else + rootZone=$(echo "$result" | grep -o '"name":"[^"]*' | cut -d'"' -f4) + _debug2 _get_root "- only found 1 domain in API: $rootZone" + fi + + if [ -z "$rootZone" ]; then + _err "Could not find root domain for $domain - is it correctly typed?" + return 1 + fi + + # Setup variables used by other functions to communicate with DNS Services API + zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") + rootZoneName="$rootZone" + subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" + subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" + rootZoneDomainID=$(echo "$zoneInfo" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) + rootZoneServiceID=$(echo "$zoneInfo" | tr ',' '\n' | grep service_id | cut -d'"' -f4) + + _debug2 _get_root "Root zone name : $rootZoneName" + _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" + _debug2 _get_root "Root zone service ID: $rootZoneServiceID" + _debug2 _get_root "Sub domain : $subDomainName" + + _debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" + return 0 + +} + +createRecord() { + fulldomain=$1 + txtvalue="$2" + + # Get root domain information - needed for DNS Services API communication + if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then + _get_root $fulldomain + fi + + _debug2 createRecord "CNAME TXT value is: $txtvalue" + + # Prepare data to send to API + data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}" + + _debug2 createRecord "data to API: $data" + result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") + _debug2 createRecord "result from API: $result" + + if [ "$(echo "$result" | grep '"success":true')" == "" ]; then + _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" + _err "$result" + return 1 + fi + + _info "Record \"$fulldomain TXT $txtvalue\" has been created" + return 0 + +} + +deleteRecord() { + fulldomain=$1 + txtvalue=$2 + + if [[ ! "$fulldomain" =~ "_acme-challenge" ]]; then + _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" + return 1 + fi + + _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" + + if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then + _get_root $fulldomain + fi + + result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" + recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" + _debug2 deleteRecord "recordInfo=$recordInfo" + recordID="$(echo "$recordInfo" | tr ',' '\n' | egrep "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + + if [ -z "$recordID" ]; then + _info "Record $fulldomain TXT $txtvalue not found or already deleted" + return 0 + else + _debug2 deleteRecord "Found recordID=$recordID" + fi + + _debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" + result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" + _debug2 deleteRecord "API Delete result \"$result\"" + + # Return OK regardless + return 0 + +} From 799f509ba9f90e6a6d5b84eaf1d7c6d9730cdbd6 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Wed, 22 Jun 2022 23:19:12 -0400 Subject: [PATCH 0853/1526] typo --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 40012c75..c156b3a3 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -77,7 +77,7 @@ proxmoxve_deploy(){ _proxmoxve_user_realm="pam" else _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" - _savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALMz" + _savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALM" fi _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm" From d6eebf82bea04335c9cc98b9e98b8080f59aa33e Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 23 Jun 2022 07:57:05 +0200 Subject: [PATCH 0854/1526] Removed a few empty lines --- dnsapi/dns_dnsservices.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index d5654793..1869bf65 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -170,7 +170,6 @@ _get_root() { _debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" return 0 - } createRecord() { @@ -199,7 +198,6 @@ createRecord() { _info "Record \"$fulldomain TXT $txtvalue\" has been created" return 0 - } deleteRecord() { @@ -235,5 +233,4 @@ deleteRecord() { # Return OK regardless return 0 - } From dc882e6279783efd8b6f3afa99093feff27fb56d Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 23 Jun 2022 08:06:28 +0200 Subject: [PATCH 0855/1526] Removed empty space --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 1869bf65..f49d8328 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -11,7 +11,7 @@ DNSServices_API=https://dns.services/api ######## Public functions ##################### -#Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +#Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_dnsservices_add() { fulldomain=$1 txtvalue=$2 From 668894fc4d1b2e7b8af4db57a6e5c454f05bfda5 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 23 Jun 2022 14:08:24 +0800 Subject: [PATCH 0856/1526] Update proxmoxve.sh --- deploy/proxmoxve.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index c156b3a3..91f02e10 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -51,7 +51,7 @@ proxmoxve_deploy(){ _getdeployconf DEPLOY_PROXMOXVE_NODE_NAME if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then - _node_name=$(echo "$_target_hostname"|cut -d. -f1) + _node_name=$(echo "$_target_hostname" | cut -d. -f1) else _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" _savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME" @@ -92,7 +92,7 @@ proxmoxve_deploy(){ # This is required. _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY - if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ];then + if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ]; then _err "API key not provided." return 1 else @@ -111,7 +111,8 @@ proxmoxve_deploy(){ # # This dumps the json payload to a variable that should be passable to the # _psot function. - _json_payload=$(cat << HEREDOC + _json_payload=$( + cat << HEREDOC { "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", @@ -120,9 +121,9 @@ proxmoxve_deploy(){ "force":"1" } HEREDOC -) + ) _debug2 Payload "$_json_payload" - + # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" From a386826808ae7e7dd2191c8f73ca716cf108067d Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 23 Jun 2022 14:11:36 +0800 Subject: [PATCH 0857/1526] Update proxmoxve.sh --- deploy/proxmoxve.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 91f02e10..742c977d 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -17,7 +17,7 @@ # user account. Defaults to acme. # `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required. -proxmoxve_deploy(){ +proxmoxve_deploy() { _cdomain="$1" _ckey="$2" _ccert="$3" @@ -112,10 +112,10 @@ proxmoxve_deploy(){ # This dumps the json payload to a variable that should be passable to the # _psot function. _json_payload=$( - cat << HEREDOC + cat < Date: Thu, 23 Jun 2022 14:12:53 +0800 Subject: [PATCH 0858/1526] Update proxmoxve.sh --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 742c977d..216a8fc7 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -115,7 +115,7 @@ proxmoxve_deploy() { cat < Date: Thu, 23 Jun 2022 08:31:40 +0200 Subject: [PATCH 0859/1526] Code formatting (shfmt) --- dnsapi/dns_dnsservices.sh | 398 +++++++++++++++++++------------------- 1 file changed, 199 insertions(+), 199 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index f49d8328..a131a165 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh #This file name is "dns_dnsservices.sh" -#Script for Danish DNS registra and DNS hosting provider https://dns.services +#Script for Danish DNS registra and DNS hosting provider https://dns.services # #Author: Bjarke Bruun #Report Bugs here: https://github.com/bbruun/acme.sh @@ -13,224 +13,224 @@ DNSServices_API=https://dns.services/api #Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_dnsservices_add() { - fulldomain=$1 - txtvalue=$2 - - _info "Using dns.services to create ACME DNS challenge" - _debug2 add_fulldomain "$fulldomain" - _debug2 add_txtvalue "$txtvalue" - - # Read username/password from environment or .acme.sh/accounts.conf - DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" - DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" - if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then - DnsServices_Username="" - DnsServices_Password="" - _err "You didn't specify dns.services api username and password yet." - _err "Set environment variables DnsServices_Username and DnsServices_Password" - return 1 - fi - - # Setup GET/POST/DELETE headers - _setup_headers - - #save the credentials to the account conf file. - _saveaccountconf_mutable DnsServices_Username "$DnsServices_Username" - _saveaccountconf_mutable DnsServices_Password "$DnsServices_Password" - - if ! _contains "$DnsServices_Username" "@"; then - _err "It seems that the username variable DnsServices_Username has not been set/left blank" - _err "or is not a valid email. Please correct and try again." - return 1 - fi - - if ! _get_root "${fulldomain}"; then - _err "Invalid domain ${fulldomain}" - return 1 - fi - - if ! createRecord "$fulldomain" "${txtvalue}"; then - _err "Error creating TXT record in domain $fulldomain in $rootZoneName" - return 1 - fi - - _debug2 challenge-created "Created $fulldomain" - return 0 + fulldomain=$1 + txtvalue=$2 + + _info "Using dns.services to create ACME DNS challenge" + _debug2 add_fulldomain "$fulldomain" + _debug2 add_txtvalue "$txtvalue" + + # Read username/password from environment or .acme.sh/accounts.conf + DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" + DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + DnsServices_Username="" + DnsServices_Password="" + _err "You didn't specify dns.services api username and password yet." + _err "Set environment variables DnsServices_Username and DnsServices_Password" + return 1 + fi + + # Setup GET/POST/DELETE headers + _setup_headers + + #save the credentials to the account conf file. + _saveaccountconf_mutable DnsServices_Username "$DnsServices_Username" + _saveaccountconf_mutable DnsServices_Password "$DnsServices_Password" + + if ! _contains "$DnsServices_Username" "@"; then + _err "It seems that the username variable DnsServices_Username has not been set/left blank" + _err "or is not a valid email. Please correct and try again." + return 1 + fi + + if ! _get_root "${fulldomain}"; then + _err "Invalid domain ${fulldomain}" + return 1 + fi + + if ! createRecord "$fulldomain" "${txtvalue}"; then + _err "Error creating TXT record in domain $fulldomain in $rootZoneName" + return 1 + fi + + _debug2 challenge-created "Created $fulldomain" + return 0 } #Usage: fulldomain txtvalue #Description: Remove the txt record after validation. dns_dnsservices_rm() { - fulldomain=$1 - txtvalue=$2 - - _info "Using dns.services to delete challenge $fulldomain TXT $txtvalue" - _debug rm_fulldomain "$fulldomain" - _debug rm_txtvalue "$txtvalue" - - # Read username/password from environment or .acme.sh/accounts.conf - DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" - DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" - if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then - DnsServices_Username="" - DnsServices_Password="" - _err "You didn't specify dns.services api username and password yet." - _err "Set environment variables DnsServices_Username and DnsServices_Password" - return 1 - fi - - # Setup GET/POST/DELETE headers - _setup_headers - - if ! _get_root "${fulldomain}"; then - _err "Invalid domain ${fulldomain}" - return 1 - fi - - _debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain" - - if ! deleteRecord "${fulldomain}" "${txtvalue}"; then - _err "Error removing record: $fulldomain TXT ${txtvalue}" - return 1 - fi - - return 0 + fulldomain=$1 + txtvalue=$2 + + _info "Using dns.services to delete challenge $fulldomain TXT $txtvalue" + _debug rm_fulldomain "$fulldomain" + _debug rm_txtvalue "$txtvalue" + + # Read username/password from environment or .acme.sh/accounts.conf + DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" + DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + DnsServices_Username="" + DnsServices_Password="" + _err "You didn't specify dns.services api username and password yet." + _err "Set environment variables DnsServices_Username and DnsServices_Password" + return 1 + fi + + # Setup GET/POST/DELETE headers + _setup_headers + + if ! _get_root "${fulldomain}"; then + _err "Invalid domain ${fulldomain}" + return 1 + fi + + _debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain" + + if ! deleteRecord "${fulldomain}" "${txtvalue}"; then + _err "Error removing record: $fulldomain TXT ${txtvalue}" + return 1 + fi + + return 0 } #################### Private functions below ################################## _setup_headers() { - # Set up API Headers for _get() and _post() - # The _add or _rm must have been called before to work + # Set up API Headers for _get() and _post() + # The _add or _rm must have been called before to work - if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then - _err "Could not setup BASIC authentication headers, they are missing" - return 1 - fi + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + _err "Could not setup BASIC authentication headers, they are missing" + return 1 + fi - DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)" - export _H1="Authorization: Basic $DnsServiceCredentials" - export _H2="Content-Type: application/json" + DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)" + export _H1="Authorization: Basic $DnsServiceCredentials" + export _H2="Content-Type: application/json" - # Just return if headers are set - return 0 + # Just return if headers are set + return 0 } _get_root() { - domain=$1 - _debug2 _get_root "Get the root domain of ${domain} for DNS API" - - # Setup _get() and _post() headers - #_setup_headers - - result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns") - _debug2 _get_root "Got the following root domain(s) $result" - _debug2 _get_root "- JSON: $result" - - if [ "$(echo "$result" | grep -c '"name"')" -gt "1" ]; then - checkMultiZones="true" - _debug2 _get_root "- multiple zones found" - else - checkMultiZones="false" - - fi - - # Find/isolate the root zone to work with in createRecord() and deleteRecord() - rootZone="" - if [ "$checkMultiZones" == "true" ]; then - rootZone=$(for zone in $(echo "$result" | tr -d '\n' ' '); do - if [[ "$zone" =~ "$domain" ]]; then - _debug2 _get_root "- trying to figure out if $zone is in $domain" - echo "$zone" - break - fi - done) - else - rootZone=$(echo "$result" | grep -o '"name":"[^"]*' | cut -d'"' -f4) - _debug2 _get_root "- only found 1 domain in API: $rootZone" - fi - - if [ -z "$rootZone" ]; then - _err "Could not find root domain for $domain - is it correctly typed?" - return 1 - fi - - # Setup variables used by other functions to communicate with DNS Services API - zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") - rootZoneName="$rootZone" - subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" - subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" - rootZoneDomainID=$(echo "$zoneInfo" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) - rootZoneServiceID=$(echo "$zoneInfo" | tr ',' '\n' | grep service_id | cut -d'"' -f4) - - _debug2 _get_root "Root zone name : $rootZoneName" - _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" - _debug2 _get_root "Root zone service ID: $rootZoneServiceID" - _debug2 _get_root "Sub domain : $subDomainName" - - _debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" - return 0 + domain=$1 + _debug2 _get_root "Get the root domain of ${domain} for DNS API" + + # Setup _get() and _post() headers + #_setup_headers + + result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns") + _debug2 _get_root "Got the following root domain(s) $result" + _debug2 _get_root "- JSON: $result" + + if [ "$(echo "$result" | grep -c '"name"')" -gt "1" ]; then + checkMultiZones="true" + _debug2 _get_root "- multiple zones found" + else + checkMultiZones="false" + + fi + + # Find/isolate the root zone to work with in createRecord() and deleteRecord() + rootZone="" + if [ "$checkMultiZones" == "true" ]; then + rootZone=$(for zone in $(echo "$result" | tr -d '\n' ' '); do + if [[ "$zone" =~ "$domain" ]]; then + _debug2 _get_root "- trying to figure out if $zone is in $domain" + echo "$zone" + break + fi + done) + else + rootZone=$(echo "$result" | grep -o '"name":"[^"]*' | cut -d'"' -f4) + _debug2 _get_root "- only found 1 domain in API: $rootZone" + fi + + if [ -z "$rootZone" ]; then + _err "Could not find root domain for $domain - is it correctly typed?" + return 1 + fi + + # Setup variables used by other functions to communicate with DNS Services API + zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") + rootZoneName="$rootZone" + subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" + subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" + rootZoneDomainID=$(echo "$zoneInfo" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) + rootZoneServiceID=$(echo "$zoneInfo" | tr ',' '\n' | grep service_id | cut -d'"' -f4) + + _debug2 _get_root "Root zone name : $rootZoneName" + _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" + _debug2 _get_root "Root zone service ID: $rootZoneServiceID" + _debug2 _get_root "Sub domain : $subDomainName" + + _debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" + return 0 } createRecord() { - fulldomain=$1 - txtvalue="$2" - - # Get root domain information - needed for DNS Services API communication - if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then - _get_root $fulldomain - fi - - _debug2 createRecord "CNAME TXT value is: $txtvalue" - - # Prepare data to send to API - data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}" - - _debug2 createRecord "data to API: $data" - result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") - _debug2 createRecord "result from API: $result" - - if [ "$(echo "$result" | grep '"success":true')" == "" ]; then - _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" - _err "$result" - return 1 - fi - - _info "Record \"$fulldomain TXT $txtvalue\" has been created" - return 0 + fulldomain=$1 + txtvalue="$2" + + # Get root domain information - needed for DNS Services API communication + if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then + _get_root $fulldomain + fi + + _debug2 createRecord "CNAME TXT value is: $txtvalue" + + # Prepare data to send to API + data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}" + + _debug2 createRecord "data to API: $data" + result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") + _debug2 createRecord "result from API: $result" + + if [ "$(echo "$result" | grep '"success":true')" == "" ]; then + _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" + _err "$result" + return 1 + fi + + _info "Record \"$fulldomain TXT $txtvalue\" has been created" + return 0 } deleteRecord() { - fulldomain=$1 - txtvalue=$2 - - if [[ ! "$fulldomain" =~ "_acme-challenge" ]]; then - _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" - return 1 - fi - - _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" - - if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then - _get_root $fulldomain - fi - - result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" - recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" - _debug2 deleteRecord "recordInfo=$recordInfo" - recordID="$(echo "$recordInfo" | tr ',' '\n' | egrep "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" - - if [ -z "$recordID" ]; then - _info "Record $fulldomain TXT $txtvalue not found or already deleted" - return 0 - else - _debug2 deleteRecord "Found recordID=$recordID" - fi - - _debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" - result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" - _debug2 deleteRecord "API Delete result \"$result\"" - - # Return OK regardless - return 0 + fulldomain=$1 + txtvalue=$2 + + if [[ ! "$fulldomain" =~ "_acme-challenge" ]]; then + _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" + return 1 + fi + + _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" + + if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then + _get_root $fulldomain + fi + + result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" + recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" + _debug2 deleteRecord "recordInfo=$recordInfo" + recordID="$(echo "$recordInfo" | tr ',' '\n' | egrep "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + + if [ -z "$recordID" ]; then + _info "Record $fulldomain TXT $txtvalue not found or already deleted" + return 0 + else + _debug2 deleteRecord "Found recordID=$recordID" + fi + + _debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" + result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" + _debug2 deleteRecord "API Delete result \"$result\"" + + # Return OK regardless + return 0 } From 2f97c789ddc9f6d1689bd8726608e70ad0594af5 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 23 Jun 2022 09:14:17 +0200 Subject: [PATCH 0860/1526] Code formatting (shellcheck/shfmt) --- dnsapi/dns_dnsservices.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index a131a165..bf56c16b 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -137,9 +137,9 @@ _get_root() { # Find/isolate the root zone to work with in createRecord() and deleteRecord() rootZone="" - if [ "$checkMultiZones" == "true" ]; then + if [ "$checkMultiZones" = "true" ]; then rootZone=$(for zone in $(echo "$result" | tr -d '\n' ' '); do - if [[ "$zone" =~ "$domain" ]]; then + if [ "$(echo "$domain" | grep "$zone")" != "" ]; then _debug2 _get_root "- trying to figure out if $zone is in $domain" echo "$zone" break @@ -178,7 +178,7 @@ createRecord() { # Get root domain information - needed for DNS Services API communication if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then - _get_root $fulldomain + _get_root "$fulldomain" fi _debug2 createRecord "CNAME TXT value is: $txtvalue" @@ -190,7 +190,7 @@ createRecord() { result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") _debug2 createRecord "result from API: $result" - if [ "$(echo "$result" | grep '"success":true')" == "" ]; then + if [ "$(echo "$result" | grep '"success":true')" = "" ]; then _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" _err "$result" return 1 @@ -204,7 +204,7 @@ deleteRecord() { fulldomain=$1 txtvalue=$2 - if [[ ! "$fulldomain" =~ "_acme-challenge" ]]; then + if [ "$(echo "$fulldomain" | grep "_acme-challenge")" = "" ]; then _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" return 1 fi @@ -212,13 +212,13 @@ deleteRecord() { _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then - _get_root $fulldomain + _get_root "$fulldomain" fi result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" _debug2 deleteRecord "recordInfo=$recordInfo" - recordID="$(echo "$recordInfo" | tr ',' '\n' | egrep "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + recordID="$(echo "$recordInfo" | tr ',' '\n' | grep -E "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" if [ -z "$recordID" ]; then _info "Record $fulldomain TXT $txtvalue not found or already deleted" From 56a686d3e06c13d867bd7cce2b5e5babbf4c28ab Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 23 Jun 2022 09:21:20 +0200 Subject: [PATCH 0861/1526] Code formatting (shfmt) --- dnsapi/dns_dnsservices.sh | 384 +++++++++++++++++++------------------- 1 file changed, 192 insertions(+), 192 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index bf56c16b..a7a646c2 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -13,224 +13,224 @@ DNSServices_API=https://dns.services/api #Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_dnsservices_add() { - fulldomain=$1 - txtvalue=$2 - - _info "Using dns.services to create ACME DNS challenge" - _debug2 add_fulldomain "$fulldomain" - _debug2 add_txtvalue "$txtvalue" - - # Read username/password from environment or .acme.sh/accounts.conf - DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" - DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" - if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then - DnsServices_Username="" - DnsServices_Password="" - _err "You didn't specify dns.services api username and password yet." - _err "Set environment variables DnsServices_Username and DnsServices_Password" - return 1 - fi - - # Setup GET/POST/DELETE headers - _setup_headers - - #save the credentials to the account conf file. - _saveaccountconf_mutable DnsServices_Username "$DnsServices_Username" - _saveaccountconf_mutable DnsServices_Password "$DnsServices_Password" - - if ! _contains "$DnsServices_Username" "@"; then - _err "It seems that the username variable DnsServices_Username has not been set/left blank" - _err "or is not a valid email. Please correct and try again." - return 1 - fi - - if ! _get_root "${fulldomain}"; then - _err "Invalid domain ${fulldomain}" - return 1 - fi - - if ! createRecord "$fulldomain" "${txtvalue}"; then - _err "Error creating TXT record in domain $fulldomain in $rootZoneName" - return 1 - fi - - _debug2 challenge-created "Created $fulldomain" - return 0 + fulldomain=$1 + txtvalue=$2 + + _info "Using dns.services to create ACME DNS challenge" + _debug2 add_fulldomain "$fulldomain" + _debug2 add_txtvalue "$txtvalue" + + # Read username/password from environment or .acme.sh/accounts.conf + DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" + DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + DnsServices_Username="" + DnsServices_Password="" + _err "You didn't specify dns.services api username and password yet." + _err "Set environment variables DnsServices_Username and DnsServices_Password" + return 1 + fi + + # Setup GET/POST/DELETE headers + _setup_headers + + #save the credentials to the account conf file. + _saveaccountconf_mutable DnsServices_Username "$DnsServices_Username" + _saveaccountconf_mutable DnsServices_Password "$DnsServices_Password" + + if ! _contains "$DnsServices_Username" "@"; then + _err "It seems that the username variable DnsServices_Username has not been set/left blank" + _err "or is not a valid email. Please correct and try again." + return 1 + fi + + if ! _get_root "${fulldomain}"; then + _err "Invalid domain ${fulldomain}" + return 1 + fi + + if ! createRecord "$fulldomain" "${txtvalue}"; then + _err "Error creating TXT record in domain $fulldomain in $rootZoneName" + return 1 + fi + + _debug2 challenge-created "Created $fulldomain" + return 0 } #Usage: fulldomain txtvalue #Description: Remove the txt record after validation. dns_dnsservices_rm() { - fulldomain=$1 - txtvalue=$2 - - _info "Using dns.services to delete challenge $fulldomain TXT $txtvalue" - _debug rm_fulldomain "$fulldomain" - _debug rm_txtvalue "$txtvalue" - - # Read username/password from environment or .acme.sh/accounts.conf - DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" - DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" - if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then - DnsServices_Username="" - DnsServices_Password="" - _err "You didn't specify dns.services api username and password yet." - _err "Set environment variables DnsServices_Username and DnsServices_Password" - return 1 - fi - - # Setup GET/POST/DELETE headers - _setup_headers - - if ! _get_root "${fulldomain}"; then - _err "Invalid domain ${fulldomain}" - return 1 - fi - - _debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain" - - if ! deleteRecord "${fulldomain}" "${txtvalue}"; then - _err "Error removing record: $fulldomain TXT ${txtvalue}" - return 1 - fi - - return 0 + fulldomain=$1 + txtvalue=$2 + + _info "Using dns.services to delete challenge $fulldomain TXT $txtvalue" + _debug rm_fulldomain "$fulldomain" + _debug rm_txtvalue "$txtvalue" + + # Read username/password from environment or .acme.sh/accounts.conf + DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" + DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + DnsServices_Username="" + DnsServices_Password="" + _err "You didn't specify dns.services api username and password yet." + _err "Set environment variables DnsServices_Username and DnsServices_Password" + return 1 + fi + + # Setup GET/POST/DELETE headers + _setup_headers + + if ! _get_root "${fulldomain}"; then + _err "Invalid domain ${fulldomain}" + return 1 + fi + + _debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain" + + if ! deleteRecord "${fulldomain}" "${txtvalue}"; then + _err "Error removing record: $fulldomain TXT ${txtvalue}" + return 1 + fi + + return 0 } #################### Private functions below ################################## _setup_headers() { - # Set up API Headers for _get() and _post() - # The _add or _rm must have been called before to work + # Set up API Headers for _get() and _post() + # The _add or _rm must have been called before to work - if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then - _err "Could not setup BASIC authentication headers, they are missing" - return 1 - fi + if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then + _err "Could not setup BASIC authentication headers, they are missing" + return 1 + fi - DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)" - export _H1="Authorization: Basic $DnsServiceCredentials" - export _H2="Content-Type: application/json" + DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)" + export _H1="Authorization: Basic $DnsServiceCredentials" + export _H2="Content-Type: application/json" - # Just return if headers are set - return 0 + # Just return if headers are set + return 0 } _get_root() { - domain=$1 - _debug2 _get_root "Get the root domain of ${domain} for DNS API" - - # Setup _get() and _post() headers - #_setup_headers - - result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns") - _debug2 _get_root "Got the following root domain(s) $result" - _debug2 _get_root "- JSON: $result" - - if [ "$(echo "$result" | grep -c '"name"')" -gt "1" ]; then - checkMultiZones="true" - _debug2 _get_root "- multiple zones found" - else - checkMultiZones="false" - - fi - - # Find/isolate the root zone to work with in createRecord() and deleteRecord() - rootZone="" - if [ "$checkMultiZones" = "true" ]; then - rootZone=$(for zone in $(echo "$result" | tr -d '\n' ' '); do - if [ "$(echo "$domain" | grep "$zone")" != "" ]; then - _debug2 _get_root "- trying to figure out if $zone is in $domain" - echo "$zone" - break - fi - done) - else - rootZone=$(echo "$result" | grep -o '"name":"[^"]*' | cut -d'"' -f4) - _debug2 _get_root "- only found 1 domain in API: $rootZone" - fi - - if [ -z "$rootZone" ]; then - _err "Could not find root domain for $domain - is it correctly typed?" - return 1 - fi - - # Setup variables used by other functions to communicate with DNS Services API - zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") - rootZoneName="$rootZone" - subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" - subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" - rootZoneDomainID=$(echo "$zoneInfo" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) - rootZoneServiceID=$(echo "$zoneInfo" | tr ',' '\n' | grep service_id | cut -d'"' -f4) - - _debug2 _get_root "Root zone name : $rootZoneName" - _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" - _debug2 _get_root "Root zone service ID: $rootZoneServiceID" - _debug2 _get_root "Sub domain : $subDomainName" - - _debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" - return 0 + domain=$1 + _debug2 _get_root "Get the root domain of ${domain} for DNS API" + + # Setup _get() and _post() headers + #_setup_headers + + result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns") + _debug2 _get_root "Got the following root domain(s) $result" + _debug2 _get_root "- JSON: $result" + + if [ "$(echo "$result" | grep -c '"name"')" -gt "1" ]; then + checkMultiZones="true" + _debug2 _get_root "- multiple zones found" + else + checkMultiZones="false" + + fi + + # Find/isolate the root zone to work with in createRecord() and deleteRecord() + rootZone="" + if [ "$checkMultiZones" = "true" ]; then + rootZone=$(for zone in $(echo "$result" | tr -d '\n' ' '); do + if [ "$(echo "$domain" | grep "$zone")" != "" ]; then + _debug2 _get_root "- trying to figure out if $zone is in $domain" + echo "$zone" + break + fi + done) + else + rootZone=$(echo "$result" | grep -o '"name":"[^"]*' | cut -d'"' -f4) + _debug2 _get_root "- only found 1 domain in API: $rootZone" + fi + + if [ -z "$rootZone" ]; then + _err "Could not find root domain for $domain - is it correctly typed?" + return 1 + fi + + # Setup variables used by other functions to communicate with DNS Services API + zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") + rootZoneName="$rootZone" + subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" + subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" + rootZoneDomainID=$(echo "$zoneInfo" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) + rootZoneServiceID=$(echo "$zoneInfo" | tr ',' '\n' | grep service_id | cut -d'"' -f4) + + _debug2 _get_root "Root zone name : $rootZoneName" + _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" + _debug2 _get_root "Root zone service ID: $rootZoneServiceID" + _debug2 _get_root "Sub domain : $subDomainName" + + _debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" + return 0 } createRecord() { - fulldomain=$1 - txtvalue="$2" + fulldomain=$1 + txtvalue="$2" - # Get root domain information - needed for DNS Services API communication - if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then - _get_root "$fulldomain" - fi + # Get root domain information - needed for DNS Services API communication + if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then + _get_root "$fulldomain" + fi - _debug2 createRecord "CNAME TXT value is: $txtvalue" + _debug2 createRecord "CNAME TXT value is: $txtvalue" - # Prepare data to send to API - data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}" + # Prepare data to send to API + data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}" - _debug2 createRecord "data to API: $data" - result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") - _debug2 createRecord "result from API: $result" + _debug2 createRecord "data to API: $data" + result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") + _debug2 createRecord "result from API: $result" - if [ "$(echo "$result" | grep '"success":true')" = "" ]; then - _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" - _err "$result" - return 1 - fi + if [ "$(echo "$result" | grep '"success":true')" = "" ]; then + _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" + _err "$result" + return 1 + fi - _info "Record \"$fulldomain TXT $txtvalue\" has been created" - return 0 + _info "Record \"$fulldomain TXT $txtvalue\" has been created" + return 0 } deleteRecord() { - fulldomain=$1 - txtvalue=$2 - - if [ "$(echo "$fulldomain" | grep "_acme-challenge")" = "" ]; then - _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" - return 1 - fi - - _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" - - if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then - _get_root "$fulldomain" - fi - - result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" - recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" - _debug2 deleteRecord "recordInfo=$recordInfo" - recordID="$(echo "$recordInfo" | tr ',' '\n' | grep -E "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" - - if [ -z "$recordID" ]; then - _info "Record $fulldomain TXT $txtvalue not found or already deleted" - return 0 - else - _debug2 deleteRecord "Found recordID=$recordID" - fi - - _debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" - result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" - _debug2 deleteRecord "API Delete result \"$result\"" - - # Return OK regardless - return 0 + fulldomain=$1 + txtvalue=$2 + + if [ "$(echo "$fulldomain" | grep "_acme-challenge")" = "" ]; then + _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" + return 1 + fi + + _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" + + if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then + _get_root "$fulldomain" + fi + + result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" + recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" + _debug2 deleteRecord "recordInfo=$recordInfo" + recordID="$(echo "$recordInfo" | tr ',' '\n' | grep -E "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + + if [ -z "$recordID" ]; then + _info "Record $fulldomain TXT $txtvalue not found or already deleted" + return 0 + else + _debug2 deleteRecord "Found recordID=$recordID" + fi + + _debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" + result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" + _debug2 deleteRecord "API Delete result \"$result\"" + + # Return OK regardless + return 0 } From 3bd4d32b8d4446d59002db1d8f376736f66fb57d Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 23 Jun 2022 11:48:39 +0200 Subject: [PATCH 0862/1526] Updated bug report URL --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index a7a646c2..9525007a 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -4,7 +4,7 @@ #Script for Danish DNS registra and DNS hosting provider https://dns.services # #Author: Bjarke Bruun -#Report Bugs here: https://github.com/bbruun/acme.sh +#Report Bugs here: https://github.com/Neilpang/acme.sh/issues # Global variable to connect to the DNS Services API DNSServices_API=https://dns.services/api From 543c4423a2283b906dfb790733050e353d9e7f3b Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Fri, 24 Jun 2022 07:42:00 +0200 Subject: [PATCH 0863/1526] Added bug report link to dns_dnsservices.sh --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 9525007a..6abf8ceb 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -4,7 +4,7 @@ #Script for Danish DNS registra and DNS hosting provider https://dns.services # #Author: Bjarke Bruun -#Report Bugs here: https://github.com/Neilpang/acme.sh/issues +#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/4152 # Global variable to connect to the DNS Services API DNSServices_API=https://dns.services/api From b3529dc7482e6a8d2bdbb0e77374d960b58974a1 Mon Sep 17 00:00:00 2001 From: seidler2547 Date: Mon, 27 Jun 2022 19:42:16 +0000 Subject: [PATCH 0864/1526] remove dns_do as it does not work anymore The API that it uses was shut down in May 2022 --- dnsapi/dns_do.sh | 148 ----------------------------------------------- 1 file changed, 148 deletions(-) delete mode 100755 dnsapi/dns_do.sh diff --git a/dnsapi/dns_do.sh b/dnsapi/dns_do.sh deleted file mode 100755 index 3850890c..00000000 --- a/dnsapi/dns_do.sh +++ /dev/null @@ -1,148 +0,0 @@ -#!/usr/bin/env sh - -# DNS API for Domain-Offensive / Resellerinterface / Domainrobot - -# Report bugs at https://github.com/seidler2547/acme.sh/issues - -# set these environment variables to match your customer ID and password: -# DO_PID="KD-1234567" -# DO_PW="cdfkjl3n2" - -DO_URL="https://soap.resellerinterface.de/" - -######## Public functions ##################### - -#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_do_add() { - fulldomain=$1 - txtvalue=$2 - if _dns_do_authenticate; then - _info "Adding TXT record to ${_domain} as ${fulldomain}" - _dns_do_soap createRR origin "${_domain}" name "${fulldomain}" type TXT data "${txtvalue}" ttl 300 - if _contains "${response}" '>success<'; then - return 0 - fi - _err "Could not create resource record, check logs" - fi - return 1 -} - -#fulldomain -dns_do_rm() { - fulldomain=$1 - if _dns_do_authenticate; then - if _dns_do_list_rrs; then - _dns_do_had_error=0 - for _rrid in ${_rr_list}; do - _info "Deleting resource record $_rrid for $_domain" - _dns_do_soap deleteRR origin "${_domain}" rrid "${_rrid}" - if ! _contains "${response}" '>success<'; then - _dns_do_had_error=1 - _err "Could not delete resource record for ${_domain}, id ${_rrid}" - fi - done - return $_dns_do_had_error - fi - fi - return 1 -} - -#################### Private functions below ################################## -_dns_do_authenticate() { - _info "Authenticating as ${DO_PID}" - _dns_do_soap authPartner partner "${DO_PID}" password "${DO_PW}" - if _contains "${response}" '>success<'; then - _get_root "$fulldomain" - _debug "_domain $_domain" - return 0 - else - _err "Authentication failed, are DO_PID and DO_PW set correctly?" - fi - return 1 -} - -_dns_do_list_rrs() { - _dns_do_soap getRRList origin "${_domain}" - if ! _contains "${response}" 'SOAP-ENC:Array'; then - _err "getRRList origin ${_domain} failed" - return 1 - fi - _rr_list="$(echo "${response}" | - tr -d "\n\r\t" | - sed -e 's//\n/g' | - grep ">$(_regexcape "$fulldomain")" | - sed -e 's/<\/item>/\n/g' | - grep '>id[0-9]{1,16}<' | - tr -d '><')" - [ "${_rr_list}" ] -} - -_dns_do_soap() { - func="$1" - shift - # put the parameters to xml - body="" - while [ "$1" ]; do - _k="$1" - shift - _v="$1" - shift - body="$body<$_k>$_v" - done - body="$body" - _debug2 "SOAP request ${body}" - - # build SOAP XML - _xml=' - - '"$body"' -' - - # set SOAP headers - export _H1="SOAPAction: ${DO_URL}#${func}" - - if ! response="$(_post "${_xml}" "${DO_URL}")"; then - _err "Error <$1>" - return 1 - fi - _debug2 "SOAP response $response" - - # retrieve cookie header - _H2="$(_egrep_o 'Cookie: [^;]+' <"$HTTP_HEADER" | _head_n 1)" - export _H2 - - return 0 -} - -_get_root() { - domain=$1 - i=1 - - _dns_do_soap getDomainList - _all_domains="$(echo "${response}" | - tr -d "\n\r\t " | - _egrep_o 'domain]+>[^<]+' | - sed -e 's/^domain<\/key>]*>//g')" - - while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) - if [ -z "$h" ]; then - return 1 - fi - - if _contains "${_all_domains}" "^$(_regexcape "$h")\$"; then - _domain="$h" - return 0 - fi - - i=$(_math $i + 1) - done - _debug "$domain not found" - - return 1 -} - -_regexcape() { - echo "$1" | sed -e 's/\([]\.$*^[]\)/\\\1/g' -} From 7746042adc3879abf3fe14c69c60b83173f7b94a Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 30 Jun 2022 23:07:18 +0800 Subject: [PATCH 0865/1526] fix https://github.com/acmesh-official/acme.sh/issues/4160 fix https://github.com/acmesh-official/acme.sh/issues/4160 --- acme.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index bc667359..86e4ccf1 100755 --- a/acme.sh +++ b/acme.sh @@ -435,8 +435,10 @@ _secure_debug3() { fi } +__USE_TR_RAW="$([ "$(echo "abc" | tr a-z A-Z 2>/dev/null)" = "ABC" ] && echo 1 || echo 0)" + _upper_case() { - if _is_solaris; then + if [ "$__USE_TR_RAW" = "0" ]; then tr '[:lower:]' '[:upper:]' else # shellcheck disable=SC2018,SC2019 @@ -445,7 +447,7 @@ _upper_case() { } _lower_case() { - if _is_solaris; then + if [ "$__USE_TR_RAW" = "0" ]; then tr '[:upper:]' '[:lower:]' else # shellcheck disable=SC2018,SC2019 From 789ebb899001faaf1e3d8e545c295fb4aea34226 Mon Sep 17 00:00:00 2001 From: nil <1993plus@gmail.com> Date: Fri, 1 Jul 2022 09:12:06 +0000 Subject: [PATCH 0866/1526] Fix dns_huaweicloud provider 1. Fix huaweicloud api use iam account get token fail. 2. Default use ap-southeast-1 project name, don't need query project id. --- dnsapi/dns_huaweicloud.sh | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index ac3ede65..916ce5a3 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -2,7 +2,8 @@ # HUAWEICLOUD_Username # HUAWEICLOUD_Password -# HUAWEICLOUD_ProjectID +# HUAWEICLOUD_DomainName + iam_api="https://iam.myhuaweicloud.com" dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work @@ -14,6 +15,8 @@ dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work # # Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/zh-cn_topic_0132421999.html # +# About "DomainName" parameters see: https://support.huaweicloud.com/api-iam/iam_01_0006.html +# dns_huaweicloud_add() { fulldomain=$1 @@ -21,16 +24,16 @@ dns_huaweicloud_add() { HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" - HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" + HUAWEICLOUD_DomainName="${HUAWEICLOUD_DomainName:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" # Check information - if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then + if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_DomainName}" ]; then _err "Not enough information provided to dns_huaweicloud!" return 1 fi unset token # Clear token - token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" + token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_DomainName}")" if [ -z "${token}" ]; then # Check token _err "dns_api(dns_huaweicloud): Error getting token." return 1 @@ -56,7 +59,7 @@ dns_huaweicloud_add() { # Do saving work if all succeeded _saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}" _saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}" - _saveaccountconf_mutable HUAWEICLOUD_ProjectID "${HUAWEICLOUD_ProjectID}" + _saveaccountconf_mutable HUAWEICLOUD_DomainName "${HUAWEICLOUD_DomainName}" return 0 } @@ -72,16 +75,16 @@ dns_huaweicloud_rm() { HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" - HUAWEICLOUD_ProjectID="${HUAWEICLOUD_ProjectID:-$(_readaccountconf_mutable HUAWEICLOUD_ProjectID)}" + HUAWEICLOUD_DomainName="${HUAWEICLOUD_DomainName:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" # Check information - if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_ProjectID}" ]; then + if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_DomainName}" ]; then _err "Not enough information provided to dns_huaweicloud!" return 1 fi unset token # Clear token - token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")" + token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_DomainName}")" if [ -z "${token}" ]; then # Check token _err "dns_api(dns_huaweicloud): Error getting token." return 1 @@ -253,7 +256,7 @@ _rm_record() { _get_token() { _username=$1 _password=$2 - _project=$3 + _domain_name=$3 _debug "Getting Token" body="{ @@ -267,14 +270,14 @@ _get_token() { \"name\": \"${_username}\", \"password\": \"${_password}\", \"domain\": { - \"name\": \"${_username}\" + \"name\": \"${_domain_name}\" } } } }, \"scope\": { \"project\": { - \"id\": \"${_project}\" + \"name\": \"ap-southeast-1\" } } } @@ -287,3 +290,4 @@ _get_token() { printf "%s" "${_token}" return 0 } + From a46e51e8db9a25ef146fcf2e699142152d25cae1 Mon Sep 17 00:00:00 2001 From: nil <1993plus@gmail.com> Date: Sat, 2 Jul 2022 01:22:46 +0000 Subject: [PATCH 0867/1526] Update format code. --- dnsapi/dns_huaweicloud.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index 916ce5a3..ceda9258 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -4,7 +4,6 @@ # HUAWEICLOUD_Password # HUAWEICLOUD_DomainName - iam_api="https://iam.myhuaweicloud.com" dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work @@ -290,4 +289,3 @@ _get_token() { printf "%s" "${_token}" return 0 } - From be7840c82779122cdf6a72256a1100fe33d00a82 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Wed, 27 Nov 2019 12:06:02 +1100 Subject: [PATCH 0868/1526] Exit with separate failure if in DNS manual mode In our environment we use DNS manual mode and take the TXT record output of acme.sh and process it with Ansible to install the records (then we call renew later when the records have been pushed to the DNS servers by a whole bunch of other bits). One problem is that after getting/showing the TXT records, acme.sh always returns 1. This makes it difficult to tell if there is actually an error condition. Since we have set the manual-mode flag, not installing the DNS records is an expected correct result. This returns a separate error code for this situation (3), which can be distinguished in automation. --- acme.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 86e4ccf1..e3439749 100755 --- a/acme.sh +++ b/acme.sh @@ -4764,7 +4764,13 @@ $_authorizations_map" _err "Please add the TXT records to the domains, and re-run with --renew." _on_issue_err "$_post_hook" _clearup - return 1 + if [ -n "$FORCE_DNS_MANUAL" ]; then + # If asked to be in manual DNS mode, flag this exit with a separate + # error so it can be distinguished from other failures. + return 3 + else + return 1 + fi fi fi From a364ab4ea7fffd2512a6650b9ab83829d2e62a40 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Wed, 6 Jul 2022 12:10:19 +0200 Subject: [PATCH 0869/1526] Added '.' to 'DNS Services' as that is the correct provider name --- dnsapi/dns_dnsservices.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 6abf8ceb..feb4e73f 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -6,7 +6,7 @@ #Author: Bjarke Bruun #Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/4152 -# Global variable to connect to the DNS Services API +# Global variable to connect to the DNS.Services API DNSServices_API=https://dns.services/api ######## Public functions ##################### @@ -155,7 +155,7 @@ _get_root() { return 1 fi - # Setup variables used by other functions to communicate with DNS Services API + # Setup variables used by other functions to communicate with DNS.Services API zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") rootZoneName="$rootZone" subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" @@ -176,7 +176,7 @@ createRecord() { fulldomain=$1 txtvalue="$2" - # Get root domain information - needed for DNS Services API communication + # Get root domain information - needed for DNS.Services API communication if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then _get_root "$fulldomain" fi From 444b111a62ec8e7f48cd93aaefdc78816d7ff32e Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 7 Jul 2022 09:40:18 +0200 Subject: [PATCH 0870/1526] Fixed acmetest for domain acmetestXyzRandomName.github-test. that was explicitly disallowed as it is not _acme-challenge --- dnsapi/dns_dnsservices.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index feb4e73f..89ed0210 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -204,7 +204,8 @@ deleteRecord() { fulldomain=$1 txtvalue=$2 - if [ "$(echo "$fulldomain" | grep "_acme-challenge")" = "" ]; then + # Fix for acmetest to limit acme.sh to only work on _acme-challenge and acmeTestXYzRandomName in GitHub actions + if [ "$(echo "$fulldomain" | grep "_acme-challenge\|acmetestXyzRandomName.github-test")" = "" ]; then _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" return 1 fi From eba788e8c9879ca5c9383df9ea4c438415490cdb Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 7 Jul 2022 10:59:25 +0200 Subject: [PATCH 0871/1526] Removed check for _acme-challenge and acmetestXyzRandomName.github-test sub-domain --- dnsapi/dns_dnsservices.sh | 6 ------ 1 file changed, 6 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 89ed0210..788c9680 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -204,12 +204,6 @@ deleteRecord() { fulldomain=$1 txtvalue=$2 - # Fix for acmetest to limit acme.sh to only work on _acme-challenge and acmeTestXYzRandomName in GitHub actions - if [ "$(echo "$fulldomain" | grep "_acme-challenge\|acmetestXyzRandomName.github-test")" = "" ]; then - _err "The script tried to delete the record $fulldomain which is not the above created ACME challenge" - return 1 - fi - _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then From 9c757bbe6ed08c244497860a16d9cbfd8c2bd409 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 7 Jul 2022 20:01:43 +0800 Subject: [PATCH 0872/1526] Update acme.sh --- acme.sh | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/acme.sh b/acme.sh index e3439749..3d65612f 100755 --- a/acme.sh +++ b/acme.sh @@ -91,6 +91,7 @@ END_CERT="-----END CERTIFICATE-----" CONTENT_TYPE_JSON="application/jose+json" RENEW_SKIP=2 +CODE_DNS_MANUAL=3 B64CONF_START="__ACME_BASE64__START_" B64CONF_END="__ACME_BASE64__END_" @@ -4764,13 +4765,9 @@ $_authorizations_map" _err "Please add the TXT records to the domains, and re-run with --renew." _on_issue_err "$_post_hook" _clearup - if [ -n "$FORCE_DNS_MANUAL" ]; then - # If asked to be in manual DNS mode, flag this exit with a separate - # error so it can be distinguished from other failures. - return 3 - else - return 1 - fi + # If asked to be in manual DNS mode, flag this exit with a separate + # error so it can be distinguished from other failures. + return $CODE_DNS_MANUAL fi fi From 0afabc60aefa1d4e3dd7dc58a87458869d143526 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 7 Jul 2022 15:00:12 +0200 Subject: [PATCH 0873/1526] Changed 'grep -E' to '_egrep_o' --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 788c9680..2190d3c6 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -213,7 +213,7 @@ deleteRecord() { result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" _debug2 deleteRecord "recordInfo=$recordInfo" - recordID="$(echo "$recordInfo" | tr ',' '\n' | grep -E "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + recordID="$(echo "$recordInfo" | tr ',' '\n' | _egrep_o() "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" if [ -z "$recordID" ]; then _info "Record $fulldomain TXT $txtvalue not found or already deleted" From 1b3e1a7abea9ca7b7f8e077d114aad83416f8304 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 7 Jul 2022 15:05:12 +0200 Subject: [PATCH 0874/1526] Changed 'grep -E' to '_egrep_o' 'removed ()' --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 2190d3c6..6acb13da 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -213,7 +213,7 @@ deleteRecord() { result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" _debug2 deleteRecord "recordInfo=$recordInfo" - recordID="$(echo "$recordInfo" | tr ',' '\n' | _egrep_o() "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + recordID="$(echo "$recordInfo" | tr ',' '\n' | _egrep_o "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" if [ -z "$recordID" ]; then _info "Record $fulldomain TXT $txtvalue not found or already deleted" From 87b110bb86f61ffb5dd1b5816dca6777766636d1 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 7 Jul 2022 22:27:18 +0800 Subject: [PATCH 0875/1526] add OpenBSD CI test: https://vmactions.org --- .github/workflows/FreeBSD.yml | 2 +- .github/workflows/OpenBSD.yml | 63 +++++++++++++++++++++++++++++++++++ .github/workflows/Solaris.yml | 2 +- README.md | 3 +- 4 files changed, 67 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/OpenBSD.yml diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 22f8b9af..4d310f05 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -30,7 +30,7 @@ jobs: # CA: "ZeroSSL RSA Domain Secure Site CA" # CA_EMAIL: "githubtest@acme.sh" # TEST_PREFERRED_CHAIN: "" - runs-on: macos-10.15 + runs-on: macos-12 env: TEST_LOCAL: 1 TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} diff --git a/.github/workflows/OpenBSD.yml b/.github/workflows/OpenBSD.yml new file mode 100644 index 00000000..2b974a81 --- /dev/null +++ b/.github/workflows/OpenBSD.yml @@ -0,0 +1,63 @@ +name: OpenBSD +on: + push: + branches: + - '*' + paths: + - '*.sh' + - '.github/workflows/OpenBSD.yml' + + pull_request: + branches: + - dev + paths: + - '*.sh' + - '.github/workflows/OpenBSD.yml' + + +jobs: + OpenBSD: + strategy: + matrix: + include: + - TEST_ACME_Server: "LetsEncrypt.org_test" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + #- TEST_ACME_Server: "ZeroSSL.com" + # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + # CA: "ZeroSSL RSA Domain Secure Site CA" + # CA_EMAIL: "githubtest@acme.sh" + # TEST_PREFERRED_CHAIN: "" + runs-on: macos-12 + env: + TEST_LOCAL: 1 + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} + TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} + steps: + - uses: actions/checkout@v2 + - uses: vmactions/cf-tunnel@v0.0.3 + id: tunnel + with: + protocol: http + port: 8080 + - name: Set envs + run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/openbsd-vm@v0.0.1 + with: + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' + nat: | + "8080": "80" + prepare: pkg_add socat curl + usesh: true + run: | + cd ../acmetest \ + && ./letest.sh + + diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index f8a3826c..6ba0e414 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -30,7 +30,7 @@ jobs: # CA: "ZeroSSL RSA Domain Secure Site CA" # CA_EMAIL: "githubtest@acme.sh" # TEST_PREFERRED_CHAIN: "" - runs-on: macos-10.15 + runs-on: macos-12 env: TEST_LOCAL: 1 TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} diff --git a/README.md b/README.md index 4a12d46a..2f580a57 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # An ACME Shell script: acme.sh [![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml) +[![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml) [![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml) [![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml) [![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml) @@ -68,7 +69,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |4|[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)|Solaris |5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)| Ubuntu |6|NA|pfsense -|7|NA|OpenBSD +|7|[![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml)|OpenBSD |8|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian |9|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS |10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE From 59dc513ac32f97cd4e148ae5c4d8504bdf5bac7c Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 7 Jul 2022 22:30:35 +0800 Subject: [PATCH 0876/1526] add OpenBSD test --- .github/workflows/DNS.yml | 47 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 46fd8283..2706c72f 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -173,7 +173,7 @@ jobs: ./letest.sh FreeBSD: - runs-on: macos-10.15 + runs-on: macos-12 needs: Windows env: TEST_DNS : ${{ secrets.TEST_DNS }} @@ -213,7 +213,7 @@ jobs: ./letest.sh Solaris: - runs-on: macos-10.15 + runs-on: macos-12 needs: FreeBSD env: TEST_DNS : ${{ secrets.TEST_DNS }} @@ -252,3 +252,46 @@ jobs: fi cd ../acmetest ./letest.sh + + + OpenBSD: + runs-on: macos-12 + needs: Solaris + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: 1 + steps: + - uses: actions/checkout@v2 + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/openbsd-vm@v0.0.1 + with: + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + prepare: pkg_add socat curl + usesh: true + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + ./letest.sh + + \ No newline at end of file From 2cbf1259a8f6e4987e44bb4f14fe20bb2c3f13c4 Mon Sep 17 00:00:00 2001 From: Jordan ERNST Date: Thu, 7 Jul 2022 17:20:23 +0200 Subject: [PATCH 0877/1526] Fix for ECC certificates --- deploy/mailcow.sh | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/deploy/mailcow.sh b/deploy/mailcow.sh index 3492cea4..51c71892 100644 --- a/deploy/mailcow.sh +++ b/deploy/mailcow.sh @@ -44,24 +44,14 @@ mailcow_deploy() { return 1 fi - # ECC or RSA - length=$(_readdomainconf Le_Keylength) - if _isEccKey "$length"; then - _info "ECC key type detected" - _cert_name_prefix="ecdsa-" - else - _info "RSA key type detected" - _cert_name_prefix="" - fi - _info "Copying key and cert" - _real_key="$_ssl_path/${_cert_name_prefix}key.pem" + _real_key="$_ssl_path/key.pem" if ! cat "$_ckey" >"$_real_key"; then _err "Error: write key file to: $_real_key" return 1 fi - _real_fullchain="$_ssl_path/${_cert_name_prefix}cert.pem" + _real_fullchain="$_ssl_path/cert.pem" if ! cat "$_cfullchain" >"$_real_fullchain"; then _err "Error: write cert file to: $_real_fullchain" return 1 From c8d17bc3633c2923504065d12aaf232322239fc1 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Thu, 7 Jul 2022 20:30:48 +0200 Subject: [PATCH 0878/1526] Re-commit (removed non-needed #'tag) --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 6acb13da..3e004ec4 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -2,7 +2,7 @@ #This file name is "dns_dnsservices.sh" #Script for Danish DNS registra and DNS hosting provider https://dns.services -# + #Author: Bjarke Bruun #Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/4152 From 5ff095786116aea232954ae07872953b4a6147c4 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Fri, 8 Jul 2022 07:49:20 +0200 Subject: [PATCH 0879/1526] Added empty new line to trigger workflow --- dnsapi/dns_dnsservices.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 3e004ec4..300d0e51 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -229,3 +229,4 @@ deleteRecord() { # Return OK regardless return 0 } + From 41801a60ad2c59ac22bef807b84d845cc1d7d3b7 Mon Sep 17 00:00:00 2001 From: Ry3nlNaToR <49639150+Ry3nlNaToR@users.noreply.github.com> Date: Sat, 9 Jul 2022 14:30:18 +0100 Subject: [PATCH 0880/1526] Also restart postfix --- deploy/mailcow.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/mailcow.sh b/deploy/mailcow.sh index 3492cea4..aa29ae9d 100644 --- a/deploy/mailcow.sh +++ b/deploy/mailcow.sh @@ -67,7 +67,7 @@ mailcow_deploy() { return 1 fi - DEFAULT_MAILCOW_RELOAD="docker restart \$(docker ps --quiet --filter name=nginx-mailcow --filter name=dovecot-mailcow)" + DEFAULT_MAILCOW_RELOAD="docker restart \$(docker ps --quiet --filter name=nginx-mailcow --filter name=dovecot-mailcow --filter name=postfix-mailcow)" _reload="${DEPLOY_MAILCOW_RELOAD:-$DEFAULT_MAILCOW_RELOAD}" _info "Run reload: $_reload" From 093cfcdf42a2f25f38c7933042d289011f7ca50d Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 10 Jul 2022 18:01:49 +0800 Subject: [PATCH 0881/1526] Add NetBSD Test by: https://github.com/vmactions/netbsd-vm --- .github/workflows/DNS.yml | 42 +++++++++++++++++++++++ .github/workflows/NetBSD.yml | 65 ++++++++++++++++++++++++++++++++++++ README.md | 30 +++++++++-------- 3 files changed, 123 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/NetBSD.yml diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 2706c72f..5f6cdac9 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -293,5 +293,47 @@ jobs: fi cd ../acmetest ./letest.sh + + NetBSD: + runs-on: macos-12 + needs: OpenBSD + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: 1 + steps: + - uses: actions/checkout@v2 + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/netbsd-vm@v0.0.1 + with: + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + prepare: | + export PKG_PATH="http://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/$(uname -p)/$(uname -r|cut -f '1 2' -d.)/All/" + pkg_add curl socat + usesh: true + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + ./letest.sh \ No newline at end of file diff --git a/.github/workflows/NetBSD.yml b/.github/workflows/NetBSD.yml new file mode 100644 index 00000000..d5a98586 --- /dev/null +++ b/.github/workflows/NetBSD.yml @@ -0,0 +1,65 @@ +name: NetBSD +on: + push: + branches: + - '*' + paths: + - '*.sh' + - '.github/workflows/NetBSD.yml' + + pull_request: + branches: + - dev + paths: + - '*.sh' + - '.github/workflows/NetBSD.yml' + + +jobs: + NetBSD: + strategy: + matrix: + include: + - TEST_ACME_Server: "LetsEncrypt.org_test" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + #- TEST_ACME_Server: "ZeroSSL.com" + # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + # CA: "ZeroSSL RSA Domain Secure Site CA" + # CA_EMAIL: "githubtest@acme.sh" + # TEST_PREFERRED_CHAIN: "" + runs-on: macos-12 + env: + TEST_LOCAL: 1 + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} + TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} + steps: + - uses: actions/checkout@v2 + - uses: vmactions/cf-tunnel@v0.0.3 + id: tunnel + with: + protocol: http + port: 8080 + - name: Set envs + run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/netbsd-vm@v0.0.1 + with: + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' + nat: | + "8080": "80" + prepare: | + export PKG_PATH="http://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/$(uname -p)/$(uname -r|cut -f '1 2' -d.)/All/" + pkg_add curl socat + usesh: true + run: | + cd ../acmetest \ + && ./letest.sh + + diff --git a/README.md b/README.md index 2f580a57..836664cd 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ [![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml) [![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml) +[![NetBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml) [![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml) [![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml) [![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml) @@ -70,20 +71,21 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)| Ubuntu |6|NA|pfsense |7|[![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml)|OpenBSD -|8|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian -|9|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS -|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE -|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl) -|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux -|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora -|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux -|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux -|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia -|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux -|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux -|19|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 -|20|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) -|21|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) +|8|[![NetBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml)|NetBSD +|9|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian +|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS +|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE +|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl) +|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux +|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora +|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux +|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux +|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia +|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux +|19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux +|10|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 +|21|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) +|22|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) Check our [testing project](https://github.com/acmesh-official/acmetest): From ba3e088b238382c76922fcf4a312819292bc75cb Mon Sep 17 00:00:00 2001 From: lufi42 <101186892+lufi42@users.noreply.github.com> Date: Thu, 7 Jul 2022 17:32:22 +0200 Subject: [PATCH 0882/1526] Improved error handling Improved error handling when result contains data-structure which might contain another status-flag that is related to the status of the related object and not the api call Revert "Improved error handling" This reverts commit fa6df1cfab134d38baad19fc1caa0842f00416d5. Revert "Revert "Improved error handling"" This reverts commit 5a4b78392f063863ee9f56686f5c429e9376af1b. --- dnsapi/dns_pleskxml.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh index 0f7dc241..e0b1724b 100644 --- a/dnsapi/dns_pleskxml.sh +++ b/dnsapi/dns_pleskxml.sh @@ -251,9 +251,12 @@ _call_api() { # Detect any that isn't "ok". None of the used calls should fail if the API is working correctly. # Also detect if there simply aren't any status lines (null result?) and report that, as well. + # Remove structure from result string, since it might contain values that are related to the status of the domain and not to the API request - statuslines_count_total="$(echo "$pleskxml_prettyprint_result" | grep -c '^ *[^<]* *$')" - statuslines_count_okay="$(echo "$pleskxml_prettyprint_result" | grep -c '^ *ok *$')" + statuslines_count_total="$(echo "$pleskxml_prettyprint_result" | sed '//,/<\/data>/d' | grep -c '^ *[^<]* *$')" + statuslines_count_okay="$(echo "$pleskxml_prettyprint_result" | sed '//,/<\/data>/d' | grep -c '^ *ok *$')" + _debug "statuslines_count_total=$statuslines_count_total." + _debug "statuslines_count_okay=$statuslines_count_okay." if [ -z "$statuslines_count_total" ]; then From b41d40da4010bc99bae3966dcc84df4b7b9abbd9 Mon Sep 17 00:00:00 2001 From: lufi42 <101186892+lufi42@users.noreply.github.com> Date: Sat, 9 Jul 2022 21:23:50 +0200 Subject: [PATCH 0883/1526] Extended debug logging in dns_pleskxml_rm() --- dnsapi/dns_pleskxml.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh index e0b1724b..bcd72d9a 100644 --- a/dnsapi/dns_pleskxml.sh +++ b/dnsapi/dns_pleskxml.sh @@ -152,13 +152,23 @@ dns_pleskxml_rm() { _debug "Got list of DNS TXT records for root domain '$root_domain_name':" _debug "$reclist" - recid="$( + recline="$( _value "$reclist" | grep "${fulldomain}." | - grep "${txtvalue}" | + grep "${txtvalue}" + )" + + _debug "Got line for ${fulldomain}. and ${txtvalue}:" + _debug "$recline" + + recid="$( + _value "$recline" | sed 's/^.*\([0-9]\{1,\}\)<\/id>.*$/\1/' )" + _debug "Got id from line:" + _debug $recid + if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then _err "DNS records for root domain '${root_domain_name}' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'" _err "Cannot delete TXT record. Exiting." From 55a55e9f74a7c0842ed12d9e76d89b2c3232cdce Mon Sep 17 00:00:00 2001 From: lufi42 <101186892+lufi42@users.noreply.github.com> Date: Sat, 9 Jul 2022 21:28:19 +0200 Subject: [PATCH 0884/1526] Fixed debug log to prevent globbing and word splitting. --- dnsapi/dns_pleskxml.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh index bcd72d9a..56902e20 100644 --- a/dnsapi/dns_pleskxml.sh +++ b/dnsapi/dns_pleskxml.sh @@ -157,7 +157,7 @@ dns_pleskxml_rm() { grep "${fulldomain}." | grep "${txtvalue}" )" - + _debug "Got line for ${fulldomain}. and ${txtvalue}:" _debug "$recline" @@ -167,7 +167,7 @@ dns_pleskxml_rm() { )" _debug "Got id from line:" - _debug $recid + _debug "$recid" if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then _err "DNS records for root domain '${root_domain_name}' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'" From bc7e02b47a7b04c367e08962a84a63170701f890 Mon Sep 17 00:00:00 2001 From: lufi42 <101186892+lufi42@users.noreply.github.com> Date: Sun, 10 Jul 2022 17:11:27 +0200 Subject: [PATCH 0885/1526] Fixed removal of TXT record when subdomain is case-sensitive and improved debug logging Plesk SPI return domain names always lower-case. Therefore the search for domain names in the API response must be case-insensitve. Set debug logging to the values that are reallys used for the spi calls. added comment --- dnsapi/dns_pleskxml.sh | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh index 56902e20..a8f7f7be 100644 --- a/dnsapi/dns_pleskxml.sh +++ b/dnsapi/dns_pleskxml.sh @@ -145,32 +145,25 @@ dns_pleskxml_rm() { )" if [ -z "$reclist" ]; then - _err "No TXT records found for root domain ${root_domain_name} (Plesk domain ID ${root_domain_id}). Exiting." + _err "No TXT records found for root domain $fulldomain (Plesk domain ID ${root_domain_id}). Exiting." return 1 fi - _debug "Got list of DNS TXT records for root domain '$root_domain_name':" + _debug "Got list of DNS TXT records for root Plesk domain ID ${root_domain_id} of root domain $fulldomain:" _debug "$reclist" - recline="$( - _value "$reclist" | - grep "${fulldomain}." | - grep "${txtvalue}" - )" - - _debug "Got line for ${fulldomain}. and ${txtvalue}:" - _debug "$recline" - + # Extracting the id of the TXT record for the full domain (NOT case-sensitive) and corresponding value recid="$( - _value "$recline" | + _value "$reclist" | + grep -i "${fulldomain}." | + grep "${txtvalue}" | sed 's/^.*\([0-9]\{1,\}\)<\/id>.*$/\1/' )" - _debug "Got id from line:" - _debug "$recid" + _debug "Got id from line: $recid" if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then - _err "DNS records for root domain '${root_domain_name}' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'" + _err "DNS records for root domain '${fulldomain}.' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'" _err "Cannot delete TXT record. Exiting." return 1 fi From ca0981645fd0d855679e19565f59a40096c61fcf Mon Sep 17 00:00:00 2001 From: lufi42 <101186892+lufi42@users.noreply.github.com> Date: Sun, 10 Jul 2022 17:34:30 +0200 Subject: [PATCH 0886/1526] Fixed shfmt error --- dnsapi/dns_pleskxml.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh index a8f7f7be..799c374c 100644 --- a/dnsapi/dns_pleskxml.sh +++ b/dnsapi/dns_pleskxml.sh @@ -160,7 +160,7 @@ dns_pleskxml_rm() { sed 's/^.*\([0-9]\{1,\}\)<\/id>.*$/\1/' )" - _debug "Got id from line: $recid" + _debug "Got id from line: $recid" if ! _value "$recid" | grep '^[0-9]\{1,\}$' >/dev/null; then _err "DNS records for root domain '${fulldomain}.' (Plesk ID ${root_domain_id}) + host '${sub_domain_name}' do not contain the TXT record '${txtvalue}'" From 4d8b661d51489d3f9f3ea139cd5844ed1f250ddb Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 10 Jul 2022 17:38:26 +0200 Subject: [PATCH 0887/1526] dns_world4you: Fix cookie parsing issue Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index bcf256ff..a8d312ad 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -160,24 +160,25 @@ _login() { username="$WORLD4YOU_USERNAME" password="$WORLD4YOU_PASSWORD" csrf_token=$(_get "$WORLD4YOU_API/login" | grep '_csrf_token' | sed 's/^.*]*value=\"\([^"]*\)\".*$/\1/') - sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') + _parse_sessid export _H1="Cookie: W4YSESSID=$sessid" export _H2="X-Requested-With: XMLHttpRequest" body="_username=$username&_password=$password&_csrf_token=$csrf_token" ret=$(_post "$body" "$WORLD4YOU_API/login" '' POST 'application/x-www-form-urlencoded') unset _H2 + _debug ret "$ret" if _contains "$ret" "\"success\":true"; then _info "Successfully logged in" - sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') + _parse_sessid else _err "Unable to log in: $(echo "$ret" | sed 's/^.*"message":"\([^\"]*\)".*$/\1/')" return 1 fi } -# Usage _get_paketnr +# Usage: _get_paketnr _get_paketnr() { fqdn="$1" form="$2" @@ -200,3 +201,8 @@ _get_paketnr() { PAKETNR=$(echo "$form" | grep "data-textfilter=\".* $domain " | _tail_n 1 | sed "s|.*$WORLD4YOU_API/\\([0-9]*\\)/.*|\\1|") return 0 } + +# Usage: _parse_sessid +_parse_sessid() { + sessid=$(grep 'W4YSESSID' <"$HTTP_HEADER" | _tail_n 1 | sed 's/^.*W4YSESSID=\([^;]*\);.*$/\1/') +} From 68c2478e0e205a5eb4de1ad62ed30d5d4c1421a2 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 10 Jul 2022 18:55:36 +0200 Subject: [PATCH 0888/1526] dns_world4you: Handle already logged in sessions Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index a8d312ad..5cb77402 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -49,7 +49,7 @@ dns_world4you_add() { ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded') _resethttp - if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then + if _contains "$(_head_n 1 <"$HTTP_HEADER")" '302'; then res=$(_get "$WORLD4YOU_API/$paketnr/dns") if _contains "$res" "successfully"; then return 0 @@ -66,7 +66,7 @@ dns_world4you_add() { return 1 fi else - _err "$(_head_n 3 <"$HTTP_HEADER")" + _err "$(_head_n 1 <"$HTTP_HEADER")" _err "View $HTTP_HEADER for debugging" return 1 fi @@ -113,7 +113,7 @@ dns_world4you_rm() { ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns/record/delete" '' POST 'application/x-www-form-urlencoded') _resethttp - if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then + if _contains "$(_head_n 1 <"$HTTP_HEADER")" '302'; then res=$(_get "$WORLD4YOU_API/$paketnr/dns") if _contains "$res" "successfully"; then return 0 @@ -130,7 +130,7 @@ dns_world4you_rm() { return 1 fi else - _err "$(_head_n 3 <"$HTTP_HEADER")" + _err "$(_head_n 1 <"$HTTP_HEADER")" _err "View $HTTP_HEADER for debugging" return 1 fi @@ -155,11 +155,22 @@ _login() { _saveaccountconf_mutable WORLD4YOU_USERNAME "$WORLD4YOU_USERNAME" _saveaccountconf_mutable WORLD4YOU_PASSWORD "$WORLD4YOU_PASSWORD" + _resethttp + export ACME_HTTP_NO_REDIRECTS=1 + page=$(_get "$WORLD4YOU_API/login") + _resethttp + + if _contains "$(_head_n 1 <"$HTTP_HEADER")" '302'; then + _info "Already logged in" + _parse_sessid + return 0 + fi + _info "Logging in..." username="$WORLD4YOU_USERNAME" password="$WORLD4YOU_PASSWORD" - csrf_token=$(_get "$WORLD4YOU_API/login" | grep '_csrf_token' | sed 's/^.*]*value=\"\([^"]*\)\".*$/\1/') + csrf_token=$(echo "$page" | grep '_csrf_token' | sed 's/^.*]*value=\"\([^"]*\)\".*$/\1/') _parse_sessid export _H1="Cookie: W4YSESSID=$sessid" From a8f71f79feff9ee3fd4b07352a36b3274f0cf3cb Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 10 Jul 2022 19:25:31 +0200 Subject: [PATCH 0889/1526] dns_world4you: Update error handling Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 5cb77402..e3fff426 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -66,8 +66,8 @@ dns_world4you_add() { return 1 fi else - _err "$(_head_n 1 <"$HTTP_HEADER")" - _err "View $HTTP_HEADER for debugging" + msg=$(echo "$ret" | grep '"form-error-message"' | sed 's/^.*

\([^<]*\)<\/div>.*$/\1/') + _err "Unable to add record: my.world4you.com: $msg" return 1 fi } @@ -130,8 +130,8 @@ dns_world4you_rm() { return 1 fi else - _err "$(_head_n 1 <"$HTTP_HEADER")" - _err "View $HTTP_HEADER for debugging" + msg=$(echo "$ret" | grep "form-error-message" | sed 's/^.*
\([^<]*\)<\/div>.*$/\1/') + _err "Unable to remove record: my.world4you.com: $msg" return 1 fi } @@ -184,7 +184,8 @@ _login() { _info "Successfully logged in" _parse_sessid else - _err "Unable to log in: $(echo "$ret" | sed 's/^.*"message":"\([^\"]*\)".*$/\1/')" + msg=$(echo "$ret" | sed 's/^.*"message":"\([^\"]*\)".*$/\1/') + _err "Unable to log in: my.world4you.com: $msg" return 1 fi } From ed15ff0515eb2c3a708e211b8ff412966f771648 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 10 Jul 2022 20:30:41 +0200 Subject: [PATCH 0890/1526] dns_world4you: Fix upper case fqdn issues Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index e3fff426..0e14b9e8 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -12,7 +12,7 @@ RECORD='' # Usage: dns_world4you_add dns_world4you_add() { - fqdn="$1" + fqdn=$(echo "$1" | tr '[:upper:]' '[:lower:]') value="$2" _info "Using world4you to add record" _debug fulldomain "$fqdn" @@ -74,7 +74,7 @@ dns_world4you_add() { # Usage: dns_world4you_rm dns_world4you_rm() { - fqdn="$1" + fqdn=$(echo "$1" | tr '[:upper:]' '[:lower:]') value="$2" _info "Using world4you to remove record" _debug fulldomain "$fqdn" From 29f12ddaf4920cebc5444d8c31996a433e4868e3 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Sun, 10 Jul 2022 22:22:12 +0200 Subject: [PATCH 0891/1526] dns_world4you: Improve error message handling Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 0e14b9e8..67e6d118 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -54,7 +54,7 @@ dns_world4you_add() { if _contains "$res" "successfully"; then return 0 else - msg=$(echo "$res" | grep -A 15 'data-type="danger"' | grep "]*>[^<]" | sed 's/<[^>]*>\|^\s*//g') + msg=$(echo "$res" | grep -A 15 'data-type="danger"' | grep "]*>[^<]" | sed 's/<[^>]*>//g' | sed 's/^\s*//g') if [ "$msg" = '' ]; then _err "Unable to add record: Unknown error" echo "$ret" >'error-01.html' @@ -118,7 +118,7 @@ dns_world4you_rm() { if _contains "$res" "successfully"; then return 0 else - msg=$(echo "$res" | grep -A 15 'data-type="danger"' | grep "]*>[^<]" | sed 's/<[^>]*>\|^\s*//g') + msg=$(echo "$res" | grep -A 15 'data-type="danger"' | grep "]*>[^<]" | sed 's/<[^>]*>//g' | sed 's/^\s*//g') if [ "$msg" = '' ]; then _err "Unable to remove record: Unknown error" echo "$ret" >'error-01.html' From 80d30bdd30f192cdd9b003d903e20b1f874c72e6 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Mon, 11 Jul 2022 14:08:37 +0200 Subject: [PATCH 0892/1526] Removed empty new line to trigger workflow --- dnsapi/dns_dnsservices.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 300d0e51..3e004ec4 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -229,4 +229,3 @@ deleteRecord() { # Return OK regardless return 0 } - From c1ba4f1b55faad5e2991592cf538681b478f11ad Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Mon, 11 Jul 2022 16:43:34 +0200 Subject: [PATCH 0893/1526] Added forced _log to debug deletion of records in GH Actions --- dnsapi/dns_dnsservices.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 3e004ec4..78588ada 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -64,7 +64,7 @@ dns_dnsservices_rm() { fulldomain=$1 txtvalue=$2 - _info "Using dns.services to delete challenge $fulldomain TXT $txtvalue" + _info "Using dns.services to remove DNS record $fulldomain TXT $txtvalue" _debug rm_fulldomain "$fulldomain" _debug rm_txtvalue "$txtvalue" @@ -204,7 +204,7 @@ deleteRecord() { fulldomain=$1 txtvalue=$2 - _debug2 deleteRecord "Deleting $fulldomain TXT $txtvalue record" + _log deleteRecord "Deleting $fulldomain TXT $txtvalue record" if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then _get_root "$fulldomain" From df199c5788972aec58e40a1e9e05e844bfe15f7c Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Mon, 11 Jul 2022 18:11:55 +0200 Subject: [PATCH 0894/1526] Updated API call for OpenBSD sed and tr as newlines does not work there --- dnsapi/dns_dnsservices.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 78588ada..d591ce3b 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -156,12 +156,13 @@ _get_root() { fi # Setup variables used by other functions to communicate with DNS.Services API - zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") + #zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") + zoneInfo=$(echo -e "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g') rootZoneName="$rootZone" subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" - rootZoneDomainID=$(echo "$zoneInfo" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) - rootZoneServiceID=$(echo "$zoneInfo" | tr ',' '\n' | grep service_id | cut -d'"' -f4) + rootZoneDomainID=$(echo -e "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g') + rootZoneServiceID=$(echo -e "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"service_id":")([^"]*)"(.*)$,\2,g') _debug2 _get_root "Root zone name : $rootZoneName" _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" @@ -190,7 +191,7 @@ createRecord() { result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") _debug2 createRecord "result from API: $result" - if [ "$(echo "$result" | grep '"success":true')" = "" ]; then + if [ "$(echo "$result" | _egrep_o "\"success\":true")" = "" ]; then _err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" _err "$result" return 1 @@ -211,7 +212,7 @@ deleteRecord() { fi result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" - recordInfo="$(echo "$result" | tr '}' '\n' | grep "\"name\":\"${fulldomain}" | grep "\"content\":\"" | grep "${txtvalue}")" + recordInfo="$(echo "$result" | tr '}' '\n' | _egrep_o "\"name\":\"${fulldomain}" | _egrep_o "\"content\":\"" | grep "${txtvalue}")" _debug2 deleteRecord "recordInfo=$recordInfo" recordID="$(echo "$recordInfo" | tr ',' '\n' | _egrep_o "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" From ae71a5abf629b937e23e06410a41ac45a009a575 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Mon, 11 Jul 2022 18:16:03 +0200 Subject: [PATCH 0895/1526] Added debug for API result --- dnsapi/dns_dnsservices.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index d591ce3b..f87509c2 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -157,13 +157,14 @@ _get_root() { # Setup variables used by other functions to communicate with DNS.Services API #zoneInfo=$(echo "$result" | sed "s,\"zones,\n&,g" | grep zones | cut -d'[' -f2 | cut -d']' -f1 | tr '}' '\n' | grep "\"$rootZone\"") - zoneInfo=$(echo -e "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g') + zoneInfo=$(echo "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g' | grep "\"$rootZone\"") rootZoneName="$rootZone" subDomainName="$(echo "$domain" | sed "s,\.$rootZone,,g")" subDomainNameClean="$(echo "$domain" | sed "s,_acme-challenge.,,g")" - rootZoneDomainID=$(echo -e "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g') - rootZoneServiceID=$(echo -e "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"service_id":")([^"]*)"(.*)$,\2,g') + rootZoneDomainID=$(echo "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g') + rootZoneServiceID=$(echo "$result" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"service_id":")([^"]*)"(.*)$,\2,g') + _debug2 _zoneInfo "Zone info from API : $zoneInfo" _debug2 _get_root "Root zone name : $rootZoneName" _debug2 _get_root "Root zone domain ID : $rootZoneDomainID" _debug2 _get_root "Root zone service ID: $rootZoneServiceID" From b1b336804d624287cf885c61a16f925ca4569255 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Tue, 12 Jul 2022 16:26:45 +0200 Subject: [PATCH 0896/1526] Fixed a missed 'grep -o' to _egrep_o() --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index f87509c2..82e9b5c5 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -146,7 +146,7 @@ _get_root() { fi done) else - rootZone=$(echo "$result" | grep -o '"name":"[^"]*' | cut -d'"' -f4) + rootZone=$(echo "$result" | _egrep_o '"name":"[^"]*' | cut -d'"' -f4) _debug2 _get_root "- only found 1 domain in API: $rootZone" fi From e4387e4aad97f1296ef49681433afb2ac95a75e8 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Tue, 12 Jul 2022 22:04:28 +0200 Subject: [PATCH 0897/1526] Updated delete function --- dnsapi/dns_dnsservices.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 82e9b5c5..f2a7608e 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -213,9 +213,10 @@ deleteRecord() { fi result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" - recordInfo="$(echo "$result" | tr '}' '\n' | _egrep_o "\"name\":\"${fulldomain}" | _egrep_o "\"content\":\"" | grep "${txtvalue}")" - _debug2 deleteRecord "recordInfo=$recordInfo" - recordID="$(echo "$recordInfo" | tr ',' '\n' | _egrep_o "\"id\":\"[0-9]+\"" | cut -d'"' -f4)" + recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" + recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')" + recordDomainID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g')" + recordName="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g')" if [ -z "$recordID" ]; then _info "Record $fulldomain TXT $txtvalue not found or already deleted" @@ -225,8 +226,10 @@ deleteRecord() { fi _debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" + _log "curl DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" _debug2 deleteRecord "API Delete result \"$result\"" + _log "curl API Delete result \"$result\"" # Return OK regardless return 0 From 5f44c195e99d1e415d2f490412347dbf2e52dc15 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Tue, 12 Jul 2022 22:10:20 +0200 Subject: [PATCH 0898/1526] Removed unused variable --- dnsapi/dns_dnsservices.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index f2a7608e..9d913d39 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -215,8 +215,8 @@ deleteRecord() { result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')" - recordDomainID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g')" - recordName="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g')" + #recordDomainID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g')" + #recordName="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g')" if [ -z "$recordID" ]; then _info "Record $fulldomain TXT $txtvalue not found or already deleted" From e5aeff50dc52febc6b44e22e258950732a2049e1 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Tue, 12 Jul 2022 22:20:24 +0200 Subject: [PATCH 0899/1526] Removed spaces (shfmt) --- dnsapi/dns_dnsservices.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 9d913d39..71ed705d 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -213,10 +213,8 @@ deleteRecord() { fi result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" - recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" - recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')" - #recordDomainID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"domain_id":")([^"]*)"(.*)$,\2,g')" - #recordName="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g')" + recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" + recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')" if [ -z "$recordID" ]; then _info "Record $fulldomain TXT $txtvalue not found or already deleted" From bcc967933926d71507a06eca2497fd7223a717d4 Mon Sep 17 00:00:00 2001 From: Bjarke Bruun Date: Tue, 12 Jul 2022 22:21:38 +0200 Subject: [PATCH 0900/1526] Removed spaces (shfmt) (missed one) --- dnsapi/dns_dnsservices.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 71ed705d..9f2220fe 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -213,7 +213,7 @@ deleteRecord() { fi result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" - recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" + recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')" if [ -z "$recordID" ]; then From e2eb685d76311761b5516830b81093892ab73375 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 13 Jul 2022 21:06:57 +0800 Subject: [PATCH 0901/1526] upgrade FreeBSD 13.1 --- .github/workflows/DNS.yml | 2 +- .github/workflows/FreeBSD.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 5f6cdac9..720cfaab 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -188,7 +188,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.4 + - uses: vmactions/freebsd-vm@v0.1.7 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 4d310f05..6f8797db 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.5 + - uses: vmactions/freebsd-vm@v0.1.7 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From 3a29e0345852733b5690d8e40f9110330d009b41 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Thu, 14 Jul 2022 11:25:59 +0200 Subject: [PATCH 0902/1526] dns_world4you: Use _lower_case instead of tr Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index 67e6d118..a0a83c37 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -12,7 +12,7 @@ RECORD='' # Usage: dns_world4you_add dns_world4you_add() { - fqdn=$(echo "$1" | tr '[:upper:]' '[:lower:]') + fqdn=$(echo "$1" | _lower_case) value="$2" _info "Using world4you to add record" _debug fulldomain "$fqdn" @@ -74,7 +74,7 @@ dns_world4you_add() { # Usage: dns_world4you_rm dns_world4you_rm() { - fqdn=$(echo "$1" | tr '[:upper:]' '[:lower:]') + fqdn=$(echo "$1" | _lower_case) value="$2" _info "Using world4you to remove record" _debug fulldomain "$fqdn" From 19790e9011bba37365e80adebfd27ae12d2322e5 Mon Sep 17 00:00:00 2001 From: Maxime-J Date: Thu, 14 Jul 2022 10:54:37 +0000 Subject: [PATCH 0903/1526] dns_ovh: save OVH_CK in all cases --- dnsapi/dns_ovh.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index b382e52f..2252f03a 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -118,6 +118,7 @@ _initAuth() { #return and wait for retry. return 1 fi + _saveaccountconf OVH_CK "$OVH_CK" _info "Checking authentication" @@ -235,7 +236,6 @@ _ovh_authentication() { _secure_debug consumerKey "$consumerKey" OVH_CK="$consumerKey" - _saveaccountconf OVH_CK "$OVH_CK" _info "Please open this link to do authentication: $(__green "$validationUrl")" From bd73823828f7d8009b7e0f0ec233b97c62c2754c Mon Sep 17 00:00:00 2001 From: spider Date: Fri, 15 Jul 2022 13:31:19 +0600 Subject: [PATCH 0904/1526] reg.ru list unicode domains NOT in IDN code --- dnsapi/dns_regru.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_regru.sh b/dnsapi/dns_regru.sh index 2a1ebaa5..8ff380f0 100644 --- a/dnsapi/dns_regru.sh +++ b/dnsapi/dns_regru.sh @@ -92,10 +92,10 @@ _get_root() { domains_list=$(echo "${response}" | grep dname | sed -r "s/.*dname=\"([^\"]+)\".*/\\1/g") for ITEM in ${domains_list}; do - IDN_ITEM="$(_idn "${ITEM}")" + IDN_ITEM=${ITEM} case "${domain}" in *${IDN_ITEM}*) - _domain=${IDN_ITEM} + _domain="$(_idn "${ITEM}")" _debug _domain "${_domain}" return 0 ;; From 927c003d22dbc9e14250e6e1f993df028aed91d8 Mon Sep 17 00:00:00 2001 From: Jesai Langenbach Date: Fri, 15 Jul 2022 14:17:32 +0200 Subject: [PATCH 0905/1526] More robust and shortend egrep --- dnsapi/dns_opnsense.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh index eb95902f..38a8f8de 100755 --- a/dnsapi/dns_opnsense.sh +++ b/dnsapi/dns_opnsense.sh @@ -150,7 +150,7 @@ _get_root() { return 1 fi _debug h "$h" - id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":{\"[^\"]*\":{[^}]*}},\"transferkeyalgo\":{[^{]*{[^{]*{[^{]*{[^{]*{[^{]*{[^{]*{[^{]*{[^}]*}},\"transferkey\":\"[^\"]*\"(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) + id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":{\"\":{[^}]*}}(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) if [ -n "$id" ]; then _debug id "$id" _host=$(printf "%s" "$domain" | cut -d . -f 1-$p) From 0e73128f40f3f898b060c1a159213d0be3dc7e15 Mon Sep 17 00:00:00 2001 From: Jesai Langenbach Date: Fri, 15 Jul 2022 16:42:20 +0200 Subject: [PATCH 0906/1526] Finaly found a regex wich works for sed and egrep -o and use searchDomain api for easier to parse response --- dnsapi/dns_opnsense.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh index 38a8f8de..937f4aa5 100755 --- a/dnsapi/dns_opnsense.sh +++ b/dnsapi/dns_opnsense.sh @@ -137,7 +137,7 @@ _get_root() { domain=$1 i=2 p=1 - if _opns_rest "GET" "/domain/get"; then + if _opns_rest "GET" "/domain/searchDomain"; then _domain_response="$response" else return 1 @@ -150,7 +150,7 @@ _get_root() { return 1 fi _debug h "$h" - id=$(echo "$_domain_response" | _egrep_o "\"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":{\"\":{[^}]*}}(,\"allownotifyslave\":{\"\":{[^}]*}},|,)\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) + id=$(echo "$_domain_response" | _egrep_o "\"uuid\":\"[a-z0-9\-]*\",\"enabled\":\"1\",\"type\":\"master\",[^.]*,\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) if [ -n "$id" ]; then _debug id "$id" _host=$(printf "%s" "$domain" | cut -d . -f 1-$p) From 0b8ae6821303742ebd9ed4423f9c7b64836c9513 Mon Sep 17 00:00:00 2001 From: Jesai Langenbach Date: Fri, 15 Jul 2022 16:50:38 +0200 Subject: [PATCH 0907/1526] Fix: cut for domain uuid with searchDOmain response --- dnsapi/dns_opnsense.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh index 937f4aa5..96d4b788 100755 --- a/dnsapi/dns_opnsense.sh +++ b/dnsapi/dns_opnsense.sh @@ -150,7 +150,7 @@ _get_root() { return 1 fi _debug h "$h" - id=$(echo "$_domain_response" | _egrep_o "\"uuid\":\"[a-z0-9\-]*\",\"enabled\":\"1\",\"type\":\"master\",[^.]*,\"domainname\":\"${h}\"" | cut -d ':' -f 1 | cut -d '"' -f 2) + id=$(echo "$_domain_response" | _egrep_o "\"uuid\":\"[a-z0-9\-]*\",\"enabled\":\"1\",\"type\":\"master\",[^.]*,\"domainname\":\"${h}\"" | cut -d ':' -f 2 | cut -d '"' -f 2) if [ -n "$id" ]; then _debug id "$id" _host=$(printf "%s" "$domain" | cut -d . -f 1-$p) From c485011ed1d714540163013f14418dce937dbac1 Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sat, 16 Jul 2022 14:16:03 +0200 Subject: [PATCH 0908/1526] Multidomain patch suggestion from Sandeep Mittal --- dnsapi/dns_cpanel.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index f91725a4..0c9def67 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -120,7 +120,7 @@ _myget() { _get_root() { _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' - _domains=$(echo "$_result" | sed 's/.*\(zones.*\[\).*/\1/' | cut -d':' -f2 | sed 's/"//g' | sed 's/{//g') + _domains=$(echo "$_result" | _egrep_o '"[a-z0-9\.\-]*":\["; cPanel first' | cut -d':' -f1 | sed 's/"//g' | sed 's/{//g') _debug "_result is: $_result" _debug "_domains is: $_domains" if [ -z "$_domains" ]; then @@ -146,7 +146,7 @@ _findentry() { _debug "In _findentry" #returns id of dns entry, if it exists _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain" - _id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain.*$txtvalue\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1) + _id=$(echo "$_result" | sed -e "s/},{/},\n{/g" | grep "$fulldomain" | grep "$txtvalue" | _egrep_o 'line":[0-9]+' | cut -d ':' -f 2) _debug "_result is: $_result" _debug "fulldomain. is $fulldomain." _debug "txtvalue is $txtvalue" From 2fb9c923f4c3ffad2806f4ef6a941466b417f83e Mon Sep 17 00:00:00 2001 From: Bjarne Saltbaek Date: Sat, 16 Jul 2022 14:35:49 +0200 Subject: [PATCH 0909/1526] push for re-test --- dnsapi/dns_cpanel.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index 0c9def67..053b3ff3 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -13,6 +13,7 @@ # cPanel_Hostname=hostname # # Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" + # Used to add txt record dns_cpanel_add() { fulldomain=$1 From c0097497be609609743f861a49005ae9c2666b3f Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 17 Jul 2022 11:48:58 +0800 Subject: [PATCH 0910/1526] Upgrade FreeBSD version https://github.com/vmactions/freebsd-vm --- .github/workflows/FreeBSD.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 6f8797db..027b7caf 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.7 + - uses: vmactions/freebsd-vm@v0.1.8 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From ddabc38e3f8be529dc5e4b466c380f0ceb63d018 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 17 Jul 2022 11:49:58 +0800 Subject: [PATCH 0911/1526] upgrade OpenBSD https://github.com/vmactions/openbsd-vm --- .github/workflows/OpenBSD.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/OpenBSD.yml b/.github/workflows/OpenBSD.yml index 2b974a81..0d3465de 100644 --- a/.github/workflows/OpenBSD.yml +++ b/.github/workflows/OpenBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0.0.1 + - uses: vmactions/openbsd-vm@v0.0.4 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From 3e628f267805caf8c5b3271fe53abb8bd3a73055 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 17 Jul 2022 11:53:23 +0800 Subject: [PATCH 0912/1526] Upgrade NetBSD https://github.com/vmactions/netbsd-vm --- .github/workflows/DNS.yml | 6 +++--- .github/workflows/NetBSD.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 720cfaab..b9389438 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -188,7 +188,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.7 + - uses: vmactions/freebsd-vm@v0.1.8 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl @@ -270,7 +270,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0.0.1 + - uses: vmactions/openbsd-vm@v0.0.4 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg_add socat curl @@ -310,7 +310,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/netbsd-vm@v0.0.1 + - uses: vmactions/netbsd-vm@v0.0.2 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: | diff --git a/.github/workflows/NetBSD.yml b/.github/workflows/NetBSD.yml index d5a98586..609d1131 100644 --- a/.github/workflows/NetBSD.yml +++ b/.github/workflows/NetBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/netbsd-vm@v0.0.1 + - uses: vmactions/netbsd-vm@v0.0.2 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From 0717f8591c89a32dd6c474b4cfe28aac7d493e86 Mon Sep 17 00:00:00 2001 From: Aleksandr Kunin Date: Sun, 17 Jul 2022 21:15:47 +0700 Subject: [PATCH 0913/1526] Update to Vultr Api v2 - change endpoints - change Api-Key header to Authorization: Bearer --- dnsapi/dns_vultr.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_vultr.sh b/dnsapi/dns_vultr.sh index 84857966..bd925fdb 100644 --- a/dnsapi/dns_vultr.sh +++ b/dnsapi/dns_vultr.sh @@ -3,10 +3,10 @@ # #VULTR_API_KEY=000011112222333344445555666677778888 -VULTR_Api="https://api.vultr.com/v1" +VULTR_Api="https://api.vultr.com/v2" ######## Public functions ##################### - +# #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_vultr_add() { fulldomain=$1 @@ -31,14 +31,14 @@ dns_vultr_add() { _debug _domain "$_domain" _debug 'Getting txt records' - _vultr_rest GET "dns/records?domain=$_domain" + _vultr_rest GET "domains/$_domain/records" if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then _err 'Error' return 1 fi - if ! _vultr_rest POST 'dns/create_record' "domain=$_domain&name=$_sub_domain&data=\"$txtvalue\"&type=TXT"; then + if ! _vultr_rest POST "domains/$_domain/records" "{\"name\":\"$_sub_domain\",\"data\":\"$txtvalue\",\"type\":\"TXT\"}"; then _err "$response" return 1 fi @@ -71,14 +71,14 @@ dns_vultr_rm() { _debug _domain "$_domain" _debug 'Getting txt records' - _vultr_rest GET "dns/records?domain=$_domain" + _vultr_rest GET "domains/$_domain/records" if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then _err 'Error' return 1 fi - _record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep -- "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)" + _record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep -- "$txtvalue" | tr ',' '\n' | grep -i 'id' | cut -d : -f 2)" _debug _record_id "$_record_id" if [ "$_record_id" ]; then _info "Successfully retrieved the record id for ACME challenge." @@ -87,7 +87,7 @@ dns_vultr_rm() { return 0 fi - if ! _vultr_rest POST 'dns/delete_record' "domain=$_domain&RECORDID=$_record_id"; then + if ! _vultr_rest DELETE "domains/$_domain/records/$_record_id"; then _err "$response" return 1 fi @@ -112,11 +112,11 @@ _get_root() { return 1 fi - if ! _vultr_rest GET "dns/list"; then + if ! _vultr_rest GET "domains"; then return 1 fi - if printf "%s\n" "$response" | grep '^\[.*\]' >/dev/null; then + if printf "%s\n" "$response" | grep '^\{.*\}' >/dev/null; then if _contains "$response" "\"domain\":\"$_domain\""; then _sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")" return 0 @@ -141,8 +141,8 @@ _vultr_rest() { api_key_trimmed=$(echo $VULTR_API_KEY | tr -d '"') - export _H1="Api-Key: $api_key_trimmed" - export _H2='Content-Type: application/x-www-form-urlencoded' + export _H1="Authorization: Bearer $api_key_trimmed" + export _H2='Content-Type: application/json' if [ "$m" != "GET" ]; then _debug data "$data" From bc920949cba1eb73cbb2f5fd38e2d489096e054d Mon Sep 17 00:00:00 2001 From: Grigory Starinkin Date: Mon, 18 Jul 2022 10:50:50 +0100 Subject: [PATCH 0914/1526] Add Slack App notification hook Slack Incoming webhooks is a legacy custom integration - an outdated way for teams to integrate with Slack. These integrations lack newer features and they will be deprecated and possibly removed in the future. Slack team do not recommend their use. Instead, it's suggested to use Slack apps. --- notify/slack_app.sh | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100755 notify/slack_app.sh diff --git a/notify/slack_app.sh b/notify/slack_app.sh new file mode 100755 index 00000000..5b012a41 --- /dev/null +++ b/notify/slack_app.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env sh + +#Support Slack APP notifications + +#SLACK_APP_CHANNEL="" +#SLACK_APP_TOKEN="" + +slack_app_send() { + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_statusCode" "$_statusCode" + + SLACK_APP_CHANNEL="${SLACK_APP_CHANNEL:-$(_readaccountconf_mutable SLACK_APP_CHANNEL)}" + if [ -n "$SLACK_APP_CHANNEL" ]; then + _saveaccountconf_mutable SLACK_APP_CHANNEL "$SLACK_APP_CHANNEL" + fi + + SLACK_APP_TOKEN="${SLACK_APP_TOKEN:-$(_readaccountconf_mutable SLACK_APP_TOKEN)}" + if [ -n "$SLACK_APP_TOKEN" ]; then + _saveaccountconf_mutable SLACK_APP_TOKEN "$SLACK_APP_TOKEN" + fi + + _content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" + _data="{\"text\": \"$_content\", " + if [ -n "$SLACK_APP_CHANNEL" ]; then + _data="$_data\"channel\": \"$SLACK_APP_CHANNEL\", " + fi + _data="$_data\"mrkdwn\": \"true\"}" + + export _H1="Authorization: Bearer $SLACK_APP_TOKEN" + + SLACK_APP_API_URL="https://slack.com/api/chat.postMessage" + if _post "$_data" "$SLACK_APP_API_URL" "" "POST" "application/json; charset=utf-8"; then + SLACK_APP_RESULT_OK=$(echo "$response" | _egrep_o 'ok" *: *true') + if [ "$?" = "0" ] && [ "$SLACK_APP_RESULT_OK" ]; then + _info "slack send success." + return 0 + fi + fi + _err "slack send error." + _err "$response" + return 1 +} From d8a4e47a130fd87953bf9c495d3fcc1897848a89 Mon Sep 17 00:00:00 2001 From: Grigory Starinkin Date: Mon, 18 Jul 2022 17:20:25 +0100 Subject: [PATCH 0915/1526] disable "$response is referenced but not assigned" warning the variable is assigned by the `_post` call --- notify/slack_app.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/notify/slack_app.sh b/notify/slack_app.sh index 5b012a41..84d4733a 100755 --- a/notify/slack_app.sh +++ b/notify/slack_app.sh @@ -32,6 +32,7 @@ slack_app_send() { SLACK_APP_API_URL="https://slack.com/api/chat.postMessage" if _post "$_data" "$SLACK_APP_API_URL" "" "POST" "application/json; charset=utf-8"; then + # shellcheck disable=SC2154 SLACK_APP_RESULT_OK=$(echo "$response" | _egrep_o 'ok" *: *true') if [ "$?" = "0" ] && [ "$SLACK_APP_RESULT_OK" ]; then _info "slack send success." From 328dbd57d426c64ebead7318a22827e958c053bc Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 24 Jul 2022 16:20:44 +0800 Subject: [PATCH 0916/1526] fix for solaris --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 3d65612f..ef37f163 100755 --- a/acme.sh +++ b/acme.sh @@ -1196,7 +1196,7 @@ _createkey() { _is_idn() { _is_idn_d="$1" _debug2 _is_idn_d "$_is_idn_d" - _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d '0-9' | tr -d 'a-z' | tr -d 'A-Z' | tr -d '*.,-_') + _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d [0-9] | tr -d [a-z] | tr -d [A-Z] | tr -d '*.,-_') _debug2 _idn_temp "$_idn_temp" [ "$_idn_temp" ] } From a3784854a7903c05949d15185235c7680c12bd1b Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 26 Jul 2022 13:20:00 +0800 Subject: [PATCH 0917/1526] fix https://github.com/acmesh-official/acme.sh/issues/3975 --- dnsapi/dns_ispconfig.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_ispconfig.sh b/dnsapi/dns_ispconfig.sh index 6f0e920f..560f073e 100755 --- a/dnsapi/dns_ispconfig.sh +++ b/dnsapi/dns_ispconfig.sh @@ -32,6 +32,10 @@ dns_ispconfig_rm() { #################### Private functions below ################################## _ISPC_credentials() { + ISPC_User="${ISPC_User:-$(_readaccountconf_mutable ISPC_User)}" + ISPC_Password="${ISPC_Password:-$(_readaccountconf_mutable ISPC_Password)}" + ISPC_Api="${ISPC_Api:-$(_readaccountconf_mutable ISPC_Api)}" + ISPC_Api_Insecure="${ISPC_Api_Insecure:-$(_readaccountconf_mutable ISPC_Api_Insecure)}" if [ -z "${ISPC_User}" ] || [ -z "${ISPC_Password}" ] || [ -z "${ISPC_Api}" ] || [ -z "${ISPC_Api_Insecure}" ]; then ISPC_User="" ISPC_Password="" @@ -40,10 +44,10 @@ _ISPC_credentials() { _err "You haven't specified the ISPConfig Login data, URL and whether you want check the ISPC SSL cert. Please try again." return 1 else - _saveaccountconf ISPC_User "${ISPC_User}" - _saveaccountconf ISPC_Password "${ISPC_Password}" - _saveaccountconf ISPC_Api "${ISPC_Api}" - _saveaccountconf ISPC_Api_Insecure "${ISPC_Api_Insecure}" + _saveaccountconf_mutable ISPC_User "${ISPC_User}" + _saveaccountconf_mutable ISPC_Password "${ISPC_Password}" + _saveaccountconf_mutable ISPC_Api "${ISPC_Api}" + _saveaccountconf_mutable ISPC_Api_Insecure "${ISPC_Api_Insecure}" # Set whether curl should use secure or insecure mode export HTTPS_INSECURE="${ISPC_Api_Insecure}" fi From 7843c0c1b0870d199f06278e635277e2fe00ab00 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 27 Jul 2022 21:19:36 +0800 Subject: [PATCH 0918/1526] Upgrade VM versions from https://github.com/vmactions --- .github/workflows/DNS.yml | 6 +++--- .github/workflows/FreeBSD.yml | 2 +- .github/workflows/NetBSD.yml | 2 +- .github/workflows/OpenBSD.yml | 2 +- .github/workflows/Solaris.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index b9389438..52753a79 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -188,7 +188,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.8 + - uses: vmactions/freebsd-vm@v0.2.0 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl @@ -270,7 +270,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0.0.4 + - uses: vmactions/openbsd-vm@v0.0.6 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg_add socat curl @@ -310,7 +310,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/netbsd-vm@v0.0.2 + - uses: vmactions/netbsd-vm@v0.0.4 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: | diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 027b7caf..52f13fbb 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.1.8 + - uses: vmactions/freebsd-vm@v0.2.0 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | diff --git a/.github/workflows/NetBSD.yml b/.github/workflows/NetBSD.yml index 609d1131..83ae1cf3 100644 --- a/.github/workflows/NetBSD.yml +++ b/.github/workflows/NetBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/netbsd-vm@v0.0.2 + - uses: vmactions/netbsd-vm@v0.0.4 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | diff --git a/.github/workflows/OpenBSD.yml b/.github/workflows/OpenBSD.yml index 0d3465de..69acf66d 100644 --- a/.github/workflows/OpenBSD.yml +++ b/.github/workflows/OpenBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0.0.4 + - uses: vmactions/openbsd-vm@v0.0.6 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 6ba0e414..a4b179b7 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.5 + - uses: vmactions/solaris-vm@v0.0.6 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From 64fda951861bb43cc3976ce6573182e967fb1532 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 27 Jul 2022 22:09:22 +0800 Subject: [PATCH 0919/1526] Upgrade solaris by https://github.com/vmactions/solaris-vm --- .github/workflows/Solaris.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index a4b179b7..e2336ed6 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -49,9 +49,10 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.6 + - uses: vmactions/solaris-vm@v0.0.7 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' + copyback: "false" nat: | "8080": "80" prepare: pkgutil -y -i socat curl From 1ea8cfbfb04609871fb3dc3b3037f734f9b7114d Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 27 Jul 2022 22:15:38 +0800 Subject: [PATCH 0920/1526] Add DragonFlyBSD test by https://github.com/vmactions/dragonflybsd-vm --- .github/workflows/DNS.yml | 42 ++++++++++++++++++- .github/workflows/DragonFlyBSD.yml | 65 ++++++++++++++++++++++++++++++ 2 files changed, 106 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/DragonFlyBSD.yml diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 52753a79..a3564d27 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -336,4 +336,44 @@ jobs: cd ../acmetest ./letest.sh - \ No newline at end of file + DragonFlyBSD: + runs-on: macos-12 + needs: NetBSD + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: 1 + steps: + - uses: actions/checkout@v2 + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/dragonflybsd-vm@v0.0.3 + with: + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + prepare: | + pkg install -y curl socat + usesh: true + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + ./letest.sh + diff --git a/.github/workflows/DragonFlyBSD.yml b/.github/workflows/DragonFlyBSD.yml new file mode 100644 index 00000000..4836a08b --- /dev/null +++ b/.github/workflows/DragonFlyBSD.yml @@ -0,0 +1,65 @@ +name: DragonFlyBSD +on: + push: + branches: + - '*' + paths: + - '*.sh' + - '.github/workflows/DragonFlyBSD.yml' + + pull_request: + branches: + - dev + paths: + - '*.sh' + - '.github/workflows/DragonFlyBSD.yml' + + +jobs: + DragonFlyBSD: + strategy: + matrix: + include: + - TEST_ACME_Server: "LetsEncrypt.org_test" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + #- TEST_ACME_Server: "ZeroSSL.com" + # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" + # CA: "ZeroSSL RSA Domain Secure Site CA" + # CA_EMAIL: "githubtest@acme.sh" + # TEST_PREFERRED_CHAIN: "" + runs-on: macos-12 + env: + TEST_LOCAL: 1 + TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} + CA_ECDSA: ${{ matrix.CA_ECDSA }} + CA: ${{ matrix.CA }} + CA_EMAIL: ${{ matrix.CA_EMAIL }} + TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} + steps: + - uses: actions/checkout@v2 + - uses: vmactions/cf-tunnel@v0.0.3 + id: tunnel + with: + protocol: http + port: 8080 + - name: Set envs + run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/dragonflybsd-vm@v0.0.3 + with: + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' + copyback: "false" + nat: | + "8080": "80" + prepare: | + pkg install -y curl socat + usesh: true + run: | + cd ../acmetest \ + && ./letest.sh + + From 1a140a55155ce60342956444e67df12d334f3153 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 27 Jul 2022 22:17:35 +0800 Subject: [PATCH 0921/1526] upgrade OpenBSD by https://github.com/vmactions/openbsd-vm --- .github/workflows/DNS.yml | 2 +- .github/workflows/OpenBSD.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index a3564d27..e039653f 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -270,7 +270,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0.0.6 + - uses: vmactions/openbsd-vm@v0.0.7 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg_add socat curl diff --git a/.github/workflows/OpenBSD.yml b/.github/workflows/OpenBSD.yml index 69acf66d..9c8a807c 100644 --- a/.github/workflows/OpenBSD.yml +++ b/.github/workflows/OpenBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0.0.6 + - uses: vmactions/openbsd-vm@v0.0.7 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | From 2d144a8b435297bf3f99717978682e6ceaf7079a Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 27 Jul 2022 22:22:34 +0800 Subject: [PATCH 0922/1526] Add DragonFlyBSD test by https://github.com/vmactions/dragonflybsd-vm --- README.md | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 836664cd..27e933ca 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,8 @@ [![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml) [![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml) [![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml) +[![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml) + ![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg) ![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg) @@ -72,20 +74,21 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |6|NA|pfsense |7|[![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml)|OpenBSD |8|[![NetBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml)|NetBSD -|9|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian -|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS -|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE -|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl) -|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux -|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora -|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux -|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux -|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia -|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux -|19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux -|10|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 -|21|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) -|22|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) +|9|[![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml)|DragonFlyBSD +|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian +|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS +|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE +|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl) +|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux +|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora +|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux +|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux +|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia +|19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux +|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux +|11|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 +|22|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) +|23|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management) Check our [testing project](https://github.com/acmesh-official/acmetest): From 0de3bf0ac76f49c30d4584e78495a141f5c9a4b8 Mon Sep 17 00:00:00 2001 From: msys0843 <110224197+msys0843@users.noreply.github.com> Date: Fri, 29 Jul 2022 18:09:57 +0900 Subject: [PATCH 0923/1526] Update dns_mydnsjp.sh To fit current mydns.jp web site. --- dnsapi/dns_mydnsjp.sh | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/dnsapi/dns_mydnsjp.sh b/dnsapi/dns_mydnsjp.sh index aab2aabf..13866f70 100755 --- a/dnsapi/dns_mydnsjp.sh +++ b/dnsapi/dns_mydnsjp.sh @@ -150,7 +150,7 @@ _get_root() { _mydnsjp_retrieve_domain() { _debug "Login to MyDNS.JP" - response="$(_post "masterid=$MYDNSJP_MasterID&masterpwd=$MYDNSJP_Password" "$MYDNSJP_API/?MENU=100")" + response="$(_post "MENU=100&masterid=$MYDNSJP_MasterID&masterpwd=$MYDNSJP_Password" "$MYDNSJP_API/members/")" cookie="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _head_n 1 | cut -d " " -f 2)" # If cookies is not empty then logon successful @@ -159,22 +159,8 @@ _mydnsjp_retrieve_domain() { return 1 fi - _debug "Retrieve DOMAIN INFO page" - - export _H1="Cookie:${cookie}" - - response="$(_get "$MYDNSJP_API/?MENU=300")" - - if [ "$?" != "0" ]; then - _err "Fail to retrieve DOMAIN INFO." - return 1 - fi - _root_domain=$(echo "$response" | grep "DNSINFO\[domainname\]" | sed 's/^.*value="\([^"]*\)".*/\1/') - # Logout - response="$(_get "$MYDNSJP_API/?MENU=090")" - _debug _root_domain "$_root_domain" if [ -z "$_root_domain" ]; then From bd78120bd5946763248da60167adc99f6bb2c2b1 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 30 Jul 2022 08:53:44 +0800 Subject: [PATCH 0924/1526] Use major version of https://github.com/vmactions/freebsd-vm --- .github/workflows/DNS.yml | 10 +++++----- .github/workflows/DragonFlyBSD.yml | 2 +- .github/workflows/FreeBSD.yml | 2 +- .github/workflows/NetBSD.yml | 2 +- .github/workflows/OpenBSD.yml | 2 +- .github/workflows/Solaris.yml | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index e039653f..538a1cfc 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -188,7 +188,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.2.0 + - uses: vmactions/freebsd-vm@v0 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl @@ -228,7 +228,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.5 + - uses: vmactions/solaris-vm@v0 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkgutil -y -i socat @@ -270,7 +270,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0.0.7 + - uses: vmactions/openbsd-vm@v0 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg_add socat curl @@ -310,7 +310,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/netbsd-vm@v0.0.4 + - uses: vmactions/netbsd-vm@v0 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: | @@ -352,7 +352,7 @@ jobs: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/dragonflybsd-vm@v0.0.3 + - uses: vmactions/dragonflybsd-vm@v0 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: | diff --git a/.github/workflows/DragonFlyBSD.yml b/.github/workflows/DragonFlyBSD.yml index 4836a08b..76af8b30 100644 --- a/.github/workflows/DragonFlyBSD.yml +++ b/.github/workflows/DragonFlyBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/dragonflybsd-vm@v0.0.3 + - uses: vmactions/dragonflybsd-vm@v0 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' copyback: "false" diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 52f13fbb..676b67c7 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0.2.0 + - uses: vmactions/freebsd-vm@v0 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | diff --git a/.github/workflows/NetBSD.yml b/.github/workflows/NetBSD.yml index 83ae1cf3..616dfc39 100644 --- a/.github/workflows/NetBSD.yml +++ b/.github/workflows/NetBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/netbsd-vm@v0.0.4 + - uses: vmactions/netbsd-vm@v0 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | diff --git a/.github/workflows/OpenBSD.yml b/.github/workflows/OpenBSD.yml index 9c8a807c..4f17780f 100644 --- a/.github/workflows/OpenBSD.yml +++ b/.github/workflows/OpenBSD.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0.0.7 + - uses: vmactions/openbsd-vm@v0 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' nat: | diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index e2336ed6..53386752 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -49,7 +49,7 @@ jobs: run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0.0.7 + - uses: vmactions/solaris-vm@v0 with: envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' copyback: "false" From 8a1f038a80bbb9fbd762f73682c7cc329732d1ba Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 30 Jul 2022 21:45:58 +0800 Subject: [PATCH 0925/1526] add issue.yml --- .github/workflows/issue.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/workflows/issue.yml diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml new file mode 100644 index 00000000..7e44e5ae --- /dev/null +++ b/.github/workflows/issue.yml @@ -0,0 +1,18 @@ +name: "Update issues" +on: + issues: + types: [opened] + +jobs: + comment: + runs-on: ubuntu-latest + steps: + - uses: actions/github-script@v6 + with: + script: | + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: 'Please provode the log with `--debug 2` if this is a bug report.' + }) \ No newline at end of file From f91aeea91cdcf4d2c3524e0ddb1c870befd2b8fa Mon Sep 17 00:00:00 2001 From: Bill Gertz Date: Tue, 2 Aug 2022 19:01:16 +0200 Subject: [PATCH 0926/1526] Update dns_miab.sh Added an explicit no error (0) return on the internal _retrieve_miab_env() function. This was causing errors when acme.sh was not run with a debug level. --- dnsapi/dns_miab.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_miab.sh b/dnsapi/dns_miab.sh index 7e697704..dad69bde 100644 --- a/dnsapi/dns_miab.sh +++ b/dnsapi/dns_miab.sh @@ -163,6 +163,7 @@ _retrieve_miab_env() { _saveaccountconf_mutable MIAB_Username "$MIAB_Username" _saveaccountconf_mutable MIAB_Password "$MIAB_Password" _saveaccountconf_mutable MIAB_Server "$MIAB_Server" + return 0 } #Useage: _miab_rest "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" "custom/_acme-challenge.www.domain.com/txt "POST" From 51d4d1451a10ae5dd4f859e4f8f7fdb33ed8cd17 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 3 Aug 2022 20:55:25 +0800 Subject: [PATCH 0927/1526] use ${{ secrets.DEBUG }} https://github.com/acmesh-official/acme.sh/issues/4215 --- .github/workflows/DNS.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 538a1cfc..ca6631dd 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -53,7 +53,7 @@ jobs: TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 - DEBUG: 1 + DEBUG: ${{ secrets.DEBUG }} steps: - uses: actions/checkout@v2 - name: Clone acmetest @@ -92,7 +92,7 @@ jobs: TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 - DEBUG: 1 + DEBUG: ${{ secrets.DEBUG }} steps: - uses: actions/checkout@v2 - name: Install tools @@ -130,7 +130,7 @@ jobs: TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 - DEBUG: 1 + DEBUG: ${{ secrets.DEBUG }} steps: - name: Set git to use LF run: | @@ -183,7 +183,7 @@ jobs: TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 - DEBUG: 1 + DEBUG: ${{ secrets.DEBUG }} steps: - uses: actions/checkout@v2 - name: Clone acmetest @@ -223,7 +223,7 @@ jobs: TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 - DEBUG: 1 + DEBUG: ${{ secrets.DEBUG }} steps: - uses: actions/checkout@v2 - name: Clone acmetest @@ -265,7 +265,7 @@ jobs: TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 - DEBUG: 1 + DEBUG: ${{ secrets.DEBUG }} steps: - uses: actions/checkout@v2 - name: Clone acmetest @@ -305,7 +305,7 @@ jobs: TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 - DEBUG: 1 + DEBUG: ${{ secrets.DEBUG }} steps: - uses: actions/checkout@v2 - name: Clone acmetest @@ -347,7 +347,7 @@ jobs: TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} CASE: le_test_dnsapi TEST_LOCAL: 1 - DEBUG: 1 + DEBUG: ${{ secrets.DEBUG }} steps: - uses: actions/checkout@v2 - name: Clone acmetest From d0c2fb97616c6e395185b5bd2b711bf9604cfff7 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 3 Aug 2022 23:07:02 +0800 Subject: [PATCH 0928/1526] fix https://github.com/acmesh-official/acme.sh/issues/3833#issuecomment-1203652970 --- .github/workflows/DNS.yml | 6 +++++- .github/workflows/FreeBSD.yml | 1 + .github/workflows/NetBSD.yml | 1 + .github/workflows/OpenBSD.yml | 1 + acme.sh | 18 ++++-------------- 5 files changed, 12 insertions(+), 15 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index ca6631dd..ac1937af 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -193,6 +193,7 @@ jobs: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl usesh: true + copyback: false run: | if [ "${{ secrets.TokenName1}}" ] ; then export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} @@ -231,6 +232,7 @@ jobs: - uses: vmactions/solaris-vm@v0 with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + copyback: false prepare: pkgutil -y -i socat run: | pkg set-mediator -v -I default@1.1 openssl @@ -275,6 +277,7 @@ jobs: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg_add socat curl usesh: true + copyback: false run: | if [ "${{ secrets.TokenName1}}" ] ; then export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} @@ -314,9 +317,9 @@ jobs: with: envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: | - export PKG_PATH="http://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/$(uname -p)/$(uname -r|cut -f '1 2' -d.)/All/" pkg_add curl socat usesh: true + copyback: false run: | if [ "${{ secrets.TokenName1}}" ] ; then export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} @@ -358,6 +361,7 @@ jobs: prepare: | pkg install -y curl socat usesh: true + copyback: false run: | if [ "${{ secrets.TokenName1}}" ] ; then export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 676b67c7..74b69745 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -56,6 +56,7 @@ jobs: "8080": "80" prepare: pkg install -y socat curl usesh: true + copyback: false run: | cd ../acmetest \ && ./letest.sh diff --git a/.github/workflows/NetBSD.yml b/.github/workflows/NetBSD.yml index 616dfc39..84bf96b8 100644 --- a/.github/workflows/NetBSD.yml +++ b/.github/workflows/NetBSD.yml @@ -58,6 +58,7 @@ jobs: export PKG_PATH="http://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/$(uname -p)/$(uname -r|cut -f '1 2' -d.)/All/" pkg_add curl socat usesh: true + copyback: false run: | cd ../acmetest \ && ./letest.sh diff --git a/.github/workflows/OpenBSD.yml b/.github/workflows/OpenBSD.yml index 4f17780f..6aba1b2a 100644 --- a/.github/workflows/OpenBSD.yml +++ b/.github/workflows/OpenBSD.yml @@ -56,6 +56,7 @@ jobs: "8080": "80" prepare: pkg_add socat curl usesh: true + copyback: false run: | cd ../acmetest \ && ./letest.sh diff --git a/acme.sh b/acme.sh index ef37f163..9ac8caf9 100755 --- a/acme.sh +++ b/acme.sh @@ -436,24 +436,14 @@ _secure_debug3() { fi } -__USE_TR_RAW="$([ "$(echo "abc" | tr a-z A-Z 2>/dev/null)" = "ABC" ] && echo 1 || echo 0)" - _upper_case() { - if [ "$__USE_TR_RAW" = "0" ]; then - tr '[:lower:]' '[:upper:]' - else - # shellcheck disable=SC2018,SC2019 - tr 'a-z' 'A-Z' - fi + # shellcheck disable=SC2018,SC2019 + tr '[a-z]' '[A-Z]' } _lower_case() { - if [ "$__USE_TR_RAW" = "0" ]; then - tr '[:upper:]' '[:lower:]' - else - # shellcheck disable=SC2018,SC2019 - tr 'A-Z' 'a-z' - fi + # shellcheck disable=SC2018,SC2019 + tr '[A-Z]' '[a-z]' } _startswith() { From aaee0414c83fac0fc5e319e95fd35557790537b5 Mon Sep 17 00:00:00 2001 From: Marco Date: Thu, 4 Aug 2022 09:44:35 +0200 Subject: [PATCH 0929/1526] Fix and Upgrade Switching from formula.php to SOAP Now session-based login Only record entries with corresponding values will now be deleted --- dnsapi/dns_kas.sh | 202 +++++++++++++++++++++++++++------------------- 1 file changed, 117 insertions(+), 85 deletions(-) diff --git a/dnsapi/dns_kas.sh b/dnsapi/dns_kas.sh index 2cb0b439..755161e4 100755 --- a/dnsapi/dns_kas.sh +++ b/dnsapi/dns_kas.sh @@ -14,39 +14,43 @@ # Git repo: https://github.com/phlegx/acme.sh # TODO: Better Error handling ######################################################################## -KAS_Api="https://kasapi.kasserver.com/dokumentation/formular.php" +KAS_Api="https://kasapi.kasserver.com/soap/KasApi.php" +KAS_Auth="https://kasapi.kasserver.com/soap/KasAuth.php" ######## Public functions ##################### dns_kas_add() { _fulldomain=$1 _txtvalue=$2 - _info "Using DNS-01 All-inkl/Kasserver hook" - _info "Adding $_fulldomain DNS TXT entry on All-inkl/Kasserver" - _info "Check and Save Props" + + _info "### -> Using DNS-01 All-inkl/Kasserver hook" + _info "### -> Adding $_fulldomain DNS TXT entry on All-inkl/Kasserver" + _info "### -> Retriving Credential Token" + _get_credential_token + + _info "### -> Check and Save Props" _check_and_save - _info "Checking Zone and Record_Name" + + _info "### -> Checking Zone and Record_Name" _get_zone_and_record_name "$_fulldomain" - _info "Getting Record ID" + + _info "### -> Checking for existing Record entries" _get_record_id - _info "Creating TXT DNS record" - params="?kas_login=$KAS_Login" - params="$params&kas_auth_type=$KAS_Authtype" - params="$params&kas_auth_data=$KAS_Authdata" - params="$params&var1=record_name" - params="$params&wert1=$_record_name" - params="$params&var2=record_type" - params="$params&wert2=TXT" - params="$params&var3=record_data" - params="$params&wert3=$_txtvalue" - params="$params&var4=record_aux" - params="$params&wert4=0" - params="$params&kas_action=add_dns_settings" - params="$params&var5=zone_host" - params="$params&wert5=$_zone" - _debug2 "Wait for 10 seconds by default before calling KAS API." - _sleep 10 - response="$(_get "$KAS_Api$params")" - _debug2 "response" "$response" + # If there is a record_id, delete the entry + if [ -n "$_record_id" ]; then + _info "Existing records found. Now deleting old entries" + for i in $_record_id; do + _delete_RecordByID "$i" + done + else + _info "No record found." + fi + + _info "### -> Creating TXT DNS record" + action="add_dns_settings" + kasReqParam="{\"record_name\":\"$_record_name\",\"record_type\":\"TXT\",\"record_data\":\"$_txtvalue\",\"record_aux\":\"0\",\"zone_host\":\"$_zone\"}" + response="$(_callAPI "$action" "$kasReqParam")" + + _debug2 "Response" "$response" if ! _contains "$response" "TRUE"; then _err "An unkown error occurred, please check manually." @@ -58,45 +62,46 @@ dns_kas_add() { dns_kas_rm() { _fulldomain=$1 _txtvalue=$2 - _info "Using DNS-01 All-inkl/Kasserver hook" - _info "Cleaning up after All-inkl/Kasserver hook" - _info "Removing $_fulldomain DNS TXT entry on All-inkl/Kasserver" - _info "Check and Save Props" + _info "### -> Using DNS-01 All-inkl/Kasserver hook" + _info "### -> Cleaning up after All-inkl/Kasserver hook" + _info "### -> Removing $_fulldomain DNS TXT entry on All-inkl/Kasserver" + _info "### -> Retriving Credential Token" + _get_credential_token + + _info "### -> Check and Save Props" _check_and_save - _info "Checking Zone and Record_Name" + + _info "### -> Checking Zone and Record_Name" _get_zone_and_record_name "$_fulldomain" - _info "Getting Record ID" + + _info "### -> Getting Record ID" _get_record_id + _info "### -> Removing entries with ID: $_record_id" # If there is a record_id, delete the entry if [ -n "$_record_id" ]; then - params="?kas_login=$KAS_Login" - params="$params&kas_auth_type=$KAS_Authtype" - params="$params&kas_auth_data=$KAS_Authdata" - params="$params&kas_action=delete_dns_settings" - for i in $_record_id; do - params2="$params&var1=record_id" - params2="$params2&wert1=$i" - _debug2 "Wait for 10 seconds by default before calling KAS API." - _sleep 10 - response="$(_get "$KAS_Api$params2")" - _debug2 "response" "$response" - if ! _contains "$response" "TRUE"; then - _err "Either the txt record is not found or another error occurred, please check manually." - return 1 - fi + _delete_RecordByID "$i" done else # Cannot delete or unkown error - _err "No record_id found that can be deleted. Please check manually." - return 1 + _info "No record_id found that can be deleted. Please check manually." fi return 0 } ########################## PRIVATE FUNCTIONS ########################### - +# Delete Record ID +_delete_RecordByID() { + recId=$1 + action="delete_dns_settings" + kasReqParam="{\"record_id\":\"$recId\"}" + response="$(_callAPI "$action" "$kasReqParam")" + _debug2 "Response" "$response" + if ! _contains "$response" "TRUE"; then + _info "Either the txt record is not found or another error occurred, please check manually." + fi +} # Checks for the ENV variables and saves them _check_and_save() { KAS_Login="${KAS_Login:-$(_readaccountconf_mutable KAS_Login)}" @@ -119,50 +124,77 @@ _check_and_save() { # Gets back the base domain/zone and record name. # See: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide _get_zone_and_record_name() { - params="?kas_login=$KAS_Login" - params="?kas_login=$KAS_Login" - params="$params&kas_auth_type=$KAS_Authtype" - params="$params&kas_auth_data=$KAS_Authdata" - params="$params&kas_action=get_domains" - - _debug2 "Wait for 10 seconds by default before calling KAS API." - _sleep 10 - response="$(_get "$KAS_Api$params")" - _debug2 "response" "$response" - _zonen="$(echo "$response" | tr -d "\n\r" | tr -d " " | tr '[]' '<>' | sed "s/=>Array/\n=> Array/g" | tr ' ' '\n' | grep "domain_name" | tr '<' '\n' | grep "domain_name" | sed "s/domain_name>=>//g")" - _domain="$1" - _temp_domain="$(echo "$1" | sed 's/\.$//')" - _rootzone="$_domain" - for i in $_zonen; do - l1=${#_rootzone} + action="get_domains" + kasReqParam="[]" + response="$(_callAPI "$action" "$kasReqParam")" + _debug2 "Response" "$response" + zonen="$(echo "$response" | sed 's//\n/g' | sed -r 's/(.*domain_name<\/key>)(.*)(<\/value.*)/\2/' | sed '/^/\n/g' | sed -n -e "/^.*$_record_name.*/Ip" | sed -n -e "/^.*$_txtvalue.*/Ip" | sed -r 's/(.*record_id<\/key>)([0-9]+)(<\/value.*)/\2/')" + _debug "Record Id: " "$_record_id" + return 0 +} + +# Retrieve credential token +_get_credential_token() { + data="" + data="$data{\"kas_login\":\"$KAS_Login\",\"kas_auth_type\":\"$KAS_Authtype\",\"kas_auth_data\":\"$KAS_Authdata\",\"session_lifetime\":600,\"session_update_lifetime\":\"Y\",\"session_2fa\":123456}" + data="$data" + + _debug "Be frindly and wait 10 seconds by default before calling KAS API." _sleep 10 - response="$(_get "$KAS_Api$params")" - _debug2 "response" "$response" - _record_id="$(echo "$response" | tr -d "\n\r" | tr -d " " | tr '[]' '<>' | sed "s/=>Array/\n=> Array/g" | tr ' ' '\n' | grep "=>$_record_name<" | grep '>TXT<' | tr '<' '\n' | grep record_id | sed "s/record_id>=>//g")" - _debug2 _record_id "$_record_id" + + contentType="text/xml" + export _H1="SOAPAction: ns1:KasAuth" + response="$(_post "$data" "$KAS_Auth" "" "POST" "$contentType")" + _debug2 "Response" "$response" + + _credential_token="$(echo "$response" | tr '\n' ' ' | sed 's/.*return xsi:type="xsd:string">\(.*\)<\/return>/\1/' | sed 's/<\/ns1:KasAuthResponse\(.*\)Envelope>.*//')" + _debug "Credential Token: " "$_credential_token" return 0 } + +_callAPI() { + kasaction=$1 + kasReqParams=$2 + baseParam="{\"kas_login\":\"$KAS_Login\",\"kas_auth_type\":\"session\",\"kas_auth_data\":\"$_credential_token\",\"kas_action\":\"$kasaction\",\"KasRequestParams\":$kasReqParams" + baseParamClosing="}" + data="" + data="$data$baseParam$baseParamClosing" + data="$data" + _debug2 "Request" "$data" + + _debug "Be frindly and wait 10 seconds by default before calling KAS API." + _sleep 10 + + contentType="text/xml" + export _H1="SOAPAction: ns1:KasApi" + response="$(_post "$data" "$KAS_Api" "" "POST" "$contentType")" + _debug2 "Response" "$response" + echo "$response" +} From 9a5c2b88dc72e29f9283ca7ccbbaab4a614011fd Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 6 Aug 2022 23:40:12 +0800 Subject: [PATCH 0930/1526] Update README.md --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 27e933ca..30e6e554 100644 --- a/README.md +++ b/README.md @@ -509,6 +509,12 @@ Support this project with your organization. Your logo will show up here with a + +#### Sponsors + +[![quantumca-acmesh-logo](https://user-images.githubusercontent.com/8305679/183255712-634ee1db-bb61-4c03-bca0-bacce99e078c.svg)](https://www.quantumca.com.cn/?__utm_source=acmesh-donation) + + # 19. License & Others License is GPLv3 From edebe65d95d89f09cdf92599351ef1ecaed3d9d6 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 7 Aug 2022 10:54:38 +0800 Subject: [PATCH 0931/1526] add pr_dns.yml --- .github/dns_api_pr.md | 0 .github/workflows/pr_dns.yml | 27 +++++++++++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 .github/dns_api_pr.md create mode 100644 .github/workflows/pr_dns.yml diff --git a/.github/dns_api_pr.md b/.github/dns_api_pr.md new file mode 100644 index 00000000..e69de29b diff --git a/.github/workflows/pr_dns.yml b/.github/workflows/pr_dns.yml new file mode 100644 index 00000000..0e3f2c8b --- /dev/null +++ b/.github/workflows/pr_dns.yml @@ -0,0 +1,27 @@ +name: Check dns api + +on: + pull_request_target: + types: + - opened + branches: + - 'dev' + paths: + - 'dnsapi/*.sh' + + +jobs: + welcome: + runs-on: ubuntu-latest + steps: + - uses: actions/github-script@v6 + with: + script: | + await github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `**Welcome** + Please make sure you're read our [dns api guide](.github/dns_api_pr.md) and we look forward to reviewing your Pull request shortly ✨` + }) + From 916743f44b27dc9f3327e084946fb9c22b757372 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 7 Aug 2022 11:07:04 +0800 Subject: [PATCH 0932/1526] fix pr_dns.yml --- .github/dns_api_pr.md | 0 .github/workflows/pr_dns.yml | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 .github/dns_api_pr.md diff --git a/.github/dns_api_pr.md b/.github/dns_api_pr.md deleted file mode 100644 index e69de29b..00000000 diff --git a/.github/workflows/pr_dns.yml b/.github/workflows/pr_dns.yml index 0e3f2c8b..89232186 100644 --- a/.github/workflows/pr_dns.yml +++ b/.github/workflows/pr_dns.yml @@ -22,6 +22,6 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, body: `**Welcome** - Please make sure you're read our [dns api guide](.github/dns_api_pr.md) and we look forward to reviewing your Pull request shortly ✨` + Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and we look forward to reviewing your Pull request shortly ✨` }) From 2bb29a105c7ff175abd431452ae914a0bfe9a482 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 7 Aug 2022 12:17:43 +0800 Subject: [PATCH 0933/1526] fix pr_dns.yml --- .github/workflows/pr_dns.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr_dns.yml b/.github/workflows/pr_dns.yml index 89232186..0964250a 100644 --- a/.github/workflows/pr_dns.yml +++ b/.github/workflows/pr_dns.yml @@ -22,6 +22,7 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, body: `**Welcome** - Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and we look forward to reviewing your Pull request shortly ✨` + Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test(../wiki/DNS-API-Test). + We look forward to reviewing your Pull request shortly ✨` }) From 044a9bb6d38e628c85f5a9e1f8234dcb86439557 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 8 Aug 2022 13:19:38 +0800 Subject: [PATCH 0934/1526] fix https://github.com/acmesh-official/acme.sh/issues/4231 --- dnsapi/dns_ovh.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index 2252f03a..708ea0af 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -118,7 +118,7 @@ _initAuth() { #return and wait for retry. return 1 fi - _saveaccountconf OVH_CK "$OVH_CK" + _saveaccountconf_mutable OVH_CK "$OVH_CK" _info "Checking authentication" @@ -236,7 +236,7 @@ _ovh_authentication() { _secure_debug consumerKey "$consumerKey" OVH_CK="$consumerKey" - + _saveaccountconf_mutable OVH_CK "$OVH_CK" _info "Please open this link to do authentication: $(__green "$validationUrl")" _info "Here is a guide for you: $(__green "$wiki")" From 204e5f4418e494e5afe04b500516e3526246b50f Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 8 Aug 2022 18:22:07 +0800 Subject: [PATCH 0935/1526] fix https://github.com/acmesh-official/acme.sh/issues/4232 --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 9ac8caf9..e8228e30 100755 --- a/acme.sh +++ b/acme.sh @@ -1186,7 +1186,7 @@ _createkey() { _is_idn() { _is_idn_d="$1" _debug2 _is_idn_d "$_is_idn_d" - _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d [0-9] | tr -d [a-z] | tr -d [A-Z] | tr -d '*.,-_') + _idn_temp=$(printf "%s" "$_is_idn_d" | tr -d '[0-9]' | tr -d '[a-z]' | tr -d '[A-Z]' | tr -d '*.,-_') _debug2 _idn_temp "$_idn_temp" [ "$_idn_temp" ] } @@ -4195,7 +4195,7 @@ _match_issuer() { _isIPv4() { for seg in $(echo "$1" | tr '.' ' '); do _debug2 seg "$seg" - if [ "$(echo "$seg" | tr -d [0-9])" ]; then + if [ "$(echo "$seg" | tr -d '[0-9]')" ]; then #not all number return 1 fi From 86dd4ea4800c8e53012adee79f81d4b3e4cd5b36 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 8 Aug 2022 21:11:16 +0800 Subject: [PATCH 0936/1526] fix https://github.com/acmesh-official/acme.sh/issues/4231 --- dnsapi/dns_ovh.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index 708ea0af..5e35011b 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -92,7 +92,7 @@ _initAuth() { if [ "$OVH_AK" != "$(_readaccountconf OVH_AK)" ]; then _info "It seems that your ovh key is changed, let's clear consumer key first." - _clearaccountconf OVH_CK + _clearaccountconf_mutable OVH_CK fi _saveaccountconf_mutable OVH_AK "$OVH_AK" _saveaccountconf_mutable OVH_AS "$OVH_AS" @@ -125,7 +125,7 @@ _initAuth() { if ! _ovh_rest GET "domain" || _contains "$response" "INVALID_CREDENTIAL" || _contains "$response" "NOT_CREDENTIAL"; then _err "The consumer key is invalid: $OVH_CK" _err "Please retry to create a new one." - _clearaccountconf OVH_CK + _clearaccountconf_mutable OVH_CK return 1 fi _info "Consumer key is ok." From 2f70b8682ef257eb23a194d1d2cffe9798a20643 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 10 Aug 2022 21:44:22 +0800 Subject: [PATCH 0937/1526] add logs --- .github/workflows/DNS.yml | 60 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index ac1937af..51602baf 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -81,6 +81,13 @@ jobs: - name: Run acmetest run: cd ../acmetest && ./rundocker.sh testall + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: Docker-logs + path: logs + + MacOS: runs-on: macos-latest needs: Docker @@ -119,6 +126,14 @@ jobs: cd ../acmetest ./letest.sh + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: MacOS-logs + path: logs + + + Windows: runs-on: windows-latest needs: MacOS @@ -172,6 +187,12 @@ jobs: cd ../acmetest ./letest.sh + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: Windows-logs + path: logs + FreeBSD: runs-on: macos-12 needs: Windows @@ -213,6 +234,13 @@ jobs: cd ../acmetest ./letest.sh + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: FreeBSD-logs + path: logs + + Solaris: runs-on: macos-12 needs: FreeBSD @@ -255,6 +283,12 @@ jobs: cd ../acmetest ./letest.sh + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: Solaris-logs + path: logs + OpenBSD: runs-on: macos-12 @@ -297,6 +331,13 @@ jobs: cd ../acmetest ./letest.sh + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: OpenBSD-logs + path: logs + + NetBSD: runs-on: macos-12 needs: OpenBSD @@ -338,7 +379,14 @@ jobs: fi cd ../acmetest ./letest.sh - + + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: NetBSD-logs + path: logs + + DragonFlyBSD: runs-on: macos-12 needs: NetBSD @@ -381,3 +429,13 @@ jobs: cd ../acmetest ./letest.sh + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: DragonFlyBSD-logs + path: logs + + + + + From 8ba9c4ab97e98237c4ef48c799c20e240ead3b6f Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 10 Aug 2022 22:00:46 +0800 Subject: [PATCH 0938/1526] support https_proxy for https://github.com/acmesh-official/acme.sh/pull/1838 --- .github/workflows/DNS.yml | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 51602baf..8457b30a 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -54,6 +54,8 @@ jobs: CASE: le_test_dnsapi TEST_LOCAL: 1 DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} steps: - uses: actions/checkout@v2 - name: Clone acmetest @@ -77,7 +79,8 @@ jobs: echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> docker.env fi echo "TEST_DNS_NO_WILDCARD" >> docker.env - echo "TEST_DNS_SLEEP" >> docker.env + echo "http_proxy" >> docker.env + echo "https_proxy" >> docker.env - name: Run acmetest run: cd ../acmetest && ./rundocker.sh testall @@ -100,6 +103,8 @@ jobs: CASE: le_test_dnsapi TEST_LOCAL: 1 DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} steps: - uses: actions/checkout@v2 - name: Install tools @@ -146,6 +151,8 @@ jobs: CASE: le_test_dnsapi TEST_LOCAL: 1 DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} steps: - name: Set git to use LF run: | @@ -205,13 +212,15 @@ jobs: CASE: le_test_dnsapi TEST_LOCAL: 1 DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} steps: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/freebsd-vm@v0 with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg install -y socat curl usesh: true copyback: false @@ -253,13 +262,15 @@ jobs: CASE: le_test_dnsapi TEST_LOCAL: 1 DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} steps: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/solaris-vm@v0 with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' copyback: false prepare: pkgutil -y -i socat run: | @@ -302,13 +313,15 @@ jobs: CASE: le_test_dnsapi TEST_LOCAL: 1 DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} steps: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/openbsd-vm@v0 with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: pkg_add socat curl usesh: true copyback: false @@ -350,13 +363,15 @@ jobs: CASE: le_test_dnsapi TEST_LOCAL: 1 DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} steps: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/netbsd-vm@v0 with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: | pkg_add curl socat usesh: true @@ -399,13 +414,15 @@ jobs: CASE: le_test_dnsapi TEST_LOCAL: 1 DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} steps: - uses: actions/checkout@v2 - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/dragonflybsd-vm@v0 with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' prepare: | pkg install -y curl socat usesh: true From ab8df825635047fdc4eee3ccc190b6bcee56567c Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 11 Aug 2022 22:15:38 +0800 Subject: [PATCH 0939/1526] fix log name --- .github/workflows/DNS.yml | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 8457b30a..135cea5d 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -135,7 +135,8 @@ jobs: if: failure() with: name: MacOS-logs - path: logs + path: | + *.log @@ -198,7 +199,8 @@ jobs: if: failure() with: name: Windows-logs - path: logs + path: | + *.log FreeBSD: runs-on: macos-12 @@ -247,7 +249,8 @@ jobs: if: failure() with: name: FreeBSD-logs - path: logs + path: | + *.log Solaris: @@ -298,7 +301,8 @@ jobs: if: failure() with: name: Solaris-logs - path: logs + path: | + *.log OpenBSD: @@ -348,7 +352,8 @@ jobs: if: failure() with: name: OpenBSD-logs - path: logs + path: | + *.log NetBSD: @@ -399,7 +404,8 @@ jobs: if: failure() with: name: NetBSD-logs - path: logs + path: | + *.log DragonFlyBSD: @@ -450,7 +456,8 @@ jobs: if: failure() with: name: DragonFlyBSD-logs - path: logs + path: | + *.log From 8d211c352468999b9cc343f3e16051045e6fa5b1 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 13 Aug 2022 09:01:57 +0800 Subject: [PATCH 0940/1526] fix log name --- .github/workflows/DNS.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 135cea5d..3075dbcd 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -88,7 +88,9 @@ jobs: if: failure() with: name: Docker-logs - path: logs + path: | + *.log + logs MacOS: From ea07b495ac2b187bfdb06e9754e1e90133de0a99 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 13 Aug 2022 09:09:08 +0800 Subject: [PATCH 0941/1526] change message --- .github/workflows/issue.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml index 7e44e5ae..059bd30f 100644 --- a/.github/workflows/issue.yml +++ b/.github/workflows/issue.yml @@ -14,5 +14,11 @@ jobs: issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, - body: 'Please provode the log with `--debug 2` if this is a bug report.' + body: ' + Please upgrade to the latest code and try again first. Maybe it's already fixed. + + `acme.sh --upgrade` + + If it's still not working, please provode the log with `--debug 2`, otherwise, nobody can help you.' + }) \ No newline at end of file From 683aa727d5602696f3f4287aceefe01cca9e80fa Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 13 Aug 2022 09:14:06 +0800 Subject: [PATCH 0942/1526] fix log path --- .github/workflows/DNS.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 3075dbcd..79f17a7c 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -89,8 +89,8 @@ jobs: with: name: Docker-logs path: | - *.log - logs + ../acmetest/*.log + ../acmetest/logs MacOS: @@ -138,7 +138,7 @@ jobs: with: name: MacOS-logs path: | - *.log + ../acmetest/*.log @@ -202,7 +202,7 @@ jobs: with: name: Windows-logs path: | - *.log + ../acmetest/*.log FreeBSD: runs-on: macos-12 @@ -252,7 +252,7 @@ jobs: with: name: FreeBSD-logs path: | - *.log + ../acmetest/*.log Solaris: @@ -304,7 +304,7 @@ jobs: with: name: Solaris-logs path: | - *.log + ../acmetest/*.log OpenBSD: @@ -355,7 +355,7 @@ jobs: with: name: OpenBSD-logs path: | - *.log + ../acmetest/*.log NetBSD: @@ -407,7 +407,7 @@ jobs: with: name: NetBSD-logs path: | - *.log + ../acmetest/*.log DragonFlyBSD: @@ -459,7 +459,7 @@ jobs: with: name: DragonFlyBSD-logs path: | - *.log + ../acmetest/*.log From cc36421fe5b867a69bcc0717c1916e0c95fa47f7 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 13 Aug 2022 09:31:36 +0800 Subject: [PATCH 0943/1526] fix typo --- .github/workflows/pr_dns.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr_dns.yml b/.github/workflows/pr_dns.yml index 0964250a..50de26b4 100644 --- a/.github/workflows/pr_dns.yml +++ b/.github/workflows/pr_dns.yml @@ -22,7 +22,7 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, body: `**Welcome** - Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test(../wiki/DNS-API-Test). + Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test). We look forward to reviewing your Pull request shortly ✨` }) From 7e9612035374154784709c0bf11fbd496f9c8a69 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 13 Aug 2022 09:33:43 +0800 Subject: [PATCH 0944/1526] fix message --- .github/workflows/pr_dns.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr_dns.yml b/.github/workflows/pr_dns.yml index 50de26b4..6c60738e 100644 --- a/.github/workflows/pr_dns.yml +++ b/.github/workflows/pr_dns.yml @@ -23,6 +23,10 @@ jobs: repo: context.repo.repo, body: `**Welcome** Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test). - We look forward to reviewing your Pull request shortly ✨` + + Then reply on this message, otherwise, your code will not be reviewed or merged. + + We look forward to reviewing your Pull request shortly ✨ + ` }) From 5684b7c329ca4be798e63c3180bb3f87ede76823 Mon Sep 17 00:00:00 2001 From: Awalon Date: Sat, 13 Aug 2022 05:02:12 +0200 Subject: [PATCH 0945/1526] dns_gd (GoDaddy): Delete TXT record instead of just setting them to an empty value. Replaced "#todo: check if the record takes effect" by some error handling and validation. --- dnsapi/dns_gd.sh | 50 ++++++++++++++++++++++++++++++++++-------------- 1 file changed, 36 insertions(+), 14 deletions(-) diff --git a/dnsapi/dns_gd.sh b/dnsapi/dns_gd.sh index 7f8efca9..e8ce4578 100755 --- a/dnsapi/dns_gd.sh +++ b/dnsapi/dns_gd.sh @@ -51,7 +51,8 @@ dns_gd_add() { _add_data="{\"data\":\"$txtvalue\"}" for t in $(echo "$response" | tr '{' "\n" | grep "\"name\":\"$_sub_domain\"" | tr ',' "\n" | grep '"data"' | cut -d : -f 2); do _debug2 t "$t" - if [ "$t" ]; then + # ignore empty (previously removed) records, to prevent useless _acme-challenge TXT entries + if [ "$t" ] && [ "$t" != '""' ]; then _add_data="$_add_data,{\"data\":$t}" fi done @@ -59,13 +60,25 @@ dns_gd_add() { _info "Adding record" if _gd_rest PUT "domains/$_domain/records/TXT/$_sub_domain" "[$_add_data]"; then - _info "Added, sleeping 10 seconds" - _sleep 10 - #todo: check if the record takes effect - return 0 + _debug "Checking updated records of '${fulldomain}'" + + if ! _gd_rest GET "domains/$_domain/records/TXT/$_sub_domain"; then + _err "Validating TXT record for '${fulldomain}' with rest error [$?]." "$response" + return 1 + fi + + if ! _contains "$response" "$txtvalue"; then + _err "TXT record '${txtvalue}' for '${fulldomain}', value wasn't set!" + return 1 + fi + else + _err "Add txt record error, value '${txtvalue}' for '${fulldomain}' was not set." + return 1 fi - _err "Add txt record error." - return 1 + + _sleep 10 + _info "Added TXT record '${txtvalue}' for '${fulldomain}'." + return 0 } #fulldomain @@ -107,11 +120,20 @@ dns_gd_rm() { fi done if [ -z "$_add_data" ]; then - _add_data="{\"data\":\"\"}" + # delete empty record + _debug "Delete last record for '${fulldomain}'" + if ! _gd_rest DELETE "domains/$_domain/records/TXT/$_sub_domain"; then + _err "Cannot delete empty TXT record for '$fulldomain'" + return 1 + fi + else + # remove specific TXT value, keeping other entries + _debug2 _add_data "$_add_data" + if ! _gd_rest PUT "domains/$_domain/records/TXT/$_sub_domain" "[$_add_data]"; then + _err "Cannot update TXT record for '$fulldomain'" + return 1 + fi fi - _debug2 _add_data "$_add_data" - - _gd_rest PUT "domains/$_domain/records/TXT/$_sub_domain" "[$_add_data]" } #################### Private functions below ################################## @@ -156,15 +178,15 @@ _gd_rest() { export _H1="Authorization: sso-key $GD_Key:$GD_Secret" export _H2="Content-Type: application/json" - if [ "$data" ]; then - _debug data "$data" + if [ "$data" ] || [ "$m" = "DELETE" ]; then + _debug "data ($m): " "$data" response="$(_post "$data" "$GD_Api/$ep" "" "$m")" else response="$(_get "$GD_Api/$ep")" fi if [ "$?" != "0" ]; then - _err "error $ep" + _err "error on rest call ($m): $ep" return 1 fi _debug2 response "$response" From 15ae5a513562a498fe3f8b42fa8711230813585b Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 13 Aug 2022 11:14:22 +0800 Subject: [PATCH 0946/1526] fix format --- .github/workflows/pr_dns.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/pr_dns.yml b/.github/workflows/pr_dns.yml index 6c60738e..c62f2f29 100644 --- a/.github/workflows/pr_dns.yml +++ b/.github/workflows/pr_dns.yml @@ -22,11 +22,7 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, body: `**Welcome** - Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test). - - Then reply on this message, otherwise, your code will not be reviewed or merged. - - We look forward to reviewing your Pull request shortly ✨ + Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test). Then reply on this message, otherwise, your code will not be reviewed or merged. We look forward to reviewing your Pull request shortly ✨ ` }) From 79e044ac317f8c27c32c3b0dac4ab844daf87c36 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 13 Aug 2022 11:16:40 +0800 Subject: [PATCH 0947/1526] fix format --- .github/workflows/pr_dns.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr_dns.yml b/.github/workflows/pr_dns.yml index c62f2f29..5faa9105 100644 --- a/.github/workflows/pr_dns.yml +++ b/.github/workflows/pr_dns.yml @@ -22,7 +22,9 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, body: `**Welcome** - Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test). Then reply on this message, otherwise, your code will not be reviewed or merged. We look forward to reviewing your Pull request shortly ✨ + Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test). + Then reply on this message, otherwise, your code will not be reviewed or merged. + We look forward to reviewing your Pull request shortly ✨ ` }) From 2d4aa7ff8b07876c5a1cc70e2dd81f74220a52e1 Mon Sep 17 00:00:00 2001 From: Awalon Date: Sat, 13 Aug 2022 05:34:05 +0200 Subject: [PATCH 0948/1526] Added example and URL for API key --- dnsapi/dns_gd.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_gd.sh b/dnsapi/dns_gd.sh index e8ce4578..44c3d279 100755 --- a/dnsapi/dns_gd.sh +++ b/dnsapi/dns_gd.sh @@ -1,10 +1,12 @@ #!/usr/bin/env sh #Godaddy domain api +# Get API key and secret from https://developer.godaddy.com/ # -#GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" +# GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" +# GD_Secret="asdfsdfsfsdfsdfdfsdf" # -#GD_Secret="asdfsdfsfsdfsdfdfsdf" +# Ex.: acme.sh --issue --staging --dns dns_gd -d "*.s.example.com" -d "s.example.com" GD_Api="https://api.godaddy.com/v1" From 74168c3e056c78cf2389d6d2ad155759f40b4d7b Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 14 Aug 2022 15:25:48 +0800 Subject: [PATCH 0949/1526] fix ip test for pebble --- .github/workflows/PebbleStrict.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index c1ea1cd2..d51b3841 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -41,7 +41,7 @@ jobs: PebbleStrict_IPCert: runs-on: ubuntu-latest env: - TestingDomain: 10.30.50.1 + TestingDomain: 1.23.45.67 ACME_DIRECTORY: https://localhost:14000/dir HTTPS_INSECURE: 1 Le_HTTPPort: 5002 @@ -55,7 +55,10 @@ jobs: - name: Install tools run: sudo apt-get install -y socat - name: Run Pebble - run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d + run: | + docker run --rm -itd --name=pebble \ + -e PEBBLE_VA_ALWAYS_VALID=1 \ + -p 14000:14000 -p 15000:15000 letsencrypt/pebble:latest pebble -config /test/config/pebble-config.json -strict - name: Clone acmetest run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Run acmetest From 4f8d1c5c9db17df3298f6ef1631eab4c5b4e7f42 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 14 Aug 2022 15:29:28 +0800 Subject: [PATCH 0950/1526] fix ip test --- .github/workflows/PebbleStrict.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index d51b3841..77512955 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -42,7 +42,7 @@ jobs: runs-on: ubuntu-latest env: TestingDomain: 1.23.45.67 - ACME_DIRECTORY: https://localhost:14000/dir + TEST_ACME_Server: https://localhost:14000/dir HTTPS_INSECURE: 1 Le_HTTPPort: 5002 Le_TLSPort: 5001 From 5dba8b493d205d5799e8136ab05965597ddad34d Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 14 Aug 2022 16:25:28 +0800 Subject: [PATCH 0951/1526] fix log pattern --- .github/workflows/DNS.yml | 934 +++++++++++++++++++------------------- 1 file changed, 467 insertions(+), 467 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 79f17a7c..d44f5cdc 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -1,467 +1,467 @@ -name: DNS -on: - push: - paths: - - 'dnsapi/*.sh' - - '.github/workflows/DNS.yml' - pull_request: - branches: - - 'dev' - paths: - - 'dnsapi/*.sh' - - '.github/workflows/DNS.yml' - - -jobs: - CheckToken: - runs-on: ubuntu-latest - outputs: - hasToken: ${{ steps.step_one.outputs.hasToken }} - steps: - - name: Set the value - id: step_one - run: | - if [ "${{secrets.TokenName1}}" ] ; then - echo "::set-output name=hasToken::true" - else - echo "::set-output name=hasToken::false" - fi - - name: Check the value - run: echo ${{ steps.step_one.outputs.hasToken }} - - Fail: - runs-on: ubuntu-latest - needs: CheckToken - if: "contains(needs.CheckToken.outputs.hasToken, 'false')" - steps: - - name: "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" - run: | - echo "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" - if [ "${{github.repository_owner}}" != "acmesh-official" ]; then - false - fi - - Docker: - runs-on: ubuntu-latest - needs: CheckToken - if: "contains(needs.CheckToken.outputs.hasToken, 'true')" - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - steps: - - uses: actions/checkout@v2 - - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - name: Set env file - run: | - cd ../acmetest - if [ "${{ secrets.TokenName1}}" ] ; then - echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> docker.env - fi - if [ "${{ secrets.TokenName2}}" ] ; then - echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> docker.env - fi - if [ "${{ secrets.TokenName3}}" ] ; then - echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> docker.env - fi - if [ "${{ secrets.TokenName4}}" ] ; then - echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> docker.env - fi - if [ "${{ secrets.TokenName5}}" ] ; then - echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> docker.env - fi - echo "TEST_DNS_NO_WILDCARD" >> docker.env - echo "http_proxy" >> docker.env - echo "https_proxy" >> docker.env - - name: Run acmetest - run: cd ../acmetest && ./rundocker.sh testall - - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: Docker-logs - path: | - ../acmetest/*.log - ../acmetest/logs - - - MacOS: - runs-on: macos-latest - needs: Docker - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - steps: - - uses: actions/checkout@v2 - - name: Install tools - run: brew install socat - - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - name: Run acmetest - run: | - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} - fi - cd ../acmetest - ./letest.sh - - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: MacOS-logs - path: | - ../acmetest/*.log - - - - Windows: - runs-on: windows-latest - needs: MacOS - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - steps: - - name: Set git to use LF - run: | - git config --global core.autocrlf false - - uses: actions/checkout@v2 - - name: Install cygwin base packages with chocolatey - run: | - choco config get cacheLocation - choco install --no-progress cygwin - shell: cmd - - name: Install cygwin additional packages - run: | - C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git - shell: cmd - - name: Set ENV - shell: cmd - run: | - echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% - - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - name: Run acmetest - shell: bash - run: | - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} - fi - cd ../acmetest - ./letest.sh - - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: Windows-logs - path: | - ../acmetest/*.log - - FreeBSD: - runs-on: macos-12 - needs: Windows - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - steps: - - uses: actions/checkout@v2 - - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/freebsd-vm@v0 - with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' - prepare: pkg install -y socat curl - usesh: true - copyback: false - run: | - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} - fi - cd ../acmetest - ./letest.sh - - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: FreeBSD-logs - path: | - ../acmetest/*.log - - - Solaris: - runs-on: macos-12 - needs: FreeBSD - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - steps: - - uses: actions/checkout@v2 - - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/solaris-vm@v0 - with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' - copyback: false - prepare: pkgutil -y -i socat - run: | - pkg set-mediator -v -I default@1.1 openssl - export PATH=/usr/gnu/bin:$PATH - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} - fi - cd ../acmetest - ./letest.sh - - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: Solaris-logs - path: | - ../acmetest/*.log - - - OpenBSD: - runs-on: macos-12 - needs: Solaris - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - steps: - - uses: actions/checkout@v2 - - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/openbsd-vm@v0 - with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' - prepare: pkg_add socat curl - usesh: true - copyback: false - run: | - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} - fi - cd ../acmetest - ./letest.sh - - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: OpenBSD-logs - path: | - ../acmetest/*.log - - - NetBSD: - runs-on: macos-12 - needs: OpenBSD - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - steps: - - uses: actions/checkout@v2 - - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/netbsd-vm@v0 - with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' - prepare: | - pkg_add curl socat - usesh: true - copyback: false - run: | - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} - fi - cd ../acmetest - ./letest.sh - - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: NetBSD-logs - path: | - ../acmetest/*.log - - - DragonFlyBSD: - runs-on: macos-12 - needs: NetBSD - env: - TEST_DNS : ${{ secrets.TEST_DNS }} - TestingDomain: ${{ secrets.TestingDomain }} - TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} - TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} - TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} - CASE: le_test_dnsapi - TEST_LOCAL: 1 - DEBUG: ${{ secrets.DEBUG }} - http_proxy: ${{ secrets.http_proxy }} - https_proxy: ${{ secrets.https_proxy }} - steps: - - uses: actions/checkout@v2 - - name: Clone acmetest - run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - - uses: vmactions/dragonflybsd-vm@v0 - with: - envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' - prepare: | - pkg install -y curl socat - usesh: true - copyback: false - run: | - if [ "${{ secrets.TokenName1}}" ] ; then - export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} - fi - if [ "${{ secrets.TokenName2}}" ] ; then - export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} - fi - if [ "${{ secrets.TokenName3}}" ] ; then - export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} - fi - if [ "${{ secrets.TokenName4}}" ] ; then - export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} - fi - if [ "${{ secrets.TokenName5}}" ] ; then - export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} - fi - cd ../acmetest - ./letest.sh - - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: DragonFlyBSD-logs - path: | - ../acmetest/*.log - - - - - +name: DNS +on: + push: + paths: + - 'dnsapi/*.sh' + - '.github/workflows/DNS.yml' + pull_request: + branches: + - 'dev' + paths: + - 'dnsapi/*.sh' + - '.github/workflows/DNS.yml' + + +jobs: + CheckToken: + runs-on: ubuntu-latest + outputs: + hasToken: ${{ steps.step_one.outputs.hasToken }} + steps: + - name: Set the value + id: step_one + run: | + if [ "${{secrets.TokenName1}}" ] ; then + echo "::set-output name=hasToken::true" + else + echo "::set-output name=hasToken::false" + fi + - name: Check the value + run: echo ${{ steps.step_one.outputs.hasToken }} + + Fail: + runs-on: ubuntu-latest + needs: CheckToken + if: "contains(needs.CheckToken.outputs.hasToken, 'false')" + steps: + - name: "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" + run: | + echo "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test" + if [ "${{github.repository_owner}}" != "acmesh-official" ]; then + false + fi + + Docker: + runs-on: ubuntu-latest + needs: CheckToken + if: "contains(needs.CheckToken.outputs.hasToken, 'true')" + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} + steps: + - uses: actions/checkout@v2 + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - name: Set env file + run: | + cd ../acmetest + if [ "${{ secrets.TokenName1}}" ] ; then + echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> docker.env + fi + if [ "${{ secrets.TokenName2}}" ] ; then + echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> docker.env + fi + if [ "${{ secrets.TokenName3}}" ] ; then + echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> docker.env + fi + if [ "${{ secrets.TokenName4}}" ] ; then + echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> docker.env + fi + if [ "${{ secrets.TokenName5}}" ] ; then + echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> docker.env + fi + echo "TEST_DNS_NO_WILDCARD" >> docker.env + echo "http_proxy" >> docker.env + echo "https_proxy" >> docker.env + - name: Run acmetest + run: cd ../acmetest && ./rundocker.sh testall + + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: Docker-logs + path: | + ../acmetest/**.log + ../acmetest/logs + + + MacOS: + runs-on: macos-latest + needs: Docker + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} + steps: + - uses: actions/checkout@v2 + - name: Install tools + run: brew install socat + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - name: Run acmetest + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + ./letest.sh + + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: MacOS-logs + path: | + ../acmetest/**.log + + + + Windows: + runs-on: windows-latest + needs: MacOS + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} + steps: + - name: Set git to use LF + run: | + git config --global core.autocrlf false + - uses: actions/checkout@v2 + - name: Install cygwin base packages with chocolatey + run: | + choco config get cacheLocation + choco install --no-progress cygwin + shell: cmd + - name: Install cygwin additional packages + run: | + C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git + shell: cmd + - name: Set ENV + shell: cmd + run: | + echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV% + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - name: Run acmetest + shell: bash + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + ./letest.sh + + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: Windows-logs + path: | + ../acmetest/**.log + + FreeBSD: + runs-on: macos-12 + needs: Windows + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} + steps: + - uses: actions/checkout@v2 + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/freebsd-vm@v0 + with: + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + prepare: pkg install -y socat curl + usesh: true + copyback: false + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + ./letest.sh + + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: FreeBSD-logs + path: | + ../acmetest/**.log + + + Solaris: + runs-on: macos-12 + needs: FreeBSD + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} + steps: + - uses: actions/checkout@v2 + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/solaris-vm@v0 + with: + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + copyback: false + prepare: pkgutil -y -i socat + run: | + pkg set-mediator -v -I default@1.1 openssl + export PATH=/usr/gnu/bin:$PATH + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + ./letest.sh + + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: Solaris-logs + path: | + ../acmetest/**.log + + + OpenBSD: + runs-on: macos-12 + needs: Solaris + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} + steps: + - uses: actions/checkout@v2 + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/openbsd-vm@v0 + with: + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + prepare: pkg_add socat curl + usesh: true + copyback: false + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + ./letest.sh + + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: OpenBSD-logs + path: | + ../acmetest/**.log + + + NetBSD: + runs-on: macos-12 + needs: OpenBSD + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} + steps: + - uses: actions/checkout@v2 + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/netbsd-vm@v0 + with: + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + prepare: | + pkg_add curl socat + usesh: true + copyback: false + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + ./letest.sh + + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: NetBSD-logs + path: | + ../acmetest/**.log + + + DragonFlyBSD: + runs-on: macos-12 + needs: NetBSD + env: + TEST_DNS : ${{ secrets.TEST_DNS }} + TestingDomain: ${{ secrets.TestingDomain }} + TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }} + TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }} + TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }} + CASE: le_test_dnsapi + TEST_LOCAL: 1 + DEBUG: ${{ secrets.DEBUG }} + http_proxy: ${{ secrets.http_proxy }} + https_proxy: ${{ secrets.https_proxy }} + steps: + - uses: actions/checkout@v2 + - name: Clone acmetest + run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + - uses: vmactions/dragonflybsd-vm@v0 + with: + envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}' + prepare: | + pkg install -y curl socat + usesh: true + copyback: false + run: | + if [ "${{ secrets.TokenName1}}" ] ; then + export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}} + fi + if [ "${{ secrets.TokenName2}}" ] ; then + export ${{ secrets.TokenName2}}=${{ secrets.TokenValue2}} + fi + if [ "${{ secrets.TokenName3}}" ] ; then + export ${{ secrets.TokenName3}}=${{ secrets.TokenValue3}} + fi + if [ "${{ secrets.TokenName4}}" ] ; then + export ${{ secrets.TokenName4}}=${{ secrets.TokenValue4}} + fi + if [ "${{ secrets.TokenName5}}" ] ; then + export ${{ secrets.TokenName5}}=${{ secrets.TokenValue5}} + fi + cd ../acmetest + ./letest.sh + + - uses: actions/upload-artifact@v1 + if: failure() + with: + name: DragonFlyBSD-logs + path: | + ../acmetest/**.log + + + + + From 20f097faa41073bec2d78d1da9221cae3343d3db Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 14 Aug 2022 16:33:48 +0800 Subject: [PATCH 0952/1526] typo --- .github/workflows/issue.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml index 059bd30f..20d3d5fd 100644 --- a/.github/workflows/issue.yml +++ b/.github/workflows/issue.yml @@ -19,6 +19,6 @@ jobs: `acme.sh --upgrade` - If it's still not working, please provode the log with `--debug 2`, otherwise, nobody can help you.' + If it's still not working, please provide the log with `--debug 2`, otherwise, nobody can help you.' }) \ No newline at end of file From 2454ac8ef105778943352a4c472c1ed71b20013b Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 14 Aug 2022 17:44:16 +0800 Subject: [PATCH 0953/1526] don't upload log --- .github/workflows/DNS.yml | 56 +++++---------------------------------- 1 file changed, 6 insertions(+), 50 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index d44f5cdc..04a8bd6d 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -84,13 +84,7 @@ jobs: - name: Run acmetest run: cd ../acmetest && ./rundocker.sh testall - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: Docker-logs - path: | - ../acmetest/**.log - ../acmetest/logs + MacOS: @@ -133,12 +127,6 @@ jobs: cd ../acmetest ./letest.sh - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: MacOS-logs - path: | - ../acmetest/**.log @@ -197,12 +185,7 @@ jobs: cd ../acmetest ./letest.sh - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: Windows-logs - path: | - ../acmetest/**.log + FreeBSD: runs-on: macos-12 @@ -247,12 +230,7 @@ jobs: cd ../acmetest ./letest.sh - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: FreeBSD-logs - path: | - ../acmetest/**.log + Solaris: @@ -299,12 +277,7 @@ jobs: cd ../acmetest ./letest.sh - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: Solaris-logs - path: | - ../acmetest/**.log + OpenBSD: @@ -350,12 +323,7 @@ jobs: cd ../acmetest ./letest.sh - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: OpenBSD-logs - path: | - ../acmetest/**.log + NetBSD: @@ -402,12 +370,7 @@ jobs: cd ../acmetest ./letest.sh - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: NetBSD-logs - path: | - ../acmetest/**.log + DragonFlyBSD: @@ -454,13 +417,6 @@ jobs: cd ../acmetest ./letest.sh - - uses: actions/upload-artifact@v1 - if: failure() - with: - name: DragonFlyBSD-logs - path: | - ../acmetest/**.log - From 671eecf2033705e2235ec0342a6cac2b28d3e4fa Mon Sep 17 00:00:00 2001 From: stephen Date: Mon, 15 Aug 2022 18:10:18 +0800 Subject: [PATCH 0954/1526] www.dns.la official acme script www.dns.la official acme script --- dnsapi/dns_la.sh | 161 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 dnsapi/dns_la.sh diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh new file mode 100644 index 00000000..10ee7ea6 --- /dev/null +++ b/dnsapi/dns_la.sh @@ -0,0 +1,161 @@ +#!/usr/bin/env sh +# dns.la Domain api +# +#LA_Id="test123" +# +#LA_Key="d1j2fdo4dee3948" +DNSLA_API="https://www.dns.la/api/" +######## Public functions ##################### +#Usage: dns_la_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_la_add() { + fulldomain=$1 + txtvalue=$2 + + LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" + LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" + if [ -z "$LA_Id" ] || [ -z "$LA_Key" ]; then + LA_Id="" + LA_Key="" + _err "You don't specify dnsla api id and key yet." + _err "Please create your key and try again." + return 1 + fi + + #save the api key and email to the account conf file. + _saveaccountconf_mutable LA_Id "$LA_Id" + _saveaccountconf_mutable LA_Key "$LA_Key" + + _debug "detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + add_record "$_domain" "$_sub_domain" "$txtvalue" + +} + +#fulldomain txtvalue +dns_la_rm() { + fulldomain=$1 + txtvalue=$2 + _fullkey=$(printf "%s" ${fulldomain:16} | tr '.' '_' ) + + LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" + LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" + _debug fullkey $_fullkey + RM_recordid="$(_readaccountconf $_fullkey)" + _debug rm_recordid "$RM_recordid" + _debug "detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + if ! _rest GET "record.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then + _err "get record lis error." + return 1 + fi + + if ! _contains "$response" "$RM_recordid"; then + _info "no need to remove record." + return 0 + fi + + if ! _rest GET "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then + _err "record remove error." + return 1 + fi + + _clearaccountconf $_fullkey + + _contains "$response" "\"code\":300" +} + +#add the txt record. +#usage: root sub txtvalue +add_record() { + root=$1 + sub=$2 + txtvalue=$3 + fulldomain="$sub.$root" + + _info "adding txt record" + + if ! _rest GET "record.ashx?cmd=create&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue&recordline="; then + return 1 + fi + + if _contains "$response" "\"code\":300"; then + _record_id=$(printf "%s" "$response" | grep '"resultid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n' ) + _fullkey=$(printf "%s" ${fulldomain:16} | tr '.' '_' ) + _debug fullkey $_fullkey + _saveaccountconf $_fullkey "$_record_id" + _debug _record_id "$_record_id" + fi + _contains "$response" "\"code\":300" +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if ! _rest GET "domain.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domain=$h"; then + return 1 + fi + + if _contains "$response" "\"code\":300"; then + _domain_id=$(printf "%s" "$response" | grep '"domainid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n' ) + _debug _domain_id "$_domain_id" + if [ "$_domain_id" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _debug _sub_domain "$_sub_domain" + _domain="$h" + _debug _domain "$_domain" + return 0 + fi + return 1 + fi + p="$i" + i=$(_math "$i" + 1) + done + return 1 +} + +#Usage: method URI data +_rest() { + m="$1" + ep="$2" + data="$3" + _debug "$ep" + url="$DNSLA_API$ep" + + _debug url "$url" + + if [ "$m" = "GET" ]; then + response="$(_get "$url" | tr -d ' ' | tr "}" ",")" + else + _debug2 data "$data" + response="$(_post "$data" "$url" | tr -d ' ' | tr "}" ",")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From 33da8a7f6210eb298da7bf5bc6b6b8195bb661a5 Mon Sep 17 00:00:00 2001 From: stephen Date: Tue, 16 Aug 2022 09:51:59 +0800 Subject: [PATCH 0955/1526] dns.la official acme script, error fixed fixed shcheck error --- dnsapi/dns_la.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh index 10ee7ea6..0468220a 100644 --- a/dnsapi/dns_la.sh +++ b/dnsapi/dns_la.sh @@ -39,12 +39,12 @@ dns_la_add() { dns_la_rm() { fulldomain=$1 txtvalue=$2 - _fullkey=$(printf "%s" ${fulldomain:16} | tr '.' '_' ) + _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_' ) LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" - _debug fullkey $_fullkey - RM_recordid="$(_readaccountconf $_fullkey)" + _debug fullkey "$_fullkey" + RM_recordid="$(_readaccountconf "$_fullkey")" _debug rm_recordid "$RM_recordid" _debug "detect the root zone" if ! _get_root "$fulldomain"; then @@ -67,7 +67,7 @@ dns_la_rm() { return 1 fi - _clearaccountconf $_fullkey + _clearaccountconf "$_fullkey" _contains "$response" "\"code\":300" } @@ -88,9 +88,9 @@ add_record() { if _contains "$response" "\"code\":300"; then _record_id=$(printf "%s" "$response" | grep '"resultid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n' ) - _fullkey=$(printf "%s" ${fulldomain:16} | tr '.' '_' ) - _debug fullkey $_fullkey - _saveaccountconf $_fullkey "$_record_id" + _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_' ) + _debug fullkey "$_fullkey" + _saveaccountconf "$_fullkey" "$_record_id" _debug _record_id "$_record_id" fi _contains "$response" "\"code\":300" From a6e87e7e086648f32f7d0d2c325c2a996851203e Mon Sep 17 00:00:00 2001 From: stephen Date: Tue, 16 Aug 2022 15:11:55 +0800 Subject: [PATCH 0956/1526] Delete dns_la.sh --- dnsapi/dns_la.sh | 161 ----------------------------------------------- 1 file changed, 161 deletions(-) delete mode 100644 dnsapi/dns_la.sh diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh deleted file mode 100644 index 0468220a..00000000 --- a/dnsapi/dns_la.sh +++ /dev/null @@ -1,161 +0,0 @@ -#!/usr/bin/env sh -# dns.la Domain api -# -#LA_Id="test123" -# -#LA_Key="d1j2fdo4dee3948" -DNSLA_API="https://www.dns.la/api/" -######## Public functions ##################### -#Usage: dns_la_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_la_add() { - fulldomain=$1 - txtvalue=$2 - - LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" - LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" - if [ -z "$LA_Id" ] || [ -z "$LA_Key" ]; then - LA_Id="" - LA_Key="" - _err "You don't specify dnsla api id and key yet." - _err "Please create your key and try again." - return 1 - fi - - #save the api key and email to the account conf file. - _saveaccountconf_mutable LA_Id "$LA_Id" - _saveaccountconf_mutable LA_Key "$LA_Key" - - _debug "detect the root zone" - if ! _get_root "$fulldomain"; then - _err "invalid domain" - return 1 - fi - - add_record "$_domain" "$_sub_domain" "$txtvalue" - -} - -#fulldomain txtvalue -dns_la_rm() { - fulldomain=$1 - txtvalue=$2 - _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_' ) - - LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" - LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" - _debug fullkey "$_fullkey" - RM_recordid="$(_readaccountconf "$_fullkey")" - _debug rm_recordid "$RM_recordid" - _debug "detect the root zone" - if ! _get_root "$fulldomain"; then - _err "invalid domain" - return 1 - fi - - if ! _rest GET "record.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then - _err "get record lis error." - return 1 - fi - - if ! _contains "$response" "$RM_recordid"; then - _info "no need to remove record." - return 0 - fi - - if ! _rest GET "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then - _err "record remove error." - return 1 - fi - - _clearaccountconf "$_fullkey" - - _contains "$response" "\"code\":300" -} - -#add the txt record. -#usage: root sub txtvalue -add_record() { - root=$1 - sub=$2 - txtvalue=$3 - fulldomain="$sub.$root" - - _info "adding txt record" - - if ! _rest GET "record.ashx?cmd=create&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue&recordline="; then - return 1 - fi - - if _contains "$response" "\"code\":300"; then - _record_id=$(printf "%s" "$response" | grep '"resultid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n' ) - _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_' ) - _debug fullkey "$_fullkey" - _saveaccountconf "$_fullkey" "$_record_id" - _debug _record_id "$_record_id" - fi - _contains "$response" "\"code\":300" -} - -#################### Private functions below ################################## -#_acme-challenge.www.domain.com -#returns -# _sub_domain=_acme-challenge.www -# _domain=domain.com -# _domain_id=sdjkglgdfewsdfg -_get_root() { - domain=$1 - i=2 - p=1 - while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) - if [ -z "$h" ]; then - #not valid - return 1 - fi - - if ! _rest GET "domain.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domain=$h"; then - return 1 - fi - - if _contains "$response" "\"code\":300"; then - _domain_id=$(printf "%s" "$response" | grep '"domainid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n' ) - _debug _domain_id "$_domain_id" - if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) - _debug _sub_domain "$_sub_domain" - _domain="$h" - _debug _domain "$_domain" - return 0 - fi - return 1 - fi - p="$i" - i=$(_math "$i" + 1) - done - return 1 -} - -#Usage: method URI data -_rest() { - m="$1" - ep="$2" - data="$3" - _debug "$ep" - url="$DNSLA_API$ep" - - _debug url "$url" - - if [ "$m" = "GET" ]; then - response="$(_get "$url" | tr -d ' ' | tr "}" ",")" - else - _debug2 data "$data" - response="$(_post "$data" "$url" | tr -d ' ' | tr "}" ",")" - fi - - if [ "$?" != "0" ]; then - _err "error $ep" - return 1 - fi - _debug2 response "$response" - return 0 -} From 67a2a4f249a51fe0425c2d2bb3fb37807040ea14 Mon Sep 17 00:00:00 2001 From: stephen Date: Tue, 16 Aug 2022 15:14:27 +0800 Subject: [PATCH 0957/1526] dns.la dns acme script dns.la dns acme script --- dnsapi/dns_la.sh | 161 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 dnsapi/dns_la.sh diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh new file mode 100644 index 00000000..0468220a --- /dev/null +++ b/dnsapi/dns_la.sh @@ -0,0 +1,161 @@ +#!/usr/bin/env sh +# dns.la Domain api +# +#LA_Id="test123" +# +#LA_Key="d1j2fdo4dee3948" +DNSLA_API="https://www.dns.la/api/" +######## Public functions ##################### +#Usage: dns_la_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_la_add() { + fulldomain=$1 + txtvalue=$2 + + LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" + LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" + if [ -z "$LA_Id" ] || [ -z "$LA_Key" ]; then + LA_Id="" + LA_Key="" + _err "You don't specify dnsla api id and key yet." + _err "Please create your key and try again." + return 1 + fi + + #save the api key and email to the account conf file. + _saveaccountconf_mutable LA_Id "$LA_Id" + _saveaccountconf_mutable LA_Key "$LA_Key" + + _debug "detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + add_record "$_domain" "$_sub_domain" "$txtvalue" + +} + +#fulldomain txtvalue +dns_la_rm() { + fulldomain=$1 + txtvalue=$2 + _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_' ) + + LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" + LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" + _debug fullkey "$_fullkey" + RM_recordid="$(_readaccountconf "$_fullkey")" + _debug rm_recordid "$RM_recordid" + _debug "detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + if ! _rest GET "record.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then + _err "get record lis error." + return 1 + fi + + if ! _contains "$response" "$RM_recordid"; then + _info "no need to remove record." + return 0 + fi + + if ! _rest GET "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then + _err "record remove error." + return 1 + fi + + _clearaccountconf "$_fullkey" + + _contains "$response" "\"code\":300" +} + +#add the txt record. +#usage: root sub txtvalue +add_record() { + root=$1 + sub=$2 + txtvalue=$3 + fulldomain="$sub.$root" + + _info "adding txt record" + + if ! _rest GET "record.ashx?cmd=create&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue&recordline="; then + return 1 + fi + + if _contains "$response" "\"code\":300"; then + _record_id=$(printf "%s" "$response" | grep '"resultid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n' ) + _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_' ) + _debug fullkey "$_fullkey" + _saveaccountconf "$_fullkey" "$_record_id" + _debug _record_id "$_record_id" + fi + _contains "$response" "\"code\":300" +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if ! _rest GET "domain.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domain=$h"; then + return 1 + fi + + if _contains "$response" "\"code\":300"; then + _domain_id=$(printf "%s" "$response" | grep '"domainid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n' ) + _debug _domain_id "$_domain_id" + if [ "$_domain_id" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _debug _sub_domain "$_sub_domain" + _domain="$h" + _debug _domain "$_domain" + return 0 + fi + return 1 + fi + p="$i" + i=$(_math "$i" + 1) + done + return 1 +} + +#Usage: method URI data +_rest() { + m="$1" + ep="$2" + data="$3" + _debug "$ep" + url="$DNSLA_API$ep" + + _debug url "$url" + + if [ "$m" = "GET" ]; then + response="$(_get "$url" | tr -d ' ' | tr "}" ",")" + else + _debug2 data "$data" + response="$(_post "$data" "$url" | tr -d ' ' | tr "}" ",")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From d4ed50a91516206f7245652a9cb6de2c7db898c4 Mon Sep 17 00:00:00 2001 From: stephen Date: Tue, 16 Aug 2022 15:29:35 +0800 Subject: [PATCH 0959/1526] Delete dns_la.sh --- dnsapi/dns_la.sh | 161 ----------------------------------------------- 1 file changed, 161 deletions(-) delete mode 100644 dnsapi/dns_la.sh diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh deleted file mode 100644 index 0468220a..00000000 --- a/dnsapi/dns_la.sh +++ /dev/null @@ -1,161 +0,0 @@ -#!/usr/bin/env sh -# dns.la Domain api -# -#LA_Id="test123" -# -#LA_Key="d1j2fdo4dee3948" -DNSLA_API="https://www.dns.la/api/" -######## Public functions ##################### -#Usage: dns_la_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_la_add() { - fulldomain=$1 - txtvalue=$2 - - LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" - LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" - if [ -z "$LA_Id" ] || [ -z "$LA_Key" ]; then - LA_Id="" - LA_Key="" - _err "You don't specify dnsla api id and key yet." - _err "Please create your key and try again." - return 1 - fi - - #save the api key and email to the account conf file. - _saveaccountconf_mutable LA_Id "$LA_Id" - _saveaccountconf_mutable LA_Key "$LA_Key" - - _debug "detect the root zone" - if ! _get_root "$fulldomain"; then - _err "invalid domain" - return 1 - fi - - add_record "$_domain" "$_sub_domain" "$txtvalue" - -} - -#fulldomain txtvalue -dns_la_rm() { - fulldomain=$1 - txtvalue=$2 - _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_' ) - - LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" - LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" - _debug fullkey "$_fullkey" - RM_recordid="$(_readaccountconf "$_fullkey")" - _debug rm_recordid "$RM_recordid" - _debug "detect the root zone" - if ! _get_root "$fulldomain"; then - _err "invalid domain" - return 1 - fi - - if ! _rest GET "record.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then - _err "get record lis error." - return 1 - fi - - if ! _contains "$response" "$RM_recordid"; then - _info "no need to remove record." - return 0 - fi - - if ! _rest GET "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then - _err "record remove error." - return 1 - fi - - _clearaccountconf "$_fullkey" - - _contains "$response" "\"code\":300" -} - -#add the txt record. -#usage: root sub txtvalue -add_record() { - root=$1 - sub=$2 - txtvalue=$3 - fulldomain="$sub.$root" - - _info "adding txt record" - - if ! _rest GET "record.ashx?cmd=create&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue&recordline="; then - return 1 - fi - - if _contains "$response" "\"code\":300"; then - _record_id=$(printf "%s" "$response" | grep '"resultid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n' ) - _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_' ) - _debug fullkey "$_fullkey" - _saveaccountconf "$_fullkey" "$_record_id" - _debug _record_id "$_record_id" - fi - _contains "$response" "\"code\":300" -} - -#################### Private functions below ################################## -#_acme-challenge.www.domain.com -#returns -# _sub_domain=_acme-challenge.www -# _domain=domain.com -# _domain_id=sdjkglgdfewsdfg -_get_root() { - domain=$1 - i=2 - p=1 - while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) - if [ -z "$h" ]; then - #not valid - return 1 - fi - - if ! _rest GET "domain.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domain=$h"; then - return 1 - fi - - if _contains "$response" "\"code\":300"; then - _domain_id=$(printf "%s" "$response" | grep '"domainid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n' ) - _debug _domain_id "$_domain_id" - if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) - _debug _sub_domain "$_sub_domain" - _domain="$h" - _debug _domain "$_domain" - return 0 - fi - return 1 - fi - p="$i" - i=$(_math "$i" + 1) - done - return 1 -} - -#Usage: method URI data -_rest() { - m="$1" - ep="$2" - data="$3" - _debug "$ep" - url="$DNSLA_API$ep" - - _debug url "$url" - - if [ "$m" = "GET" ]; then - response="$(_get "$url" | tr -d ' ' | tr "}" ",")" - else - _debug2 data "$data" - response="$(_post "$data" "$url" | tr -d ' ' | tr "}" ",")" - fi - - if [ "$?" != "0" ]; then - _err "error $ep" - return 1 - fi - _debug2 response "$response" - return 0 -} From dd980d9dca5aca25c3335cfc6e3fdca004d6ae84 Mon Sep 17 00:00:00 2001 From: stephen Date: Tue, 16 Aug 2022 15:30:10 +0800 Subject: [PATCH 0960/1526] dns.la official acme script dns.la official acme script --- dnsapi/dns_la.sh | 161 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 dnsapi/dns_la.sh diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh new file mode 100644 index 00000000..0468220a --- /dev/null +++ b/dnsapi/dns_la.sh @@ -0,0 +1,161 @@ +#!/usr/bin/env sh +# dns.la Domain api +# +#LA_Id="test123" +# +#LA_Key="d1j2fdo4dee3948" +DNSLA_API="https://www.dns.la/api/" +######## Public functions ##################### +#Usage: dns_la_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_la_add() { + fulldomain=$1 + txtvalue=$2 + + LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" + LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" + if [ -z "$LA_Id" ] || [ -z "$LA_Key" ]; then + LA_Id="" + LA_Key="" + _err "You don't specify dnsla api id and key yet." + _err "Please create your key and try again." + return 1 + fi + + #save the api key and email to the account conf file. + _saveaccountconf_mutable LA_Id "$LA_Id" + _saveaccountconf_mutable LA_Key "$LA_Key" + + _debug "detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + add_record "$_domain" "$_sub_domain" "$txtvalue" + +} + +#fulldomain txtvalue +dns_la_rm() { + fulldomain=$1 + txtvalue=$2 + _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_' ) + + LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" + LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" + _debug fullkey "$_fullkey" + RM_recordid="$(_readaccountconf "$_fullkey")" + _debug rm_recordid "$RM_recordid" + _debug "detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + if ! _rest GET "record.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then + _err "get record lis error." + return 1 + fi + + if ! _contains "$response" "$RM_recordid"; then + _info "no need to remove record." + return 0 + fi + + if ! _rest GET "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then + _err "record remove error." + return 1 + fi + + _clearaccountconf "$_fullkey" + + _contains "$response" "\"code\":300" +} + +#add the txt record. +#usage: root sub txtvalue +add_record() { + root=$1 + sub=$2 + txtvalue=$3 + fulldomain="$sub.$root" + + _info "adding txt record" + + if ! _rest GET "record.ashx?cmd=create&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue&recordline="; then + return 1 + fi + + if _contains "$response" "\"code\":300"; then + _record_id=$(printf "%s" "$response" | grep '"resultid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n' ) + _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_' ) + _debug fullkey "$_fullkey" + _saveaccountconf "$_fullkey" "$_record_id" + _debug _record_id "$_record_id" + fi + _contains "$response" "\"code\":300" +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if ! _rest GET "domain.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domain=$h"; then + return 1 + fi + + if _contains "$response" "\"code\":300"; then + _domain_id=$(printf "%s" "$response" | grep '"domainid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n' ) + _debug _domain_id "$_domain_id" + if [ "$_domain_id" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _debug _sub_domain "$_sub_domain" + _domain="$h" + _debug _domain "$_domain" + return 0 + fi + return 1 + fi + p="$i" + i=$(_math "$i" + 1) + done + return 1 +} + +#Usage: method URI data +_rest() { + m="$1" + ep="$2" + data="$3" + _debug "$ep" + url="$DNSLA_API$ep" + + _debug url "$url" + + if [ "$m" = "GET" ]; then + response="$(_get "$url" | tr -d ' ' | tr "}" ",")" + else + _debug2 data "$data" + response="$(_post "$data" "$url" | tr -d ' ' | tr "}" ",")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From 23c3e9482fadeea75b2147e8542339b390df97b5 Mon Sep 17 00:00:00 2001 From: stephen Date: Tue, 16 Aug 2022 15:35:22 +0800 Subject: [PATCH 0961/1526] Delete dns_la.sh --- dnsapi/dns_la.sh | 161 ----------------------------------------------- 1 file changed, 161 deletions(-) delete mode 100644 dnsapi/dns_la.sh diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh deleted file mode 100644 index 0468220a..00000000 --- a/dnsapi/dns_la.sh +++ /dev/null @@ -1,161 +0,0 @@ -#!/usr/bin/env sh -# dns.la Domain api -# -#LA_Id="test123" -# -#LA_Key="d1j2fdo4dee3948" -DNSLA_API="https://www.dns.la/api/" -######## Public functions ##################### -#Usage: dns_la_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_la_add() { - fulldomain=$1 - txtvalue=$2 - - LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" - LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" - if [ -z "$LA_Id" ] || [ -z "$LA_Key" ]; then - LA_Id="" - LA_Key="" - _err "You don't specify dnsla api id and key yet." - _err "Please create your key and try again." - return 1 - fi - - #save the api key and email to the account conf file. - _saveaccountconf_mutable LA_Id "$LA_Id" - _saveaccountconf_mutable LA_Key "$LA_Key" - - _debug "detect the root zone" - if ! _get_root "$fulldomain"; then - _err "invalid domain" - return 1 - fi - - add_record "$_domain" "$_sub_domain" "$txtvalue" - -} - -#fulldomain txtvalue -dns_la_rm() { - fulldomain=$1 - txtvalue=$2 - _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_' ) - - LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" - LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" - _debug fullkey "$_fullkey" - RM_recordid="$(_readaccountconf "$_fullkey")" - _debug rm_recordid "$RM_recordid" - _debug "detect the root zone" - if ! _get_root "$fulldomain"; then - _err "invalid domain" - return 1 - fi - - if ! _rest GET "record.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then - _err "get record lis error." - return 1 - fi - - if ! _contains "$response" "$RM_recordid"; then - _info "no need to remove record." - return 0 - fi - - if ! _rest GET "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then - _err "record remove error." - return 1 - fi - - _clearaccountconf "$_fullkey" - - _contains "$response" "\"code\":300" -} - -#add the txt record. -#usage: root sub txtvalue -add_record() { - root=$1 - sub=$2 - txtvalue=$3 - fulldomain="$sub.$root" - - _info "adding txt record" - - if ! _rest GET "record.ashx?cmd=create&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue&recordline="; then - return 1 - fi - - if _contains "$response" "\"code\":300"; then - _record_id=$(printf "%s" "$response" | grep '"resultid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n' ) - _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_' ) - _debug fullkey "$_fullkey" - _saveaccountconf "$_fullkey" "$_record_id" - _debug _record_id "$_record_id" - fi - _contains "$response" "\"code\":300" -} - -#################### Private functions below ################################## -#_acme-challenge.www.domain.com -#returns -# _sub_domain=_acme-challenge.www -# _domain=domain.com -# _domain_id=sdjkglgdfewsdfg -_get_root() { - domain=$1 - i=2 - p=1 - while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) - if [ -z "$h" ]; then - #not valid - return 1 - fi - - if ! _rest GET "domain.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domain=$h"; then - return 1 - fi - - if _contains "$response" "\"code\":300"; then - _domain_id=$(printf "%s" "$response" | grep '"domainid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n' ) - _debug _domain_id "$_domain_id" - if [ "$_domain_id" ]; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) - _debug _sub_domain "$_sub_domain" - _domain="$h" - _debug _domain "$_domain" - return 0 - fi - return 1 - fi - p="$i" - i=$(_math "$i" + 1) - done - return 1 -} - -#Usage: method URI data -_rest() { - m="$1" - ep="$2" - data="$3" - _debug "$ep" - url="$DNSLA_API$ep" - - _debug url "$url" - - if [ "$m" = "GET" ]; then - response="$(_get "$url" | tr -d ' ' | tr "}" ",")" - else - _debug2 data "$data" - response="$(_post "$data" "$url" | tr -d ' ' | tr "}" ",")" - fi - - if [ "$?" != "0" ]; then - _err "error $ep" - return 1 - fi - _debug2 response "$response" - return 0 -} From 5899d7034fd906a1194beb2205a9fc338ff6b200 Mon Sep 17 00:00:00 2001 From: stephen Date: Tue, 16 Aug 2022 15:35:46 +0800 Subject: [PATCH 0962/1526] dns.la official acme script dns.la official acme script --- dnsapi/dns_la.sh | 161 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) create mode 100644 dnsapi/dns_la.sh diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh new file mode 100644 index 00000000..4d60c243 --- /dev/null +++ b/dnsapi/dns_la.sh @@ -0,0 +1,161 @@ +#!/usr/bin/env sh +# dns.la Domain api +# +#LA_Id="test123" +# +#LA_Key="d1j2fdo4dee3948" +DNSLA_API="https://www.dns.la/api/" +######## Public functions ##################### +#Usage: dns_la_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_la_add() { + fulldomain=$1 + txtvalue=$2 + + LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" + LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" + if [ -z "$LA_Id" ] || [ -z "$LA_Key" ]; then + LA_Id="" + LA_Key="" + _err "You don't specify dnsla api id and key yet." + _err "Please create your key and try again." + return 1 + fi + + #save the api key and email to the account conf file. + _saveaccountconf_mutable LA_Id "$LA_Id" + _saveaccountconf_mutable LA_Key "$LA_Key" + + _debug "detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + add_record "$_domain" "$_sub_domain" "$txtvalue" + +} + +#fulldomain txtvalue +dns_la_rm() { + fulldomain=$1 + txtvalue=$2 + _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_') + + LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" + LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" + _debug fullkey "$_fullkey" + RM_recordid="$(_readaccountconf "$_fullkey")" + _debug rm_recordid "$RM_recordid" + _debug "detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + if ! _rest GET "record.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then + _err "get record lis error." + return 1 + fi + + if ! _contains "$response" "$RM_recordid"; then + _info "no need to remove record." + return 0 + fi + + if ! _rest GET "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then + _err "record remove error." + return 1 + fi + + _clearaccountconf "$_fullkey" + + _contains "$response" "\"code\":300" +} + +#add the txt record. +#usage: root sub txtvalue +add_record() { + root=$1 + sub=$2 + txtvalue=$3 + fulldomain="$sub.$root" + + _info "adding txt record" + + if ! _rest GET "record.ashx?cmd=create&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue&recordline="; then + return 1 + fi + + if _contains "$response" "\"code\":300"; then + _record_id=$(printf "%s" "$response" | grep '"resultid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') + _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_') + _debug fullkey "$_fullkey" + _saveaccountconf "$_fullkey" "$_record_id" + _debug _record_id "$_record_id" + fi + _contains "$response" "\"code\":300" +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if ! _rest GET "domain.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domain=$h"; then + return 1 + fi + + if _contains "$response" "\"code\":300"; then + _domain_id=$(printf "%s" "$response" | grep '"domainid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') + _debug _domain_id "$_domain_id" + if [ "$_domain_id" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _debug _sub_domain "$_sub_domain" + _domain="$h" + _debug _domain "$_domain" + return 0 + fi + return 1 + fi + p="$i" + i=$(_math "$i" + 1) + done + return 1 +} + +#Usage: method URI data +_rest() { + m="$1" + ep="$2" + data="$3" + _debug "$ep" + url="$DNSLA_API$ep" + + _debug url "$url" + + if [ "$m" = "GET" ]; then + response="$(_get "$url" | tr -d ' ' | tr "}" ",")" + else + _debug2 data "$data" + response="$(_post "$data" "$url" | tr -d ' ' | tr "}" ",")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From e1eb0018720eaf111180da9d036b7a92cf213682 Mon Sep 17 00:00:00 2001 From: stephen Date: Wed, 17 Aug 2022 17:23:12 +0800 Subject: [PATCH 0963/1526] dns.la official acme script dns.la official acme script --- dnsapi/dns_la.sh | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh index 4d60c243..b8b484a5 100644 --- a/dnsapi/dns_la.sh +++ b/dnsapi/dns_la.sh @@ -4,7 +4,7 @@ #LA_Id="test123" # #LA_Key="d1j2fdo4dee3948" -DNSLA_API="https://www.dns.la/api/" +DNSLA_API="https://api.dns.la/api/" ######## Public functions ##################### #Usage: dns_la_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_la_add() { @@ -39,36 +39,34 @@ dns_la_add() { dns_la_rm() { fulldomain=$1 txtvalue=$2 - _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_') LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" - _debug fullkey "$_fullkey" - RM_recordid="$(_readaccountconf "$_fullkey")" - _debug rm_recordid "$RM_recordid" - _debug "detect the root zone" + + _debug "First detect the root zone" if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi - if ! _rest GET "record.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then - _err "get record lis error." + if ! _rest GET "record.ashx?cmd=listn&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue"; then + _err "get record list error." return 1 fi - if ! _contains "$response" "$RM_recordid"; then + if ! _contains "$response" "recordid"; then _info "no need to remove record." return 0 fi - if ! _rest GET "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$RM_recordid"; then + _record_id=$(printf "%s" "$response" | grep '"recordid":' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') + + _debug delete_rid "$_record_id" + if ! _rest GET "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$_record_id"; then _err "record remove error." return 1 fi - _clearaccountconf "$_fullkey" - _contains "$response" "\"code\":300" } @@ -81,16 +79,12 @@ add_record() { fulldomain="$sub.$root" _info "adding txt record" - if ! _rest GET "record.ashx?cmd=create&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue&recordline="; then return 1 fi if _contains "$response" "\"code\":300"; then _record_id=$(printf "%s" "$response" | grep '"resultid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') - _fullkey=$(printf "%s" "$fulldomain" | awk '{ string=substr($0, 17); print string; }' | tr '.' '_') - _debug fullkey "$_fullkey" - _saveaccountconf "$_fullkey" "$_record_id" _debug _record_id "$_record_id" fi _contains "$response" "\"code\":300" From 233c724b2dc4e2080f9e2b3ca285ff4853d5b0fa Mon Sep 17 00:00:00 2001 From: stephen Date: Wed, 17 Aug 2022 18:18:42 +0800 Subject: [PATCH 0964/1526] dns.la official acme script dns.la official acme script --- dnsapi/dns_la.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh index b8b484a5..921da473 100644 --- a/dnsapi/dns_la.sh +++ b/dnsapi/dns_la.sh @@ -83,11 +83,10 @@ add_record() { return 1 fi - if _contains "$response" "\"code\":300"; then - _record_id=$(printf "%s" "$response" | grep '"resultid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') - _debug _record_id "$_record_id" + if _contains "$response" "resultid" || _contains "$response" "\"code\":532"; then + return 0 fi - _contains "$response" "\"code\":300" + return 1 } #################### Private functions below ################################## From d5b649a1a4b821a6379cfc99ff5d1cd75d65afca Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 17 Aug 2022 23:49:30 +0800 Subject: [PATCH 0965/1526] add tests for wget --- .github/workflows/FreeBSD.yml | 11 +++++++++-- .github/workflows/OpenBSD.yml | 11 +++++++++-- .github/workflows/Solaris.yml | 11 +++++++++-- .github/workflows/Ubuntu.yml | 9 ++++++++- 4 files changed, 35 insertions(+), 7 deletions(-) diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 74b69745..414523d9 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -25,6 +25,12 @@ jobs: CA: "" CA_EMAIL: "" TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + - TEST_ACME_Server: "LetsEncrypt.org_test" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + ACME_USE_WGET: 1 #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" # CA: "ZeroSSL RSA Domain Secure Site CA" @@ -38,6 +44,7 @@ jobs: CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} + ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} steps: - uses: actions/checkout@v2 - uses: vmactions/cf-tunnel@v0.0.3 @@ -51,10 +58,10 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/freebsd-vm@v0 with: - envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' nat: | "8080": "80" - prepare: pkg install -y socat curl + prepare: pkg install -y socat curl wget usesh: true copyback: false run: | diff --git a/.github/workflows/OpenBSD.yml b/.github/workflows/OpenBSD.yml index 6aba1b2a..41844a89 100644 --- a/.github/workflows/OpenBSD.yml +++ b/.github/workflows/OpenBSD.yml @@ -25,6 +25,12 @@ jobs: CA: "" CA_EMAIL: "" TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + - TEST_ACME_Server: "LetsEncrypt.org_test" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + ACME_USE_WGET: 1 #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" # CA: "ZeroSSL RSA Domain Secure Site CA" @@ -38,6 +44,7 @@ jobs: CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} + ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} steps: - uses: actions/checkout@v2 - uses: vmactions/cf-tunnel@v0.0.3 @@ -51,10 +58,10 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/openbsd-vm@v0 with: - envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' nat: | "8080": "80" - prepare: pkg_add socat curl + prepare: pkg_add socat curl wget usesh: true copyback: false run: | diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 53386752..188352b1 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -25,6 +25,12 @@ jobs: CA: "" CA_EMAIL: "" TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + - TEST_ACME_Server: "LetsEncrypt.org_test" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + ACME_USE_WGET: 1 #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" # CA: "ZeroSSL RSA Domain Secure Site CA" @@ -38,6 +44,7 @@ jobs: CA: ${{ matrix.CA }} CA_EMAIL: ${{ matrix.CA_EMAIL }} TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} + ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} steps: - uses: actions/checkout@v2 - uses: vmactions/cf-tunnel@v0.0.3 @@ -51,11 +58,11 @@ jobs: run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - uses: vmactions/solaris-vm@v0 with: - envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' + envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' copyback: "false" nat: | "8080": "80" - prepare: pkgutil -y -i socat curl + prepare: pkgutil -y -i socat curl wget run: | cd ../acmetest \ && ./letest.sh diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 4540580c..5f9fb74c 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -25,6 +25,12 @@ jobs: CA: "" CA_EMAIL: "" TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + - TEST_ACME_Server: "LetsEncrypt.org_test" + CA_ECDSA: "" + CA: "" + CA_EMAIL: "" + TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + ACME_USE_WGET: 1 - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" CA: "ZeroSSL RSA Domain Secure Site CA" @@ -57,10 +63,11 @@ jobs: NO_REVOKE: ${{ matrix.NO_REVOKE }} TEST_IPCERT: ${{ matrix.TEST_IPCERT }} TestingDomain: ${{ matrix.TestingDomain }} + ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} steps: - uses: actions/checkout@v2 - name: Install tools - run: sudo apt-get install -y socat + run: sudo apt-get install -y socat wget - name: Start StepCA if: ${{ matrix.TEST_ACME_Server=='https://localhost:9000/acme/acme/directory' }} run: | From 7122a960fa1c4e33ca22d0afd98063df0a89757e Mon Sep 17 00:00:00 2001 From: Dennis Koot Date: Tue, 26 Jul 2022 11:33:50 +0200 Subject: [PATCH 0966/1526] make ip-whitelisting configurable for DNS TransIP and download keyfile if it is an url --- dnsapi/dns_transip.sh | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_transip.sh b/dnsapi/dns_transip.sh index 23debe0d..64a256ec 100644 --- a/dnsapi/dns_transip.sh +++ b/dnsapi/dns_transip.sh @@ -1,7 +1,6 @@ #!/usr/bin/env sh TRANSIP_Api_Url="https://api.transip.nl/v6" TRANSIP_Token_Read_Only="false" -TRANSIP_Token_Global_Key="false" TRANSIP_Token_Expiration="30 minutes" # You can't reuse a label token, so we leave this empty normally TRANSIP_Token_Label="" @@ -96,7 +95,11 @@ _transip_get_token() { nonce=$(echo "TRANSIP$(_time)" | _digest sha1 hex | cut -c 1-32) _debug nonce "$nonce" - data="{\"login\":\"${TRANSIP_Username}\",\"nonce\":\"${nonce}\",\"read_only\":\"${TRANSIP_Token_Read_Only}\",\"expiration_time\":\"${TRANSIP_Token_Expiration}\",\"label\":\"${TRANSIP_Token_Label}\",\"global_key\":\"${TRANSIP_Token_Global_Key}\"}" + # make IP whitelisting configurable + TRANSIP_Token_Global_Key="${TRANSIP_Token_Global_Key:-$(_readaccountconf_mutable TRANSIP_Token_Global_Key)}" + _saveaccountconf_mutable TRANSIP_Token_Global_Key "$TRANSIP_Token_Global_Key" + + data="{\"login\":\"${TRANSIP_Username}\",\"nonce\":\"${nonce}\",\"read_only\":\"${TRANSIP_Token_Read_Only}\",\"expiration_time\":\"${TRANSIP_Token_Expiration}\",\"label\":\"${TRANSIP_Token_Label}\",\"global_key\":\"${TRANSIP_Token_Global_Key:-false}\"}" _debug data "$data" #_signature=$(printf "%s" "$data" | openssl dgst -sha512 -sign "$TRANSIP_Key_File" | _base64) @@ -139,6 +142,18 @@ _transip_setup() { _saveaccountconf_mutable TRANSIP_Username "$TRANSIP_Username" _saveaccountconf_mutable TRANSIP_Key_File "$TRANSIP_Key_File" + # download key file if it's an URL + if _startswith "$TRANSIP_Key_File" "http"; then + _debug "download transip key file" + TRANSIP_Key_URL=$TRANSIP_Key_File + TRANSIP_Key_File="$(_mktemp)" + chmod 600 "$TRANSIP_Key_File" + if ! _get "$TRANSIP_Key_URL" >"$TRANSIP_Key_File"; then + _err "Error getting key file from : $TRANSIP_Key_URL" + return 1 + fi + fi + if [ -f "$TRANSIP_Key_File" ]; then if ! grep "BEGIN PRIVATE KEY" "$TRANSIP_Key_File" >/dev/null 2>&1; then _err "Key file doesn't seem to be a valid key: ${TRANSIP_Key_File}" @@ -156,6 +171,12 @@ _transip_setup() { fi fi + if [ -n "${TRANSIP_Key_URL}" ]; then + _debug "delete transip key file" + rm "${TRANSIP_Key_File}" + TRANSIP_Key_File=$TRANSIP_Key_URL + fi + _get_root "$fulldomain" || return 1 return 0 From 0e8fef73bb67b02ca28a2a05088f8aca4cd0a24d Mon Sep 17 00:00:00 2001 From: Hobby-Student <6012744+Hobby-Student@users.noreply.github.com> Date: Wed, 17 Aug 2022 19:43:30 +0200 Subject: [PATCH 0967/1526] error handling, minor changes to params, ... --- dnsapi/dns_kas.sh | 202 +++++++++++++++++++++++++++++++--------------- 1 file changed, 137 insertions(+), 65 deletions(-) diff --git a/dnsapi/dns_kas.sh b/dnsapi/dns_kas.sh index 755161e4..b42722b4 100755 --- a/dnsapi/dns_kas.sh +++ b/dnsapi/dns_kas.sh @@ -5,55 +5,81 @@ # Environment variables: # # - $KAS_Login (Kasserver API login name) -# - $KAS_Authtype (Kasserver API auth type. Default: sha1) +# - $KAS_Authtype (Kasserver API auth type. Default: plain) # - $KAS_Authdata (Kasserver API auth data.) # -# Author: Martin Kammerlander, Phlegx Systems OG -# Updated by: Marc-Oliver Lange -# Credits: Inspired by dns_he.sh. Thanks a lot man! -# Git repo: https://github.com/phlegx/acme.sh -# TODO: Better Error handling +# Author: squared GmbH +# Credits: +# Inspired by dns_he.sh. Thanks a lot man! +# Previous version by Martin Kammerlander, Phlegx Systems OG +# Previous update by Marc-Oliver Lange +# KASAPI SOAP guideline by https://github.com/o1oo11oo/kasapi.sh ######################################################################## -KAS_Api="https://kasapi.kasserver.com/soap/KasApi.php" -KAS_Auth="https://kasapi.kasserver.com/soap/KasAuth.php" +KAS_Api_GET="$(_get "https://kasapi.kasserver.com/soap/wsdl/KasApi.wsdl")" +KAS_Api="$(echo "$KAS_Api_GET" | tr -d ' ' | grep -i "//g")" +_info "[KAS] -> API URL $KAS_Api" + +KAS_Auth_GET="$(_get "https://kasapi.kasserver.com/soap/wsdl/KasAuth.wsdl")" +KAS_Auth="$(echo "$KAS_Auth_GET" | tr -d ' ' | grep -i "//g")" +_info "[KAS] -> AUTH URL $KAS_Auth" + +KAS_default_ratelimit=5 # TODO - Every response delivers a ratelimit (seconds) where KASAPI is blocking a request. + ######## Public functions ##################### dns_kas_add() { _fulldomain=$1 _txtvalue=$2 - _info "### -> Using DNS-01 All-inkl/Kasserver hook" - _info "### -> Adding $_fulldomain DNS TXT entry on All-inkl/Kasserver" - _info "### -> Retriving Credential Token" + _info "[KAS] -> Using DNS-01 All-inkl/Kasserver hook" + _info "[KAS] -> Adding $_fulldomain DNS TXT entry on All-inkl/Kasserver" + _info "[KAS] -> Retriving Credential Token" _get_credential_token - _info "### -> Check and Save Props" + _info "[KAS] -> Check and Save Props" _check_and_save - _info "### -> Checking Zone and Record_Name" + _info "[KAS] -> Checking Zone and Record_Name" _get_zone_and_record_name "$_fulldomain" - _info "### -> Checking for existing Record entries" + _info "[KAS] -> Checking for existing Record entries" _get_record_id # If there is a record_id, delete the entry if [ -n "$_record_id" ]; then - _info "Existing records found. Now deleting old entries" + _info "[KAS] -> Existing records found. Now deleting old entries" for i in $_record_id; do _delete_RecordByID "$i" done else - _info "No record found." + _info "[KAS] -> No record found." fi - _info "### -> Creating TXT DNS record" + _info "[KAS] -> Creating TXT DNS record" action="add_dns_settings" - kasReqParam="{\"record_name\":\"$_record_name\",\"record_type\":\"TXT\",\"record_data\":\"$_txtvalue\",\"record_aux\":\"0\",\"zone_host\":\"$_zone\"}" + kasReqParam="\"record_name\":\"$_record_name\"" + kasReqParam="$kasReqParam,\"record_type\":\"TXT\"" + kasReqParam="$kasReqParam,\"record_data\":\"$_txtvalue\"" + kasReqParam="$kasReqParam,\"record_aux\":\"0\"" + kasReqParam="$kasReqParam,\"zone_host\":\"$_zone\"" response="$(_callAPI "$action" "$kasReqParam")" + _debug2 "[KAS] -> Response" "$response" - _debug2 "Response" "$response" - - if ! _contains "$response" "TRUE"; then - _err "An unkown error occurred, please check manually." + if [ -z "$response" ]; then + _info "[KAS] -> Response was empty, please check manually." + return 1 + elif _contains "$response" ""; then + faultstring="$(echo "$response" | tr -d '\n\r' | sed "s//\n=> /g" | sed "s/<\/faultstring>/\n/g" | grep "=>" | sed "s/=> //g")" + case "${faultstring}" in + "record_already_exists") + _info "[KAS] -> The record already exists, which must not be a problem. Please check manually." + ;; + *) + _err "[KAS] -> An error =>$faultstring<= occurred, please check manually." + return 1 + ;; + esac + elif ! _contains "$response" "ReturnStringTRUE"; then + _err "[KAS] -> An unknown error occurred, please check manually." return 1 fi return 0 @@ -63,29 +89,29 @@ dns_kas_rm() { _fulldomain=$1 _txtvalue=$2 - _info "### -> Using DNS-01 All-inkl/Kasserver hook" - _info "### -> Cleaning up after All-inkl/Kasserver hook" - _info "### -> Removing $_fulldomain DNS TXT entry on All-inkl/Kasserver" - _info "### -> Retriving Credential Token" + _info "[KAS] -> Using DNS-01 All-inkl/Kasserver hook" + _info "[KAS] -> Cleaning up after All-inkl/Kasserver hook" + _info "[KAS] -> Removing $_fulldomain DNS TXT entry on All-inkl/Kasserver" + _info "[KAS] -> Retriving Credential Token" _get_credential_token - _info "### -> Check and Save Props" + _info "[KAS] -> Check and Save Props" _check_and_save - _info "### -> Checking Zone and Record_Name" + _info "[KAS] -> Checking Zone and Record_Name" _get_zone_and_record_name "$_fulldomain" - _info "### -> Getting Record ID" + _info "[KAS] -> Getting Record ID" _get_record_id - _info "### -> Removing entries with ID: $_record_id" + _info "[KAS] -> Removing entries with ID: $_record_id" # If there is a record_id, delete the entry if [ -n "$_record_id" ]; then for i in $_record_id; do _delete_RecordByID "$i" done else # Cannot delete or unkown error - _info "No record_id found that can be deleted. Please check manually." + _info "[KAS] -> No record_id found that can be deleted. Please check manually." fi return 0 } @@ -95,11 +121,27 @@ dns_kas_rm() { _delete_RecordByID() { recId=$1 action="delete_dns_settings" - kasReqParam="{\"record_id\":\"$recId\"}" + kasReqParam="\"record_id\":\"$recId\"" response="$(_callAPI "$action" "$kasReqParam")" - _debug2 "Response" "$response" - if ! _contains "$response" "TRUE"; then - _info "Either the txt record is not found or another error occurred, please check manually." + _debug2 "[KAS] -> Response" "$response" + + if [ -z "$response" ]; then + _info "[KAS] -> Response was empty, please check manually." + return 1 + elif _contains "$response" ""; then + faultstring="$(echo "$response" | tr -d '\n\r' | sed "s//\n=> /g" | sed "s/<\/faultstring>/\n/g" | grep "=>" | sed "s/=> //g")" + case "${faultstring}" in + "record_id_not_found") + _info "[KAS] -> The record was not found, which perhaps is not a problem. Please check manually." + ;; + *) + _err "[KAS] -> An error =>$faultstring<= occurred, please check manually." + return 1 + ;; + esac + elif ! _contains "$response" "ReturnStringTRUE"; then + _err "[KAS] -> An unknown error occurred, please check manually." + return 1 fi } # Checks for the ENV variables and saves them @@ -112,7 +154,7 @@ _check_and_save() { KAS_Login= KAS_Authtype= KAS_Authdata= - _err "No auth details provided. Please set user credentials using the \$KAS_Login, \$KAS_Authtype, and \$KAS_Authdata environment variables." + _err "[KAS] -> No auth details provided. Please set user credentials using the \$KAS_Login, \$KAS_Authtype, and \$KAS_Authdata environment variables." return 1 fi _saveaccountconf_mutable KAS_Login "$KAS_Login" @@ -125,9 +167,18 @@ _check_and_save() { # See: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide _get_zone_and_record_name() { action="get_domains" - kasReqParam="[]" - response="$(_callAPI "$action" "$kasReqParam")" - _debug2 "Response" "$response" + response="$(_callAPI "$action")" + _debug2 "[KAS] -> Response" "$response" + + if [ -z "$response" ]; then + _info "[KAS] -> Response was empty, please check manually." + return 1 + elif _contains "$response" ""; then + faultstring="$(echo "$response" | tr -d '\n\r' | sed "s//\n=> /g" | sed "s/<\/faultstring>/\n/g" | grep "=>" | sed "s/=> //g")" + _err "[KAS] -> Either no domains were found or another error =>$faultstring<= occurred, please check manually." + return 1 + fi + zonen="$(echo "$response" | sed 's//\n/g' | sed -r 's/(.*domain_name<\/key>)(.*)(<\/value.*)/\2/' | sed '/^ Zone:" "$_zone" + _debug "[KAS] -> Domain:" "$domain" + _debug "[KAS] -> Record_Name:" "$_record_name" return 0 } # Retrieve the DNS record ID _get_record_id() { action="get_dns_settings" - kasReqParam="{\"zone_host\":\"$_zone\",\"nameserver\":\"ns5.kasserver.com\"}" + kasReqParam="\"zone_host\":\"$_zone\"" response="$(_callAPI "$action" "$kasReqParam")" + _debug2 "[KAS] -> Response" "$response" + + if [ -z "$response" ]; then + _info "[KAS] -> Response was empty, please check manually." + return 1 + elif _contains "$response" ""; then + faultstring="$(echo "$response" | tr -d '\n\r' | sed "s//\n=> /g" | sed "s/<\/faultstring>/\n/g" | grep "=>" | sed "s/=> //g")" + _err "[KAS] -> Either no domains were found or another error =>$faultstring<= occurred, please check manually." + return 1 + fi - _debug2 "Response" "$response" - _record_id="$(echo "$response" | sed 's//\n/g' | sed -n -e "/^.*$_record_name.*/Ip" | sed -n -e "/^.*$_txtvalue.*/Ip" | sed -r 's/(.*record_id<\/key>)([0-9]+)(<\/value.*)/\2/')" - _debug "Record Id: " "$_record_id" + _record_id="$(echo "$response" | tr -d '\n\r' | sed "s//\n/g" | grep -i "$_record_name" | grep -i ">TXT<" | sed "s/record_id<\/key>/=>/g" | sed "s/<\/value><\/item>/\n/g" | grep "=>" | sed "s/=>//g")" + _debug "[KAS] -> Record Id: " "$_record_id" return 0 } # Retrieve credential token _get_credential_token() { - data="" - data="$data{\"kas_login\":\"$KAS_Login\",\"kas_auth_type\":\"$KAS_Authtype\",\"kas_auth_data\":\"$KAS_Authdata\",\"session_lifetime\":600,\"session_update_lifetime\":\"Y\",\"session_2fa\":123456}" - data="$data" + baseParamAuth="\"kas_login\":\"$KAS_Login\"" + baseParamAuth="$baseParamAuth,\"kas_auth_type\":\"$KAS_Authtype\"" + baseParamAuth="$baseParamAuth,\"kas_auth_data\":\"$KAS_Authdata\"" + baseParamAuth="$baseParamAuth,\"session_lifetime\":600" + baseParamAuth="$baseParamAuth,\"session_update_lifetime\":\"Y\"" - _debug "Be frindly and wait 10 seconds by default before calling KAS API." - _sleep 10 + data='{' + data="$data$baseParamAuth}" + + _debug "[KAS] -> Be friendly and wait $KAS_default_ratelimit seconds by default before calling KAS API." + _sleep $KAS_default_ratelimit contentType="text/xml" - export _H1="SOAPAction: ns1:KasAuth" + export _H1="SOAPAction: urn:xmethodsKasApiAuthentication#KasAuth" response="$(_post "$data" "$KAS_Auth" "" "POST" "$contentType")" - _debug2 "Response" "$response" + _debug2 "[KAS] -> Response" "$response" _credential_token="$(echo "$response" | tr '\n' ' ' | sed 's/.*return xsi:type="xsd:string">\(.*\)<\/return>/\1/' | sed 's/<\/ns1:KasAuthResponse\(.*\)Envelope>.*//')" - _debug "Credential Token: " "$_credential_token" + _debug "[KAS] -> Credential Token: " "$_credential_token" return 0 } _callAPI() { kasaction=$1 kasReqParams=$2 - baseParam="{\"kas_login\":\"$KAS_Login\",\"kas_auth_type\":\"session\",\"kas_auth_data\":\"$_credential_token\",\"kas_action\":\"$kasaction\",\"KasRequestParams\":$kasReqParams" - baseParamClosing="}" - data="" - data="$data$baseParam$baseParamClosing" - data="$data" - _debug2 "Request" "$data" - _debug "Be frindly and wait 10 seconds by default before calling KAS API." - _sleep 10 + baseParamAuth="\"kas_login\":\"$KAS_Login\"" + baseParamAuth="$baseParamAuth,\"kas_auth_type\":\"session\"" + baseParamAuth="$baseParamAuth,\"kas_auth_data\":\"$_credential_token\"" + + data='{' + data="$data$baseParamAuth,\"kas_action\":\"$kasaction\"" + if [ -n "$kasReqParams" ]; then + data="$data,\"KasRequestParams\":{$kasReqParams}" + fi + data="$data}" + + _debug2 "[KAS] -> Request" "$data" + + _debug "[KAS] -> Be friendly and wait $KAS_default_ratelimit seconds by default before calling KAS API." + _sleep $KAS_default_ratelimit contentType="text/xml" - export _H1="SOAPAction: ns1:KasApi" + export _H1="SOAPAction: urn:xmethodsKasApi#KasApi" response="$(_post "$data" "$KAS_Api" "" "POST" "$contentType")" - _debug2 "Response" "$response" + _debug2 "[KAS] -> Response" "$response" echo "$response" -} +} \ No newline at end of file From da6a335b8733daba8d6d5d499037733f0b47e035 Mon Sep 17 00:00:00 2001 From: Hobby-Student <6012744+Hobby-Student@users.noreply.github.com> Date: Wed, 17 Aug 2022 19:50:47 +0200 Subject: [PATCH 0968/1526] new line EOF --- dnsapi/dns_kas.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_kas.sh b/dnsapi/dns_kas.sh index b42722b4..5e725e9a 100755 --- a/dnsapi/dns_kas.sh +++ b/dnsapi/dns_kas.sh @@ -269,4 +269,4 @@ _callAPI() { response="$(_post "$data" "$KAS_Api" "" "POST" "$contentType")" _debug2 "[KAS] -> Response" "$response" echo "$response" -} \ No newline at end of file +} From b42532afe9f664e5907618ff6754e798c089bb24 Mon Sep 17 00:00:00 2001 From: Hobby-Student <6012744+Hobby-Student@users.noreply.github.com> Date: Wed, 17 Aug 2022 19:58:34 +0200 Subject: [PATCH 0969/1526] forgot enabling github actions. forced commit --- dnsapi/dns_kas.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_kas.sh b/dnsapi/dns_kas.sh index 5e725e9a..6bb0823e 100755 --- a/dnsapi/dns_kas.sh +++ b/dnsapi/dns_kas.sh @@ -31,7 +31,7 @@ dns_kas_add() { _txtvalue=$2 _info "[KAS] -> Using DNS-01 All-inkl/Kasserver hook" - _info "[KAS] -> Adding $_fulldomain DNS TXT entry on All-inkl/Kasserver" + _info "[KAS] -> Adding $_fulldomain DNS TXT entry on all-inkl.com/Kasserver" _info "[KAS] -> Retriving Credential Token" _get_credential_token From b44ba0d21a8bfbc60708c8afa7477af9e0ef19cc Mon Sep 17 00:00:00 2001 From: Danny Tix Date: Tue, 16 Aug 2022 23:08:04 -0800 Subject: [PATCH 0970/1526] Add wildcard deployment to cpanel_uapi --- deploy/cpanel_uapi.sh | 185 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 167 insertions(+), 18 deletions(-) diff --git a/deploy/cpanel_uapi.sh b/deploy/cpanel_uapi.sh index 44844f79..eea96248 100644 --- a/deploy/cpanel_uapi.sh +++ b/deploy/cpanel_uapi.sh @@ -3,18 +3,29 @@ # Uses command line uapi. --user option is needed only if run as root. # Returns 0 when success. # +# Configure DEPLOY_CPANEL_AUTO_<...> options to enable or restrict automatic +# detection of deployment targets through UAPI (if not set, defaults below are used.) +# - ENABLED : 'true' for multi-site / wildcard capability; otherwise single-site mode. +# - NOMATCH : 'true' to allow deployment to sites that do not match the certificate. +# - INCLUDE : Comma-separated list - sites must match this field. +# - EXCLUDE : Comma-separated list - sites must NOT match this field. +# INCLUDE/EXCLUDE both support non-lexical, glob-style matches using '*' +# # Please note that I am no longer using Github. If you want to report an issue # or contact me, visit https://forum.webseodesigners.com/web-design-seo-and-hosting-f16/ # # Written by Santeri Kannisto # Public domain, 2017-2018 - -#export DEPLOY_CPANEL_USER=myusername +# +# export DEPLOY_CPANEL_USER=myusername +# export DEPLOY_CPANEL_AUTO_ENABLED='true' +# export DEPLOY_CPANEL_AUTO_NOMATCH='false' +# export DEPLOY_CPANEL_AUTO_INCLUDE='*' +# export DEPLOY_CPANEL_AUTO_EXCLUDE='' ######## Public functions ##################### #domain keyfile certfile cafile fullchain - cpanel_uapi_deploy() { _cdomain="$1" _ckey="$2" @@ -22,6 +33,9 @@ cpanel_uapi_deploy() { _cca="$4" _cfullchain="$5" + # re-declare vars inherited from acme.sh but not passed to make ShellCheck happy + : "${Le_Alt:=""}" + _debug _cdomain "$_cdomain" _debug _ckey "$_ckey" _debug _ccert "$_ccert" @@ -32,31 +46,166 @@ cpanel_uapi_deploy() { _err "The command uapi is not found." return 1 fi + + # declare useful constants + uapi_error_response='status: 0' + # read cert and key files and urlencode both _cert=$(_url_encode <"$_ccert") _key=$(_url_encode <"$_ckey") - _debug _cert "$_cert" - _debug _key "$_key" + _debug2 _cert "$_cert" + _debug2 _key "$_key" if [ "$(id -u)" = 0 ]; then - if [ -z "$DEPLOY_CPANEL_USER" ]; then + _getdeployconf DEPLOY_CPANEL_USER + # fallback to _readdomainconf for old installs + if [ -z "${DEPLOY_CPANEL_USER:=$(_readdomainconf DEPLOY_CPANEL_USER)}" ]; then _err "It seems that you are root, please define the target user name: export DEPLOY_CPANEL_USER=username" return 1 fi - _savedomainconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER" - _response=$(uapi --user="$DEPLOY_CPANEL_USER" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key") - else - _response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key") + _debug DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER" + _savedeployconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER" + + _uapi_user="$DEPLOY_CPANEL_USER" fi - error_response="status: 0" - if test "${_response#*$error_response}" != "$_response"; then - _err "Error in deploying certificate:" - _err "$_response" - return 1 + + # Load all AUTO envars and set defaults - see above for usage + __cpanel_initautoparam ENABLED 'true' + __cpanel_initautoparam NOMATCH 'false' + __cpanel_initautoparam INCLUDE '*' + __cpanel_initautoparam EXCLUDE '' + + # Auto mode + if [ "$DEPLOY_CPANEL_AUTO_ENABLED" = "true" ]; then + # call API for site config + _response=$(uapi DomainInfo list_domains) + # exit if error in response + if [ -z "$_response" ] || [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then + _err "Error in deploying certificate - cannot retrieve sitelist:" + _err "\n$_response" + return 1 + fi + + # parse response to create site list + sitelist=$(__cpanel_parse_response "$_response") + _debug "UAPI sites found: $sitelist" + + # filter sitelist using configured domains + # skip if NOMATCH is "true" + if [ "$DEPLOY_CPANEL_AUTO_NOMATCH" = "true" ]; then + _debug "DEPLOY_CPANEL_AUTO_NOMATCH is true" + _info "UAPI nomatch mode is enabled - Will not validate sites are valid for the certificate" + else + _debug "DEPLOY_CPANEL_AUTO_NOMATCH is false" + d="$(echo "${Le_Alt}," | sed -e "s/^$_cdomain,//" -e "s/,$_cdomain,/,/")" + d="$(echo "$_cdomain,$d" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\[\^\.\]\*/g')" + sitelist="$(echo "$sitelist" | grep -ix "$d")" + _debug2 "Matched UAPI sites: $sitelist" + fi + + # filter sites that do not match $DEPLOY_CPANEL_AUTO_INCLUDE + _info "Applying sitelist filter DEPLOY_CPANEL_AUTO_INCLUDE: $DEPLOY_CPANEL_AUTO_INCLUDE" + sitelist="$(echo "$sitelist" | grep -ix "$(echo "$DEPLOY_CPANEL_AUTO_INCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")" + _debug2 "Remaining sites: $sitelist" + + # filter sites that match $DEPLOY_CPANEL_AUTO_EXCLUDE + _info "Applying sitelist filter DEPLOY_CPANEL_AUTO_EXCLUDE: $DEPLOY_CPANEL_AUTO_EXCLUDE" + sitelist="$(echo "$sitelist" | grep -vix "$(echo "$DEPLOY_CPANEL_AUTO_EXCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")" + _debug2 "Remaining sites: $sitelist" + + # counter for success / failure check + successes=0 + if [ -n "$sitelist" ]; then + sitetotal="$(echo "$sitelist" | wc -l)" + _debug "$sitetotal sites to deploy" + else + sitetotal=0 + _debug "No sites to deploy" + fi + + # for each site: call uapi to publish cert and log result. Only return failure if all fail + for site in $sitelist; do + # call uapi to publish cert, check response for errors and log them. + if [ -n "$_uapi_user" ]; then + _response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$site" cert="$_cert" key="$_key") + else + _response=$(uapi SSL install_ssl domain="$site" cert="$_cert" key="$_key") + fi + if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then + _err "Error in deploying certificate to $site:" + _err "$_response" + else + successes=$((successes + 1)) + _debug "$_response" + _info "Succcessfully deployed to $site" + fi + done + + # Raise error if all updates fail + if [ "$sitetotal" -gt 0 ] && [ "$successes" -eq 0 ]; then + _err "Could not deploy to any of $sitetotal sites via UAPI" + _debug "successes: $successes, sitetotal: $sitetotal" + return 1 + fi + + _info "Successfully deployed certificate to $successes of $sitetotal sites via UAPI" + return 0 + else + # "classic" mode - will only try to deploy to the primary domain; will not check UAPI first + if [ -n "$_uapi_user" ]; then + _response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key") + else + _response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key") + fi + + if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then + _err "Error in deploying certificate:" + _err "$_response" + return 1 + fi + + _debug response "$_response" + _info "Certificate successfully deployed" + return 0 fi +} + +######## Private functions ##################### + +# Internal utility to process YML from UAPI - only looks at main_domain and sub_domains +#[response] +__cpanel_parse_response() { + if [ $# -gt 0 ]; then resp="$*"; else resp="$(cat)"; fi + + echo "$resp" | + sed -En \ + -e 's/\r$//' \ + -e 's/^( *)([_.[:alnum:]]+) *: *(.*)/\1,\2,\3/p' \ + -e 's/^( *)- (.*)/\1,-,\2/p' | + awk -F, '{ + level = length($1)/2; + section[level] = $2; + for (i in section) {if (i > level) {delete section[i]}} + if (length($3) > 0) { + prefix=""; + for (i=0; i < level; i++) + { prefix = (prefix)(section[i])("/") } + printf("%s%s=%s\n", prefix, $2, $3); + } + }' | + sed -En -e 's/^result\/data\/(main_domain|sub_domains\/-)=(.*)$/\2/p' +} + +# Load parameter by prefix+name - fallback to default if not set, and save to config +#pname pdefault +__cpanel_initautoparam() { + pname="$1" + pdefault="$2" + pkey="DEPLOY_CPANEL_AUTO_$pname" - _debug response "$_response" - _info "Certificate successfully deployed" - return 0 + _getdeployconf "$pkey" + [ -n "$(eval echo "\"\$$pkey\"")" ] || eval "$pkey=\"$pdefault\"" + _debug2 "$pkey" "$(eval echo "\"\$$pkey\"")" + _savedeployconf "$pkey" "$(eval echo "\"\$$pkey\"")" } From 5fbaeda217592501446892b94efd97df6833632d Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 18 Aug 2022 19:48:09 +0800 Subject: [PATCH 0971/1526] Update dns_la.sh --- dnsapi/dns_la.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh index 921da473..6d495e0a 100644 --- a/dnsapi/dns_la.sh +++ b/dnsapi/dns_la.sh @@ -97,7 +97,7 @@ add_record() { # _domain_id=sdjkglgdfewsdfg _get_root() { domain=$1 - i=2 + i=1 p=1 while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) From 70351677a144ef374d6ca424d5b7df13c8af0b69 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 18 Aug 2022 20:30:11 +0800 Subject: [PATCH 0972/1526] add concurrency --- .github/workflows/DNS.yml | 3 +++ .github/workflows/DragonFlyBSD.yml | 6 ++++++ .github/workflows/FreeBSD.yml | 5 +++++ .github/workflows/Linux.yml | 6 ++++++ .github/workflows/MacOS.yml | 5 +++++ .github/workflows/NetBSD.yml | 6 ++++++ .github/workflows/OpenBSD.yml | 5 +++++ .github/workflows/PebbleStrict.yml | 7 +++++++ .github/workflows/Solaris.yml | 5 +++++ .github/workflows/Ubuntu.yml | 5 +++++ .github/workflows/Windows.yml | 5 +++++ .github/workflows/dockerhub.yml | 6 +++++- .github/workflows/shellcheck.yml | 5 +++++ 13 files changed, 68 insertions(+), 1 deletion(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 04a8bd6d..8f487ff4 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -11,6 +11,9 @@ on: - 'dnsapi/*.sh' - '.github/workflows/DNS.yml' +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true jobs: CheckToken: diff --git a/.github/workflows/DragonFlyBSD.yml b/.github/workflows/DragonFlyBSD.yml index 76af8b30..ae953473 100644 --- a/.github/workflows/DragonFlyBSD.yml +++ b/.github/workflows/DragonFlyBSD.yml @@ -14,6 +14,12 @@ on: - '*.sh' - '.github/workflows/DragonFlyBSD.yml' +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + + + jobs: DragonFlyBSD: diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 414523d9..151f462c 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -14,6 +14,11 @@ on: - '*.sh' - '.github/workflows/FreeBSD.yml' +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + + jobs: FreeBSD: diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index c665652a..e532e1cb 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -15,6 +15,12 @@ on: - '.github/workflows/Linux.yml' +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + + + jobs: Linux: diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml index 8d52b3f6..34966144 100644 --- a/.github/workflows/MacOS.yml +++ b/.github/workflows/MacOS.yml @@ -14,6 +14,11 @@ on: - '*.sh' - '.github/workflows/MacOS.yml' +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + + jobs: MacOS: diff --git a/.github/workflows/NetBSD.yml b/.github/workflows/NetBSD.yml index 84bf96b8..53bb94d7 100644 --- a/.github/workflows/NetBSD.yml +++ b/.github/workflows/NetBSD.yml @@ -14,6 +14,12 @@ on: - '*.sh' - '.github/workflows/NetBSD.yml' +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + + + jobs: NetBSD: diff --git a/.github/workflows/OpenBSD.yml b/.github/workflows/OpenBSD.yml index 41844a89..698f86a3 100644 --- a/.github/workflows/OpenBSD.yml +++ b/.github/workflows/OpenBSD.yml @@ -14,6 +14,11 @@ on: - '*.sh' - '.github/workflows/OpenBSD.yml' +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + + jobs: OpenBSD: diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index 77512955..afd3a68f 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -13,6 +13,13 @@ on: - '*.sh' - '.github/workflows/PebbleStrict.yml' + +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + + + jobs: PebbleStrict: runs-on: ubuntu-latest diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 188352b1..12333ceb 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -15,6 +15,11 @@ on: - '.github/workflows/Solaris.yml' + +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + jobs: Solaris: strategy: diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 5f9fb74c..478adca9 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -14,6 +14,11 @@ on: - '*.sh' - '.github/workflows/Ubuntu.yml' +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + + jobs: Ubuntu: diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index 55d32519..b5a0a6ba 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -15,6 +15,11 @@ on: - '.github/workflows/Windows.yml' +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + + jobs: Windows: strategy: diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml index 0c3aec0a..bbda7550 100644 --- a/.github/workflows/dockerhub.yml +++ b/.github/workflows/dockerhub.yml @@ -11,7 +11,11 @@ on: - "Dockerfile" - '.github/workflows/dockerhub.yml' - +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + + jobs: CheckToken: runs-on: ubuntu-latest diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 940a187d..3c24d2b4 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -13,6 +13,11 @@ on: - '**.sh' - '.github/workflows/shellcheck.yml' +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + + jobs: ShellCheck: runs-on: ubuntu-latest From 039e4c662d5e9577707b0fba8f3208774258bfec Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 18 Aug 2022 21:10:38 +0800 Subject: [PATCH 0973/1526] rename the csr/key file if the cert is revoked. --- acme.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/acme.sh b/acme.sh index e8228e30..8a851fd4 100755 --- a/acme.sh +++ b/acme.sh @@ -6038,6 +6038,8 @@ revoke() { if [ -z "$response" ]; then _info "Revoke success." rm -f "$CERT_PATH" + cat "$CERT_KEY_PATH" >"$CERT_KEY_PATH.revoked" + cat "$CSR_PATH" >"$CSR_PATH.revoked" return 0 else _err "Revoke error by domain key." @@ -6054,6 +6056,8 @@ revoke() { if [ -z "$response" ]; then _info "Revoke success." rm -f "$CERT_PATH" + cat "$CERT_KEY_PATH" >"$CERT_KEY_PATH.revoked" + cat "$CSR_PATH" >"$CSR_PATH.revoked" return 0 else _err "Revoke error." From 2a05f24cb6df57c4faa1c992f0136ace5b493b6e Mon Sep 17 00:00:00 2001 From: stephen Date: Fri, 19 Aug 2022 11:12:16 +0800 Subject: [PATCH 0974/1526] Add dns.la api support Add dns.la api support --- dnsapi/dns_la.sh | 113 ++++++++++++++++++++++------------------------- 1 file changed, 53 insertions(+), 60 deletions(-) diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh index 6d495e0a..674df410 100644 --- a/dnsapi/dns_la.sh +++ b/dnsapi/dns_la.sh @@ -1,11 +1,12 @@ #!/usr/bin/env sh -# dns.la Domain api -# + #LA_Id="test123" -# #LA_Key="d1j2fdo4dee3948" -DNSLA_API="https://api.dns.la/api/" + +LA_Api="https://api.dns.la/api" + ######## Public functions ##################### + #Usage: dns_la_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_la_add() { fulldomain=$1 @@ -13,11 +14,11 @@ dns_la_add() { LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" + if [ -z "$LA_Id" ] || [ -z "$LA_Key" ]; then LA_Id="" LA_Key="" - _err "You don't specify dnsla api id and key yet." - _err "Please create your key and try again." + _err "You didn't specify a dnsla api id and key yet." return 1 fi @@ -25,13 +26,30 @@ dns_la_add() { _saveaccountconf_mutable LA_Id "$LA_Id" _saveaccountconf_mutable LA_Key "$LA_Key" - _debug "detect the root zone" + _debug "First detect the root zone" if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi - - add_record "$_domain" "$_sub_domain" "$txtvalue" + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _info "Adding record" + if _la_rest "record.ashx?cmd=create&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue&recordline="; then + if _contains "$response" '"resultid":'; then + _info "Added, OK" + return 0 + elif _contains "$response" '"code":532'; then + _info "Already exists, OK" + return 0 + else + _err "Add txt record error." + return 1 + fi + fi + _err "Add txt record error." + return 1 } @@ -48,45 +66,33 @@ dns_la_rm() { _err "invalid domain" return 1 fi + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" - if ! _rest GET "record.ashx?cmd=listn&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue"; then - _err "get record list error." + _debug "Getting txt records" + if ! _la_rest "record.ashx?cmd=listn&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue"; then + _err "Error" return 1 fi - if ! _contains "$response" "recordid"; then - _info "no need to remove record." + if ! _contains "$response" '"recordid":'; then + _info "Don't need to remove." return 0 fi - _record_id=$(printf "%s" "$response" | grep '"recordid":' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') - - _debug delete_rid "$_record_id" - if ! _rest GET "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$_record_id"; then - _err "record remove error." + record_id=$(printf "%s" "$response" | grep '"recordid":' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') + _debug "record_id" "$record_id" + if [ -z "$record_id" ]; then + _err "Can not get record id to remove." return 1 fi - - _contains "$response" "\"code\":300" -} - -#add the txt record. -#usage: root sub txtvalue -add_record() { - root=$1 - sub=$2 - txtvalue=$3 - fulldomain="$sub.$root" - - _info "adding txt record" - if ! _rest GET "record.ashx?cmd=create&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue&recordline="; then + if ! _la_rest "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$record_id"; then + _err "Delete record error." return 1 fi + _contains "$response" '"code":300' - if _contains "$response" "resultid" || _contains "$response" "\"code\":532"; then - return 0 - fi - return 1 } #################### Private functions below ################################## @@ -99,6 +105,7 @@ _get_root() { domain=$1 i=1 p=1 + while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) if [ -z "$h" ]; then @@ -106,18 +113,15 @@ _get_root() { return 1 fi - if ! _rest GET "domain.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domain=$h"; then + if ! _la_rest "domain.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domain=$h"; then return 1 fi - if _contains "$response" "\"code\":300"; then - _domain_id=$(printf "%s" "$response" | grep '"domainid"' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') - _debug _domain_id "$_domain_id" + if _contains "$response" '"domainid":'; then + _domain_id=$(printf "%s" "$response" | grep '"domainid":' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') if [ "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) - _debug _sub_domain "$_sub_domain" _domain="$h" - _debug _domain "$_domain" return 0 fi return 1 @@ -128,27 +132,16 @@ _get_root() { return 1 } -#Usage: method URI data -_rest() { - m="$1" - ep="$2" - data="$3" - _debug "$ep" - url="$DNSLA_API$ep" - - _debug url "$url" - - if [ "$m" = "GET" ]; then - response="$(_get "$url" | tr -d ' ' | tr "}" ",")" - else - _debug2 data "$data" - response="$(_post "$data" "$url" | tr -d ' ' | tr "}" ",")" - fi +#Usage: URI +_la_rest() { + url="$LA_Api/$1" + _debug "$url" - if [ "$?" != "0" ]; then - _err "error $ep" + if ! response="$(_get "$url" | tr -d ' ' | tr "}" ",")"; then + _err "Error: $url" return 1 fi + _debug2 response "$response" return 0 } From 71690604259b365d3028c4f31e6d9ee82f4d3034 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 20 Aug 2022 10:54:04 +0800 Subject: [PATCH 0975/1526] fix https://github.com/acmesh-official/acme.sh/issues/4248#issuecomment-1217378906 --- acme.sh | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 8a851fd4..428c016f 100755 --- a/acme.sh +++ b/acme.sh @@ -5200,11 +5200,25 @@ $_authorizations_map" _info "The domain is set to be valid to: $_valid_to" _info "It can not be renewed automatically" _info "See: $_VALIDITY_WIKI" + else + _now=$(_time) + _debug2 "_now" "$_now" + _lifetime=$(_math $Le_NextRenewTime - $_now) + _debug2 "_lifetime" "$_lifetime" + if [ $_lifetime -gt 86400 ]; then + #if lifetime is logner than one day, it will renew one day before + Le_NextRenewTime=$(_math $Le_NextRenewTime - 86400) + Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime") + else + #if lifetime is less than 24 hours, it will renew one hour before + Le_NextRenewTime=$(_math $Le_NextRenewTime - 3600) + Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime") + fi fi else Le_NextRenewTime=$(_math "$Le_CertCreateTime" + "$Le_RenewalDays" \* 24 \* 60 \* 60) - Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime") Le_NextRenewTime=$(_math "$Le_NextRenewTime" - 86400) + Le_NextRenewTimeStr=$(_time2str "$Le_NextRenewTime") fi _savedomainconf "Le_NextRenewTimeStr" "$Le_NextRenewTimeStr" _savedomainconf "Le_NextRenewTime" "$Le_NextRenewTime" From 8155ba522486cdcafb2e98ec294cfbad6431f1ae Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 20 Aug 2022 10:59:50 +0800 Subject: [PATCH 0976/1526] fix issue.yml --- .github/workflows/issue.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml index 20d3d5fd..ab1b43e9 100644 --- a/.github/workflows/issue.yml +++ b/.github/workflows/issue.yml @@ -14,11 +14,6 @@ jobs: issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, - body: ' - Please upgrade to the latest code and try again first. Maybe it's already fixed. - - `acme.sh --upgrade` - - If it's still not working, please provide the log with `--debug 2`, otherwise, nobody can help you.' + body: 'Please upgrade to the latest code and try again first. Maybe it's already fixed. ```acme.sh --upgrade``` If it's still not working, please provide the log with `--debug 2`, otherwise, nobody can help you.' }) \ No newline at end of file From 3dcacc1f8d01059ba310d22c129a91cfdd179479 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 20 Aug 2022 12:32:41 +0800 Subject: [PATCH 0977/1526] add pr_notify.yml --- .github/workflows/pr_notify.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/pr_notify.yml diff --git a/.github/workflows/pr_notify.yml b/.github/workflows/pr_notify.yml new file mode 100644 index 00000000..4844e297 --- /dev/null +++ b/.github/workflows/pr_notify.yml @@ -0,0 +1,30 @@ +name: Check dns api + +on: + pull_request_target: + types: + - opened + branches: + - 'dev' + paths: + - 'notify/*.sh' + + +jobs: + welcome: + runs-on: ubuntu-latest + steps: + - uses: actions/github-script@v6 + with: + script: | + await github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `**Welcome** + Please make sure you're read our [Code-of-conduct](../wiki/Code-of-conduct) and add the usage here: [notify](../wiki/notify). + Then reply on this message, otherwise, your code will not be reviewed or merged. + We look forward to reviewing your Pull request shortly ✨ + ` + }) + From dcf9c467c386e49c606aa98069f63efd8bc32309 Mon Sep 17 00:00:00 2001 From: Monius Date: Sat, 20 Aug 2022 19:37:51 +0800 Subject: [PATCH 0978/1526] fix issue, when profile not end with newline --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index e8228e30..aecef894 100755 --- a/acme.sh +++ b/acme.sh @@ -6371,7 +6371,7 @@ _installalias() { if [ "$_profile" ]; then _debug "Found profile: $_profile" _info "Installing alias to '$_profile'" - _setopt "$_profile" ". \"$_envfile\"" + _setopt "$_profile" "\n. \"$_envfile\"" _info "OK, Close and reopen your terminal to start using $PROJECT_NAME" else _info "No profile is found, you will need to go into $LE_WORKING_DIR to use $PROJECT_NAME" From f2634b44cdd4bc38cfd9838ca6cb2e975bd4c25a Mon Sep 17 00:00:00 2001 From: Monius Date: Sun, 21 Aug 2022 12:26:37 +0800 Subject: [PATCH 0979/1526] add EOF, if $__conf not end with one --- acme.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index aecef894..ec4f90b7 100755 --- a/acme.sh +++ b/acme.sh @@ -2239,7 +2239,11 @@ _setopt() { if [ ! -f "$__conf" ]; then touch "$__conf" fi - + if [ -n "$(tail -c 1 <"$__conf")" ]; then + _debug3 No New Line + echo >>"$__conf" + fi + if grep -n "^$__opt$__sep" "$__conf" >/dev/null; then _debug3 OK if _contains "$__val" "&"; then @@ -6371,7 +6375,7 @@ _installalias() { if [ "$_profile" ]; then _debug "Found profile: $_profile" _info "Installing alias to '$_profile'" - _setopt "$_profile" "\n. \"$_envfile\"" + _setopt "$_profile" ". \"$_envfile\"" _info "OK, Close and reopen your terminal to start using $PROJECT_NAME" else _info "No profile is found, you will need to go into $LE_WORKING_DIR to use $PROJECT_NAME" From 6502a71083de93cef288992b00f8d38f4d35c9a4 Mon Sep 17 00:00:00 2001 From: Monius Date: Mon, 22 Aug 2022 05:26:12 +0800 Subject: [PATCH 0980/1526] fix, but remove debug info --- acme.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/acme.sh b/acme.sh index ec4f90b7..882aaf03 100755 --- a/acme.sh +++ b/acme.sh @@ -2240,7 +2240,6 @@ _setopt() { touch "$__conf" fi if [ -n "$(tail -c 1 <"$__conf")" ]; then - _debug3 No New Line echo >>"$__conf" fi From 734c9a1aa5d697c9ae63a73326d2138ab4f60e65 Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Sun, 21 Aug 2022 14:29:16 +0200 Subject: [PATCH 0981/1526] Dns Challenge prefix removed. SELFHOSTDNS_MAP entries must be fullpath incl. prefix --- dnsapi/dns_selfhost.sh | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index b4284f51..628afe8d 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -4,8 +4,6 @@ # Report Bugs here: https://github.com/Marvo2011/acme.sh/issues/1 # Last Edit: 17.02.2022 -DNS_CHALLENGE_PREFIX_ESCAPED="_acme-challenge\." - dns_selfhost_add() { fulldomain=$1 txt=$2 @@ -33,16 +31,12 @@ dns_selfhost_add() { SELFHOSTDNS_LAST_SLOT=1 fi - # cut DNS_CHALLENGE_PREFIX_ESCAPED from fulldomain if present at the beginning of the string - lookupdomain=$(echo "$fulldomain" | sed "s/^$DNS_CHALLENGE_PREFIX_ESCAPED//") - _debug lookupdomain "$lookupdomain" - - # get the RID for lookupdomain or fulldomain from SELFHOSTDNS_MAP + # get the RID for fulldomain from SELFHOSTDNS_MAP # only match full domains (at the beginning of the string or with a leading whitespace), # e.g. don't match mytest.example.com or sub.test.example.com for test.example.com # replace the whole string with the RID (matching group 3) for assignment # if the domain is defined multiple times only the last occurance will be matched - rid=$(echo "$SELFHOSTDNS_MAP" | sed -E "s/(^|^.*[[:space:]])($lookupdomain:|$fulldomain:)([0-9][0-9]*)(.*)/\3/") + rid=$(echo "$SELFHOSTDNS_MAP" | sed -E "s/(^|^.*[[:space:]])($fulldomain:)([0-9][0-9]*)(.*)/\3/") if test -z "$rid"; then if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then From b9256a1ba727022ad02a0ef771df43303ee7ed85 Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Sun, 21 Aug 2022 23:23:47 +0200 Subject: [PATCH 0982/1526] changed from *deployconf to *domainconf --- dnsapi/dns_selfhost.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 628afe8d..4171cb3c 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -17,10 +17,10 @@ dns_selfhost_add() { SELFHOSTDNS_USERNAME="${SELFHOSTDNS_USERNAME:-$(_readaccountconf_mutable SELFHOSTDNS_USERNAME)}" SELFHOSTDNS_PASSWORD="${SELFHOSTDNS_PASSWORD:-$(_readaccountconf_mutable SELFHOSTDNS_PASSWORD)}" # These values are domain dependent, so read them from there - _getdeployconf SELFHOSTDNS_MAP - _getdeployconf SELFHOSTDNS_RID - _getdeployconf SELFHOSTDNS_RID2 - _getdeployconf SELFHOSTDNS_LAST_SLOT + SELFHOSTDNS_MAP="${SELFHOSTDNS_MAP:-$(_readdomainconf SELFHOSTDNS_MAP)}" + SELFHOSTDNS_RID="${SELFHOSTDNS_RID:-$(_readdomainconf SELFHOSTDNS_RID)}" + SELFHOSTDNS_RID2="${SELFHOSTDNS_RID2:-$(_readdomainconf SELFHOSTDNS_RID2)}" + SELFHOSTDNS_LAST_SLOT="${SELFHOSTDNS_LAST_SLOT:-$(_readdomainconf SELFHOSTDNS_LAST_SLOT)}" if [ -z "${SELFHOSTDNS_USERNAME:-}" ] || [ -z "${SELFHOSTDNS_PASSWORD:-}" ]; then _err "SELFHOSTDNS_USERNAME and SELFHOSTDNS_PASSWORD must be set" @@ -67,10 +67,10 @@ dns_selfhost_add() { _saveaccountconf_mutable SELFHOSTDNS_USERNAME "$SELFHOSTDNS_USERNAME" _saveaccountconf_mutable SELFHOSTDNS_PASSWORD "$SELFHOSTDNS_PASSWORD" # These values are domain dependent, so store them there - _savedeployconf SELFHOSTDNS_MAP "$SELFHOSTDNS_MAP" - _savedeployconf SELFHOSTDNS_RID "$SELFHOSTDNS_RID" - _savedeployconf SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" - _savedeployconf SELFHOSTDNS_LAST_SLOT "$SELFHOSTDNS_LAST_SLOT" + _savedomainconf SELFHOSTDNS_MAP "$SELFHOSTDNS_MAP" + _savedomainconf SELFHOSTDNS_RID "$SELFHOSTDNS_RID" + _savedomainconf SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" + _savedomainconf SELFHOSTDNS_LAST_SLOT "$SELFHOSTDNS_LAST_SLOT" } dns_selfhost_rm() { From 35ec3adadc82836918d9854fe671300c382e209c Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Mon, 22 Aug 2022 00:53:32 +0200 Subject: [PATCH 0983/1526] only use SELFHOSTDNS_MAP for configuration of RIDs. detect wildcard domain for use of additional RID --- dnsapi/dns_selfhost.sh | 45 +++++++++++++++++++----------------------- 1 file changed, 20 insertions(+), 25 deletions(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 4171cb3c..c63f81d7 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -10,6 +10,7 @@ dns_selfhost_add() { _info "Calling acme-dns on selfhost" _debug fulldomain "$fulldomain" _debug txtvalue "$txt" + _debug domain "$d" SELFHOSTDNS_UPDATE_URL="https://selfhost.de/cgi-bin/api.pl" @@ -18,39 +19,36 @@ dns_selfhost_add() { SELFHOSTDNS_PASSWORD="${SELFHOSTDNS_PASSWORD:-$(_readaccountconf_mutable SELFHOSTDNS_PASSWORD)}" # These values are domain dependent, so read them from there SELFHOSTDNS_MAP="${SELFHOSTDNS_MAP:-$(_readdomainconf SELFHOSTDNS_MAP)}" - SELFHOSTDNS_RID="${SELFHOSTDNS_RID:-$(_readdomainconf SELFHOSTDNS_RID)}" - SELFHOSTDNS_RID2="${SELFHOSTDNS_RID2:-$(_readdomainconf SELFHOSTDNS_RID2)}" - SELFHOSTDNS_LAST_SLOT="${SELFHOSTDNS_LAST_SLOT:-$(_readdomainconf SELFHOSTDNS_LAST_SLOT)}" if [ -z "${SELFHOSTDNS_USERNAME:-}" ] || [ -z "${SELFHOSTDNS_PASSWORD:-}" ]; then _err "SELFHOSTDNS_USERNAME and SELFHOSTDNS_PASSWORD must be set" return 1 fi - if test -z "$SELFHOSTDNS_LAST_SLOT"; then - SELFHOSTDNS_LAST_SLOT=1 - fi - - # get the RID for fulldomain from SELFHOSTDNS_MAP + # get the domain entry from SELFHOSTDNS_MAP # only match full domains (at the beginning of the string or with a leading whitespace), # e.g. don't match mytest.example.com or sub.test.example.com for test.example.com - # replace the whole string with the RID (matching group 3) for assignment # if the domain is defined multiple times only the last occurance will be matched - rid=$(echo "$SELFHOSTDNS_MAP" | sed -E "s/(^|^.*[[:space:]])($fulldomain:)([0-9][0-9]*)(.*)/\3/") - - if test -z "$rid"; then - if [ $SELFHOSTDNS_LAST_SLOT = "2" ]; then - rid=$SELFHOSTDNS_RID - SELFHOSTDNS_LAST_SLOT=1 - else - rid=$SELFHOSTDNS_RID2 - SELFHOSTDNS_LAST_SLOT=2 - fi + mapEntry=$(echo "$SELFHOSTDNS_MAP" | sed -n -E "s/(^|^.*[[:space:]])($fulldomain)(:[[:digit:]]+)([:]?[[:digit:]]*)(.*)/\2\3\4/p") + _debug mapEntry $mapEntry + if test -z "$mapEntry"; then + _err "SELFHOSTDNS_MAP must contain the fulldomain incl. prefix and at least one RID" + return 1 fi - if test -z "$rid"; then - _err "SELFHOSTDNS_RID and SELFHOSTDNS_RID2, or SELFHOSTDNS_MAP must be set" - return 1 + # get the RIDs from the map entry + rid1=$(echo "$mapEntry" | cut -d: -f2) + _debug rid1 $rid1 + rid2=$(echo "$mapEntry" | cut -d: -f3) + _debug rid2 $rid2 + + rid=$rid1 + # check for wildcard domain and use rid2 if set + if _startswith "$d" '*.'; then + _debug2 "wildcard domain" + if ! test -z "$rid2"; then + rid=$rid2 + fi fi _info "Trying to add $txt on selfhost for rid: $rid" @@ -68,9 +66,6 @@ dns_selfhost_add() { _saveaccountconf_mutable SELFHOSTDNS_PASSWORD "$SELFHOSTDNS_PASSWORD" # These values are domain dependent, so store them there _savedomainconf SELFHOSTDNS_MAP "$SELFHOSTDNS_MAP" - _savedomainconf SELFHOSTDNS_RID "$SELFHOSTDNS_RID" - _savedomainconf SELFHOSTDNS_RID2 "$SELFHOSTDNS_RID2" - _savedomainconf SELFHOSTDNS_LAST_SLOT "$SELFHOSTDNS_LAST_SLOT" } dns_selfhost_rm() { From 281951a86bed68de20ae1cec96bfbe24ef64e181 Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Mon, 22 Aug 2022 06:51:17 +0200 Subject: [PATCH 0984/1526] ShellCheck fixed --- dnsapi/dns_selfhost.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index c63f81d7..f8c8d314 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -30,7 +30,7 @@ dns_selfhost_add() { # e.g. don't match mytest.example.com or sub.test.example.com for test.example.com # if the domain is defined multiple times only the last occurance will be matched mapEntry=$(echo "$SELFHOSTDNS_MAP" | sed -n -E "s/(^|^.*[[:space:]])($fulldomain)(:[[:digit:]]+)([:]?[[:digit:]]*)(.*)/\2\3\4/p") - _debug mapEntry $mapEntry + _debug mapEntry "$mapEntry" if test -z "$mapEntry"; then _err "SELFHOSTDNS_MAP must contain the fulldomain incl. prefix and at least one RID" return 1 @@ -38,16 +38,16 @@ dns_selfhost_add() { # get the RIDs from the map entry rid1=$(echo "$mapEntry" | cut -d: -f2) - _debug rid1 $rid1 + _debug rid1 "$rid1" rid2=$(echo "$mapEntry" | cut -d: -f3) - _debug rid2 $rid2 + _debug rid2 "$rid2" rid=$rid1 # check for wildcard domain and use rid2 if set if _startswith "$d" '*.'; then _debug2 "wildcard domain" if ! test -z "$rid2"; then - rid=$rid2 + rid="$rid2" fi fi From 5a604bfdeec85bf0e578d73f57e7c6bb4ae91409 Mon Sep 17 00:00:00 2001 From: Monius Date: Mon, 22 Aug 2022 15:16:30 +0800 Subject: [PATCH 0985/1526] shfmt check? --- acme.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 882aaf03..11814b6e 100755 --- a/acme.sh +++ b/acme.sh @@ -2239,10 +2239,11 @@ _setopt() { if [ ! -f "$__conf" ]; then touch "$__conf" fi + if [ -n "$(tail -c 1 <"$__conf")" ]; then echo >>"$__conf" fi - + if grep -n "^$__opt$__sep" "$__conf" >/dev/null; then _debug3 OK if _contains "$__val" "&"; then From fc336e3733ba62250cf7c7c649b5dbf827e84322 Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Tue, 23 Aug 2022 00:04:41 +0200 Subject: [PATCH 0986/1526] fixed RID usage for wildcard domains --- dnsapi/dns_selfhost.sh | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index f8c8d314..d2d3cf60 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -10,7 +10,6 @@ dns_selfhost_add() { _info "Calling acme-dns on selfhost" _debug fulldomain "$fulldomain" _debug txtvalue "$txt" - _debug domain "$d" SELFHOSTDNS_UPDATE_URL="https://selfhost.de/cgi-bin/api.pl" @@ -19,6 +18,10 @@ dns_selfhost_add() { SELFHOSTDNS_PASSWORD="${SELFHOSTDNS_PASSWORD:-$(_readaccountconf_mutable SELFHOSTDNS_PASSWORD)}" # These values are domain dependent, so read them from there SELFHOSTDNS_MAP="${SELFHOSTDNS_MAP:-$(_readdomainconf SELFHOSTDNS_MAP)}" + # Selfhost api can't dynamically add TXT record, + # so we have to store the last used RID of the domain to support a second RID for wildcard domains + # (format: ';fulldomainA:lastRid;;fulldomainB:lastRid;...') + SELFHOSTDNS_MAP_LAST_USED_INTERNAL=$(_readdomainconf SELFHOSTDNS_MAP_LAST_USED_INTERNAL) if [ -z "${SELFHOSTDNS_USERNAME:-}" ] || [ -z "${SELFHOSTDNS_PASSWORD:-}" ]; then _err "SELFHOSTDNS_USERNAME and SELFHOSTDNS_PASSWORD must be set" @@ -30,7 +33,7 @@ dns_selfhost_add() { # e.g. don't match mytest.example.com or sub.test.example.com for test.example.com # if the domain is defined multiple times only the last occurance will be matched mapEntry=$(echo "$SELFHOSTDNS_MAP" | sed -n -E "s/(^|^.*[[:space:]])($fulldomain)(:[[:digit:]]+)([:]?[[:digit:]]*)(.*)/\2\3\4/p") - _debug mapEntry "$mapEntry" + _debug2 mapEntry "$mapEntry" if test -z "$mapEntry"; then _err "SELFHOSTDNS_MAP must contain the fulldomain incl. prefix and at least one RID" return 1 @@ -38,19 +41,27 @@ dns_selfhost_add() { # get the RIDs from the map entry rid1=$(echo "$mapEntry" | cut -d: -f2) - _debug rid1 "$rid1" rid2=$(echo "$mapEntry" | cut -d: -f3) - _debug rid2 "$rid2" - rid=$rid1 - # check for wildcard domain and use rid2 if set - if _startswith "$d" '*.'; then - _debug2 "wildcard domain" - if ! test -z "$rid2"; then - rid="$rid2" - fi + # read last used rid domain + lastUsedRidForDomainEntry=$(echo "$SELFHOSTDNS_MAP_LAST_USED_INTERNAL" | sed -n -E "s/.*(;$fulldomain:[[:digit:]]+;).*/\1/p") + _debug2 lastUsedRidForDomainEntry "$lastUsedRidForDomainEntry" + lastUsedRidForDomain=$(echo "$lastUsedRidForDomainEntry" | tr -d ";" | cut -d: -f2) + + rid="$rid1" + if [ "$lastUsedRidForDomain" = "$rid" ] && ! test -z "$rid2"; then + rid="$rid2" + fi + + if ! test -z "$lastUsedRidForDomainEntry"; then + # replace last used rid entry for domain + SELFHOSTDNS_MAP_LAST_USED_INTERNAL=$(echo "$SELFHOSTDNS_MAP_LAST_USED_INTERNAL" | sed -n -E "s/$lastUsedRidForDomainEntry/;$fulldomain:$rid;/p") + else + # add last used rid entry for domain + SELFHOSTDNS_MAP_LAST_USED_INTERNAL="$SELFHOSTDNS_MAP_LAST_USED_INTERNAL"";$fulldomain:$rid;" fi + _info "Trying to add $txt on selfhost for rid: $rid" data="?username=$SELFHOSTDNS_USERNAME&password=$SELFHOSTDNS_PASSWORD&rid=$rid&content=$txt" @@ -66,6 +77,7 @@ dns_selfhost_add() { _saveaccountconf_mutable SELFHOSTDNS_PASSWORD "$SELFHOSTDNS_PASSWORD" # These values are domain dependent, so store them there _savedomainconf SELFHOSTDNS_MAP "$SELFHOSTDNS_MAP" + _savedomainconf SELFHOSTDNS_MAP_LAST_USED_INTERNAL "$SELFHOSTDNS_MAP_LAST_USED_INTERNAL" } dns_selfhost_rm() { From c94f9f21afcbc5f3e7f05545c95c6c278236df83 Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Tue, 23 Aug 2022 00:28:52 +0200 Subject: [PATCH 0987/1526] fixed shfmt --- dnsapi/dns_selfhost.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index d2d3cf60..ea301788 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -18,7 +18,7 @@ dns_selfhost_add() { SELFHOSTDNS_PASSWORD="${SELFHOSTDNS_PASSWORD:-$(_readaccountconf_mutable SELFHOSTDNS_PASSWORD)}" # These values are domain dependent, so read them from there SELFHOSTDNS_MAP="${SELFHOSTDNS_MAP:-$(_readdomainconf SELFHOSTDNS_MAP)}" - # Selfhost api can't dynamically add TXT record, + # Selfhost api can't dynamically add TXT record, # so we have to store the last used RID of the domain to support a second RID for wildcard domains # (format: ';fulldomainA:lastRid;;fulldomainB:lastRid;...') SELFHOSTDNS_MAP_LAST_USED_INTERNAL=$(_readdomainconf SELFHOSTDNS_MAP_LAST_USED_INTERNAL) @@ -56,12 +56,11 @@ dns_selfhost_add() { if ! test -z "$lastUsedRidForDomainEntry"; then # replace last used rid entry for domain SELFHOSTDNS_MAP_LAST_USED_INTERNAL=$(echo "$SELFHOSTDNS_MAP_LAST_USED_INTERNAL" | sed -n -E "s/$lastUsedRidForDomainEntry/;$fulldomain:$rid;/p") - else + else # add last used rid entry for domain SELFHOSTDNS_MAP_LAST_USED_INTERNAL="$SELFHOSTDNS_MAP_LAST_USED_INTERNAL"";$fulldomain:$rid;" fi - _info "Trying to add $txt on selfhost for rid: $rid" data="?username=$SELFHOSTDNS_USERNAME&password=$SELFHOSTDNS_PASSWORD&rid=$rid&content=$txt" From b95f836256ca2c7b57d74c1a4a9b524fc92255bc Mon Sep 17 00:00:00 2001 From: Monius Date: Tue, 23 Aug 2022 06:30:09 +0800 Subject: [PATCH 0988/1526] final try --- acme.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/acme.sh b/acme.sh index 11814b6e..bb6863c7 100755 --- a/acme.sh +++ b/acme.sh @@ -2239,7 +2239,6 @@ _setopt() { if [ ! -f "$__conf" ]; then touch "$__conf" fi - if [ -n "$(tail -c 1 <"$__conf")" ]; then echo >>"$__conf" fi From 2304f005e3ec70a56153adf8efba489b9d361c79 Mon Sep 17 00:00:00 2001 From: Hobby-Student <6012744+Hobby-Student@users.noreply.github.com> Date: Tue, 23 Aug 2022 12:41:42 +0200 Subject: [PATCH 0989/1526] better error handling --- dnsapi/dns_kas.sh | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_kas.sh b/dnsapi/dns_kas.sh index 6bb0823e..43990824 100755 --- a/dnsapi/dns_kas.sh +++ b/dnsapi/dns_kas.sh @@ -8,12 +8,12 @@ # - $KAS_Authtype (Kasserver API auth type. Default: plain) # - $KAS_Authdata (Kasserver API auth data.) # -# Author: squared GmbH +# Last update: squared GmbH # Credits: -# Inspired by dns_he.sh. Thanks a lot man! -# Previous version by Martin Kammerlander, Phlegx Systems OG -# Previous update by Marc-Oliver Lange -# KASAPI SOAP guideline by https://github.com/o1oo11oo/kasapi.sh +# - dns_he.sh. Thanks a lot man! +# - Martin Kammerlander, Phlegx Systems OG +# - Marc-Oliver Lange +# - https://github.com/o1oo11oo/kasapi.sh ######################################################################## KAS_Api_GET="$(_get "https://kasapi.kasserver.com/soap/wsdl/KasApi.wsdl")" KAS_Api="$(echo "$KAS_Api_GET" | tr -d ' ' | grep -i "//g")" @@ -31,13 +31,13 @@ dns_kas_add() { _txtvalue=$2 _info "[KAS] -> Using DNS-01 All-inkl/Kasserver hook" + _info "[KAS] -> Check and Save Props" + _check_and_save + _info "[KAS] -> Adding $_fulldomain DNS TXT entry on all-inkl.com/Kasserver" _info "[KAS] -> Retriving Credential Token" _get_credential_token - _info "[KAS] -> Check and Save Props" - _check_and_save - _info "[KAS] -> Checking Zone and Record_Name" _get_zone_and_record_name "$_fulldomain" @@ -90,14 +90,14 @@ dns_kas_rm() { _txtvalue=$2 _info "[KAS] -> Using DNS-01 All-inkl/Kasserver hook" + _info "[KAS] -> Check and Save Props" + _check_and_save + _info "[KAS] -> Cleaning up after All-inkl/Kasserver hook" _info "[KAS] -> Removing $_fulldomain DNS TXT entry on All-inkl/Kasserver" _info "[KAS] -> Retriving Credential Token" _get_credential_token - _info "[KAS] -> Check and Save Props" - _check_and_save - _info "[KAS] -> Checking Zone and Record_Name" _get_zone_and_record_name "$_fulldomain" @@ -239,6 +239,15 @@ _get_credential_token() { response="$(_post "$data" "$KAS_Auth" "" "POST" "$contentType")" _debug2 "[KAS] -> Response" "$response" + if [ -z "$response" ]; then + _info "[KAS] -> Response was empty, please check manually." + return 1 + elif _contains "$response" ""; then + faultstring="$(echo "$response" | tr -d '\n\r' | sed "s//\n=> /g" | sed "s/<\/faultstring>/\n/g" | grep "=>" | sed "s/=> //g")" + _err "[KAS] -> Could not retrieve login token or antoher error =>$faultstring<= occurred, please check manually." + return 1 + fi + _credential_token="$(echo "$response" | tr '\n' ' ' | sed 's/.*return xsi:type="xsd:string">\(.*\)<\/return>/\1/' | sed 's/<\/ns1:KasAuthResponse\(.*\)Envelope>.*//')" _debug "[KAS] -> Credential Token: " "$_credential_token" return 0 From f9c2874c3544b23e99b417fd90cb19e179b83180 Mon Sep 17 00:00:00 2001 From: Hobby-Student <6012744+Hobby-Student@users.noreply.github.com> Date: Tue, 23 Aug 2022 13:30:04 +0200 Subject: [PATCH 0990/1526] removed unnecessary white space in empty line --- dnsapi/dns_kas.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_kas.sh b/dnsapi/dns_kas.sh index 43990824..053abd21 100755 --- a/dnsapi/dns_kas.sh +++ b/dnsapi/dns_kas.sh @@ -33,7 +33,7 @@ dns_kas_add() { _info "[KAS] -> Using DNS-01 All-inkl/Kasserver hook" _info "[KAS] -> Check and Save Props" _check_and_save - + _info "[KAS] -> Adding $_fulldomain DNS TXT entry on all-inkl.com/Kasserver" _info "[KAS] -> Retriving Credential Token" _get_credential_token From b888792940367d8860b7d780c7c31a2d72028052 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 23 Aug 2022 22:15:50 +0800 Subject: [PATCH 0991/1526] fix concurrency --- .github/workflows/DNS.yml | 2 +- .github/workflows/DragonFlyBSD.yml | 2 +- .github/workflows/FreeBSD.yml | 2 +- .github/workflows/Linux.yml | 2 +- .github/workflows/MacOS.yml | 2 +- .github/workflows/NetBSD.yml | 2 +- .github/workflows/OpenBSD.yml | 2 +- .github/workflows/PebbleStrict.yml | 2 +- .github/workflows/Solaris.yml | 2 +- .github/workflows/Ubuntu.yml | 2 +- .github/workflows/Windows.yml | 2 +- .github/workflows/dockerhub.yml | 2 +- .github/workflows/shellcheck.yml | 2 +- 13 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 8f487ff4..057972f6 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -12,7 +12,7 @@ on: - '.github/workflows/DNS.yml' concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: diff --git a/.github/workflows/DragonFlyBSD.yml b/.github/workflows/DragonFlyBSD.yml index ae953473..8581db47 100644 --- a/.github/workflows/DragonFlyBSD.yml +++ b/.github/workflows/DragonFlyBSD.yml @@ -15,7 +15,7 @@ on: - '.github/workflows/DragonFlyBSD.yml' concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index 151f462c..795ddc75 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -15,7 +15,7 @@ on: - '.github/workflows/FreeBSD.yml' concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index e532e1cb..238b3016 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -16,7 +16,7 @@ on: concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml index 34966144..69fb09f7 100644 --- a/.github/workflows/MacOS.yml +++ b/.github/workflows/MacOS.yml @@ -15,7 +15,7 @@ on: - '.github/workflows/MacOS.yml' concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/NetBSD.yml b/.github/workflows/NetBSD.yml index 53bb94d7..10952778 100644 --- a/.github/workflows/NetBSD.yml +++ b/.github/workflows/NetBSD.yml @@ -15,7 +15,7 @@ on: - '.github/workflows/NetBSD.yml' concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/OpenBSD.yml b/.github/workflows/OpenBSD.yml index 698f86a3..9c21daa1 100644 --- a/.github/workflows/OpenBSD.yml +++ b/.github/workflows/OpenBSD.yml @@ -15,7 +15,7 @@ on: - '.github/workflows/OpenBSD.yml' concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/PebbleStrict.yml b/.github/workflows/PebbleStrict.yml index afd3a68f..7417b8b0 100644 --- a/.github/workflows/PebbleStrict.yml +++ b/.github/workflows/PebbleStrict.yml @@ -15,7 +15,7 @@ on: concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index 12333ceb..3a86d3dc 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -17,7 +17,7 @@ on: concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 478adca9..664ba92c 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -15,7 +15,7 @@ on: - '.github/workflows/Ubuntu.yml' concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index b5a0a6ba..3b7bf2eb 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -16,7 +16,7 @@ on: concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/dockerhub.yml b/.github/workflows/dockerhub.yml index bbda7550..4d9f34b3 100644 --- a/.github/workflows/dockerhub.yml +++ b/.github/workflows/dockerhub.yml @@ -12,7 +12,7 @@ on: - '.github/workflows/dockerhub.yml' concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 3c24d2b4..d628ea93 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -14,7 +14,7 @@ on: - '.github/workflows/shellcheck.yml' concurrency: - group: ${{ github.workflow }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true From 238ecfc53956e71a00603c7c1204ba75aecce425 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 23 Aug 2022 22:19:10 +0800 Subject: [PATCH 0992/1526] fix issue message --- .github/workflows/issue.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml index ab1b43e9..e92b0411 100644 --- a/.github/workflows/issue.yml +++ b/.github/workflows/issue.yml @@ -14,6 +14,6 @@ jobs: issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, - body: 'Please upgrade to the latest code and try again first. Maybe it's already fixed. ```acme.sh --upgrade``` If it's still not working, please provide the log with `--debug 2`, otherwise, nobody can help you.' + body: "Please upgrade to the latest code and try again first. Maybe it's already fixed. ```acme.sh --upgrade``` If it's still not working, please provide the log with `--debug 2`, otherwise, nobody can help you." }) \ No newline at end of file From ec53b27dfe7bcc030c4e4e6613a7bb902eac018f Mon Sep 17 00:00:00 2001 From: Viktor Sokhan Date: Wed, 24 Aug 2022 13:48:10 +0700 Subject: [PATCH 0993/1526] Add dns_yc.sh --- dnsapi/dns_yc.sh | 259 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 259 insertions(+) create mode 100644 dnsapi/dns_yc.sh diff --git a/dnsapi/dns_yc.sh b/dnsapi/dns_yc.sh new file mode 100644 index 00000000..74a605b5 --- /dev/null +++ b/dnsapi/dns_yc.sh @@ -0,0 +1,259 @@ +#!/usr/bin/env sh + +#YC_Zone_ID="" # DNS Zone ID +#YC_Folder_ID="" # YC Folder ID +#YC_SA_ID="" # Service Account ID +#YC_SA_Key_ID="" # Service Account IAM Key ID +#YC_SA_Key_File_Path="/path/to/private.key" # Path to private.key use instead of PEM +#YC_SA_Key_File_PEM="" # Content of private.key use instead of Path +YC_Api="https://dns.api.cloud.yandex.net/dns/v1" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_yc_add() { + fulldomain="$(echo "$1". | _lower_case)" # Add dot at end of domain name + txtvalue=$2 + + if ["$YC_SA_Key_File_PEM"]; then + YC_SA_Key_File="<(echo '$YC_SA_Key_File_PEM')" + else + YC_SA_Key_File=$YC_SA_Key_File_Path + fi + + YC_Zone_ID="${YC_Zone_ID:-$(_readaccountconf_mutable YC_Zone_ID)}" + YC_Folder_ID="${YC_Folder_ID:-$(_readaccountconf_mutable YC_Folder_ID)}" + YC_SA_ID="${YC_SA_ID:-$(_readaccountconf_mutable YC_SA_ID)}" + YC_SA_Key_ID="${YC_SA_Key_ID:-$(_readaccountconf_mutable YC_SA_Key_ID)}" + YC_SA_Key_File="${YC_SA_Key_File:-$(_readaccountconf_mutable YC_SA_Key_File)}" + + if [ "$YC_SA_ID" ] && [ "$YC_SA_Key_ID" ] && [ "$YC_SA_Key_File" ]; then + if [ -f "$YC_SA_Key_File" ]; then + if _isRSA "$YC_SA_Key_File" >/dev/null 2>&1; then + if [ "$YC_Zone_ID" ]; then + _savedomainconf YC_Zone_ID "$YC_Zone_ID" + _savedomainconf YC_SA_ID "$YC_SA_ID" + _savedomainconf YC_SA_Key_ID "$YC_SA_Key_ID" + _savedomainconf YC_SA_Key_File "$YC_SA_Key_File" + elif [ "$YC_Folder_ID" ]; then + _savedomainconf YC_Folder_ID "$YC_Folder_ID" + _saveaccountconf_mutable YC_SA_ID "$YC_SA_ID" + _saveaccountconf_mutable YC_SA_Key_ID "$YC_SA_Key_ID" + _saveaccountconf_mutable YC_SA_Key_File "$YC_SA_Key_File" + _clearaccountconf_mutable YC_Zone_ID + _clearaccountconf YC_Zone_ID + else + _err "You didn't specify a Yandex Cloud Zone ID or Folder ID yet." + return 1 + fi + else + _err "YC_SA_Key_File not a RSA file(_isRSA function return false)." + return 1 + fi + else + _err "YC_SA_Key_File not found in path $YC_SA_Key_File." + return 1 + fi + else + _clearaccountconf YC_Zone_ID + _clearaccountconf YC_Folder_ID + _clearaccountconf YC_SA_ID + _clearaccountconf YC_SA_Key_ID + _clearaccountconf YC_SA_Key_File + _err "You didn't specify a YC_SA_ID or YC_SA_Key_ID or YC_SA_Key_File." + return 1 + fi + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + if ! _yc_rest GET "zones/${_domain_id}:getRecordSet?type=TXT&name=$_sub_domain"; then + _err "Error: $response" + return 1 + fi + + _info "Adding record" + if _yc_rest POST "zones/$_domain_id:upsertRecordSets" "{\"merges\": [ { \"name\":\"$_sub_domain\",\"type\":\"TXT\",\"ttl\":\"120\",\"data\":[\"$txtvalue\"]}]}"; then + if _contains "$response" "\"done\": true"; then + _info "Added, OK" + return 0 + else + _err "Add txt record error." + return 1 + fi + fi + _err "Add txt record error." + return 1 + +} + +#fulldomain txtvalue +dns_yc_rm() { + fulldomain="$(echo "$1". | _lower_case)" # Add dot at end of domain name + txtvalue=$2 + + YC_Zone_ID="${YC_Zone_ID:-$(_readaccountconf_mutable YC_Zone_ID)}" + YC_Folder_ID="${YC_Folder_ID:-$(_readaccountconf_mutable YC_Folder_ID)}" + YC_SA_ID="${YC_SA_ID:-$(_readaccountconf_mutable YC_SA_ID)}" + YC_SA_Key_ID="${YC_SA_Key_ID:-$(_readaccountconf_mutable YC_SA_Key_ID)}" + YC_SA_Key_File="${YC_SA_Key_File:-$(_readaccountconf_mutable YC_SA_Key_File)}" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + if _yc_rest GET "zones/${_domain_id}:getRecordSet?type=TXT&name=$_sub_domain"; then + exists_txtvalue=$(echo "$response" | _normalizeJson | _egrep_o "\"data\".*\][^,]*" | _egrep_o "[^:]*$") + _debug exists_txtvalue "$exists_txtvalue" + else + _err "Error: $response" + return 1 + fi + + if _yc_rest POST "zones/$_domain_id:updateRecordSets" "{\"deletions\": [ { \"name\":\"$_sub_domain\",\"type\":\"TXT\",\"ttl\":\"120\",\"data\":$exists_txtvalue}]}"; then + if _contains "$response" "\"done\": true"; then + _info "Delete, OK" + return 0 + else + _err "Delete record error." + return 1 + fi + fi + _err "Delete record error." + return 1 +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=1 + p=1 + + # Use Zone ID directly if provided + if [ "$YC_Zone_ID" ]; then + if ! _yc_rest GET "zones/$YC_Zone_ID"; then + return 1 + else + if echo "$response" | tr -d " " | grep \"id\":\"$YC_Zone_ID\" >/dev/null; then + _domain=$(echo "$response" | _egrep_o "\"zone\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") + if [ "$_domain" ]; then + _cutlength=$((${#domain} - ${#_domain})) + _sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cutlength") + _domain_id=$YC_Zone_ID + return 0 + else + return 1 + fi + else + return 1 + fi + fi + fi + + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + if [ "$YC_Folder_ID" ]; then + if ! _yc_rest GET "zones?folderId=$YC_Folder_ID"; then + return 1 + fi + else + echo "You didn't specify a Yandex Cloud Folder ID." + return 1 + fi + if _contains "$response" "\"zone\": \"$h\""; then + _domain_id=$(echo "$response" | _normalizeJson | _egrep_o "[^{]*\"zone\":\"$h\"[^}]*" | _egrep_o "\"id\"[^,]*" | _egrep_o "[^:]*$" | tr -d '"') + _debug _domain_id "$_domain_id" + if [ "$_domain_id" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain=$h + return 0 + fi + return 1 + fi + p=$i + i=$(_math "$i" + 1) + done + return 1 +} + +_yc_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + if [ ! "$YC_Token" ]; then + _debug "Login" + _yc_login + else + _debug "Token already exists. Skip Login." + fi + + token_trimmed=$(echo "$YC_Token" | tr -d '"') + + export _H1="Content-Type: application/json" + export _H2="Authorization: Bearer $token_trimmed" + + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$YC_Api/$ep" "" "$m")" + else + response="$(_get "$YC_Api/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} + +_yc_login() { + header=$(echo "{\"typ\":\"JWT\",\"alg\":\"PS256\",\"kid\":\"$YC_SA_Key_ID\"}" | _normalizeJson | _base64 | _url_replace) + _debug header "$header" + + _current_timestamp=$(_time) + _expire_timestamp=$(_math $_current_timestamp + 1200) # 20 minutes + payload=$(echo "{\"iss\":\"$YC_SA_ID\",\"aud\":\"https://iam.api.cloud.yandex.net/iam/v1/tokens\",\"iat\":$_current_timestamp,\"exp\":$_expire_timestamp}" | _normalizeJson | _base64 | _url_replace) + _debug payload "$payload" + + #signature=$(printf "%s.%s" "$header" "$payload" | ${ACME_OPENSSL_BIN:-openssl} dgst -sign "$YC_SA_Key_File -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1" | _base64 | _url_replace ) + _signature=$(printf "%s.%s" "$header" "$payload" | _sign "$YC_SA_Key_File" "sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1" | _url_replace) + _debug2 _signature "$_signature" + + _jwt=$(printf "{\"jwt\": \"%s.%s.%s\"}" "$header" "$payload" "$_signature") + _debug2 _jwt "$_jwt" + + export _H1="Content-Type: application/json" + _iam_response="$(_post "$_jwt" "https://iam.api.cloud.yandex.net/iam/v1/tokens" "" "POST")" + _debug3 _iam_response "$(echo "$_iam_response" | _normalizeJson)" + + YC_Token="$(echo "$_iam_response" | _normalizeJson | _egrep_o "\"iamToken\"[^,]*" | _egrep_o "[^:]*$" | tr -d '"')" + _debug3 YC_Token + + return 0 +} From 43503a20e571b354877a9246bc13c3514275cf20 Mon Sep 17 00:00:00 2001 From: Viktor Sokhan Date: Wed, 24 Aug 2022 14:12:57 +0700 Subject: [PATCH 0994/1526] Fix --- dnsapi/dns_yc.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_yc.sh b/dnsapi/dns_yc.sh index 74a605b5..9f9c3e5e 100644 --- a/dnsapi/dns_yc.sh +++ b/dnsapi/dns_yc.sh @@ -5,7 +5,7 @@ #YC_SA_ID="" # Service Account ID #YC_SA_Key_ID="" # Service Account IAM Key ID #YC_SA_Key_File_Path="/path/to/private.key" # Path to private.key use instead of PEM -#YC_SA_Key_File_PEM="" # Content of private.key use instead of Path +#YC_SA_Key_File_PEM_b64="" # Base64 content of private.key use instead of Path YC_Api="https://dns.api.cloud.yandex.net/dns/v1" ######## Public functions ##################### @@ -15,8 +15,8 @@ dns_yc_add() { fulldomain="$(echo "$1". | _lower_case)" # Add dot at end of domain name txtvalue=$2 - if ["$YC_SA_Key_File_PEM"]; then - YC_SA_Key_File="<(echo '$YC_SA_Key_File_PEM')" + if ["$YC_SA_Key_File_PEM_b64"]; then + YC_SA_Key_File="<(echo '$YC_SA_Key_File_PEM_b64' | _dbase64 )" else YC_SA_Key_File=$YC_SA_Key_File_Path fi From 90623142e16f1423ac1be1cd8bb1cbdc95ce03b1 Mon Sep 17 00:00:00 2001 From: Viktor Sokhan Date: Wed, 24 Aug 2022 16:40:27 +0700 Subject: [PATCH 0995/1526] Fix --- dnsapi/dns_yc.sh | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_yc.sh b/dnsapi/dns_yc.sh index 9f9c3e5e..bce9aa63 100644 --- a/dnsapi/dns_yc.sh +++ b/dnsapi/dns_yc.sh @@ -4,8 +4,8 @@ #YC_Folder_ID="" # YC Folder ID #YC_SA_ID="" # Service Account ID #YC_SA_Key_ID="" # Service Account IAM Key ID -#YC_SA_Key_File_Path="/path/to/private.key" # Path to private.key use instead of PEM -#YC_SA_Key_File_PEM_b64="" # Base64 content of private.key use instead of Path +#YC_SA_Key_File_Path="/path/to/private.key" # Path to private.key use instead of YC_SA_Key_File_PEM_b64 +#YC_SA_Key_File_PEM_b64="" # Base64 content of private.key use instead of YC_SA_Key_File_Path YC_Api="https://dns.api.cloud.yandex.net/dns/v1" ######## Public functions ##################### @@ -15,18 +15,23 @@ dns_yc_add() { fulldomain="$(echo "$1". | _lower_case)" # Add dot at end of domain name txtvalue=$2 - if ["$YC_SA_Key_File_PEM_b64"]; then - YC_SA_Key_File="<(echo '$YC_SA_Key_File_PEM_b64' | _dbase64 )" + YC_SA_Key_File_PEM_b64="${YC_SA_Key_File_PEM_b64:-$(_readaccountconf_mutable YC_SA_Key_File_PEM_b64)}" + YC_SA_Key_File_Path="${YC_SA_Key_File_Path:-$(_readaccountconf_mutable YC_SA_Key_File_Path)}" + + if [ "$YC_SA_Key_File_PEM_b64" ]; then + echo "$YC_SA_Key_File_PEM_b64" | _dbase64 > private.key + YC_SA_Key_File="private.key" + _savedomainconf YC_SA_Key_File_PEM_b64 "$YC_SA_Key_File_PEM_b64" else - YC_SA_Key_File=$YC_SA_Key_File_Path + YC_SA_Key_File="$YC_SA_Key_File_Path" + _savedomainconf YC_SA_Key_File_Path "$YC_SA_Key_File_Path" fi YC_Zone_ID="${YC_Zone_ID:-$(_readaccountconf_mutable YC_Zone_ID)}" YC_Folder_ID="${YC_Folder_ID:-$(_readaccountconf_mutable YC_Folder_ID)}" YC_SA_ID="${YC_SA_ID:-$(_readaccountconf_mutable YC_SA_ID)}" YC_SA_Key_ID="${YC_SA_Key_ID:-$(_readaccountconf_mutable YC_SA_Key_ID)}" - YC_SA_Key_File="${YC_SA_Key_File:-$(_readaccountconf_mutable YC_SA_Key_File)}" - + if [ "$YC_SA_ID" ] && [ "$YC_SA_Key_ID" ] && [ "$YC_SA_Key_File" ]; then if [ -f "$YC_SA_Key_File" ]; then if _isRSA "$YC_SA_Key_File" >/dev/null 2>&1; then @@ -34,12 +39,10 @@ dns_yc_add() { _savedomainconf YC_Zone_ID "$YC_Zone_ID" _savedomainconf YC_SA_ID "$YC_SA_ID" _savedomainconf YC_SA_Key_ID "$YC_SA_Key_ID" - _savedomainconf YC_SA_Key_File "$YC_SA_Key_File" elif [ "$YC_Folder_ID" ]; then _savedomainconf YC_Folder_ID "$YC_Folder_ID" _saveaccountconf_mutable YC_SA_ID "$YC_SA_ID" _saveaccountconf_mutable YC_SA_Key_ID "$YC_SA_Key_ID" - _saveaccountconf_mutable YC_SA_Key_File "$YC_SA_Key_File" _clearaccountconf_mutable YC_Zone_ID _clearaccountconf YC_Zone_ID else @@ -59,7 +62,8 @@ dns_yc_add() { _clearaccountconf YC_Folder_ID _clearaccountconf YC_SA_ID _clearaccountconf YC_SA_Key_ID - _clearaccountconf YC_SA_Key_File + _clearaccountconf YC_SA_Key_File_PEM_b64 + _clearaccountconf YC_SA_Key_File_Path _err "You didn't specify a YC_SA_ID or YC_SA_Key_ID or YC_SA_Key_File." return 1 fi @@ -103,7 +107,6 @@ dns_yc_rm() { YC_Folder_ID="${YC_Folder_ID:-$(_readaccountconf_mutable YC_Folder_ID)}" YC_SA_ID="${YC_SA_ID:-$(_readaccountconf_mutable YC_SA_ID)}" YC_SA_Key_ID="${YC_SA_Key_ID:-$(_readaccountconf_mutable YC_SA_Key_ID)}" - YC_SA_Key_File="${YC_SA_Key_File:-$(_readaccountconf_mutable YC_SA_Key_File)}" _debug "First detect the root zone" if ! _get_root "$fulldomain"; then @@ -244,6 +247,8 @@ _yc_login() { #signature=$(printf "%s.%s" "$header" "$payload" | ${ACME_OPENSSL_BIN:-openssl} dgst -sign "$YC_SA_Key_File -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1" | _base64 | _url_replace ) _signature=$(printf "%s.%s" "$header" "$payload" | _sign "$YC_SA_Key_File" "sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1" | _url_replace) _debug2 _signature "$_signature" + + rm -rf "$YC_SA_Key_File" _jwt=$(printf "{\"jwt\": \"%s.%s.%s\"}" "$header" "$payload" "$_signature") _debug2 _jwt "$_jwt" From 53117b2f4cead0b78b58242c21b44ff44bd062b9 Mon Sep 17 00:00:00 2001 From: Klaus Frank Date: Wed, 17 Aug 2022 16:48:02 +0200 Subject: [PATCH 0996/1526] Fix missing HTTP_HEADER for _get with wget Save http header to file for _get with wget. --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 428c016f..31a2cb03 100755 --- a/acme.sh +++ b/acme.sh @@ -2054,7 +2054,7 @@ _get() { if [ "$onlyheader" ]; then $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null "$url" 2>&1 | sed 's/^[ ]*//g' else - $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -O - "$url" + $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O - "$url" 2>"$HTTP_HEADER" fi ret=$? if [ "$ret" = "8" ]; then From 713b7338ea1a77c1ca33c46b6212b13914cf48dd Mon Sep 17 00:00:00 2001 From: Klaus Frank Date: Wed, 17 Aug 2022 20:01:02 +0200 Subject: [PATCH 0997/1526] demultiplex wget debug output --- acme.sh | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 31a2cb03..0130f004 100755 --- a/acme.sh +++ b/acme.sh @@ -1999,7 +1999,13 @@ _post() { if [ "$_ret" != "0" ]; then _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" fi - _sed_i "s/^ *//g" "$HTTP_HEADER" + if echo $_WGET | grep -q " -d " 2> /dev/null; then + # Demultiplex wget debug output + cat "$HTTP_HEADER" >&2 + _sed_i '/^[^[:space:]][^[:space:]]/d; /^[[:space:]]*$/d' "$HTTP_HEADER" + fi + # remove leading whitespaces from header to match curl format + _sed_i 's/^[[:space:]][[:space:]]//g' "$HTTP_HEADER" else _ret="$?" _err "Neither curl nor wget is found, can not do $httpmethod." @@ -2052,9 +2058,21 @@ _get() { fi _debug "_WGET" "$_WGET" if [ "$onlyheader" ]; then - $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null "$url" 2>&1 | sed 's/^[ ]*//g' + _wget_out = "$($_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null "$url" 2>&1)" + if echo $_WGET | grep -q " -d " 2> /dev/null; then + # Demultiplex wget debug output + echo "$_wget_out" >&2 + echo "$_wget_out" | sed '/^[^[:space:]][^[:space:]]/d; /^[[:space:]]*$/d; s/^[[:space:]][[:space:]]//g' - + fi else $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O - "$url" 2>"$HTTP_HEADER" + if echo $_WGET | grep -q " -d " 2> /dev/null; then + # Demultiplex wget debug output + cat "$HTTP_HEADER" >&2 + _sed_i '/^[^[:space:]][^[:space:]]/d; /^[[:space:]]*$/d' "$HTTP_HEADER" + fi + # remove leading whitespaces from header to match curl format + _sed_i 's/^[[:space:]][[:space:]]//g' "$HTTP_HEADER" fi ret=$? if [ "$ret" = "8" ]; then From 864315f6d19b12ec514698094c3dc987c0128d26 Mon Sep 17 00:00:00 2001 From: Klaus Frank Date: Sun, 21 Aug 2022 01:55:47 +0200 Subject: [PATCH 0998/1526] Use literal space Replace [[:space:]] with " " --- acme.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/acme.sh b/acme.sh index 0130f004..c9146d87 100755 --- a/acme.sh +++ b/acme.sh @@ -2002,10 +2002,10 @@ _post() { if echo $_WGET | grep -q " -d " 2> /dev/null; then # Demultiplex wget debug output cat "$HTTP_HEADER" >&2 - _sed_i '/^[^[:space:]][^[:space:]]/d; /^[[:space:]]*$/d' "$HTTP_HEADER" + _sed_i '/^[^ ][^ ]/d; /^ *$/d' "$HTTP_HEADER" fi # remove leading whitespaces from header to match curl format - _sed_i 's/^[[:space:]][[:space:]]//g' "$HTTP_HEADER" + _sed_i 's/^ //g' "$HTTP_HEADER" else _ret="$?" _err "Neither curl nor wget is found, can not do $httpmethod." @@ -2062,17 +2062,17 @@ _get() { if echo $_WGET | grep -q " -d " 2> /dev/null; then # Demultiplex wget debug output echo "$_wget_out" >&2 - echo "$_wget_out" | sed '/^[^[:space:]][^[:space:]]/d; /^[[:space:]]*$/d; s/^[[:space:]][[:space:]]//g' - + echo "$_wget_out" | sed '/^[^ ][^ ]/d; /^ *$/d; s/^ //g' - fi else $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O - "$url" 2>"$HTTP_HEADER" if echo $_WGET | grep -q " -d " 2> /dev/null; then # Demultiplex wget debug output cat "$HTTP_HEADER" >&2 - _sed_i '/^[^[:space:]][^[:space:]]/d; /^[[:space:]]*$/d' "$HTTP_HEADER" + _sed_i '/^[^ ][^ ]/d; /^ *$/d' "$HTTP_HEADER" fi # remove leading whitespaces from header to match curl format - _sed_i 's/^[[:space:]][[:space:]]//g' "$HTTP_HEADER" + _sed_i 's/^ //g' "$HTTP_HEADER" fi ret=$? if [ "$ret" = "8" ]; then From 4e5d4b969538094f2d3306a23c84c773e2717f08 Mon Sep 17 00:00:00 2001 From: Viktor Sokhan Date: Thu, 25 Aug 2022 13:43:06 +0700 Subject: [PATCH 0999/1526] Fix shellcheck and shfmt --- dnsapi/dns_yc.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_yc.sh b/dnsapi/dns_yc.sh index bce9aa63..ec3bbc87 100644 --- a/dnsapi/dns_yc.sh +++ b/dnsapi/dns_yc.sh @@ -19,7 +19,7 @@ dns_yc_add() { YC_SA_Key_File_Path="${YC_SA_Key_File_Path:-$(_readaccountconf_mutable YC_SA_Key_File_Path)}" if [ "$YC_SA_Key_File_PEM_b64" ]; then - echo "$YC_SA_Key_File_PEM_b64" | _dbase64 > private.key + echo "$YC_SA_Key_File_PEM_b64" | _dbase64 >private.key YC_SA_Key_File="private.key" _savedomainconf YC_SA_Key_File_PEM_b64 "$YC_SA_Key_File_PEM_b64" else @@ -155,7 +155,7 @@ _get_root() { if ! _yc_rest GET "zones/$YC_Zone_ID"; then return 1 else - if echo "$response" | tr -d " " | grep \"id\":\"$YC_Zone_ID\" >/dev/null; then + if echo "$response" | tr -d " " | _egrep_o "\"id\":\"$YC_Zone_ID\"" >/dev/null; then _domain=$(echo "$response" | _egrep_o "\"zone\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") if [ "$_domain" ]; then _cutlength=$((${#domain} - ${#_domain})) @@ -238,16 +238,16 @@ _yc_rest() { _yc_login() { header=$(echo "{\"typ\":\"JWT\",\"alg\":\"PS256\",\"kid\":\"$YC_SA_Key_ID\"}" | _normalizeJson | _base64 | _url_replace) _debug header "$header" - + _current_timestamp=$(_time) - _expire_timestamp=$(_math $_current_timestamp + 1200) # 20 minutes + _expire_timestamp=$(_math "$_current_timestamp" + 1200) # 20 minutes payload=$(echo "{\"iss\":\"$YC_SA_ID\",\"aud\":\"https://iam.api.cloud.yandex.net/iam/v1/tokens\",\"iat\":$_current_timestamp,\"exp\":$_expire_timestamp}" | _normalizeJson | _base64 | _url_replace) _debug payload "$payload" #signature=$(printf "%s.%s" "$header" "$payload" | ${ACME_OPENSSL_BIN:-openssl} dgst -sign "$YC_SA_Key_File -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1" | _base64 | _url_replace ) _signature=$(printf "%s.%s" "$header" "$payload" | _sign "$YC_SA_Key_File" "sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1" | _url_replace) _debug2 _signature "$_signature" - + rm -rf "$YC_SA_Key_File" _jwt=$(printf "{\"jwt\": \"%s.%s.%s\"}" "$header" "$payload" "$_signature") From 3dde83d8a0b911bf7740fa86db2997aa66cd9522 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 26 Aug 2022 19:47:45 +0800 Subject: [PATCH 1000/1526] fix https://github.com/acmesh-official/acme.sh/issues/4268 --- dnsapi/dns_namesilo.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_namesilo.sh b/dnsapi/dns_namesilo.sh index 0b87b7f7..f961d0bd 100755 --- a/dnsapi/dns_namesilo.sh +++ b/dnsapi/dns_namesilo.sh @@ -110,7 +110,7 @@ _get_root() { return 1 fi - if _contains "$response" "$host"; then + if _contains "$response" ">$host"; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain="$host" return 0 From f9320fff8ff71c9bc7a4d228bb8943ed9a1ae7eb Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Sat, 27 Aug 2022 01:17:53 +0200 Subject: [PATCH 1001/1526] Changed lastUsedRidForDomainEntry seperator to space --- dnsapi/dns_selfhost.sh | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index ea301788..4c94576b 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -20,7 +20,7 @@ dns_selfhost_add() { SELFHOSTDNS_MAP="${SELFHOSTDNS_MAP:-$(_readdomainconf SELFHOSTDNS_MAP)}" # Selfhost api can't dynamically add TXT record, # so we have to store the last used RID of the domain to support a second RID for wildcard domains - # (format: ';fulldomainA:lastRid;;fulldomainB:lastRid;...') + # (format: 'fulldomainA:lastRid fulldomainB:lastRid ...') SELFHOSTDNS_MAP_LAST_USED_INTERNAL=$(_readdomainconf SELFHOSTDNS_MAP_LAST_USED_INTERNAL) if [ -z "${SELFHOSTDNS_USERNAME:-}" ] || [ -z "${SELFHOSTDNS_PASSWORD:-}" ]; then @@ -44,21 +44,26 @@ dns_selfhost_add() { rid2=$(echo "$mapEntry" | cut -d: -f3) # read last used rid domain - lastUsedRidForDomainEntry=$(echo "$SELFHOSTDNS_MAP_LAST_USED_INTERNAL" | sed -n -E "s/.*(;$fulldomain:[[:digit:]]+;).*/\1/p") + lastUsedRidForDomainEntry=$(echo "$SELFHOSTDNS_MAP_LAST_USED_INTERNAL" | sed -n -E "s/(^|^.*[[:space:]])($fulldomain:[[:digit:]]+)(.*)/\2/p") _debug2 lastUsedRidForDomainEntry "$lastUsedRidForDomainEntry" - lastUsedRidForDomain=$(echo "$lastUsedRidForDomainEntry" | tr -d ";" | cut -d: -f2) + lastUsedRidForDomain=$(echo "$lastUsedRidForDomainEntry" | cut -d: -f2) rid="$rid1" if [ "$lastUsedRidForDomain" = "$rid" ] && ! test -z "$rid2"; then rid="$rid2" fi + newLastUsedRidForDomainEntry="$fulldomain:$rid" if ! test -z "$lastUsedRidForDomainEntry"; then # replace last used rid entry for domain - SELFHOSTDNS_MAP_LAST_USED_INTERNAL=$(echo "$SELFHOSTDNS_MAP_LAST_USED_INTERNAL" | sed -n -E "s/$lastUsedRidForDomainEntry/;$fulldomain:$rid;/p") + SELFHOSTDNS_MAP_LAST_USED_INTERNAL=$(echo "$SELFHOSTDNS_MAP_LAST_USED_INTERNAL" | sed -n -E "s/$lastUsedRidForDomainEntry/$newLastUsedRidForDomainEntry/p") else # add last used rid entry for domain - SELFHOSTDNS_MAP_LAST_USED_INTERNAL="$SELFHOSTDNS_MAP_LAST_USED_INTERNAL"";$fulldomain:$rid;" + if test -z "$SELFHOSTDNS_MAP_LAST_USED_INTERNAL"; then + SELFHOSTDNS_MAP_LAST_USED_INTERNAL="$newLastUsedRidForDomainEntry" + else + SELFHOSTDNS_MAP_LAST_USED_INTERNAL="$SELFHOSTDNS_MAP_LAST_USED_INTERNAL $newLastUsedRidForDomainEntry" + fi fi _info "Trying to add $txt on selfhost for rid: $rid" From 7a1f94bc20d2eb80ca05a78fb798d5ff0e2022cf Mon Sep 17 00:00:00 2001 From: AlvinSchiller <103769832+AlvinSchiller@users.noreply.github.com> Date: Sun, 28 Aug 2022 20:44:17 +0200 Subject: [PATCH 1002/1526] set newLastUsedRidForDomainEntry after request was successfull --- dnsapi/dns_selfhost.sh | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index 4c94576b..a6ef1f94 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -53,6 +53,17 @@ dns_selfhost_add() { rid="$rid2" fi + _info "Trying to add $txt on selfhost for rid: $rid" + + data="?username=$SELFHOSTDNS_USERNAME&password=$SELFHOSTDNS_PASSWORD&rid=$rid&content=$txt" + response="$(_get "$SELFHOSTDNS_UPDATE_URL$data")" + + if ! echo "$response" | grep "200 OK" >/dev/null; then + _err "Invalid response of acme-dns for selfhost" + return 1 + fi + + # write last used rid domain newLastUsedRidForDomainEntry="$fulldomain:$rid" if ! test -z "$lastUsedRidForDomainEntry"; then # replace last used rid entry for domain @@ -66,16 +77,6 @@ dns_selfhost_add() { fi fi - _info "Trying to add $txt on selfhost for rid: $rid" - - data="?username=$SELFHOSTDNS_USERNAME&password=$SELFHOSTDNS_PASSWORD&rid=$rid&content=$txt" - response="$(_get "$SELFHOSTDNS_UPDATE_URL$data")" - - if ! echo "$response" | grep "200 OK" >/dev/null; then - _err "Invalid response of acme-dns for selfhost" - return 1 - fi - # Now that we know the values are good, save them _saveaccountconf_mutable SELFHOSTDNS_USERNAME "$SELFHOSTDNS_USERNAME" _saveaccountconf_mutable SELFHOSTDNS_PASSWORD "$SELFHOSTDNS_PASSWORD" From dd707242efa70e0440edc2a9214d6113b95b9751 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 3 Sep 2022 21:11:16 +0800 Subject: [PATCH 1003/1526] the envs are moved to acmetest --- .github/workflows/DNS.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 057972f6..5aedfe8a 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -81,9 +81,7 @@ jobs: if [ "${{ secrets.TokenName5}}" ] ; then echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> docker.env fi - echo "TEST_DNS_NO_WILDCARD" >> docker.env - echo "http_proxy" >> docker.env - echo "https_proxy" >> docker.env + - name: Run acmetest run: cd ../acmetest && ./rundocker.sh testall From 5d6d0c6176c1be41c8729478bc7fe5e3fc787823 Mon Sep 17 00:00:00 2001 From: Lorenz Stechauner Date: Mon, 5 Sep 2022 13:19:34 +0200 Subject: [PATCH 1004/1526] World4You: fix paketnr parsing Signed-off-by: Lorenz Stechauner --- dnsapi/dns_world4you.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index a0a83c37..dfda4efd 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -195,7 +195,7 @@ _get_paketnr() { fqdn="$1" form="$2" - domains=$(echo "$form" | grep 'header-paket-domain' | sed 's/<[^>]*>//g' | sed 's/^.*>\([^>]*\)$/\1/') + domains=$(echo "$form" | grep '