Browse Source

Merge pull request #387 from Neilpang/master

sync
pull/389/head
neil 8 years ago
committed by GitHub
parent
commit
a6d583cb5e
  1. 3
      README.md
  2. 5
      acme.sh
  3. 92
      dnsapi/README.md
  4. 60
      dnsapi/dns_nsupdate.sh

3
README.md

@ -1,4 +1,4 @@
# An ACME Shell script: acme.sh
# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh)
- An ACME protocol client written purely in Shell (Unix shell) language. - An ACME protocol client written purely in Shell (Unix shell) language.
- Fully ACME protocol implementation. - Fully ACME protocol implementation.
- Simple, powerful and very easy to use. You only need 3 minutes to learn. - Simple, powerful and very easy to use. You only need 3 minutes to learn.
@ -256,6 +256,7 @@ You don't have do anything manually!
(DigitalOcean, DNSimple, DnsMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.) (DigitalOcean, DNSimple, DnsMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.)
9. LuaDNS.com API 9. LuaDNS.com API
10. DNSMadeEasy.com API 10. DNSMadeEasy.com API
11. nsupdate
##### More APIs are coming soon... ##### More APIs are coming soon...

5
acme.sh

@ -3592,6 +3592,11 @@ _initconf() {
# #
#GD_Secret=\"sADDsdasdfsdfdssdgdsf\" #GD_Secret=\"sADDsdasdfsdfdssdgdsf\"
#######################
#nsupdate:
#NSUPDATE_KEY=\"/path/to/update.key\"
#NSUPDATE_SERVER=\"192.168.0.1\"
####################### #######################
#PowerDNS: #PowerDNS:
#PDNS_Url=\"http://ns.example.com:8081\" #PDNS_Url=\"http://ns.example.com:8081\"

92
dnsapi/README.md

@ -1,6 +1,6 @@
# How to use dns api # How to use dns api
## Use CloudFlare domain api to automatically issue cert
## 1. Use CloudFlare domain api to automatically issue cert
For now, we support clourflare integeration. For now, we support clourflare integeration.
@ -22,7 +22,7 @@ The `CF_Key` and `CF_Email` will be saved in `~/.acme.sh/account.conf`, when ne
## Use Dnspod.cn domain api to automatically issue cert
## 2. Use Dnspod.cn domain api to automatically issue cert
For now, we support dnspod.cn integeration. For now, we support dnspod.cn integeration.
@ -43,7 +43,7 @@ acme.sh --issue --dns dns_dp -d example.com -d www.example.com
The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf`, when next time you use dnspod.cn api, it will reuse this key. The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf`, when next time you use dnspod.cn api, it will reuse this key.
## Use Cloudxns.com domain api to automatically issue cert
## 3. Use Cloudxns.com domain api to automatically issue cert
For now, we support Cloudxns.com integeration. For now, we support Cloudxns.com integeration.
@ -64,7 +64,7 @@ acme.sh --issue --dns dns_cx -d example.com -d www.example.com
The `CX_Key` and `CX_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use Cloudxns.com api, it will reuse this key. The `CX_Key` and `CX_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use Cloudxns.com api, it will reuse this key.
## Use Godaddy.com domain api to automatically issue cert
## 4. Use Godaddy.com domain api to automatically issue cert
We support Godaddy integration. We support Godaddy integration.
@ -89,7 +89,7 @@ acme.sh --issue --dns dns_gd -d example.com -d www.example.com
The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use cloudflare api, it will reuse this key. The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use cloudflare api, it will reuse this key.
## Use PowerDNS embedded api to automatically issue cert
## 5. Use PowerDNS embedded api to automatically issue cert
We support PowerDNS embedded API integration. We support PowerDNS embedded API integration.
@ -112,31 +112,61 @@ acme.sh --issue --dns dns_pdns -d example.com -d www.example.com
The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf`. The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf`.
## Use OVH/kimsufi/soyoustart/runabove API
https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
# Use custom api
## 6. Use OVH/kimsufi/soyoustart/runabove API
If your api is not supported yet, you can write your own dns api.
https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
Let's assume you want to name it 'myapi',
## 7. Use nsupdate to automatically issue cert
1. Create a bash script named `~/.acme.sh/dns_myapi.sh`,
2. In the script, you must have a function named `dns_myapi_add()`. Which will be called by acme.sh to add dns records.
3. Then you can use your api to issue cert like:
First, generate a key for updating the zone
```
b=$(dnssec-keygen -a hmac-sha512 -b 512 -n USER -K /tmp foo)
cat > /etc/named/keys/update.key <<EOF
key "update" {
algorithm hmac-sha512;
secret "$(awk '/^Key/{print $2}' /tmp/$b.private)";
};
EOF
rm -f /tmp/$b.{private,key}
```
Include this key in your named configuration
``` ```
acme.sh --issue --dns dns_myapi -d example.com -d www.example.com
include "/etc/named/keys/update.key";
``` ```
For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh)
Next, configure your zone to allow dynamic updates.
Depending on your named version, use either
```
zone "example.com" {
type master;
allow-update { key "update"; };
};
```
or
```
zone "example.com" {
type master;
update-policy {
grant update subdomain example.com.;
};
}
```
Finally, make the dns server and update key available to `acme.sh`
```
export NSUPDATE_SERVER=dns.example.com
export NSUPDATE_KEY=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa==
```
# Use lexicon dns api
Ok, let's issue cert now:
```
acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com
```
https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
The `NSUPDATE_SERVER` and `NSUPDATE_KEY` settings will be saved in `~/.acme.sh/account.conf`.
## Use LuaDNS domain API
## 8. Use LuaDNS domain API
Get your API token at https://api.luadns.com/settings Get your API token at https://api.luadns.com/settings
@ -154,7 +184,7 @@ acme.sh --issue --dns dns_lua --dnssleep 3 -d example.com -d www.example.c
The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf`, and will be reused when needed. The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf`, and will be reused when needed.
## Use DNSMadeEasy domain API
## 9. Use DNSMadeEasy domain API
Get your API credentials at https://cp.dnsmadeeasy.com/account/info Get your API credentials at https://cp.dnsmadeeasy.com/account/info
@ -172,5 +202,27 @@ acme.sh --issue --dns dns_me --dnssleep 3 -d example.com -d www.example.co
The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf`, and will be reused when needed. The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf`, and will be reused when needed.
# 10. Use custom api
If your api is not supported yet, you can write your own dns api.
Let's assume you want to name it 'myapi',
1. Create a bash script named `~/.acme.sh/dns_myapi.sh`,
2. In the script, you must have a function named `dns_myapi_add()`. Which will be called by acme.sh to add dns records.
3. Then you can use your api to issue cert like:
```
acme.sh --issue --dns dns_myapi -d example.com -d www.example.com
```
For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh)
# 11. Use lexicon dns api
https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api

60
dnsapi/dns_nsupdate.sh

@ -0,0 +1,60 @@
#!/usr/bin/env sh
######## Public functions #####################
#Usage: dns_nsupdate_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_nsupdate_add() {
fulldomain=$1
txtvalue=$2
_checkKeyFile || return 1
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
# save the dns server and key to the account conf file.
_saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}"
_saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}"
_info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
nsupdate -k "${NSUPDATE_KEY}" <<EOF
server ${NSUPDATE_SERVER}
update add ${fulldomain}. 60 in txt "${txtvalue}"
send
EOF
if [ $? -ne 0 ]; then
_err "error updating domain"
return 1
fi
return 0
}
#Usage: dns_nsupdate_rm _acme-challenge.www.domain.com
dns_nsupdate_rm() {
fulldomain=$1
_checkKeyFile || return 1
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
_info "removing ${fulldomain}. txt"
nsupdate -k "${NSUPDATE_KEY}" <<EOF
server ${NSUPDATE_SERVER}
update delete ${fulldomain}. txt
send
EOF
if [ $? -ne 0 ]; then
_err "error updating domain"
return 1
fi
return 0
}
#################### Private functions bellow ##################################
_checkKeyFile() {
if [ -z "${NSUPDATE_KEY}" ]; then
_err "you must specify a path to the nsupdate key file"
return 1
fi
if [ ! -r "${NSUPDATE_KEY}" ]; then
_err "key ${NSUPDATE_KEY} is unreadable"
return 1
fi
}
Loading…
Cancel
Save