From 7d0452c7e330c53dd810964c7590876348642c75 Mon Sep 17 00:00:00 2001 From: nytral Date: Wed, 8 Mar 2017 22:12:37 +0100 Subject: [PATCH 01/64] added NS1. support --- README.md | 1 + dnsapi/README.md | 11 +++ dnsapi/dns_nsone.sh | 159 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 171 insertions(+) create mode 100644 dnsapi/dns_nsone.sh diff --git a/README.md b/README.md index 7d5ab846..5d1ddc5b 100644 --- a/README.md +++ b/README.md @@ -308,6 +308,7 @@ You don't have to do anything manually! 1. Domain-Offensive/Resellerinterface/Domainrobot API 1. Gandi LiveDNS API 1. Knot DNS API +1. NS1. API **More APIs coming soon...** diff --git a/dnsapi/README.md b/dnsapi/README.md index 5b71e89f..c1e98a6a 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -394,6 +394,17 @@ acme.sh --issue --dns dns_knot -d example.com -d www.example.com The `KNOT_SERVER` and `KNOT_KEY` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. +## 20. Use NS1. API + +``` +export NS1_Key="fdmlfsdklmfdkmqsdfk" +``` + +Ok, let's issue a cert now: +``` +acme.sh --issue --dns dns_nsone -d example.com -d www.example.com +``` + # Use custom API If your API is not supported yet, you can write your own DNS API. diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh new file mode 100644 index 00000000..6a7d6001 --- /dev/null +++ b/dnsapi/dns_nsone.sh @@ -0,0 +1,159 @@ +#!/usr/bin/env sh + +# bug reports to dev@1e.ca + +# +#NS1_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" +# +#NS1_Email="user@luadns.net" + +NS1_Api="https://api.nsone.net/v1" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_nsone_add() { + fulldomain=$1 + txtvalue=$2 + + if [ -z "$NS1_Key" ]; then + NS1_Key="" + _err "You didn't specify nsone dns api key yet." + _err "Please create you key and try again." + return 1 + fi + + #save the api key and email to the account conf file. + _saveaccountconf NS1_Key "$NS1_Key" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _nsone_rest GET "zones/${_domain}" + + if ! _contains "$response" "\"records\":"; then + _err "Error" + return 1 + fi + + count=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain.\",[^{]*\"type\":\"TXT\"" | wc -l | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Adding record" + + if _nsone_rest PUT "zones/$_domain/$fulldomain/TXT" "{\"answers\":[{\"answer\":[\"$txtvalue\"]}],\"type\":\"TXT\",\"domain\":\"$fulldomain\",\"zone\":\"$_domain\"}"; then + if _contains "$response" "$fulldomain"; then + _info "Added" + #todo: check if the record takes effect + return 0 + else + _err "Add txt record error." + return 1 + fi + fi + _err "Add txt record error." + else + _info "Updating record" + record_id=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain.\",[^{]*\"type\":\"TXT\",\"id\":\"[^,]*\"" | _head_n 1 | cut -d: -f7 | cut -d, -f1) + _debug "record_id" "$record_id" + + _nsone_rest POST "zones/$_domain_/$fulldomain/TXT" "{\"answers\": [{\"answer\": [\"$txtvalue\"]}],\"type\": \"TXT\",\"domain\":\"$fulldomain\",\"zone\": \"$_domain\"}" + if [ "$?" = "0" ] && _contains "$response" "$fulldomain"; then + _info "Updated!" + #todo: check if the record takes effect + return 0 + fi + _err "Update error" + return 1 + fi + +} + +#fulldomain +dns_nsone_rm() { + fulldomain=$1 + txtvalue=$2 + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _nsone_rest GET "zones/${_domain}/$fulldomain/TXT" + + count=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain\",.*\"type\":\"TXT\"" | wc -l | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Don't need to remove." + else + if ! _nsone_rest DELETE "zones/${_domain}/$fulldomain/TXT"; then + _err "Delete record error." + return 1 + fi + _contains "$response" "" + fi +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + if ! _nsone_rest GET "zones"; then + return 1 + fi + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if _contains "$response" "\"zone\":\"$h\""; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + return 0 + fi + p=$i + i=$(_math "$i" + 1) + done + return 1 +} + +_nsone_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + export _H1="Accept: application/json" + export _H2="X-NSONE-Key: $NS1_Key" + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$NS1_Api/$ep" "" "$m")" + else + response="$(_get "$NS1_Api/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From 17361df66b9f8a4a4aabc7b1ab789d7d3ef5bb47 Mon Sep 17 00:00:00 2001 From: nytral Date: Wed, 8 Mar 2017 22:15:07 +0100 Subject: [PATCH 02/64] cleanup --- dnsapi/dns_nsone.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index 6a7d6001..898319b4 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -5,7 +5,6 @@ # #NS1_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" # -#NS1_Email="user@luadns.net" NS1_Api="https://api.nsone.net/v1" From d3c4cd8270d2ee84e2dd20976156b7bdfdce42df Mon Sep 17 00:00:00 2001 From: nytral Date: Wed, 8 Mar 2017 22:21:25 +0100 Subject: [PATCH 03/64] bugfix --- dnsapi/dns_nsone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index 898319b4..a5ea05fe 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -41,7 +41,7 @@ dns_nsone_add() { return 1 fi - count=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain.\",[^{]*\"type\":\"TXT\"" | wc -l | tr -d " ") + count=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain\",[^{]*\"type\":\"TXT\"" | wc -l | tr -d " ") _debug count "$count" if [ "$count" = "0" ]; then _info "Adding record" From 1e5e03cc4603a65d4bb0b0d2c3932cbe070e5b96 Mon Sep 17 00:00:00 2001 From: nytral Date: Wed, 8 Mar 2017 22:22:48 +0100 Subject: [PATCH 04/64] typo... --- dnsapi/dns_nsone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index a5ea05fe..0f6e441a 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -62,7 +62,7 @@ dns_nsone_add() { record_id=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain.\",[^{]*\"type\":\"TXT\",\"id\":\"[^,]*\"" | _head_n 1 | cut -d: -f7 | cut -d, -f1) _debug "record_id" "$record_id" - _nsone_rest POST "zones/$_domain_/$fulldomain/TXT" "{\"answers\": [{\"answer\": [\"$txtvalue\"]}],\"type\": \"TXT\",\"domain\":\"$fulldomain\",\"zone\": \"$_domain\"}" + _nsone_rest POST "zones/$_domain/$fulldomain/TXT" "{\"answers\": [{\"answer\": [\"$txtvalue\"]}],\"type\": \"TXT\",\"domain\":\"$fulldomain\",\"zone\": \"$_domain\"}" if [ "$?" = "0" ] && _contains "$response" "$fulldomain"; then _info "Updated!" #todo: check if the record takes effect From 7044236824af45431413297c6224e11dcc785733 Mon Sep 17 00:00:00 2001 From: shar0119 Date: Wed, 15 Mar 2017 11:40:32 -0700 Subject: [PATCH 05/64] Create dns_dynu.sh Add DNS API support for Dynu. --- dnsapi/dns_dynu.sh | 135 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 135 insertions(+) create mode 100644 dnsapi/dns_dynu.sh diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh new file mode 100644 index 00000000..963bdd2f --- /dev/null +++ b/dnsapi/dns_dynu.sh @@ -0,0 +1,135 @@ +#!/usr/bin/env sh + +my_dir="$(dirname "$0")" +source "$my_dir/acme.sh" + +#Client ID +Dynu_ClientId="0b71cae7-a099-4f6b-8ddf-94571cdb760d" +# +#Secret +Dynu_Secret="aCUEY4BDCV45KI8CSIC3sp2LKQ9" +# +#Token +Dynu_Token="" +# +#Endpoint +Dynu_EndPoint="https://api.dynu.com/v1" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_dynu_add() { + fulldomain=$1 + txtvalue=$2 + + if [ -z "$Dynu_ClientId" ] || [ -z "$Dynu_Secret" ]; then + Dynu_ClientId="" + Dynu_Secret="" + _err "Dynu client id and secret is not specified." + _err "Please create you API client id and secret and try again." + return 1 + fi + + #save the client id and secret to the account conf file. + _saveaccountconf Dynu_ClientId "$Dynu_ClientId" + _saveaccountconf Dynu_Secret "$Dynu_Secret" + + if [ -z "$Dynu_Token" ]; then + _info "Getting Dynu token" + if ! _dynu_authentication; then + _err "Can not get token." + fi + fi + + _debug "Detect root zone" + if ! _get_root "$fulldomain"; then + _err "Invalid domain" + return 1 + fi + + _debug _node "$_node" + _debug _domain_name "$_domain_name" + + _info "Creating TXT record" + if ! _dynu_rest POST "dns/record/add" "{\"domain_name\":\"$_domain_name\",\"node_name\":\"$_node\",\"record_type\":\"TXT\",\"text_data\":\"$txtvalue\",\"state\":true,\"ttl\":90}"; then + return 1 + fi + + if ! _contains "$response" "text_data"; then + _err "Could not add TXT record" + return 1 + fi + + return 0 +} + +#fulldomain +dns_dynu_rm() { + fulldomain=$1 +} + +######## Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _node=_acme-challenge.www +# _domain_name=domain.com +_get_root() { + domain=$1 + if ! _dynu_rest GET "dns/getroot/$domain"; then + return 1 + fi + + if ! _contains "$response" "domain_name"; then + _debug "Domain name not found" + return 1 + fi + + _domain_name=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 1 | cut -d : -f 2 | cut -d '"' -f 2) + _node=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 3 | cut -d : -f 2 | cut -d '"' -f 2) + return 0 +} + +_dynu_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + export _H1="Authorization: Bearer $Dynu_Token" + export _H2="Content-Type: application/json" + + if [ "$data" ]; then + _debug data "$data" + response="$(_post "$data" "$Dynu_EndPoint/$ep" "" "$m")" + else + echo "Getting $Dynu_EndPoint/$ep" + response="$(_get "$Dynu_EndPoint/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} + +_dynu_authentication() { + export _H1="Authorization: Basic $(printf "%s" "$Dynu_ClientId:$Dynu_Secret" | _base64)" + export _H2="Content-Type: application/json" + + response="$(_get "$Dynu_EndPoint/oauth2/token")" + if [ "$?" != "0" ]; then + _err "Authentication failed." + return 1 + fi + if _contains "$response" "accessToken"; then + Dynu_Token=$(printf "%s" "$response" | tr -d "[]" | cut -d , -f 2 | cut -d : -f 2 | cut -d '"' -f 2) + fi + if _contains "$Dynu_Token" "null"; then + Dynu_Token="" + fi + + _debug2 response "$response" + return 0 +} From 5c78e0a462178ea5424b241b486252c331c2bd53 Mon Sep 17 00:00:00 2001 From: shar0119 Date: Thu, 16 Mar 2017 13:42:30 -0700 Subject: [PATCH 06/64] removed source acme.sh --- dnsapi/dns_dynu.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh index 963bdd2f..b12b0bbb 100644 --- a/dnsapi/dns_dynu.sh +++ b/dnsapi/dns_dynu.sh @@ -1,8 +1,5 @@ #!/usr/bin/env sh -my_dir="$(dirname "$0")" -source "$my_dir/acme.sh" - #Client ID Dynu_ClientId="0b71cae7-a099-4f6b-8ddf-94571cdb760d" # From d0300d4443caf45f0619cba436b40128e09dc71d Mon Sep 17 00:00:00 2001 From: shar0119 Date: Mon, 27 Mar 2017 12:27:21 -0700 Subject: [PATCH 07/64] Changes as requested per Commit 9c90b21 In dnsapi/dns_dynu.sh line 115: export _H1="Authorization: Basic $(printf "%s" "$Dynu_ClientId:$Dynu_Secret" | _base64)" ^-- SC2155: Declare and assign separately to avoid masking return values. --- dnsapi/dns_dynu.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh index b12b0bbb..c50c7a18 100644 --- a/dnsapi/dns_dynu.sh +++ b/dnsapi/dns_dynu.sh @@ -112,7 +112,9 @@ _dynu_rest() { } _dynu_authentication() { - export _H1="Authorization: Basic $(printf "%s" "$Dynu_ClientId:$Dynu_Secret" | _base64)" + realm = "$(printf "%s" "$Dynu_ClientId:$Dynu_Secret" | _base64)" + + export _H1="Authorization: Basic $realm" export _H2="Content-Type: application/json" response="$(_get "$Dynu_EndPoint/oauth2/token")" From cd8fcbf9c63a9a60726fb2bc3a889df55fdf87dd Mon Sep 17 00:00:00 2001 From: shar0119 Date: Mon, 27 Mar 2017 12:38:12 -0700 Subject: [PATCH 08/64] Spaces in assignment removed. --- dnsapi/dns_dynu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh index c50c7a18..19a24471 100644 --- a/dnsapi/dns_dynu.sh +++ b/dnsapi/dns_dynu.sh @@ -112,7 +112,7 @@ _dynu_rest() { } _dynu_authentication() { - realm = "$(printf "%s" "$Dynu_ClientId:$Dynu_Secret" | _base64)" + realm="$(printf "%s" "$Dynu_ClientId:$Dynu_Secret" | _base64)" export _H1="Authorization: Basic $realm" export _H2="Content-Type: application/json" From b7b934913ef0375700e3808801db5565b36ed193 Mon Sep 17 00:00:00 2001 From: shar0119 Date: Mon, 27 Mar 2017 13:39:31 -0700 Subject: [PATCH 09/64] Removed unnecessary spaces --- dnsapi/dns_dynu.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh index 19a24471..b81840d0 100644 --- a/dnsapi/dns_dynu.sh +++ b/dnsapi/dns_dynu.sh @@ -42,7 +42,7 @@ dns_dynu_add() { if ! _get_root "$fulldomain"; then _err "Invalid domain" return 1 - fi + fi _debug _node "$_node" _debug _domain_name "$_domain_name" @@ -83,7 +83,7 @@ _get_root() { _domain_name=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 1 | cut -d : -f 2 | cut -d '"' -f 2) _node=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 3 | cut -d : -f 2 | cut -d '"' -f 2) - return 0 + return 0 } _dynu_rest() { @@ -113,7 +113,7 @@ _dynu_rest() { _dynu_authentication() { realm="$(printf "%s" "$Dynu_ClientId:$Dynu_Secret" | _base64)" - + export _H1="Authorization: Basic $realm" export _H2="Content-Type: application/json" @@ -128,7 +128,7 @@ _dynu_authentication() { if _contains "$Dynu_Token" "null"; then Dynu_Token="" fi - + _debug2 response "$response" return 0 } From e137792efdb0986192b0b96cf728e670c4719c1b Mon Sep 17 00:00:00 2001 From: shar0119 Date: Tue, 28 Mar 2017 08:11:04 -0700 Subject: [PATCH 10/64] Commented out Dynu_ClientId and Dynu_Secret --- dnsapi/dns_dynu.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh index b81840d0..03a45c1a 100644 --- a/dnsapi/dns_dynu.sh +++ b/dnsapi/dns_dynu.sh @@ -1,10 +1,10 @@ #!/usr/bin/env sh #Client ID -Dynu_ClientId="0b71cae7-a099-4f6b-8ddf-94571cdb760d" +#Dynu_ClientId="0b71cae7-a099-4f6b-8ddf-94571cdb760d" # #Secret -Dynu_Secret="aCUEY4BDCV45KI8CSIC3sp2LKQ9" +#Dynu_Secret="aCUEY4BDCV45KI8CSIC3sp2LKQ9" # #Token Dynu_Token="" From 66e38ae69e4487155cbc555f1230ac641e2b5f5a Mon Sep 17 00:00:00 2001 From: shar0119 Date: Mon, 3 Apr 2017 13:46:39 -0700 Subject: [PATCH 11/64] Updated Readme.md file (1 of 2) --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index e0c1e7d6..567ec5ba 100644 --- a/README.md +++ b/README.md @@ -313,6 +313,7 @@ You don't have to do anything manually! 1. DigitalOcean API (native) 1. ClouDNS.net API 1. Infoblox NIOS API (https://www.infoblox.com/) +1. Dynu API (https://www.dynu.com) **More APIs coming soon...** From afb67d375facf5065326362f2046452ee039bc94 Mon Sep 17 00:00:00 2001 From: shar0119 Date: Mon, 3 Apr 2017 14:01:40 -0700 Subject: [PATCH 12/64] Updated README.md (2 of 2) --- dnsapi/README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/dnsapi/README.md b/dnsapi/README.md index 9eb77915..e8c263b0 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -438,6 +438,22 @@ acme.sh --issue --dns dns_infoblox -d example.com -d www.example.com Note: This script will automatically create and delete the ephemeral txt record. The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. +## 23. Use Dynu API + +First you need to create/obtain API credentials from your Dynu account. See: https://www.dynu.com/resources/api/documentation + +``` +export Dynu_ClientId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" +export Dynu_Secret="yyyyyyyyyyyyyyyyyyyyyyyyy" +``` + +Ok, let's issue a cert now: +``` +acme.sh --issue --dns dns_dynu -d example.com -d www.example.com +``` + +The `Dynu_ClientId` and `Dynu_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. + # Use custom API If your API is not supported yet, you can write your own DNS API. From 695482ded7248b25ecaa23e00571dd32d04f4ad4 Mon Sep 17 00:00:00 2001 From: shar0119 Date: Mon, 3 Apr 2017 21:21:50 -0700 Subject: [PATCH 13/64] Added author name and link to report bugs --- dnsapi/dns_dynu.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh index 03a45c1a..9bf2c064 100644 --- a/dnsapi/dns_dynu.sh +++ b/dnsapi/dns_dynu.sh @@ -11,7 +11,10 @@ Dynu_Token="" # #Endpoint Dynu_EndPoint="https://api.dynu.com/v1" - +# +#Author: David Kerr +#Report Bugs here: https://github.com/dkerr64/acme.sh +# ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" From 6d7f6750e94bc969fed6469bff6402be538987a8 Mon Sep 17 00:00:00 2001 From: shar0119 Date: Mon, 3 Apr 2017 21:22:58 -0700 Subject: [PATCH 14/64] Updated author name and link to report bugs --- dnsapi/dns_dynu.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh index 9bf2c064..63992ed4 100644 --- a/dnsapi/dns_dynu.sh +++ b/dnsapi/dns_dynu.sh @@ -12,8 +12,8 @@ Dynu_Token="" #Endpoint Dynu_EndPoint="https://api.dynu.com/v1" # -#Author: David Kerr -#Report Bugs here: https://github.com/dkerr64/acme.sh +#Author: Dynu Systems, Inc. +#Report Bugs here: https://github.com/shar0119/acme.sh # ######## Public functions ##################### From 9a61d6293d14a401f57fed793b9b829788c5b134 Mon Sep 17 00:00:00 2001 From: shar0119 Date: Thu, 13 Apr 2017 20:48:39 -0700 Subject: [PATCH 15/64] Implemented dns_dynu_rm() Implemented dns_dynu_rm() method. --- dnsapi/dns_dynu.sh | 93 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 86 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh index 63992ed4..a3a604ba 100644 --- a/dnsapi/dns_dynu.sh +++ b/dnsapi/dns_dynu.sh @@ -35,7 +35,7 @@ dns_dynu_add() { _saveaccountconf Dynu_Secret "$Dynu_Secret" if [ -z "$Dynu_Token" ]; then - _info "Getting Dynu token" + _info "Getting Dynu token." if ! _dynu_authentication; then _err "Can not get token." fi @@ -43,29 +43,76 @@ dns_dynu_add() { _debug "Detect root zone" if ! _get_root "$fulldomain"; then - _err "Invalid domain" + _err "Invalid domain." return 1 fi _debug _node "$_node" _debug _domain_name "$_domain_name" - _info "Creating TXT record" + _info "Creating TXT record." if ! _dynu_rest POST "dns/record/add" "{\"domain_name\":\"$_domain_name\",\"node_name\":\"$_node\",\"record_type\":\"TXT\",\"text_data\":\"$txtvalue\",\"state\":true,\"ttl\":90}"; then return 1 fi if ! _contains "$response" "text_data"; then - _err "Could not add TXT record" + _err "Could not add TXT record." return 1 fi return 0 } -#fulldomain +#Usage: rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_dynu_rm() { fulldomain=$1 + txtvalue=$2 + + if [ -z "$Dynu_ClientId" ] || [ -z "$Dynu_Secret" ]; then + Dynu_ClientId="" + Dynu_Secret="" + _err "Dynu client id and secret is not specified." + _err "Please create you API client id and secret and try again." + return 1 + fi + + #save the client id and secret to the account conf file. + _saveaccountconf Dynu_ClientId "$Dynu_ClientId" + _saveaccountconf Dynu_Secret "$Dynu_Secret" + + if [ -z "$Dynu_Token" ]; then + _info "Getting Dynu token." + if ! _dynu_authentication; then + _err "Can not get token." + fi + fi + + _debug "Detect root zone." + if ! _get_root "$fulldomain"; then + _err "Invalid domain." + return 1 + fi + + _debug _node "$_node" + _debug _domain_name "$_domain_name" + + _info "Checking for TXT record." + if ! _get_recordid "$fulldomain" "$txtvalue"; then + _err "Could not get TXT record id." + return 1 + fi + + if [ "$_dns_record_id" = "" ]; then + _err "TXT record not found." + return 1 + fi + + _info "Removing TXT record." + if ! _delete_txt_record "$_dns_record_id"; then + _err "Could not remove TXT record $_dns_record_id." + fi + + return 0 } ######## Private functions below ################################## @@ -80,7 +127,7 @@ _get_root() { fi if ! _contains "$response" "domain_name"; then - _debug "Domain name not found" + _debug "Domain name not found." return 1 fi @@ -89,6 +136,38 @@ _get_root() { return 0 } +_get_recordid() { + fulldomain=$1 + txtvalue=$2 + + if ! _dynu_rest GET "dns/record/get?hostname=$fulldomain&rrtype=TXT"; then + return 1 + fi + + if ! _contains "$response" "$txtvalue"; then + _dns_record_id=0 + return 0 + fi + + _dns_record_id=$(printf "%s" "$response" grep -o -e "{[^}]*}" | grep '"text_data":"This is another TXT record."' | grep -o -e ",[^,]*," | grep ',"id":' | tr -d ",," | cut -d : -f 2) + + return 0 +} + +_delete_txt_record() { + _dns_record_id=$1 + + if ! _dynu_rest GET "dns/record/delete/$_dns_record_id"; then + return 1 + fi + + if ! _contains "$response" "true"; then + return 1 + fi + + return 0 +} + _dynu_rest() { m=$1 ep="$2" @@ -102,7 +181,7 @@ _dynu_rest() { _debug data "$data" response="$(_post "$data" "$Dynu_EndPoint/$ep" "" "$m")" else - echo "Getting $Dynu_EndPoint/$ep" + _info "Getting $Dynu_EndPoint/$ep" response="$(_get "$Dynu_EndPoint/$ep")" fi From 394b1002b344db16ef8568f2933b162d9e87c9c5 Mon Sep 17 00:00:00 2001 From: shar0119 Date: Thu, 13 Apr 2017 20:54:57 -0700 Subject: [PATCH 16/64] Corrected formatting error. Part of dns_dynu_rm() impementation. --- dnsapi/dns_dynu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh index a3a604ba..e784c3b8 100644 --- a/dnsapi/dns_dynu.sh +++ b/dnsapi/dns_dynu.sh @@ -112,7 +112,7 @@ dns_dynu_rm() { _err "Could not remove TXT record $_dns_record_id." fi - return 0 + return 0 } ######## Private functions below ################################## From 8470c60e067b522e3322f90bca980313ac110729 Mon Sep 17 00:00:00 2001 From: shar0119 Date: Fri, 14 Apr 2017 12:46:00 -0700 Subject: [PATCH 17/64] Using _egrep_o() instead of grep -o -e Modified code to use egrep instead of grep -o -e. --- dnsapi/dns_dynu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh index e784c3b8..19e7fc7b 100644 --- a/dnsapi/dns_dynu.sh +++ b/dnsapi/dns_dynu.sh @@ -149,7 +149,7 @@ _get_recordid() { return 0 fi - _dns_record_id=$(printf "%s" "$response" grep -o -e "{[^}]*}" | grep '"text_data":"This is another TXT record."' | grep -o -e ",[^,]*," | grep ',"id":' | tr -d ",," | cut -d : -f 2) + _dns_record_id=$(printf "%s" "$response" | _egrep_o "{[^}]*}" | grep "\"text_data\":\"$txtvalue\"" | grep -Po '"id":\K[0-9]+') return 0 } From 9be2c1beb978afde98b4ecdad521e47d636751c5 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 19 Apr 2017 23:12:37 +0800 Subject: [PATCH 18/64] update doc --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e0c1e7d6..cf825625 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ - DOES NOT require `root/sudoer` access. - Docker friendly -It's probably the `easiest&smallest&smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt. +It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt. Wiki: https://github.com/Neilpang/acme.sh/wiki @@ -31,6 +31,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) - [Centminmod](http://centminmod.com/letsencrypt-acmetool-https.html) - [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297) - [archlinux](https://aur.archlinux.org/packages/acme.sh-git/) +- [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient) - [more...](https://github.com/Neilpang/acme.sh/wiki/Blogs-and-tutorials) # Tested OS From 27a05ff27112a29e98aa51661040ef3176c07531 Mon Sep 17 00:00:00 2001 From: LAV45 Date: Sat, 15 Apr 2017 14:34:37 +0300 Subject: [PATCH 19/64] Add dns_vscale.sh --- README.md | 1 + dnsapi/README.md | 15 +++++ dnsapi/dns_vscale.sh | 149 +++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 165 insertions(+) create mode 100755 dnsapi/dns_vscale.sh diff --git a/README.md b/README.md index e0c1e7d6..47ea0126 100644 --- a/README.md +++ b/README.md @@ -313,6 +313,7 @@ You don't have to do anything manually! 1. DigitalOcean API (native) 1. ClouDNS.net API 1. Infoblox NIOS API (https://www.infoblox.com/) +1. VSCALE (https://vscale.io/) **More APIs coming soon...** diff --git a/dnsapi/README.md b/dnsapi/README.md index 9eb77915..896dfcb7 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -438,6 +438,21 @@ acme.sh --issue --dns dns_infoblox -d example.com -d www.example.com Note: This script will automatically create and delete the ephemeral txt record. The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. + +## 22. Use VSCALE API + +First you need to create/obtain API tokens on your [settings panel](https://vscale.io/panel/settings/tokens/). + +``` +VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" +``` + +Ok, let's issue a cert now: +``` +acme.sh --issue --dns vscale -d example.com -d www.example.com +``` + + # Use custom API If your API is not supported yet, you can write your own DNS API. diff --git a/dnsapi/dns_vscale.sh b/dnsapi/dns_vscale.sh new file mode 100755 index 00000000..e50b7d8b --- /dev/null +++ b/dnsapi/dns_vscale.sh @@ -0,0 +1,149 @@ +#!/usr/bin/env sh + +#This is the vscale.io api wrapper for acme.sh +# +#Author: Alex Loban +#Report Bugs here: https://github.com/LAV45/acme.sh + +#VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" +VSCALE_API_URL="https://api.vscale.io/v1" + +######## Public functions ##################### + +#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_vscale_add() { + fulldomain=$1 + txtvalue=$2 + + if [ -z "$VSCALE_API_KEY" ]; then + VSCALE_API_KEY="" + _err "You didn't specify the VSCALE api key yet." + _err "Please create you key and try again." + return 1 + fi + + _saveaccountconf VSCALE_API_KEY "$VSCALE_API_KEY" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _vscale_tmpl_json="{\"type\":\"TXT\",\"name\":\"$_sub_domain.$_domain\",\"content\":\"$txtvalue\"}" + + if _vscale_rest POST "domains/$_domain_id/records/" "$_vscale_tmpl_json"; then + response=$(printf "%s\n" "$response" | _egrep_o "{\"error\": \".+\"" | cut -d : -f 2) + if [ -z "$response" ]; then + _info "txt record updated success." + return 0 + fi + fi + + return 1 +} + +#fulldomain txtvalue +dns_vscale_rm() { + fulldomain=$1 + txtvalue=$2 + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _vscale_rest GET "domains/$_domain_id/records/" + + if [ -n "$response" ]; then + record_id=$(printf "%s\n" "$response" | _egrep_o "\"TXT\", \"id\": [0-9]+, \"name\": \"$_sub_domain.$_domain\"" | cut -d : -f 2 | tr -d ", \"name\"") + _debug record_id "$record_id" + if [ -z "$record_id" ]; then + _err "Can not get record id to remove." + return 1 + fi + if _vscale_rest DELETE "domains/$_domain_id/records/$record_id" && [ -z "$response" ]; then + _info "txt record deleted success." + return 0 + fi + _debug response "$response" + return 1 + fi + + return 1 +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=12345 +_get_root() { + domain=$1 + i=2 + p=1 + + if _vscale_rest GET "domains/"; then + response="$(echo "$response" | tr -d "\n" | sed 's/{/\n&/g')" + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + + hostedzone="$(echo "$response" | _egrep_o "{.*\"name\":\s*\"$h\".*}")" + if [ "$hostedzone" ]; then + _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) + if [ "$_domain_id" ]; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain=$h + return 0 + fi + return 1 + fi + p=$i + i=$(_math "$i" + 1) + done + fi + return 1 +} + +#method uri qstr data +_vscale_rest() { + mtd="$1" + ep="$2" + data="$3" + + _debug mtd "$mtd" + _debug ep "$ep" + + export _H1="Accept: application/json" + export _H2="Content-Type: application/json" + export _H3="X-Token: ${VSCALE_API_KEY}" + + if [ "$mtd" != "GET" ]; then + # both POST and DELETE. + _debug data "$data" + response="$(_post "$data" "$VSCALE_API_URL/$ep" "" "$mtd")" + else + response="$(_get "$VSCALE_API_URL/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From dbe68684a054a11a6232803bafd0ba952380bc54 Mon Sep 17 00:00:00 2001 From: Aleksey Loban Date: Fri, 21 Apr 2017 12:30:01 +0300 Subject: [PATCH 20/64] Fix readme 'Use VSCALE API' [skip ci] --- dnsapi/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/README.md b/dnsapi/README.md index 896dfcb7..82b47648 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -449,7 +449,7 @@ VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" Ok, let's issue a cert now: ``` -acme.sh --issue --dns vscale -d example.com -d www.example.com +acme.sh --issue --dns dns_vscale -d example.com -d www.example.com ``` From 020f9cd2a640a5347e46a650fdc4a3e059868ddc Mon Sep 17 00:00:00 2001 From: Aleksey Loban Date: Fri, 21 Apr 2017 13:15:39 +0300 Subject: [PATCH 21/64] small Fix readme [skip ci] --- dnsapi/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/README.md b/dnsapi/README.md index 82b47648..d9f5c271 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -439,7 +439,7 @@ Note: This script will automatically create and delete the ephemeral txt record. The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. -## 22. Use VSCALE API +## 23. Use VSCALE API First you need to create/obtain API tokens on your [settings panel](https://vscale.io/panel/settings/tokens/). From a6e5876d964373c9fb68a16283f1097fb8b330c6 Mon Sep 17 00:00:00 2001 From: shar0119 Date: Tue, 25 Apr 2017 19:33:54 -0700 Subject: [PATCH 22/64] Resolved conflict. Resolved conflict. --- dnsapi/README.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/dnsapi/README.md b/dnsapi/README.md index e8c263b0..41cc80a8 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -438,7 +438,21 @@ acme.sh --issue --dns dns_infoblox -d example.com -d www.example.com Note: This script will automatically create and delete the ephemeral txt record. The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. -## 23. Use Dynu API + +## 23. Use VSCALE API + +First you need to create/obtain API tokens on your [settings panel](https://vscale.io/panel/settings/tokens/). + +``` +VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" +``` + +Ok, let's issue a cert now: +``` +acme.sh --issue --dns dns_vscale -d example.com -d www.example.com +``` + +## 24. Use Dynu API First you need to create/obtain API credentials from your Dynu account. See: https://www.dynu.com/resources/api/documentation From 9cf65e31cd599e567498d2d7972d858857d629b8 Mon Sep 17 00:00:00 2001 From: shar0119 Date: Tue, 25 Apr 2017 19:37:56 -0700 Subject: [PATCH 23/64] Resolved conflict. Resolved conflict. --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 567ec5ba..cdcd40c3 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ - DOES NOT require `root/sudoer` access. - Docker friendly -It's probably the `easiest&smallest&smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt. +It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt. Wiki: https://github.com/Neilpang/acme.sh/wiki @@ -31,6 +31,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) - [Centminmod](http://centminmod.com/letsencrypt-acmetool-https.html) - [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297) - [archlinux](https://aur.archlinux.org/packages/acme.sh-git/) +- [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient) - [more...](https://github.com/Neilpang/acme.sh/wiki/Blogs-and-tutorials) # Tested OS @@ -313,6 +314,7 @@ You don't have to do anything manually! 1. DigitalOcean API (native) 1. ClouDNS.net API 1. Infoblox NIOS API (https://www.infoblox.com/) +1. VSCALE (https://vscale.io/) 1. Dynu API (https://www.dynu.com) **More APIs coming soon...** From 0138e167e91164bffc86eee29b4f140a1d03c93e Mon Sep 17 00:00:00 2001 From: thecantero Date: Thu, 27 Apr 2017 18:23:43 +0800 Subject: [PATCH 24/64] Update to support Kong-v0.10.x The previous one is for Kong-v0.9.x only. This change will allow it to work with v0.10.x. More info at: https://github.com/Mashape/kong/blob/4f960abe33fe3d45510944f062e571d63dc3a673/UPGRADE.md#upgrade-to-010x https://getkong.org/docs/0.10.x/admin-api/#add-certificate --- deploy/kong.sh | 39 +++++++++++++++++++++------------------ 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/deploy/kong.sh b/deploy/kong.sh index e1873f35..67eef693 100755 --- a/deploy/kong.sh +++ b/deploy/kong.sh @@ -31,14 +31,15 @@ kong_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - #Get uuid linked to the domain - uuid=$(_get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}') - if [ -z "$uuid" ]; then - _err "Unable to get Kong uuid for domain $_cdomain" - _err "Make sure that KONG_URL is correctly configured" - _err "Make sure that a Kong api request_host match the domain" - _err "Kong url: $KONG_URL" - return 1 + #Get ssl_uuid linked to the domain + ssl_uuid=$(_get "$KONG_URL/certificates/$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}') + if [ -z "$ssl_uuid" ]; then + _debug "Unable to get Kong ssl_uuid for domain $_cdomain" + _debug "Make sure that KONG_URL is correctly configured" + _debug "Make sure that a Kong certificate match the sni" + _debug "Kong url: $KONG_URL" + _info "No existing certificate, creating..." + #return 1 fi #Save kong url if it's succesful (First run case) _saveaccountconf KONG_URL "$KONG_URL" @@ -48,12 +49,15 @@ kong_deploy() { #Set Header _H1="Content-Type: multipart/form-data; boundary=$delim" #Generate data for request (Multipart/form-data with mixed content) - #set name to ssl - content="--$delim${nl}Content-Disposition: form-data; name=\"name\"${nl}${nl}ssl" + content="--$delim${nl}" + if [ -z "$ssl_uuid" ]; then + #set sni to domain + content="$content{nl}Content-Disposition: form-data; name=\"snis\"${nl}${nl}$_cdomain" + fi #add key - content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")" + content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")" #Add cert - content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")" + content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")" #Close multipart content="$content${nl}--$delim--${nl}" #Convert CRLF @@ -61,17 +65,16 @@ kong_deploy() { #DEBUG _debug header "$_H1" _debug content "$content" - #Check if ssl plugins is aready enabled (if not => POST else => PATCH) - ssl_uuid=$(_get "$KONG_URL/apis/$uuid/plugins" | _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}') - _debug ssl_uuid "$ssl_uuid" + #Check if sslcreated (if not => POST else => PATCH) + if [ -z "$ssl_uuid" ]; then #Post certificate to Kong - response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST") + response=$(_post "$content" "$KONG_URL/certificates" "" "POST") else #patch - response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH") + response=$(_post "$content" "$KONG_URL/certificates/$ssl_uuid" "" "PATCH") fi - if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then + if ! [ "$(echo "$response" | _egrep_o "created_at")" = "created_at" ]; then _err "An error occurred with cert upload. Check response:" _err "$response" return 1 From 3f1a76d9e4e8cb1ab79816db81df73dd663cca1a Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 27 Apr 2017 18:29:29 +0800 Subject: [PATCH 25/64] fix https://github.com/Neilpang/acme.sh/issues/808 --- acme.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index 27bc4fb3..3506bdb9 100755 --- a/acme.sh +++ b/acme.sh @@ -2617,10 +2617,10 @@ _checkConf() { _isRealNginxConf() { _debug "_isRealNginxConf $1 $2" if [ -f "$2" ]; then - for _fln in $(grep -n "^ *server_name.* $1" "$2" | cut -d : -f 1); do + for _fln in $(tr "\t" ' ' <"$2" | grep -n "^ *server_name.* $1" | cut -d : -f 1); do _debug _fln "$_fln" if [ "$_fln" ]; then - _start=$(cat "$2" | _head_n "$_fln" | grep -n "^ *server *{" | _tail_n 1) + _start=$(tr "\t" ' ' <"$2" | _head_n "$_fln" | grep -n "^ *server *{" | _tail_n 1) _debug "_start" "$_start" _start_n=$(echo "$_start" | cut -d : -f 1) _start_nn=$(_math $_start_n + 1) @@ -2629,8 +2629,8 @@ _isRealNginxConf() { _left="$(sed -n "${_start_nn},99999p" "$2")" _debug2 _left "$_left" - if echo "$_left" | grep -n "^ *server *{" >/dev/null; then - _end=$(echo "$_left" | grep -n "^ *server *{" | _head_n 1) + if echo "$_left" | tr "\t" ' ' | grep -n "^ *server *{" >/dev/null; then + _end=$(echo "$_left" | tr "\t" ' ' | grep -n "^ *server *{" | _head_n 1) _debug "_end" "$_end" _end_n=$(echo "$_end" | cut -d : -f 1) _debug "_end_n" "$_end_n" From de3bac53bfb99e1b192bed48a1c5dcf694e2a606 Mon Sep 17 00:00:00 2001 From: thecantero Date: Thu, 27 Apr 2017 20:06:47 +0800 Subject: [PATCH 26/64] update README --- deploy/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/deploy/README.md b/deploy/README.md index d8c2f57c..232fdb4a 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -21,8 +21,11 @@ acme.sh --deploy -d example.com --deploy-hook cpanel ## 2. Deploy ssl cert on kong proxy engine based on api. Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert). +Currently supports Kong-v0.10.x. -(TODO) +```sh +acme.sh --deploy -d ftp.example.com --deploy-hook kong +``` ## 3. Deploy the cert to remote server through SSH access. From 4b02ee5b468814b2a19e9dd783b458264acbe776 Mon Sep 17 00:00:00 2001 From: thecantero Date: Thu, 27 Apr 2017 20:38:08 +0800 Subject: [PATCH 27/64] Typo fix --- deploy/kong.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/kong.sh b/deploy/kong.sh index 67eef693..79dc3916 100755 --- a/deploy/kong.sh +++ b/deploy/kong.sh @@ -67,7 +67,7 @@ kong_deploy() { _debug content "$content" #Check if sslcreated (if not => POST else => PATCH) - if [ -z "$ssl_uuid" ]; then + if [ ! -z "$ssl_uuid" ]; then #Post certificate to Kong response=$(_post "$content" "$KONG_URL/certificates" "" "POST") else From c140fe9bae8926e3724545330505edc3e1355833 Mon Sep 17 00:00:00 2001 From: thecantero Date: Thu, 27 Apr 2017 20:39:53 +0800 Subject: [PATCH 28/64] Typo Fix --- deploy/kong.sh | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/deploy/kong.sh b/deploy/kong.sh index 79dc3916..9d1f40a7 100755 --- a/deploy/kong.sh +++ b/deploy/kong.sh @@ -1,6 +1,3 @@ -#!/usr/bin/env sh - -# This deploy hook will deploy ssl cert on kong proxy engine based on api request_host parameter. # Note that ssl plugin should be available on Kong instance # The hook will match cdomain to request_host, in case of multiple domain it will always take the first # one (acme.sh behaviour). @@ -49,10 +46,9 @@ kong_deploy() { #Set Header _H1="Content-Type: multipart/form-data; boundary=$delim" #Generate data for request (Multipart/form-data with mixed content) - content="--$delim${nl}" if [ -z "$ssl_uuid" ]; then #set sni to domain - content="$content{nl}Content-Disposition: form-data; name=\"snis\"${nl}${nl}$_cdomain" + content="--$delim${nl}Content-Disposition: form-data; name=\"snis\"${nl}${nl}$_cdomain" fi #add key content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")" @@ -67,7 +63,7 @@ kong_deploy() { _debug content "$content" #Check if sslcreated (if not => POST else => PATCH) - if [ ! -z "$ssl_uuid" ]; then + if [ -z "$ssl_uuid" ]; then #Post certificate to Kong response=$(_post "$content" "$KONG_URL/certificates" "" "POST") else From 824ffa24f497a69bd4b0cb0cf10520b27d326514 Mon Sep 17 00:00:00 2001 From: Andre Cantero Date: Fri, 28 Apr 2017 00:21:21 +0800 Subject: [PATCH 29/64] Add shebang --- deploy/kong.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/kong.sh b/deploy/kong.sh index 9d1f40a7..dce92096 100755 --- a/deploy/kong.sh +++ b/deploy/kong.sh @@ -1,3 +1,4 @@ +#!/usr/bin/env sh # Note that ssl plugin should be available on Kong instance # The hook will match cdomain to request_host, in case of multiple domain it will always take the first # one (acme.sh behaviour). From 1231b71245588f107bc9667c16925afeac0f4e4e Mon Sep 17 00:00:00 2001 From: Andre Cantero Date: Fri, 28 Apr 2017 00:25:30 +0800 Subject: [PATCH 30/64] Update the notes --- deploy/kong.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/deploy/kong.sh b/deploy/kong.sh index dce92096..d3a6bc47 100755 --- a/deploy/kong.sh +++ b/deploy/kong.sh @@ -1,11 +1,7 @@ #!/usr/bin/env sh -# Note that ssl plugin should be available on Kong instance -# The hook will match cdomain to request_host, in case of multiple domain it will always take the first -# one (acme.sh behaviour). -# If ssl config already exist it will update only cert and key not touching other parameter -# If ssl config doesn't exist it will only upload cert and key and not set other parameter -# Not that we deploy full chain -# See https://getkong.org/plugins/dynamic-ssl/ for other options +# If certificate already exist it will update only cert and key not touching other parameter +# If certificate doesn't exist it will only upload cert and key and not set other parameter +# Note that we deploy full chain # Written by Geoffroi Genot ######## Public functions ##################### From 5b3e3d9cf444e3c9e969244baedc18338f5b4ccc Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 30 Apr 2017 16:29:20 +0800 Subject: [PATCH 31/64] fix https://github.com/Neilpang/acme.sh/issues/812 --- acme.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 3506bdb9..7ce947ea 100755 --- a/acme.sh +++ b/acme.sh @@ -166,7 +166,14 @@ _syslog() { fi _logclass="$1" shift - logger -i -t "$PROJECT_NAME" -p "$_logclass" "$(_printargs "$@")" >/dev/null 2>&1 + if [ -z "$__logger_i" ]; then + if _contains "$(logger --help 2>&1)" "-i"; then + __logger_i="logger -i" + else + __logger_i="logger" + fi + fi + $__logger_i -t "$PROJECT_NAME" -p "$_logclass" "$(_printargs "$@")" >/dev/null 2>&1 } _log() { From 2310a9bbc0d043cc3340af8a933a0679004874ae Mon Sep 17 00:00:00 2001 From: shar0119 Date: Sun, 30 Apr 2017 10:32:56 -0700 Subject: [PATCH 32/64] Removed grep -Po Removed usage of grep -Po. --- dnsapi/dns_dynu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh index 19e7fc7b..f6eabde2 100644 --- a/dnsapi/dns_dynu.sh +++ b/dnsapi/dns_dynu.sh @@ -149,7 +149,7 @@ _get_recordid() { return 0 fi - _dns_record_id=$(printf "%s" "$response" | _egrep_o "{[^}]*}" | grep "\"text_data\":\"$txtvalue\"" | grep -Po '"id":\K[0-9]+') + _dns_record_id=$(printf "%s" "$response" | _egrep_o "{[^}]*}" | grep "\"text_data\":\"$txtvalue\"" | _egrep_o ",[^,]*," | grep ',"id":' | tr -d ",," | cut -d : -f 2) return 0 } From f5c381d5b466094f7c26573341deb517df5456b9 Mon Sep 17 00:00:00 2001 From: ka2er Date: Tue, 2 May 2017 00:45:29 +0200 Subject: [PATCH 33/64] less permissive permission on OVH API restrict authorization request to OVH /domain API and not whole OVH API. Not perfect due to some limitations in regex with *, but better security as the token don't give full access to the API. --- dnsapi/dns_ovh.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index 18f9c7dc..6c1edb4d 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -119,7 +119,7 @@ dns_ovh_add() { _info "Checking authentication" - response="$(_ovh_rest GET "domain/")" + response="$(_ovh_rest GET "domain")" if _contains "$response" "INVALID_CREDENTIAL"; then _err "The consumer key is invalid: $OVH_CK" _err "Please retry to create a new one." @@ -191,7 +191,7 @@ _ovh_authentication() { _H3="" _H4="" - _ovhdata='{"accessRules": [{"method": "GET","path": "/*"},{"method": "POST","path": "/*"},{"method": "PUT","path": "/*"},{"method": "DELETE","path": "/*"}],"redirection":"'$ovh_success'"}' + _ovhdata='{"accessRules": [{"method": "GET","path": "/auth/time"},{"method": "GET","path": "/domain"},{"method": "GET","path": "/domain/zone/*"},{"method": "GET","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/refresh"},{"method": "PUT","path": "/domain/zone/*/record/*"}],"redirection":"'$ovh_success'"}' response="$(_post "$_ovhdata" "$OVH_API/auth/credential")" _debug3 response "$response" From 1994c6828ecaaefa50beb8fb5616ed51a3b98c48 Mon Sep 17 00:00:00 2001 From: Matthew Turney Date: Mon, 5 Dec 2016 21:53:02 -0600 Subject: [PATCH 34/64] include dnsimple api Even though DNSimple is technically covered with lexicon not all systems can install python pip's easily. For these systems it is useful to have pure shell script API interactions. --- README.md | 1 + dnsapi/README.md | 36 +++++++-- dnsapi/dns_dnsimple.sh | 163 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 193 insertions(+), 7 deletions(-) create mode 100644 dnsapi/dns_dnsimple.sh diff --git a/README.md b/README.md index 0a320369..34b9243a 100644 --- a/README.md +++ b/README.md @@ -292,6 +292,7 @@ You don't have to do anything manually! 1. CloudFlare.com API 1. DNSPod.cn API +1. DNSimple API 1. CloudXNS.com API 1. GoDaddy.com API 1. OVH, kimsufi, soyoustart and runabove API diff --git a/dnsapi/README.md b/dnsapi/README.md index 12d76bef..ad03ea79 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -422,31 +422,31 @@ acme.sh --issue --dns dns_cloudns -d example.com -d www.example.com ``` ## 22. Use Infoblox API - + First you need to create/obtain API credentials on your Infoblox appliance. - + ``` export Infoblox_Creds="username:password" export Infoblox_Server="ip or fqdn of infoblox appliance" ``` - + Ok, let's issue a cert now: ``` acme.sh --issue --dns dns_infoblox -d example.com -d www.example.com ``` - + Note: This script will automatically create and delete the ephemeral txt record. The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. ## 23. Use VSCALE API - + First you need to create/obtain API tokens on your [settings panel](https://vscale.io/panel/settings/tokens/). - + ``` VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" ``` - + Ok, let's issue a cert now: ``` acme.sh --issue --dns dns_vscale -d example.com -d www.example.com @@ -468,6 +468,28 @@ acme.sh --issue --dns dns_dynu -d example.com -d www.example.com The `Dynu_ClientId` and `Dynu_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. +## 25. Use DNSimple API + +First you need to login to your DNSimple account and generate a new oauth token. + +https://dnsimple.com/a/{your account id}/account/access_tokens + +Note that this is an _account_ token and not a user token. The account token is +needed to infer the `account_id` used in requests. A user token will not be able +to determine the correct account to use. + +``` +export DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje" +``` + +To issue the cert just specify the `dns_dnsimple` API. + +``` +acme.sh --issue --dns dns_dnsimple -d example.com +``` + +The `DNSimple_OAUTH_TOKEN` will be saved in `~/.acme.sh/account.conf` and will +be reused when needed. # Use custom API diff --git a/dnsapi/dns_dnsimple.sh b/dnsapi/dns_dnsimple.sh new file mode 100644 index 00000000..d714d36c --- /dev/null +++ b/dnsapi/dns_dnsimple.sh @@ -0,0 +1,163 @@ +#!/usr/bin/env sh + +# DNSimple domain api +# +# This is your oauth token which can be acquired on the account page. Please +# note that this must be an _account_ token and not a _user_ token. +# https://dnsimple.com/a//account/access_tokens +# DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje" + +DNSimple_API="https://api.dnsimple.com/v2" + +######## Public functions ##################### + +# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_dnsimple_add() { + fulldomain=$1 + txtvalue=$2 + + if [ -z "$DNSimple_OAUTH_TOKEN" ]; then + DNSimple_OAUTH_TOKEN="" + _err "You have not set the dnsimple oauth token yet." + _err "Please visit https://dnsimple.com/user to generate it." + return 1 + fi + + # save the oauth token for later + _saveaccountconf DNSimple_OAUTH_TOKEN "$DNSimple_OAUTH_TOKEN" + + _debug "Retrive account ID" + if ! _get_account_id; then + _err "failed to retrive account id" + return 1 + fi + _debug _account_id "$_account_id" + + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _domain "$_domain" + _debug _sub_domain "$_sub_domain" + + _debug "Getting txt records" + _dnsimple_rest GET "$_account_id/zones/$_domain/records?per_page=100" + + if ! _contains "$response" "\"id\":"; then + _err "Error" + return 1 + fi + + count=$(printf "%s" "$response" | _egrep_o "\"name\":\"$_sub_domain\"" | wc -l | _egrep_o "[0-9]+") + _debug count "$count" + + if [ "$count" = "0" ]; then + _info "Adding record" + if _dnsimple_rest POST "$_account_id/zones/$_domain/records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then + if printf -- "%s" "$response" | grep "\"name\":\"$_sub_domain\"" >/dev/null; then + _info "Added" + return 0 + else + _err "Add txt record error." + return 1 + fi + fi + _err "Add txt record error." + else + _info "Updating record" + record_id=$(printf "%s" "$response" | _egrep_o "\"id\":[^,]*,\"zone_id\":\"[^,]*\",\"parent_id\":null,\"name\":\"$_sub_domain\"" | cut -d: -f2 | cut -d, -f1) + _debug "record_id" "$record_id" + + _dnsimple_rest PATCH "$_account_id/zones/$_domain/records/$record_id" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}" + if [ "$?" = "0" ]; then + _info "Updated!" + #todo: check if the record takes effect + return 0 + fi + _err "Update error" + return 1 + fi +} + +# fulldomain +dns_dnsimple_rm() { + fulldomain=$1 + +} + +#################### Private functions bellow ################################## +# _acme-challenge.www.domain.com +# returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +_get_root() { + domain=$1 + i=2 + p=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + if [ -z "$h" ]; then + # not valid + return 1 + fi + + if ! _dnsimple_rest GET "$_account_id/zones/$h"; then + return 1 + fi + + if _contains "$response" 'not found'; then + _debug "$h not found" + else + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + return 0 + fi + p="$i" + i=$(_math "$i" + 1) + done + return 1 +} + +_get_account_id() { + if ! _dnsimple_rest GET "whoami"; then + return 1 + fi + + if _contains "$response" "\"account\":null"; then + _err "no account associated with this token" + return 1 + fi + + if _contains "$response" "timeout"; then + _err "timeout retrieving account_id" + return 1 + fi + + _account_id=$(printf "%s" "$response" | _egrep_o "\"id\":[^,]*,\"email\":" | cut -d: -f2 | cut -d, -f1) + return 0 +} + +_dnsimple_rest() { + method=$1 + path="$2" + data="$3" + request_url="$DNSimple_API/$path" + _debug "$path" + + _H1="Accept: application/json" + _H2="Authorization: Bearer $DNSimple_OAUTH_TOKEN" + if [ "$data" ]; then + _H1="Content-Type: application/json" + _debug data "$data" + response="$(_post "$data" "$request_url" "" "$method")" + else + response="$(_get "$request_url")" + fi + + if [ "$?" != "0" ]; then + _err "error $request_url" + return 1 + fi + _debug2 response "$response" + return 0 +} From 2b092539618fc4ca627f9aa2b7b021488e222397 Mon Sep 17 00:00:00 2001 From: Matthew Turney Date: Tue, 6 Dec 2016 08:32:14 -0600 Subject: [PATCH 35/64] link to contributor repo for support issues relating to the dnsimple API integration --- dnsapi/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dnsapi/README.md b/dnsapi/README.md index ad03ea79..f53d8ad4 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -491,6 +491,9 @@ acme.sh --issue --dns dns_dnsimple -d example.com The `DNSimple_OAUTH_TOKEN` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. +If you have any issues with this integration please report them to +https://github.com/pho3nixf1re/acme.sh/issues. + # Use custom API If your API is not supported yet, you can write your own DNS API. From f4e81953ce59731c3c46f7dc6937417851bd6e88 Mon Sep 17 00:00:00 2001 From: Matthew Turney Date: Sun, 12 Feb 2017 16:07:05 -0600 Subject: [PATCH 36/64] provide a more general purpose request function This allows for more flexibility in the future. Most importantly being able to do more than just GET requests but any HTTP method. Specifically needed for DELETE requests. --- acme.sh | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 7ce947ea..3ccd8dc4 100755 --- a/acme.sh +++ b/acme.sh @@ -1592,12 +1592,17 @@ _post() { return $_ret } -# url getheader timeout _get() { - _debug GET + _request "$1" "$2" "$3" GET +} + +# url getheader timeout +_request() { url="$1" onlyheader="$2" t="$3" + method="$4" + _debug method $method _debug url "$url" _debug "timeout" "$t" @@ -1611,6 +1616,9 @@ _get() { if [ "$t" ]; then _CURL="$_CURL --connect-timeout $t" fi + if [ "$method" ]; then + _CURL="$_CURL -X $method" + fi _debug "_CURL" "$_CURL" if [ "$onlyheader" ]; then $_CURL -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url" @@ -1633,6 +1641,9 @@ _get() { if [ "$t" ]; then _WGET="$_WGET --timeout=$t" fi + if [ "$method" ]; then + _WGET="$_WGET --method=$method" + fi _debug "_WGET" "$_WGET" if [ "$onlyheader" ]; then $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null "$url" 2>&1 | sed 's/^[ ]*//g' From f9b419d1e40c6056675891e846841158f36dc01a Mon Sep 17 00:00:00 2001 From: Matthew Turney Date: Sun, 12 Feb 2017 16:08:32 -0600 Subject: [PATCH 37/64] cleanup dns in dnsimple api integration Implement the `_rm()` method for the DNSimple integration. This also required some changes and cleanup to DRY up the code. --- dnsapi/dns_dnsimple.sh | 96 +++++++++++++++++++++++++++++++----------- 1 file changed, 72 insertions(+), 24 deletions(-) diff --git a/dnsapi/dns_dnsimple.sh b/dnsapi/dns_dnsimple.sh index d714d36c..dde6638e 100644 --- a/dnsapi/dns_dnsimple.sh +++ b/dnsapi/dns_dnsimple.sh @@ -26,49 +26,35 @@ dns_dnsimple_add() { # save the oauth token for later _saveaccountconf DNSimple_OAUTH_TOKEN "$DNSimple_OAUTH_TOKEN" - _debug "Retrive account ID" if ! _get_account_id; then _err "failed to retrive account id" return 1 fi - _debug _account_id "$_account_id" if ! _get_root "$fulldomain"; then _err "invalid domain" return 1 fi - _debug _domain "$_domain" - _debug _sub_domain "$_sub_domain" - - _debug "Getting txt records" - _dnsimple_rest GET "$_account_id/zones/$_domain/records?per_page=100" - - if ! _contains "$response" "\"id\":"; then - _err "Error" - return 1 - fi - count=$(printf "%s" "$response" | _egrep_o "\"name\":\"$_sub_domain\"" | wc -l | _egrep_o "[0-9]+") - _debug count "$count" + _get_records $_account_id $_domain $_sub_domain - if [ "$count" = "0" ]; then + if [ "$_records_count" = "0" ]; then _info "Adding record" if _dnsimple_rest POST "$_account_id/zones/$_domain/records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then if printf -- "%s" "$response" | grep "\"name\":\"$_sub_domain\"" >/dev/null; then _info "Added" return 0 else - _err "Add txt record error." + _err "Unexpected response while adding text record." return 1 fi fi _err "Add txt record error." else _info "Updating record" - record_id=$(printf "%s" "$response" | _egrep_o "\"id\":[^,]*,\"zone_id\":\"[^,]*\",\"parent_id\":null,\"name\":\"$_sub_domain\"" | cut -d: -f2 | cut -d, -f1) - _debug "record_id" "$record_id" + _extract_record_id $_records $_sub_domain - _dnsimple_rest PATCH "$_account_id/zones/$_domain/records/$record_id" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}" + _dnsimple_rest PATCH "$_account_id/zones/$_domain/records/$_record_id" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}" if [ "$?" = "0" ]; then _info "Updated!" #todo: check if the record takes effect @@ -83,6 +69,31 @@ dns_dnsimple_add() { dns_dnsimple_rm() { fulldomain=$1 + if ! _get_account_id; then + _err "failed to retrive account id" + return 1 + fi + + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + + _get_records $_account_id $_domain $_sub_domain + _extract_record_id $_records $_sub_domain + + if [ "$_record_id" ]; then + _dnsimple_rest DELETE "$_account_id/zones/$_domain/records/$_record_id" + + if [ "$?" = "0" ]; then + _info "removed record" "$_record_id" + return 0 + fi + fi + + _err "failed to remove record" "$_record_id" + return 1 + } #################### Private functions bellow ################################## @@ -93,7 +104,7 @@ dns_dnsimple_rm() { _get_root() { domain=$1 i=2 - p=1 + previous=1 while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) if [ -z "$h" ]; then @@ -108,17 +119,24 @@ _get_root() { if _contains "$response" 'not found'; then _debug "$h not found" else - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$previous) _domain="$h" + + _debug _domain "$_domain" + _debug _sub_domain "$_sub_domain" + return 0 fi - p="$i" + + previous="$i" i=$(_math "$i" + 1) done return 1 } +# returns _account_id _get_account_id() { + _debug "retrive account id" if ! _dnsimple_rest GET "whoami"; then return 1 fi @@ -129,14 +147,44 @@ _get_account_id() { fi if _contains "$response" "timeout"; then - _err "timeout retrieving account_id" + _err "timeout retrieving account id" return 1 fi _account_id=$(printf "%s" "$response" | _egrep_o "\"id\":[^,]*,\"email\":" | cut -d: -f2 | cut -d, -f1) + _debug _account_id "$_account_id" + return 0 } +# returns +# _records +# _records_count +_get_records() { + account_id=$1 + domain=$2 + sub_domain=$3 + + _debug "fetching txt records" + _dnsimple_rest GET "$account_id/zones/$domain/records?per_page=100" + + if ! _contains "$response" "\"id\":"; then + _err "failed to retrieve records" + return 1 + fi + + _records_count=$(printf "%s" "$response" | _egrep_o "\"name\":\"$sub_domain\"" | wc -l | _egrep_o "[0-9]+") + _records=$response + _debug _records_count "$_records_count" +} + +# returns _record_id +_extract_record_id() { + _record_id=$(printf "%s" "$_records" | _egrep_o "\"id\":[^,]*,\"zone_id\":\"[^,]*\",\"parent_id\":null,\"name\":\"$_sub_domain\"" | cut -d: -f2 | cut -d, -f1) + _debug "_record_id" "$_record_id" +} + +# returns response _dnsimple_rest() { method=$1 path="$2" @@ -151,7 +199,7 @@ _dnsimple_rest() { _debug data "$data" response="$(_post "$data" "$request_url" "" "$method")" else - response="$(_get "$request_url")" + response="$(_request "$request_url" "" "" "$method")" fi if [ "$?" != "0" ]; then From 326ac485b35e2783365f5ab660caec28fc64d794 Mon Sep 17 00:00:00 2001 From: Matthew Turney Date: Sun, 12 Feb 2017 16:15:37 -0600 Subject: [PATCH 38/64] link to repo for dnsimple integration support --- dnsapi/dns_dnsimple.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_dnsimple.sh b/dnsapi/dns_dnsimple.sh index dde6638e..f1c841dc 100644 --- a/dnsapi/dns_dnsimple.sh +++ b/dnsapi/dns_dnsimple.sh @@ -1,6 +1,7 @@ #!/usr/bin/env sh # DNSimple domain api +# https://github.com/pho3nixf1re/acme.sh/issues # # This is your oauth token which can be acquired on the account page. Please # note that this must be an _account_ token and not a _user_ token. From 2f4111a2e2ed01c27e070b375fa3f0179d0b46d3 Mon Sep 17 00:00:00 2001 From: Matthew Turney Date: Mon, 13 Feb 2017 11:37:34 -0600 Subject: [PATCH 39/64] fixup shellcheck style issues --- dnsapi/dns_dnsimple.sh | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_dnsimple.sh b/dnsapi/dns_dnsimple.sh index f1c841dc..d92c6137 100644 --- a/dnsapi/dns_dnsimple.sh +++ b/dnsapi/dns_dnsimple.sh @@ -37,7 +37,7 @@ dns_dnsimple_add() { return 1 fi - _get_records $_account_id $_domain $_sub_domain + _get_records "$_account_id" "$_domain" "$_sub_domain" if [ "$_records_count" = "0" ]; then _info "Adding record" @@ -53,14 +53,17 @@ dns_dnsimple_add() { _err "Add txt record error." else _info "Updating record" - _extract_record_id $_records $_sub_domain + _extract_record_id "$_records" "$_sub_domain" + + if _dnsimple_rest \ + PATCH \ + "$_account_id/zones/$_domain/records/$_record_id" \ + "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then - _dnsimple_rest PATCH "$_account_id/zones/$_domain/records/$_record_id" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}" - if [ "$?" = "0" ]; then _info "Updated!" - #todo: check if the record takes effect return 0 fi + _err "Update error" return 1 fi @@ -80,13 +83,12 @@ dns_dnsimple_rm() { return 1 fi - _get_records $_account_id $_domain $_sub_domain - _extract_record_id $_records $_sub_domain + _get_records "$_account_id" "$_domain" "$_sub_domain" + _extract_record_id "$_records" "$_sub_domain" if [ "$_record_id" ]; then - _dnsimple_rest DELETE "$_account_id/zones/$_domain/records/$_record_id" - if [ "$?" = "0" ]; then + if _dnsimple_rest DELETE "$_account_id/zones/$_domain/records/$_record_id"; then _info "removed record" "$_record_id" return 0 fi @@ -193,8 +195,9 @@ _dnsimple_rest() { request_url="$DNSimple_API/$path" _debug "$path" - _H1="Accept: application/json" - _H2="Authorization: Bearer $DNSimple_OAUTH_TOKEN" + export _H1="Accept: application/json" + export _H2="Authorization: Bearer $DNSimple_OAUTH_TOKEN" + if [ "$data" ]; then _H1="Content-Type: application/json" _debug data "$data" From 5b21cbe0de81f858e29a5abf3e3c0c35ae6a18d3 Mon Sep 17 00:00:00 2001 From: Matthew Turney Date: Mon, 1 May 2017 20:56:04 -0500 Subject: [PATCH 40/64] Revert "provide a more general purpose request function" This reverts commit aa86652db8d3132fb7fe0c0253dded7deb7dce2c. This is not actually necessary and can be accomplished with the post function. --- acme.sh | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/acme.sh b/acme.sh index 3ccd8dc4..7ce947ea 100755 --- a/acme.sh +++ b/acme.sh @@ -1592,17 +1592,12 @@ _post() { return $_ret } -_get() { - _request "$1" "$2" "$3" GET -} - # url getheader timeout -_request() { +_get() { + _debug GET url="$1" onlyheader="$2" t="$3" - method="$4" - _debug method $method _debug url "$url" _debug "timeout" "$t" @@ -1616,9 +1611,6 @@ _request() { if [ "$t" ]; then _CURL="$_CURL --connect-timeout $t" fi - if [ "$method" ]; then - _CURL="$_CURL -X $method" - fi _debug "_CURL" "$_CURL" if [ "$onlyheader" ]; then $_CURL -I --user-agent "$USER_AGENT" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" "$url" @@ -1641,9 +1633,6 @@ _request() { if [ "$t" ]; then _WGET="$_WGET --timeout=$t" fi - if [ "$method" ]; then - _WGET="$_WGET --method=$method" - fi _debug "_WGET" "$_WGET" if [ "$onlyheader" ]; then $_WGET --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" -S -O /dev/null "$url" 2>&1 | sed 's/^[ ]*//g' From 533238712536e3a11c2b09b4d0d480891cfd3d9f Mon Sep 17 00:00:00 2001 From: Matthew Turney Date: Tue, 2 May 2017 08:51:43 -0500 Subject: [PATCH 41/64] Use _post to send a DELETE request for DNSimple record removal. --- dnsapi/dns_dnsimple.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_dnsimple.sh b/dnsapi/dns_dnsimple.sh index d92c6137..0bfe2b99 100644 --- a/dnsapi/dns_dnsimple.sh +++ b/dnsapi/dns_dnsimple.sh @@ -198,12 +198,12 @@ _dnsimple_rest() { export _H1="Accept: application/json" export _H2="Authorization: Bearer $DNSimple_OAUTH_TOKEN" - if [ "$data" ]; then + if [ "$data" ] || [ "$method" = "DELETE" ]; then _H1="Content-Type: application/json" _debug data "$data" response="$(_post "$data" "$request_url" "" "$method")" else - response="$(_request "$request_url" "" "" "$method")" + response="$(_get "$request_url" "" "" "$method")" fi if [ "$?" != "0" ]; then From 4c38fec3b57e23d5aece5dfd92ac1f50abc6b150 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 3 May 2017 23:07:30 +0800 Subject: [PATCH 42/64] update doc --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 34b9243a..0cb800eb 100644 --- a/README.md +++ b/README.md @@ -136,13 +136,25 @@ root@v1:~# acme.sh -h acme.sh --issue -d example.com -w /home/wwwroot/example.com ``` +or: + +```bash +acme.sh --issue -d example.com -w /home/username/public_html +``` + +or: + +```bash +acme.sh --issue -d example.com -w /var/www/html +``` + **Example 2:** Multiple domains in the same cert. ```bash acme.sh --issue -d example.com -d www.example.com -d cp.example.com -w /home/wwwroot/example.com ``` -The parameter `/home/wwwroot/example.com` is the web root folder. You **MUST** have `write access` to this folder. +The parameter `/home/wwwroot/example.com` or `/home/username/public_html` or `/var/www/html` is the web root folder where you host your website files. You **MUST** have `write access` to this folder. Second argument **"example.com"** is the main domain you want to issue the cert for. You must have at least one domain there. From cc1d3b20b60a9f729bbd0f61f6563d2fe34772d4 Mon Sep 17 00:00:00 2001 From: wizard1024 Date: Fri, 5 May 2017 14:55:51 +0300 Subject: [PATCH 43/64] Update dns_aws.sh to work only with public zones --- dnsapi/dns_aws.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 21e86686..800c3d09 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -106,7 +106,7 @@ _get_root() { fi if _contains "$response" "$h."; then - hostedzone="$(echo "$response" | sed 's//#&/g' | tr '#' '\n' | _egrep_o "[^<]*<.Id>$h.<.Name>.*<.HostedZone>")" + hostedzone="$(echo "$response" | sed 's//#&/g' | tr '#' '\n' | _egrep_o "[^<]*<.Id>$h.<.Name>.*false<.PrivateZone>.*<.HostedZone>")" _debug hostedzone "$hostedzone" if [ -z "$hostedzone" ]; then _err "Error, can not get hostedzone." From 5e3a5f627a94efea26d18d7eebb022a99a6149dd Mon Sep 17 00:00:00 2001 From: nytral Date: Mon, 8 May 2017 15:51:01 +0200 Subject: [PATCH 44/64] last but not least --- README.md | 1 + dnsapi/README.md | 11 +++ dnsapi/dns_nsone.sh | 158 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 170 insertions(+) create mode 100644 dnsapi/dns_nsone.sh diff --git a/README.md b/README.md index 0cb800eb..b816ec7f 100644 --- a/README.md +++ b/README.md @@ -329,6 +329,7 @@ You don't have to do anything manually! 1. Infoblox NIOS API (https://www.infoblox.com/) 1. VSCALE (https://vscale.io/) 1. Dynu API (https://www.dynu.com) +1. NS1.com API **More APIs coming soon...** diff --git a/dnsapi/README.md b/dnsapi/README.md index f53d8ad4..dff62399 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -494,6 +494,17 @@ be reused when needed. If you have any issues with this integration please report them to https://github.com/pho3nixf1re/acme.sh/issues. +## 26. Use NS1.com API + +``` +export NS1_Key="fdmlfsdklmfdkmqsdfk" +``` + +Ok, let's issue a cert now: +``` +acme.sh --issue --dns dns_nsone -d example.com -d www.example.com +``` + # Use custom API If your API is not supported yet, you can write your own DNS API. diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh new file mode 100644 index 00000000..48e4397f --- /dev/null +++ b/dnsapi/dns_nsone.sh @@ -0,0 +1,158 @@ +#!/bin/bash + +# bug reports to dev@1e.ca + +# +#NS1_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" +# + +NS1_Api="https://api.nsone.net/v1" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_nsone_add() { + fulldomain=$1 + txtvalue=$2 + + if [ -z "$NS1_Key" ]; then + NS1_Key="" + _err "You didn't specify nsone dns api key yet." + _err "Please create you key and try again." + return 1 + fi + + #save the api key and email to the account conf file. + _saveaccountconf NS1_Key "$NS1_Key" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _nsone_rest GET "zones/${_domain}" + + if ! _contains "$response" "\"records\":"; then + _err "Error" + return 1 + fi + + count=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain\",[^{]*\"type\":\"TXT\"" | wc -l | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Adding record" + + if _nsone_rest PUT "zones/$_domain/$fulldomain/TXT" "{\"answers\":[{\"answer\":[\"$txtvalue\"]}],\"type\":\"TXT\",\"domain\":\"$fulldomain\",\"zone\":\"$_domain\"}"; then + if _contains "$response" "$fulldomain"; then + _info "Added" + #todo: check if the record takes effect + return 0 + else + _err "Add txt record error." + return 1 + fi + fi + _err "Add txt record error." + else + _info "Updating record" + record_id=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain.\",[^{]*\"type\":\"TXT\",\"id\":\"[^,]*\"" | _head_n 1 | cut -d: -f7 | cut -d, -f1) + _debug "record_id" "$record_id" + + _nsone_rest POST "zones/$_domain/$fulldomain/TXT" "{\"answers\": [{\"answer\": [\"$txtvalue\"]}],\"type\": \"TXT\",\"domain\":\"$fulldomain\",\"zone\": \"$_domain\"}" + if [ "$?" = "0" ] && _contains "$response" "$fulldomain"; then + _info "Updated!" + #todo: check if the record takes effect + return 0 + fi + _err "Update error" + return 1 + fi + +} + +#fulldomain +dns_nsone_rm() { + fulldomain=$1 + txtvalue=$2 + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _nsone_rest GET "zones/${_domain}/$fulldomain/TXT" + + count=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain\",.*\"type\":\"TXT\"" | wc -l | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Don't need to remove." + else + if ! _nsone_rest DELETE "zones/${_domain}/$fulldomain/TXT"; then + _err "Delete record error." + return 1 + fi + _contains "$response" "" + fi +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + if ! _nsone_rest GET "zones"; then + return 1 + fi + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if _contains "$response" "\"zone\":\"$h\""; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + return 0 + fi + p=$i + i=$(_math "$i" + 1) + done + return 1 +} + +_nsone_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + export _H1="Accept: application/json" + export _H2="X-NSONE-Key: $NS1_Key" + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$NS1_Api/$ep" "" "$m")" + else + response="$(_get "$NS1_Api/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From dff641a665bffab928ebf0121ff15e86a608de96 Mon Sep 17 00:00:00 2001 From: nytral Date: Mon, 8 May 2017 16:07:45 +0200 Subject: [PATCH 45/64] I can do it... just discovered vmdiff --- README.md | 1 - dnsapi/README.md | 5 +---- dnsapi/dns_nsone.sh | 2 -- 3 files changed, 1 insertion(+), 7 deletions(-) diff --git a/README.md b/README.md index a67a9061..b816ec7f 100644 --- a/README.md +++ b/README.md @@ -324,7 +324,6 @@ You don't have to do anything manually! 1. Domain-Offensive/Resellerinterface/Domainrobot API 1. Gandi LiveDNS API 1. Knot DNS API -1. NS1.com API 1. DigitalOcean API (native) 1. ClouDNS.net API 1. Infoblox NIOS API (https://www.infoblox.com/) diff --git a/dnsapi/README.md b/dnsapi/README.md index 25ba1c34..dff62399 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -494,8 +494,7 @@ be reused when needed. If you have any issues with this integration please report them to https://github.com/pho3nixf1re/acme.sh/issues. -<<<<<<< HEAD -## 28. Use NS1.com API +## 26. Use NS1.com API ``` export NS1_Key="fdmlfsdklmfdkmqsdfk" @@ -505,8 +504,6 @@ Ok, let's issue a cert now: ``` acme.sh --issue --dns dns_nsone -d example.com -d www.example.com ``` -======= ->>>>>>> 9201e0a5b905812da1157efa075dd1ab52362c09 # Use custom API diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index ced65ac0..0f6e441a 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -1,6 +1,4 @@ -<<<<<<< HEAD #!/usr/bin/env sh ->>>>>>> 9201e0a5b905812da1157efa075dd1ab52362c09 # bug reports to dev@1e.ca From 9bc5f686ebb7e866bb8d0bf7299989d86a1c8d63 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 8 May 2017 22:25:06 +0800 Subject: [PATCH 46/64] fix list order --- README.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index b816ec7f..7e6b1227 100644 --- a/README.md +++ b/README.md @@ -304,17 +304,14 @@ You don't have to do anything manually! 1. CloudFlare.com API 1. DNSPod.cn API -1. DNSimple API 1. CloudXNS.com API 1. GoDaddy.com API -1. OVH, kimsufi, soyoustart and runabove API -1. AWS Route 53 1. PowerDNS.com API -1. lexicon DNS API: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api - (DigitalOcean, DNSimple, DNSMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.) +1. OVH, kimsufi, soyoustart and runabove API +1. nsupdate API 1. LuaDNS.com API 1. DNSMadeEasy.com API -1. nsupdate API +1. AWS Route 53 1. aliyun.com(阿里云) API 1. ISPConfig 3.1 API 1. Alwaysdata.com API @@ -329,9 +326,18 @@ You don't have to do anything manually! 1. Infoblox NIOS API (https://www.infoblox.com/) 1. VSCALE (https://vscale.io/) 1. Dynu API (https://www.dynu.com) +1. DNSimple API 1. NS1.com API + +And: + +1. lexicon DNS API: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api + (DigitalOcean, DNSimple, DNSMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.) + + + **More APIs coming soon...** If your DNS provider is not on the supported list above, you can write your own DNS API script easily. If you do, please consider submitting a [Pull Request](https://github.com/Neilpang/acme.sh/pulls) and contribute it to the project. From 5da1d3b73bdbec8fb5db9283d2755106c23847e0 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 8 May 2017 22:55:21 +0800 Subject: [PATCH 47/64] minor fix format --- dnsapi/dns_nsone.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index 0f6e441a..7af0f81d 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -45,7 +45,7 @@ dns_nsone_add() { _debug count "$count" if [ "$count" = "0" ]; then _info "Adding record" - + if _nsone_rest PUT "zones/$_domain/$fulldomain/TXT" "{\"answers\":[{\"answer\":[\"$txtvalue\"]}],\"type\":\"TXT\",\"domain\":\"$fulldomain\",\"zone\":\"$_domain\"}"; then if _contains "$response" "$fulldomain"; then _info "Added" @@ -124,9 +124,9 @@ _get_root() { fi if _contains "$response" "\"zone\":\"$h\""; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) - _domain="$h" - return 0 + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + return 0 fi p=$i i=$(_math "$i" + 1) From a20707cd731f98b820f56dbd92bad0477c91ea1c Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 8 May 2017 22:57:23 +0800 Subject: [PATCH 48/64] fix format --- dnsapi/dns_nsone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index 7af0f81d..adf1f422 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -45,7 +45,7 @@ dns_nsone_add() { _debug count "$count" if [ "$count" = "0" ]; then _info "Adding record" - + if _nsone_rest PUT "zones/$_domain/$fulldomain/TXT" "{\"answers\":[{\"answer\":[\"$txtvalue\"]}],\"type\":\"TXT\",\"domain\":\"$fulldomain\",\"zone\":\"$_domain\"}"; then if _contains "$response" "$fulldomain"; then _info "Added" From 0f48b15695d5c04e98e6a36d7c59dcc47ebe1666 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 9 May 2017 13:33:54 +0800 Subject: [PATCH 49/64] update doc --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7e6b1227..a163f233 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ - Just one script to issue, renew and install your certificates automatically. - DOES NOT require `root/sudoer` access. - Docker friendly +- IPv6 support It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt. From c487cd6af2067bbfee9d66465503cdac9bbbb102 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 11 May 2017 20:51:16 +0800 Subject: [PATCH 50/64] add VOLUME --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index feb89b0d..3b262615 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,5 +55,7 @@ else \n \ /root/.acme.sh/acme.sh --config-home /acme.sh \"\$@\"\n \ fi" >/entry.sh && chmod +x /entry.sh +VOLUME /acme.sh + ENTRYPOINT ["/entry.sh"] CMD ["--help"] From d61ef6b49ae442b93b36aba67ba6037a0a5948d1 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 12 May 2017 11:27:06 +0800 Subject: [PATCH 51/64] gandi dns api updated. --- dnsapi/dns_gandi_livedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_gandi_livedns.sh b/dnsapi/dns_gandi_livedns.sh index 28b8f99d..82ed599c 100755 --- a/dnsapi/dns_gandi_livedns.sh +++ b/dnsapi/dns_gandi_livedns.sh @@ -37,7 +37,7 @@ dns_gandi_livedns_add() { _debug sub_domain "$_sub_domain" _gandi_livedns_rest PUT "domains/$_domain/records/$_sub_domain/TXT" "{\"rrset_ttl\": 300, \"rrset_values\":[\"$txtvalue\"]}" \ - && _contains "$response" '{"message": "Zone Record Created"}' \ + && _contains "$response" '{"message": "DNS Record Created"}' \ && _info "Add $(__green "success")" } From 319d49ddbe81a7d72009f203e1a56f1c6e614742 Mon Sep 17 00:00:00 2001 From: The Gitter Badger Date: Fri, 12 May 2017 05:37:15 +0000 Subject: [PATCH 52/64] Add Gitter badge --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index a163f233..afdda8a8 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ # An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh) + +[![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) - An ACME protocol client written purely in Shell (Unix shell) language. - Full ACME protocol implementation. - Simple, powerful and very easy to use. You only need 3 minutes to learn it. From df037db0bb804eb05352974b66dfd564fff7608c Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 14 May 2017 10:15:40 +0800 Subject: [PATCH 53/64] clean cache --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3b262615..4cb33139 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,17 +4,17 @@ RUN apk update -f \ && apk --no-cache add -f \ openssl \ curl \ - netcat-openbsd + netcat-openbsd \ + && rm -rf /var/cache/apk/* ENV LE_CONFIG_HOME /acme.sh ENV AUTO_UPGRADE 1 #Install -RUN mkdir -p /install_acme.sh/ ADD ./ /install_acme.sh/ -RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) -RUN rm -rf /install_acme.sh/ +RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) && rm -rf /install_acme.sh/ + RUN ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh From 2844d73dc752138c48c7ec05a93869d931782ff5 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 15 May 2017 20:46:02 +0800 Subject: [PATCH 54/64] fix https://github.com/Neilpang/acme.sh/issues/844 --- acme.sh | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/acme.sh b/acme.sh index 7ce947ea..77be3fd5 100755 --- a/acme.sh +++ b/acme.sh @@ -1244,17 +1244,20 @@ createDomainKey() { fi domain=$1 - length=$2 + _cdl=$2 - if [ -z "$length" ]; then + if [ -z "$_cdl" ]; then _debug "Use DEFAULT_DOMAIN_KEY_LENGTH=$DEFAULT_DOMAIN_KEY_LENGTH" - length="$DEFAULT_DOMAIN_KEY_LENGTH" + _cdl="$DEFAULT_DOMAIN_KEY_LENGTH" fi - _initpath "$domain" "$length" + _initpath "$domain" "$_cdl" if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]); then - _createkey "$length" "$CERT_KEY_PATH" + if _createkey "$_cdl" "$CERT_KEY_PATH"; then + _savedomainconf Le_Keylength "$_cdl" + _info "The domain key is here: $(__green $CERT_KEY_PATH)" + fi else if [ "$IS_RENEW" ]; then _info "Domain key exists, skip" From b420ec6cb96f625e400fccfe60c3ad6256f03c32 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 17 May 2017 13:16:53 +0800 Subject: [PATCH 55/64] fix for performance of _h2b() function --- acme.sh | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/acme.sh b/acme.sh index 77be3fd5..8edf2c61 100755 --- a/acme.sh +++ b/acme.sh @@ -444,19 +444,27 @@ if [ "$(printf '\x41')" != 'A' ]; then fi _h2b() { + if _exists xxd; then + xxd -r -p + return + fi + hex=$(cat) i=1 j=2 - - _debug3 _URGLY_PRINTF "$_URGLY_PRINTF" - while true; do - if [ -z "$_URGLY_PRINTF" ]; then + _debug2 _URGLY_PRINTF "$_URGLY_PRINTF" + if [ -z "$_URGLY_PRINTF" ]; then + while true; do h="$(printf "%s" "$hex" | cut -c $i-$j)" if [ -z "$h" ]; then break fi printf "\x$h%s" - else + i="$(_math "$i" + 2)" + j="$(_math "$j" + 2)" + done + else + while true; do ic="$(printf "%s" "$hex" | cut -c $i)" jc="$(printf "%s" "$hex" | cut -c $j)" if [ -z "$ic$jc" ]; then @@ -465,12 +473,11 @@ _h2b() { ic="$(_h_char_2_dec "$ic")" jc="$(_h_char_2_dec "$jc")" printf '\'"$(printf "%o" "$(_math "$ic" \* 16 + $jc)")""%s" - fi - - i="$(_math "$i" + 2)" - j="$(_math "$j" + 2)" + i="$(_math "$i" + 2)" + j="$(_math "$j" + 2)" + done + fi - done } _is_solaris() { From fa93d68b085dd5cef9f09fba8de665b31d0a5665 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 20 May 2017 11:02:48 +0800 Subject: [PATCH 56/64] promote performance --- acme.sh | 42 +++++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/acme.sh b/acme.sh index 8edf2c61..17062806 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.6.9 +VER=2.7.0 PROJECT_NAME="acme.sh" @@ -450,31 +450,35 @@ _h2b() { fi hex=$(cat) - i=1 - j=2 + ic="" + jc="" _debug2 _URGLY_PRINTF "$_URGLY_PRINTF" if [ -z "$_URGLY_PRINTF" ]; then - while true; do - h="$(printf "%s" "$hex" | cut -c $i-$j)" - if [ -z "$h" ]; then - break - fi - printf "\x$h%s" - i="$(_math "$i" + 2)" - j="$(_math "$j" + 2)" - done + if _exists xargs; then + _debug2 "xargs" + echo "$hex" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf + else + for h in $(echo "$hex" | sed 's/\([0-9A-F]\{2\}\)/ \1/gI') + do + if [ -z "$h" ]; then + break + fi + printf "\x$h%s" + done + fi else - while true; do - ic="$(printf "%s" "$hex" | cut -c $i)" - jc="$(printf "%s" "$hex" | cut -c $j)" - if [ -z "$ic$jc" ]; then - break + for c in $(echo "$hex" | sed 's/\([0-9A-F]\)/ \1/gI') + do + if [ -z "$ic" ]; then + ic=$c + continue fi + jc=$c ic="$(_h_char_2_dec "$ic")" jc="$(_h_char_2_dec "$jc")" printf '\'"$(printf "%o" "$(_math "$ic" \* 16 + $jc)")""%s" - i="$(_math "$i" + 2)" - j="$(_math "$j" + 2)" + ic="" + jc="" done fi From ed3dda7da960072f48370a25dd5beaccb7302cf2 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 20 May 2017 11:15:26 +0800 Subject: [PATCH 57/64] fix format --- acme.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index 17062806..f255c43f 100755 --- a/acme.sh +++ b/acme.sh @@ -458,8 +458,7 @@ _h2b() { _debug2 "xargs" echo "$hex" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf else - for h in $(echo "$hex" | sed 's/\([0-9A-F]\{2\}\)/ \1/gI') - do + for h in $(echo "$hex" | sed 's/\([0-9A-F]\{2\}\)/ \1/gI'); do if [ -z "$h" ]; then break fi @@ -467,8 +466,7 @@ _h2b() { done fi else - for c in $(echo "$hex" | sed 's/\([0-9A-F]\)/ \1/gI') - do + for c in $(echo "$hex" | sed 's/\([0-9A-F]\)/ \1/gI'); do if [ -z "$ic" ]; then ic=$c continue From 486e77f474d1da05bc9201a7446b12dc4abc38b4 Mon Sep 17 00:00:00 2001 From: Jean-Tiare Le Bigot Date: Mon, 22 May 2017 14:13:39 +0200 Subject: [PATCH 58/64] Support OVH credentials scoped to a specific zone When creating OVH API credentials, one can scope them to a specific subset of routes. Specifically, this allows to limit acme.sh to a specific zone as the zone is part of the URL. This is an important security/safety net feature. --- dnsapi/dns_ovh.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index 6c1edb4d..eaa90bdf 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -238,7 +238,7 @@ _get_root() { return 1 fi - if ! _contains "$response" "This service does not exist" >/dev/null; then + if ! _contains "$response" "This service does not exist" >/dev/null && ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain="$h" return 0 From 7eea9533e895f405d2fbbbb110a42d8f74967127 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Mon, 22 May 2017 14:53:26 -0500 Subject: [PATCH 59/64] Update README.md Fix usage documentation for dns_nsupdate. The NSUPDATE_KEY env needs to be a path to a file. --- dnsapi/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/README.md b/dnsapi/README.md index dff62399..5dca829a 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -140,7 +140,7 @@ Finally, make the DNS server and update Key available to `acme.sh` ``` export NSUPDATE_SERVER="dns.example.com" -export NSUPDATE_KEY="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa==" +export NSUPDATE_KEY="/path/to/your/nsupdate.key" ``` Ok, let's issue a cert now: From aa66dfff57b17e1fe1d37f1389be5a768a85116e Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 25 May 2017 21:06:59 +0800 Subject: [PATCH 60/64] fix doc --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index afdda8a8..8ddadf57 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |19|[![](https://cdn.rawgit.com/Neilpang/acmetest/master/status/gentoo-stage3-amd64.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Gentoo Linux |20|[![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh)|Mac OSX -For all build statuses, check our [daily build project](https://github.com/Neilpang/acmetest): +For all build statuses, check our [weekly build project](https://github.com/Neilpang/acmetest): https://github.com/Neilpang/acmetest From ded4469efe8a61e94d4878c80420cac414c4e6d2 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 26 May 2017 14:58:52 +0800 Subject: [PATCH 61/64] fix for openbsd, sed doesn't support `I` option. --- acme.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index f255c43f..737d6a7c 100755 --- a/acme.sh +++ b/acme.sh @@ -456,9 +456,9 @@ _h2b() { if [ -z "$_URGLY_PRINTF" ]; then if _exists xargs; then _debug2 "xargs" - echo "$hex" | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf + echo "$hex" | _upper_case | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/g' | xargs printf else - for h in $(echo "$hex" | sed 's/\([0-9A-F]\{2\}\)/ \1/gI'); do + for h in $(echo "$hex" | _upper_case | sed 's/\([0-9A-F]\{2\}\)/ \1/g'); do if [ -z "$h" ]; then break fi @@ -466,7 +466,7 @@ _h2b() { done fi else - for c in $(echo "$hex" | sed 's/\([0-9A-F]\)/ \1/gI'); do + for c in $(echo "$hex" | _upper_case | sed 's/\([0-9A-F]\)/ \1/g'); do if [ -z "$ic" ]; then ic=$c continue From 6185244754718adbe99e564886a443f803a31583 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 27 May 2017 19:28:12 +0800 Subject: [PATCH 62/64] fix doc --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8ddadf57..13188982 100644 --- a/README.md +++ b/README.md @@ -199,7 +199,7 @@ The ownership and permission info of existing files are preserved. You may want Install/copy the issued cert/key to the production Apache or Nginx path. -The cert will be `renewed every **60** days by default` (which is configurable). Once the cert is renewed, the Apache/Nginx service will be restarted automatically by the command: `service apache2 restart` or `service nginx restart`. +The cert will be renewed every **60** days by default (which is configurable). Once the cert is renewed, the Apache/Nginx service will be reloaded automatically by the command: `service apache2 force-reload` or `service nginx force-reload`. # 4. Use Standalone server to issue cert From f8bcfeb2ab7b1c4486309b673b557c4ad2ea5df7 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 29 May 2017 17:07:59 +0800 Subject: [PATCH 63/64] fix xargs issue for freebsd https://github.com/Neilpang/acme.sh/issues/865#issuecomment-304599955 --- acme.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 737d6a7c..60f0fd48 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.7.0 +VER=2.7.1 PROJECT_NAME="acme.sh" @@ -443,6 +443,11 @@ if [ "$(printf '\x41')" != 'A' ]; then _URGLY_PRINTF=1 fi +_ESCAPE_XARGS="" +if [ "$(printf %s '\\x41' | xargs printf)" == 'A' ]; then + _ESCAPE_XARGS=1 +fi + _h2b() { if _exists xxd; then xxd -r -p @@ -454,7 +459,7 @@ _h2b() { jc="" _debug2 _URGLY_PRINTF "$_URGLY_PRINTF" if [ -z "$_URGLY_PRINTF" ]; then - if _exists xargs; then + if [ "$_ESCAPE_XARGS" ] && _exists xargs; then _debug2 "xargs" echo "$hex" | _upper_case | sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/g' | xargs printf else From 8a420dd853667db64ca1ac4e6618fd5040c5e89d Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 29 May 2017 17:17:14 +0800 Subject: [PATCH 64/64] fix https://github.com/Neilpang/acme.sh/issues/865#issuecomment-304599955 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 60f0fd48..5f500045 100755 --- a/acme.sh +++ b/acme.sh @@ -444,7 +444,7 @@ if [ "$(printf '\x41')" != 'A' ]; then fi _ESCAPE_XARGS="" -if [ "$(printf %s '\\x41' | xargs printf)" == 'A' ]; then +if [ "$(printf %s '\\x41' | xargs printf)" = 'A' ]; then _ESCAPE_XARGS=1 fi