From 112257c49e50a50adec33399579aeb8ef4bd12c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me?= Date: Tue, 26 Dec 2023 01:36:40 +0100 Subject: [PATCH 01/47] Add notification support for ntfy.sh --- notify/ntfy.sh | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 notify/ntfy.sh diff --git a/notify/ntfy.sh b/notify/ntfy.sh new file mode 100644 index 00000000..5761c755 --- /dev/null +++ b/notify/ntfy.sh @@ -0,0 +1,37 @@ +#!/usr/bin/bash + +# support ntfy + +#NTFY_URL="https://ntfy.sh" +#NTFY_TOPIC="xxxxxxxxxxxxx" + +ntfy_send() { + _subject="$1" + _content="$2" + _statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped + _debug "_subject" "$_subject" + _debug "_content" "$_content" + _debug "_statusCode" "$_statusCode" + + NTFY_URL="${NTFY_URL:-$(_readaccountconf_mutable NTFY_URL)}" + if [ "$NTFY_URL" ]; then + _saveaccountconf_mutable NTFY_URL "$NTFY_URL" + fi + + NTFY_TOPIC="${NTFY_TOPIC:-$(_readaccountconf_mutable NTFY_TOPIC)}" + if [ "$NTFY_TOPIC" ]; then + _saveaccountconf_mutable NTFY_TOPIC "$NTFY_TOPIC" + fi + + _data="${_subject}. $_content" + response="$(_post "$_data" "$NTFY_URL/$NTFY_TOPIC" "" "POST" "")" + + if [ "$?" = "0" ] && _contains "$response" "expires"; then + _info "ntfy event fired success." + return 0 + fi + + _err "ntfy event fired error." + _err "$response" + return 1 +} From a3612f53dd8c83aed111c5bfc13b9f08e4b6d908 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me?= Date: Tue, 26 Dec 2023 01:52:16 +0100 Subject: [PATCH 02/47] change shebang to sh --- notify/ntfy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notify/ntfy.sh b/notify/ntfy.sh index 5761c755..650d1c74 100644 --- a/notify/ntfy.sh +++ b/notify/ntfy.sh @@ -1,4 +1,4 @@ -#!/usr/bin/bash +#!/usr/bin/env sh # support ntfy From 92d37f6eaf4f28788e4ccf7201a75a75ee7c3a5c Mon Sep 17 00:00:00 2001 From: Jesse Miller Date: Wed, 6 Mar 2024 15:56:42 -0700 Subject: [PATCH 03/47] Quote echo $data in _porkbun_rest Quote echo $data in _porkbun_rest to avoid brace expansion under ksh (OpenBSD). --- dnsapi/dns_porkbun.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_porkbun.sh b/dnsapi/dns_porkbun.sh index ad4455b6..83553e16 100644 --- a/dnsapi/dns_porkbun.sh +++ b/dnsapi/dns_porkbun.sh @@ -134,7 +134,7 @@ _porkbun_rest() { api_key_trimmed=$(echo "$PORKBUN_API_KEY" | tr -d '"') secret_api_key_trimmed=$(echo "$PORKBUN_SECRET_API_KEY" | tr -d '"') - test -z "$data" && data="{" || data="$(echo $data | cut -d'}' -f1)," + test -z "$data" && data="{" || data="$(echo "$data" | cut -d'}' -f1)," data="$data\"apikey\":\"$api_key_trimmed\",\"secretapikey\":\"$secret_api_key_trimmed\"}" export _H1="Content-Type: application/json" From 39fa40ab12cd1a2d3edd8f9c1f1245086f414aaf Mon Sep 17 00:00:00 2001 From: Harald Kapper <4014716+hknet@users.noreply.github.com> Date: Mon, 11 Mar 2024 03:27:17 +0100 Subject: [PATCH 04/47] fixed secret+key storage-usage fixed the key and secret handling via acme account.conf --- dnsapi/dns_kappernet.sh | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/dnsapi/dns_kappernet.sh b/dnsapi/dns_kappernet.sh index 0a8951cb..914671d6 100644 --- a/dnsapi/dns_kappernet.sh +++ b/dnsapi/dns_kappernet.sh @@ -6,8 +6,7 @@ #KAPPERNETDNS_Key="yourKAPPERNETapikey" #KAPPERNETDNS_Secret="yourKAPPERNETapisecret" - -KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret" +#KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret" ############################################################################### # called with @@ -19,10 +18,9 @@ dns_kappernet_add() { KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}" KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}" + KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret" if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then - KAPPERNETDNS_Key="" - KAPPERNETDNS_Secret="" _err "Please specify your kapper.net api key and secret." _err "If you have not received yours - send your mail to" _err "support@kapper.net to get your key and secret." @@ -41,7 +39,7 @@ dns_kappernet_add() { _debug _domain "DOMAIN: $_domain" _info "Trying to add TXT DNS Record" - data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D" + data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%22300%22%2C%22prio%22%3A%22%22%7D" if _kappernet_api GET "action=new&subject=$_domain&data=$data"; then if _contains "$response" "{\"OK\":true"; then @@ -66,10 +64,9 @@ dns_kappernet_rm() { KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}" KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}" + KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret" if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then - KAPPERNETDNS_Key="" - KAPPERNETDNS_Secret="" _err "Please specify your kapper.net api key and secret." _err "If you have not received yours - send your mail to" _err "support@kapper.net to get your key and secret." @@ -81,7 +78,7 @@ dns_kappernet_rm() { _saveaccountconf_mutable KAPPERNETDNS_Secret "$KAPPERNETDNS_Secret" _info "Trying to remove the TXT Record: $fullhostname containing $txtvalue" - data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D" + data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%22300%22%2C%22prio%22%3A%22%22%7D" if _kappernet_api GET "action=del&subject=$fullhostname&data=$data"; then if _contains "$response" "{\"OK\":true"; then return 0 @@ -141,7 +138,7 @@ _kappernet_api() { if [ "$method" = "GET" ]; then response="$(_get "$url")" else - _err "Unsupported method" + _err "Unsupported method or missing Secret/Key" return 1 fi From 5e64781d65a8ca28e132c09a21f66c5da2613b90 Mon Sep 17 00:00:00 2001 From: Adrian Fedoreanu Date: Tue, 19 Mar 2024 19:41:33 +0100 Subject: [PATCH 05/47] update _get_root check --- dnsapi/dns_1984hosting.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index e4ef2e4b..a6def06b 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -215,8 +215,8 @@ _get_root() { return 1 fi - _authget "https://1984.hosting/domains/soacheck/?zone=$h&nameserver=ns0.1984.is." - if _contains "$_response" "serial" && ! _contains "$_response" "null"; then + _authget "https://1984.hosting/domains/zonestatus/$h/?cached=no" + if _contains "$_response" '"ok": true'; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") _domain="$h" return 0 @@ -250,7 +250,6 @@ _authget() { } # Truncate huge HTML response -# Echo: Argument list too long _htmlget() { export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE; $One984HOSTING_SESSIONID_COOKIE" _response=$(_get "$1" | grep "$2") From 9ff89b570faccafe1388df4217bfa09db210c43e Mon Sep 17 00:00:00 2001 From: Scruel Tao Date: Thu, 25 Apr 2024 04:02:49 +0800 Subject: [PATCH 06/47] fix(deploy_dsm): missing gerp -P option on busybox Fixes: #5105 --- deploy/synology_dsm.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index b3bd6197..d6930a28 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -227,7 +227,8 @@ synology_dsm_deploy() { fi fi - error_code=$(echo "$response" | grep '"error"' | grep -oP '(?<="code":)\d+') + error_code=$(echo "$response" | grep '"error":' | grep '"code":[0-9]*' | grep -o '[0-9]*') + _debug2 error_code "$error_code" # Account has 2FA-OTP enabled, since error 403 reported. # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/All/enu/Synology_DiskStation_Administration_CLI_Guide.pdf if [ "$error_code" == "403" ]; then @@ -261,7 +262,8 @@ synology_dsm_deploy() { _secure_debug2 SYNO_DEVICE_ID "$SYNO_DEVICE_ID" fi fi - error_code=$(echo "$response" | grep '"error"' | grep -oP '(?<="code":)\d+') + error_code=$(echo "$response" | grep '"error":' | grep '"code":[0-9]*' | grep -o '[0-9]*') + _debug2 error_code "$error_code" fi if [ -n "$error_code" ]; then @@ -323,7 +325,8 @@ synology_dsm_deploy() { id=$(echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\"id\":\"\([^\"]*\).*/\1/p") _debug2 id "$id" - error_code=$(echo "$response" | grep '"error"' | grep -oP '(?<="code":)\d+') + error_code=$(echo "$response" | grep '"error":' | grep '"code":[0-9]*' | grep -o '[0-9]*') + _debug2 error_code "$error_code" if [ -n "$error_code" ]; then if [ "$error_code" -eq 105 ]; then _err "Current user is not administrator and does not have sufficient permission for deploying." From cd01104de9dace481baf4c48bcca010ee074d1bb Mon Sep 17 00:00:00 2001 From: Scruel Tao Date: Thu, 25 Apr 2024 13:39:05 +0800 Subject: [PATCH 07/47] fix(deploy_dsm): ensure grep get the error code Added grep -o option to ensure the script won't get other digits as the error code result --- deploy/synology_dsm.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index d6930a28..342fb32e 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -227,7 +227,7 @@ synology_dsm_deploy() { fi fi - error_code=$(echo "$response" | grep '"error":' | grep '"code":[0-9]*' | grep -o '[0-9]*') + error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*') _debug2 error_code "$error_code" # Account has 2FA-OTP enabled, since error 403 reported. # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/All/enu/Synology_DiskStation_Administration_CLI_Guide.pdf @@ -262,7 +262,7 @@ synology_dsm_deploy() { _secure_debug2 SYNO_DEVICE_ID "$SYNO_DEVICE_ID" fi fi - error_code=$(echo "$response" | grep '"error":' | grep '"code":[0-9]*' | grep -o '[0-9]*') + error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*') _debug2 error_code "$error_code" fi @@ -325,7 +325,7 @@ synology_dsm_deploy() { id=$(echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\"id\":\"\([^\"]*\).*/\1/p") _debug2 id "$id" - error_code=$(echo "$response" | grep '"error":' | grep '"code":[0-9]*' | grep -o '[0-9]*') + error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*') _debug2 error_code "$error_code" if [ -n "$error_code" ]; then if [ "$error_code" -eq 105 ]; then From 3ae4ba330035d30deac9bc3b0fb205a9d99047e5 Mon Sep 17 00:00:00 2001 From: zak905 Date: Thu, 18 Apr 2024 12:39:35 +0200 Subject: [PATCH 08/47] dns_ionos.sh: implement dns_ionos_add for ionos cloud --- dnsapi/dns_ionos.sh | 115 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 101 insertions(+), 14 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index e4ad3318..407bfbd8 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -1,17 +1,24 @@ #!/usr/bin/env sh -# Supports IONOS DNS API v1.0.1 +# Supports IONOS DNS API v1.0.1 and IONOS Cloud DNS API v1.15.4 # # Usage: -# Export IONOS_PREFIX and IONOS_SECRET before calling acme.sh: +# Export IONOS_PREFIX and IONOS_SECRET or IONOS_TOKEN before calling acme.sh: # # $ export IONOS_PREFIX="..." # $ export IONOS_SECRET="..." +# or +# $ export IONOS_TOKEN="..." # # $ acme.sh --issue --dns dns_ionos ... +# +# if IONOS_PREFIX and IONOS_SECRET are set, the script will use IONOS DNS API +# if IONOS_TOKEN is set, the script will use the IONOS Cloud DNS API IONOS_API="https://api.hosting.ionos.com/dns" +IONOS_CLOUD_API="https://dns.de-fra.ionos.com" IONOS_ROUTE_ZONES="/v1/zones" +IONOS_CLOUD_ROUTE_ZONES="/zones" IONOS_TXT_TTL=60 # minimum accepted by API IONOS_TXT_PRIO=10 @@ -24,11 +31,20 @@ dns_ionos_add() { return 1 fi - _body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" + if [ $_context == "core" ];then + _body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" - if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "201" ]; then - _info "TXT record has been created successfully." - return 0 + if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "201" ]; then + _info "TXT record has been created successfully." + return 0 + fi + else + _body="{\"properties\":{\"name\":\"$fulldomain\", \"type\":\"TXT\", \"content\":\"$txtvalue\"}}" + + if _ionos_cloud_rest POST "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "202" ]; then + _info "TXT record has been created successfully." + return 0 + fi fi return 1 @@ -58,25 +74,67 @@ dns_ionos_rm() { _ionos_init() { IONOS_PREFIX="${IONOS_PREFIX:-$(_readaccountconf_mutable IONOS_PREFIX)}" IONOS_SECRET="${IONOS_SECRET:-$(_readaccountconf_mutable IONOS_SECRET)}" + IONOS_TOKEN="${IONOS_TOKEN:-$(_readaccountconf_mutable IONOS_TOKEN)}" + + if [ -n "$IONOS_PREFIX" ] || [ -n "$IONOS_SECRET" ]; then + _info "You have specified an IONOS api prefix and secret." + _info "The script will use the IONOS DNS API: $IONOS_API" + + _saveaccountconf_mutable IONOS_PREFIX "$IONOS_PREFIX" + _saveaccountconf_mutable IONOS_SECRET "$IONOS_SECRET" + + if ! _get_root "$fulldomain"; then + _err "Cannot find this domain in your IONOS account." + return 1 + fi + $_context="core" + else if [ -n "$IONOS_TOKEN" ]; then + _info "You have specified an IONOS token." + _info "The script will use the IONOS Cloud DNS API: $IONOS_CLOUD_API" + + _saveaccountconf_mutable IONOS_TOKEN "$IONOS_TOKEN" - if [ -z "$IONOS_PREFIX" ] || [ -z "$IONOS_SECRET" ]; then - _err "You didn't specify an IONOS api prefix and secret yet." - _err "Read https://beta.developer.hosting.ionos.de/docs/getstarted to learn how to get a prefix and secret." + if ! _get_cloud_zone "$fulldomain"; then + _err "Cannot find this zone in your IONOS account." + return 1 + fi + $_context="cloud" + else + _err "You didn't specify an IONOS credentials yet." + _err "If you are using the IONOS DNS API, Read https://beta.developer.hosting.ionos.de/docs/getstarted to learn how to get a prefix and secret." + _err "If you are using the IONOS Cloud DNS API, Read https://api.ionos.com/docs/authentication/v1/#tag/tokens/operation/tokensGenerate to learn how to get a token." _err "" _err "Then set them before calling acme.sh:" _err "\$ export IONOS_PREFIX=\"...\"" _err "\$ export IONOS_SECRET=\"...\"" + _err "#or" + _err "\$ export IONOS_TOKEN=\"...\"" _err "\$ acme.sh --issue -d ... --dns dns_ionos" return 1 fi - _saveaccountconf_mutable IONOS_PREFIX "$IONOS_PREFIX" - _saveaccountconf_mutable IONOS_SECRET "$IONOS_SECRET" + return 0 +} - if ! _get_root "$fulldomain"; then - _err "Cannot find this domain in your IONOS account." - return 1 +_get_cloud_zone() { + zone=$1 + i=1 + p=1 + + if _ionos_cloud_rest GET "$IONOS_ROUTE_ZONES?filter.zoneName=$zone"; then + _response="$(echo "$_response" | tr -d "\n")" + + _zone="$(echo "$_response" | _egrep_o "\"name\":\"$zone\".*\}")" + if [ "$_zone" ]; then + _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') + if [ "$_zone_id" ]; then + return 0 + fi + return 1 + fi fi + + return 1 } _get_root() { @@ -169,3 +227,32 @@ _ionos_rest() { return 0 } + +_ionos_cloud_rest() { + method="$1" + route="$2" + data="$3" + + export _H1="Authorization: Bearer $IONOS_TOKEN" + + # clear headers + : >"$HTTP_HEADER" + + if [ "$method" != "GET" ]; then + _response="$(_post "$data" "$IONOS_CLOUD_API$route" "" "$method" "application/json")" + else + _response="$(_get "$IONOS_CLOUD_API$route")" + fi + + _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" + + if [ "$?" != "0" ]; then + _err "Error $route: $_response" + return 1 + fi + + _debug2 "_response" "$_response" + _debug2 "_code" "$_code" + + return 0 +} From f35e15204d0f2e592ad5112c5c1416cbb33eb215 Mon Sep 17 00:00:00 2001 From: zak905 Date: Mon, 22 Apr 2024 15:48:01 +0200 Subject: [PATCH 09/47] implement dns_ionos_rm function --- dnsapi/dns_ionos.sh | 92 ++++++++++++++++++++++++++++++--------------- 1 file changed, 62 insertions(+), 30 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index 407bfbd8..e8e3a37a 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -58,14 +58,27 @@ dns_ionos_rm() { return 1 fi - if ! _ionos_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then - _err "Could not find _acme-challenge TXT record." - return 1 - fi + if [ $_context == "core" ];then + if ! _ionos_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then + _err "Could not find _acme-challenge TXT record." + return 1 + fi + + if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "200" ]; then + _info "TXT record has been deleted successfully." + return 0 + fi + else + if ! _ionos_cloud_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then + _err "Could not find _acme-challenge TXT record." + return 1 + fi + + if _ionos_cloud_rest DELETE "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "200" ]; then + _info "TXT record has been deleted successfully." + return 0 + fi - if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "200" ]; then - _info "TXT record has been deleted successfully." - return 0 fi return 1 @@ -76,7 +89,7 @@ _ionos_init() { IONOS_SECRET="${IONOS_SECRET:-$(_readaccountconf_mutable IONOS_SECRET)}" IONOS_TOKEN="${IONOS_TOKEN:-$(_readaccountconf_mutable IONOS_TOKEN)}" - if [ -n "$IONOS_PREFIX" ] || [ -n "$IONOS_SECRET" ]; then + if [ -n "$IONOS_PREFIX" ] && [ -n "$IONOS_SECRET" ]; then _info "You have specified an IONOS api prefix and secret." _info "The script will use the IONOS DNS API: $IONOS_API" @@ -100,7 +113,7 @@ _ionos_init() { fi $_context="cloud" else - _err "You didn't specify an IONOS credentials yet." + _err "You didn't specify any IONOS credentials yet." _err "If you are using the IONOS DNS API, Read https://beta.developer.hosting.ionos.de/docs/getstarted to learn how to get a prefix and secret." _err "If you are using the IONOS Cloud DNS API, Read https://api.ionos.com/docs/authentication/v1/#tag/tokens/operation/tokensGenerate to learn how to get a token." _err "" @@ -116,27 +129,6 @@ _ionos_init() { return 0 } -_get_cloud_zone() { - zone=$1 - i=1 - p=1 - - if _ionos_cloud_rest GET "$IONOS_ROUTE_ZONES?filter.zoneName=$zone"; then - _response="$(echo "$_response" | tr -d "\n")" - - _zone="$(echo "$_response" | _egrep_o "\"name\":\"$zone\".*\}")" - if [ "$_zone" ]; then - _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') - if [ "$_zone_id" ]; then - return 0 - fi - return 1 - fi - fi - - return 1 -} - _get_root() { domain=$1 i=1 @@ -172,6 +164,27 @@ _get_root() { return 1 } +_get_cloud_zone() { + zone=$1 + i=1 + p=1 + + if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES?filter.zoneName=$zone"; then + _response="$(echo "$_response" | tr -d "\n")" + + _zone="$(echo "$_response" | _egrep_o "\"name\":\"$zone\".*\}")" + if [ "$_zone" ]; then + _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') + if [ "$_zone_id" ]; then + return 0 + fi + return 1 + fi + fi + + return 1 +} + _ionos_get_record() { fulldomain=$1 zone_id=$2 @@ -191,6 +204,25 @@ _ionos_get_record() { return 1 } +_ionos_cloud_get_record() { + fulldomain=$1 + zone_id=$2 + txtrecord=$3 + + if _ionos_cloud_rest GET "$IONOS_ROUTE_ZONES/$zone_id/records"; then + _response="$(echo "$_response" | tr -d "\n")" + + _record="$(echo "$_response" | _egrep_o "\"name\":\"$fulldomain\"[^\}]*\"type\":\"TXT\"[^\}]*\"content\":\"\\\\\"$txtrecord\\\\\"\".*\}")" + if [ "$_record" ]; then + _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') + + return 0 + fi + fi + + return 1 +} + _ionos_rest() { method="$1" route="$2" From ff357dd3fb4bfeb6b086e22c3c89b2458019d816 Mon Sep 17 00:00:00 2001 From: zak905 Date: Mon, 22 Apr 2024 16:16:03 +0200 Subject: [PATCH 10/47] fix syntax error --- dnsapi/dns_ionos.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index e8e3a37a..53813f62 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -101,7 +101,7 @@ _ionos_init() { return 1 fi $_context="core" - else if [ -n "$IONOS_TOKEN" ]; then + elif [ -n "$IONOS_TOKEN" ]; then _info "You have specified an IONOS token." _info "The script will use the IONOS Cloud DNS API: $IONOS_CLOUD_API" From dc2979926f6da8822dade0e4024d145f2e459d4c Mon Sep 17 00:00:00 2001 From: zak905 Date: Wed, 24 Apr 2024 11:58:38 +0200 Subject: [PATCH 11/47] fix zone search --- dnsapi/dns_ionos.sh | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index 53813f62..a06cd8c3 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -108,7 +108,7 @@ _ionos_init() { _saveaccountconf_mutable IONOS_TOKEN "$IONOS_TOKEN" if ! _get_cloud_zone "$fulldomain"; then - _err "Cannot find this zone in your IONOS account." + _err "Cannot find zone $zone in your IONOS account." return 1 fi $_context="cloud" @@ -165,20 +165,17 @@ _get_root() { } _get_cloud_zone() { - zone=$1 - i=1 - p=1 + domain=$1 + zone=$(printf "%s" "$domain" | cut -d . -f 2-) if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES?filter.zoneName=$zone"; then _response="$(echo "$_response" | tr -d "\n")" - _zone="$(echo "$_response" | _egrep_o "\"name\":\"$zone\".*\}")" - if [ "$_zone" ]; then - _zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') - if [ "$_zone_id" ]; then - return 0 - fi - return 1 + _zone_list_items=$(echo "$_response" | _egrep_o "\"items\":.*") + + _zone_id=$(printf "%s\n" "$_zone_list_items" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') + if [ "$_zone_id" ]; then + return 0 fi fi From 96c35b41eda6df682d07aea81185f143b062d1ea Mon Sep 17 00:00:00 2001 From: zak905 Date: Wed, 24 Apr 2024 12:11:48 +0200 Subject: [PATCH 12/47] fix TXT record lookup and removal --- dnsapi/dns_ionos.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index a06cd8c3..5b8bba3f 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -39,7 +39,8 @@ dns_ionos_add() { return 0 fi else - _body="{\"properties\":{\"name\":\"$fulldomain\", \"type\":\"TXT\", \"content\":\"$txtvalue\"}}" + _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1) + _body="{\"properties\":{\"name\":\"$_record_name\", \"type\":\"TXT\", \"content\":\"$txtvalue\"}}" if _ionos_cloud_rest POST "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "202" ]; then _info "TXT record has been created successfully." @@ -69,7 +70,8 @@ dns_ionos_rm() { return 0 fi else - if ! _ionos_cloud_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then + _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1) + if ! _ionos_cloud_get_record "$_record_name" "$_zone_id" "$txtvalue"; then _err "Could not find _acme-challenge TXT record." return 1 fi @@ -202,14 +204,14 @@ _ionos_get_record() { } _ionos_cloud_get_record() { - fulldomain=$1 + _record_name=$1 zone_id=$2 txtrecord=$3 if _ionos_cloud_rest GET "$IONOS_ROUTE_ZONES/$zone_id/records"; then _response="$(echo "$_response" | tr -d "\n")" - _record="$(echo "$_response" | _egrep_o "\"name\":\"$fulldomain\"[^\}]*\"type\":\"TXT\"[^\}]*\"content\":\"\\\\\"$txtrecord\\\\\"\".*\}")" + _record="$(echo "$_response" | _egrep_o "\"name\":\"$_record_name\"[^\}]*\"type\":\"TXT\"[^\}]*\"content\":\"\\\\\"$txtrecord\\\\\"\".*\}")" if [ "$_record" ]; then _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') From ffde1f8343aefc9be7a0efa1ed07821c07a60a5a Mon Sep 17 00:00:00 2001 From: zak905 Date: Thu, 25 Apr 2024 17:38:13 +0200 Subject: [PATCH 13/47] linting based on ShellCheck results --- dnsapi/dns_ionos.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index 5b8bba3f..d1430a45 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -31,7 +31,7 @@ dns_ionos_add() { return 1 fi - if [ $_context == "core" ];then + if [ "$_context" == "core" ];then _body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "201" ]; then @@ -59,7 +59,7 @@ dns_ionos_rm() { return 1 fi - if [ $_context == "core" ];then + if [ "$_context" == "core" ];then if ! _ionos_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then _err "Could not find _acme-challenge TXT record." return 1 @@ -102,7 +102,7 @@ _ionos_init() { _err "Cannot find this domain in your IONOS account." return 1 fi - $_context="core" + _context="core" elif [ -n "$IONOS_TOKEN" ]; then _info "You have specified an IONOS token." _info "The script will use the IONOS Cloud DNS API: $IONOS_CLOUD_API" @@ -113,7 +113,7 @@ _ionos_init() { _err "Cannot find zone $zone in your IONOS account." return 1 fi - $_context="cloud" + _context="cloud" else _err "You didn't specify any IONOS credentials yet." _err "If you are using the IONOS DNS API, Read https://beta.developer.hosting.ionos.de/docs/getstarted to learn how to get a prefix and secret." From 30d0945855d5121a00a42059a5ae81c3e733bf04 Mon Sep 17 00:00:00 2001 From: zak905 Date: Tue, 30 Apr 2024 12:38:02 +0200 Subject: [PATCH 14/47] fix regexp for findind acme challenge record from API response --- dnsapi/dns_ionos.sh | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index d1430a45..706c678c 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -70,13 +70,12 @@ dns_ionos_rm() { return 0 fi else - _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1) - if ! _ionos_cloud_get_record "$_record_name" "$_zone_id" "$txtvalue"; then + if ! _ionos_cloud_get_record "$_zone_id" "$txtvalue" "$fulldomain"; then _err "Could not find _acme-challenge TXT record." return 1 fi - if _ionos_cloud_rest DELETE "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "200" ]; then + if _ionos_cloud_rest DELETE "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "202" ]; then _info "TXT record has been deleted successfully." return 0 fi @@ -204,14 +203,17 @@ _ionos_get_record() { } _ionos_cloud_get_record() { - _record_name=$1 - zone_id=$2 - txtrecord=$3 + zone_id=$1 + txtrecord=$2 + fulldomain=$3 + _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1) - if _ionos_cloud_rest GET "$IONOS_ROUTE_ZONES/$zone_id/records"; then + if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES/$zone_id/records"; then _response="$(echo "$_response" | tr -d "\n")" - _record="$(echo "$_response" | _egrep_o "\"name\":\"$_record_name\"[^\}]*\"type\":\"TXT\"[^\}]*\"content\":\"\\\\\"$txtrecord\\\\\"\".*\}")" + pattern="{\"id\":\"[a-fA-F0-9\-]*\",\"type\":\"record\",\"href\":\"/zones/$zone_id/records/[a-fA-F0-9\-]*\",\"metadata\":{\"createdDate\":\"[A-Z0-9\:\.\-]*\",\"lastModifiedDate\":\"[A-Z0-9\:\.\-]*\",\"fqdn\":\"$fulldomain\",\"state\":\"AVAILABLE\",\"zoneId\":\"$zone_id\"},\"properties\":{\"content\":\"$txtrecord\",\"enabled\":true,\"name\":\"$_record_name\",\"priority\":[0-9]*,\"ttl\":[0-9]*,\"type\":\"TXT\"}}" + + _record="$(echo "$_response" | _egrep_o $pattern)" if [ "$_record" ]; then _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') From d8525493a1d21fec4ad0372f8ba5db7bcff664bf Mon Sep 17 00:00:00 2001 From: zak905 Date: Tue, 30 Apr 2024 15:11:07 +0200 Subject: [PATCH 15/47] attempt to use custom fork of acmetest --- .github/workflows/DNS.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 727ba315..05d845b3 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -67,7 +67,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Clone acmetest - run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ + run: cd .. && git clone --depth=1 -b randomize_record_content_letest https://github.com/zak905/acmetest.git && cp -r acme.sh acmetest/ - name: Set env file run: | cd ../acmetest From b7b1714637eb34559308fbda846209c963025e17 Mon Sep 17 00:00:00 2001 From: zak905 Date: Tue, 30 Apr 2024 15:34:49 +0200 Subject: [PATCH 16/47] add some debug statements --- dnsapi/dns_ionos.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index 706c678c..8d7599cf 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -214,9 +214,10 @@ _ionos_cloud_get_record() { pattern="{\"id\":\"[a-fA-F0-9\-]*\",\"type\":\"record\",\"href\":\"/zones/$zone_id/records/[a-fA-F0-9\-]*\",\"metadata\":{\"createdDate\":\"[A-Z0-9\:\.\-]*\",\"lastModifiedDate\":\"[A-Z0-9\:\.\-]*\",\"fqdn\":\"$fulldomain\",\"state\":\"AVAILABLE\",\"zoneId\":\"$zone_id\"},\"properties\":{\"content\":\"$txtrecord\",\"enabled\":true,\"name\":\"$_record_name\",\"priority\":[0-9]*,\"ttl\":[0-9]*,\"type\":\"TXT\"}}" _record="$(echo "$_response" | _egrep_o $pattern)" + _info "the found record after grep: $_record" if [ "$_record" ]; then _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') - + _info "the record id after the search is: $_record_id" return 0 fi fi From c64aae6f390a12dfefa6f42c8438d3399e1f5cd1 Mon Sep 17 00:00:00 2001 From: zak905 Date: Tue, 30 Apr 2024 15:44:39 +0200 Subject: [PATCH 17/47] more debugging - add function argument printing --- dnsapi/dns_ionos.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index 8d7599cf..a105a983 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -208,6 +208,8 @@ _ionos_cloud_get_record() { fulldomain=$3 _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1) + _info "grepping with the following args: zone_id=$zone_id txtrecord=$txtrecord fulldomain=$fulldomain _record_name=$_record_name" + if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES/$zone_id/records"; then _response="$(echo "$_response" | tr -d "\n")" From 0974c74a8966bcdebced5bf3449415b7d9126a9d Mon Sep 17 00:00:00 2001 From: zak905 Date: Tue, 30 Apr 2024 16:20:07 +0200 Subject: [PATCH 18/47] transform record name to lower case when searching for TXT record --- dnsapi/dns_ionos.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index a105a983..40dd51d0 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -207,6 +207,9 @@ _ionos_cloud_get_record() { txtrecord=$2 fulldomain=$3 _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1) + # this is to transform record name to lower case + # IONOS Cloud API transforms all record names to lower case + _record_name=${_record_name@L} _info "grepping with the following args: zone_id=$zone_id txtrecord=$txtrecord fulldomain=$fulldomain _record_name=$_record_name" From adc8031e34b667a4150f4230d00129812eb16660 Mon Sep 17 00:00:00 2001 From: zak905 Date: Tue, 30 Apr 2024 17:04:24 +0200 Subject: [PATCH 19/47] fix shell linter and formating --- dnsapi/dns_ionos.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index 40dd51d0..874b3721 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -31,7 +31,7 @@ dns_ionos_add() { return 1 fi - if [ "$_context" == "core" ];then + if [ "$_context" = "core" ];then _body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "201" ]; then @@ -59,7 +59,7 @@ dns_ionos_rm() { return 1 fi - if [ "$_context" == "core" ];then + if [ "$_context" = "core" ];then if ! _ionos_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then _err "Could not find _acme-challenge TXT record." return 1 @@ -218,7 +218,7 @@ _ionos_cloud_get_record() { pattern="{\"id\":\"[a-fA-F0-9\-]*\",\"type\":\"record\",\"href\":\"/zones/$zone_id/records/[a-fA-F0-9\-]*\",\"metadata\":{\"createdDate\":\"[A-Z0-9\:\.\-]*\",\"lastModifiedDate\":\"[A-Z0-9\:\.\-]*\",\"fqdn\":\"$fulldomain\",\"state\":\"AVAILABLE\",\"zoneId\":\"$zone_id\"},\"properties\":{\"content\":\"$txtrecord\",\"enabled\":true,\"name\":\"$_record_name\",\"priority\":[0-9]*,\"ttl\":[0-9]*,\"type\":\"TXT\"}}" - _record="$(echo "$_response" | _egrep_o $pattern)" + _record="$(echo "$_response" | _egrep_o "$pattern")" _info "the found record after grep: $_record" if [ "$_record" ]; then _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') From c3cc13595d8ad3777e0b84cd3a6c456f17152a5f Mon Sep 17 00:00:00 2001 From: zak905 Date: Thu, 2 May 2024 18:48:39 +0200 Subject: [PATCH 20/47] use posix compliant lower case shell command --- dnsapi/dns_ionos.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index 874b3721..607f3669 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -205,11 +205,11 @@ _ionos_get_record() { _ionos_cloud_get_record() { zone_id=$1 txtrecord=$2 - fulldomain=$3 - _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1) - # this is to transform record name to lower case + # this is to transform the domain to lower case + fulldomain=$(printf "%s" "$3" | tr "[:upper:]" "[:lower:]") + # this is to transform record name to lower case # IONOS Cloud API transforms all record names to lower case - _record_name=${_record_name@L} + _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1 | tr "[:upper:]" "[:lower:]") _info "grepping with the following args: zone_id=$zone_id txtrecord=$txtrecord fulldomain=$fulldomain _record_name=$_record_name" From 52d1d421a3cb393d0cdc4f7e6dbdc2cbb3994513 Mon Sep 17 00:00:00 2001 From: zak905 Date: Fri, 3 May 2024 17:04:49 +0200 Subject: [PATCH 21/47] escape brackets in regexp and format using shfmt --- dnsapi/dns_ionos.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index 607f3669..fa01ac43 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -7,7 +7,7 @@ # # $ export IONOS_PREFIX="..." # $ export IONOS_SECRET="..." -# or +# or # $ export IONOS_TOKEN="..." # # $ acme.sh --issue --dns dns_ionos ... @@ -31,7 +31,7 @@ dns_ionos_add() { return 1 fi - if [ "$_context" = "core" ];then + if [ "$_context" = "core" ]; then _body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "201" ]; then @@ -59,7 +59,7 @@ dns_ionos_rm() { return 1 fi - if [ "$_context" = "core" ];then + if [ "$_context" = "core" ]; then if ! _ionos_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then _err "Could not find _acme-challenge TXT record." return 1 @@ -68,7 +68,7 @@ dns_ionos_rm() { if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "200" ]; then _info "TXT record has been deleted successfully." return 0 - fi + fi else if ! _ionos_cloud_get_record "$_zone_id" "$txtvalue" "$fulldomain"; then _err "Could not find _acme-challenge TXT record." @@ -78,7 +78,7 @@ dns_ionos_rm() { if _ionos_cloud_rest DELETE "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "202" ]; then _info "TXT record has been deleted successfully." return 0 - fi + fi fi @@ -101,7 +101,7 @@ _ionos_init() { _err "Cannot find this domain in your IONOS account." return 1 fi - _context="core" + _context="core" elif [ -n "$IONOS_TOKEN" ]; then _info "You have specified an IONOS token." _info "The script will use the IONOS Cloud DNS API: $IONOS_CLOUD_API" @@ -205,21 +205,21 @@ _ionos_get_record() { _ionos_cloud_get_record() { zone_id=$1 txtrecord=$2 - # this is to transform the domain to lower case - fulldomain=$(printf "%s" "$3" | tr "[:upper:]" "[:lower:]") - # this is to transform record name to lower case + # this is to transform the domain to lower case + fulldomain=$(printf "%s" "$3" | tr "[:upper:]" "[:lower:]") + # this is to transform record name to lower case # IONOS Cloud API transforms all record names to lower case _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1 | tr "[:upper:]" "[:lower:]") - _info "grepping with the following args: zone_id=$zone_id txtrecord=$txtrecord fulldomain=$fulldomain _record_name=$_record_name" + _info "grepping with the following args: zone_id=$zone_id txtrecord=$txtrecord fulldomain=$fulldomain _record_name=$_record_name" if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES/$zone_id/records"; then _response="$(echo "$_response" | tr -d "\n")" - pattern="{\"id\":\"[a-fA-F0-9\-]*\",\"type\":\"record\",\"href\":\"/zones/$zone_id/records/[a-fA-F0-9\-]*\",\"metadata\":{\"createdDate\":\"[A-Z0-9\:\.\-]*\",\"lastModifiedDate\":\"[A-Z0-9\:\.\-]*\",\"fqdn\":\"$fulldomain\",\"state\":\"AVAILABLE\",\"zoneId\":\"$zone_id\"},\"properties\":{\"content\":\"$txtrecord\",\"enabled\":true,\"name\":\"$_record_name\",\"priority\":[0-9]*,\"ttl\":[0-9]*,\"type\":\"TXT\"}}" + pattern="\{\"id\":\"[a-fA-F0-9\-]*\",\"type\":\"record\",\"href\":\"/zones/$zone_id/records/[a-fA-F0-9\-]*\",\"metadata\":\{\"createdDate\":\"[A-Z0-9\:\.\-]*\",\"lastModifiedDate\":\"[A-Z0-9\:\.\-]*\",\"fqdn\":\"$fulldomain\",\"state\":\"AVAILABLE\",\"zoneId\":\"$zone_id\"\},\"properties\":\{\"content\":\"$txtrecord\",\"enabled\":true,\"name\":\"$_record_name\",\"priority\":[0-9]*,\"ttl\":[0-9]*,\"type\":\"TXT\"\}\}" _record="$(echo "$_response" | _egrep_o "$pattern")" - _info "the found record after grep: $_record" + _info "the found record after grep: $_record" if [ "$_record" ]; then _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') _info "the record id after the search is: $_record_id" From bd48c9938354530480f9bed266558e8a2ff14cff Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 4 May 2024 16:27:31 +0200 Subject: [PATCH 22/47] fix ca names --- .github/workflows/DragonFlyBSD.yml | 2 +- .github/workflows/FreeBSD.yml | 4 ++-- .github/workflows/Linux.yml | 2 +- .github/workflows/MacOS.yml | 2 +- .github/workflows/NetBSD.yml | 2 +- .github/workflows/Omnios.yml | 4 ++-- .github/workflows/OpenBSD.yml | 4 ++-- .github/workflows/Solaris.yml | 4 ++-- .github/workflows/Ubuntu.yml | 4 ++-- .github/workflows/Windows.yml | 2 +- 10 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/DragonFlyBSD.yml b/.github/workflows/DragonFlyBSD.yml index f360f85c..5c56168f 100644 --- a/.github/workflows/DragonFlyBSD.yml +++ b/.github/workflows/DragonFlyBSD.yml @@ -29,7 +29,7 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" # CA: "ZeroSSL RSA Domain Secure Site CA" diff --git a/.github/workflows/FreeBSD.yml b/.github/workflows/FreeBSD.yml index b90c9ccd..961907e8 100644 --- a/.github/workflows/FreeBSD.yml +++ b/.github/workflows/FreeBSD.yml @@ -29,12 +29,12 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) ACME_USE_WGET: 1 #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index 33e43483..4afebaf0 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest env: TEST_LOCAL: 1 - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) TEST_ACME_Server: "LetsEncrypt.org_test" steps: - uses: actions/checkout@v4 diff --git a/.github/workflows/MacOS.yml b/.github/workflows/MacOS.yml index c3f046ab..f5d73ec9 100644 --- a/.github/workflows/MacOS.yml +++ b/.github/workflows/MacOS.yml @@ -29,7 +29,7 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" # CA: "ZeroSSL RSA Domain Secure Site CA" diff --git a/.github/workflows/NetBSD.yml b/.github/workflows/NetBSD.yml index 4574bef5..a4f90f68 100644 --- a/.github/workflows/NetBSD.yml +++ b/.github/workflows/NetBSD.yml @@ -29,7 +29,7 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" # CA: "ZeroSSL RSA Domain Secure Site CA" diff --git a/.github/workflows/Omnios.yml b/.github/workflows/Omnios.yml index e3da0be8..882cedf6 100644 --- a/.github/workflows/Omnios.yml +++ b/.github/workflows/Omnios.yml @@ -29,12 +29,12 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) ACME_USE_WGET: 1 #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" diff --git a/.github/workflows/OpenBSD.yml b/.github/workflows/OpenBSD.yml index e141c47b..d5697c10 100644 --- a/.github/workflows/OpenBSD.yml +++ b/.github/workflows/OpenBSD.yml @@ -29,12 +29,12 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) ACME_USE_WGET: 1 #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" diff --git a/.github/workflows/Solaris.yml b/.github/workflows/Solaris.yml index bdd3f040..95bcd8d1 100644 --- a/.github/workflows/Solaris.yml +++ b/.github/workflows/Solaris.yml @@ -29,12 +29,12 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) ACME_USE_WGET: 1 #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" diff --git a/.github/workflows/Ubuntu.yml b/.github/workflows/Ubuntu.yml index 53cc1060..e580828f 100644 --- a/.github/workflows/Ubuntu.yml +++ b/.github/workflows/Ubuntu.yml @@ -29,12 +29,12 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) - TEST_ACME_Server: "LetsEncrypt.org_test" CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) ACME_USE_WGET: 1 - TEST_ACME_Server: "ZeroSSL.com" CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" diff --git a/.github/workflows/Windows.yml b/.github/workflows/Windows.yml index 61ef5ad8..c1fd1085 100644 --- a/.github/workflows/Windows.yml +++ b/.github/workflows/Windows.yml @@ -29,7 +29,7 @@ jobs: CA_ECDSA: "" CA: "" CA_EMAIL: "" - TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 + TEST_PREFERRED_CHAIN: (STAGING) #- TEST_ACME_Server: "ZeroSSL.com" # CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" # CA: "ZeroSSL RSA Domain Secure Site CA" From 957bbab440614725019369ae31c5b01aa261b761 Mon Sep 17 00:00:00 2001 From: Matt Mower Date: Sat, 4 May 2024 11:43:01 -0700 Subject: [PATCH 23/47] feat: Support manually defining extended key usage in CSR - New CLI param: --extended-key-usage - When --extended-key-usage is defined: 1. Set [v3_req]extendedKeyUsage to the provided value. 2. Store the value in domain conf Le_ExtKeyUse for reuse. --- acme.sh | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index d154cf77..0d882ba6 100755 --- a/acme.sh +++ b/acme.sh @@ -1243,7 +1243,14 @@ _createcsr() { _debug2 csr "$csr" _debug2 csrconf "$csrconf" - printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\nextendedKeyUsage=serverAuth,clientAuth\n" >"$csrconf" + printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]" >"$csrconf" + + if [ "$Le_ExtKeyUse" ]; then + _savedomainconf Le_ExtKeyUse "$Le_ExtKeyUse" + printf "\nextendedKeyUsage=$Le_ExtKeyUse\n" >>"$csrconf" + else + printf "\nextendedKeyUsage=serverAuth,clientAuth\n" >>"$csrconf" + fi if [ "$acmeValidationv1" ]; then domainlist="$(_idn "$domainlist")" @@ -7007,6 +7014,7 @@ Parameters: --post-hook Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed. --renew-hook Command to be run after each successfully renewed certificate. --deploy-hook The hook file to deploy cert + --extended-key-usage Manually define the CSR extended key usage value. The default is serverAuth,clientAuth. --ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension. --always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default. --auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted. @@ -7698,6 +7706,10 @@ _process() { _deploy_hook="$_deploy_hook$2," shift ;; + --extended-key-usage) + Le_ExtKeyUse="$2" + shift + ;; --ocsp-must-staple | --ocsp) Le_OCSP_Staple="1" ;; From 373c2b379cf6de315e66263522da9d490fe7af2a Mon Sep 17 00:00:00 2001 From: zak905 Date: Mon, 6 May 2024 14:53:51 +0200 Subject: [PATCH 24/47] remove debug print statements and usage of custom fork of acmetest --- .github/workflows/DNS.yml | 2 +- dnsapi/dns_ionos.sh | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/DNS.yml b/.github/workflows/DNS.yml index 05d845b3..727ba315 100644 --- a/.github/workflows/DNS.yml +++ b/.github/workflows/DNS.yml @@ -67,7 +67,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Clone acmetest - run: cd .. && git clone --depth=1 -b randomize_record_content_letest https://github.com/zak905/acmetest.git && cp -r acme.sh acmetest/ + run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ - name: Set env file run: | cd ../acmetest diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index fa01ac43..70cc858a 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -211,18 +211,14 @@ _ionos_cloud_get_record() { # IONOS Cloud API transforms all record names to lower case _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1 | tr "[:upper:]" "[:lower:]") - _info "grepping with the following args: zone_id=$zone_id txtrecord=$txtrecord fulldomain=$fulldomain _record_name=$_record_name" - if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES/$zone_id/records"; then _response="$(echo "$_response" | tr -d "\n")" pattern="\{\"id\":\"[a-fA-F0-9\-]*\",\"type\":\"record\",\"href\":\"/zones/$zone_id/records/[a-fA-F0-9\-]*\",\"metadata\":\{\"createdDate\":\"[A-Z0-9\:\.\-]*\",\"lastModifiedDate\":\"[A-Z0-9\:\.\-]*\",\"fqdn\":\"$fulldomain\",\"state\":\"AVAILABLE\",\"zoneId\":\"$zone_id\"\},\"properties\":\{\"content\":\"$txtrecord\",\"enabled\":true,\"name\":\"$_record_name\",\"priority\":[0-9]*,\"ttl\":[0-9]*,\"type\":\"TXT\"\}\}" _record="$(echo "$_response" | _egrep_o "$pattern")" - _info "the found record after grep: $_record" if [ "$_record" ]; then _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') - _info "the record id after the search is: $_record_id" return 0 fi fi From 744dea00ca15ee4a42d58848d658d50a4538e312 Mon Sep 17 00:00:00 2001 From: Scruel Tao Date: Wed, 8 May 2024 02:56:21 +0800 Subject: [PATCH 25/47] feat: guide user to run script as root to create temp admin user Message text and comment optimized --- deploy/synology_dsm.sh | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 342fb32e..e6f44e8d 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -39,7 +39,7 @@ ################################################################################ # Dependencies: # - curl -# - synouser & synogroup (When available and SYNO_USE_TEMP_ADMIN is set) +# - synouser & synogroup & synosetkeyvalue (Required for SYNO_USE_TEMP_ADMIN=1) ################################################################################ # Return value: # 0 means success, otherwise error. @@ -66,14 +66,17 @@ synology_dsm_deploy() { _getdeployconf SYNO_DEVICE_NAME # Prepare to use temp admin if SYNO_USE_TEMP_ADMIN is set - _debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN" _getdeployconf SYNO_USE_TEMP_ADMIN _check2cleardeployconfexp SYNO_USE_TEMP_ADMIN _debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN" if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then - if ! _exists synouser || ! _exists synogroup; then - _err "Tools are missing for creating temp admin user, please set SYNO_USERNAME and SYNO_PASSWORD instead." + if ! _exists synouser || ! _exists synogroup || ! _exists synosetkeyvalue; then + _err "Missing required tools to creat temp admin user, please set SYNO_USERNAME and SYNO_PASSWORD instead." + return 1 + fi + if synouser --help 2>&1 | grep -q 'Permission denied'; then + _err "For creating temp admin user, the deploy script must be run as root." return 1 fi @@ -184,7 +187,7 @@ synology_dsm_deploy() { _debug SYNO_LOCAL_HOSTNAME "${SYNO_LOCAL_HOSTNAME:-}" if [ "$SYNO_LOCAL_HOSTNAME" != "1" ] && [ "$SYNO_LOCAL_HOSTNAME" == "$SYNO_HOSTNAME" ]; then if [ "$SYNO_HOSTNAME" != "localhost" ] && [ "$SYNO_HOSTNAME" != "127.0.0.1" ]; then - _err "SYNO_USE_TEMP_ADMIN=1 Only support locally deployment, if you are sure that hostname $SYNO_HOSTNAME is targeting to your **current local machine**, execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun." + _err "SYNO_USE_TEMP_ADMIN=1 only support local deployment, though if you are sure that the hostname $SYNO_HOSTNAME is targeting to your **current local machine**, then execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun." return 1 fi fi @@ -201,7 +204,7 @@ synology_dsm_deploy() { # shellcheck disable=SC2086 synogroup --member administrators $cur_admins $SYNO_USERNAME >/dev/null else - _err "Tool synogroup may be broken, please set SYNO_USERNAME and SYNO_PASSWORD instead." + _err "The tool synogroup may be broken, please set SYNO_USERNAME and SYNO_PASSWORD instead." return 1 fi else @@ -212,7 +215,7 @@ synology_dsm_deploy() { otp_enforce_option=$(synogetkeyvalue /etc/synoinfo.conf otp_enforce_option) if [ -n "$otp_enforce_option" ] && [ "${otp_enforce_option:-"none"}" != "none" ]; then synosetkeyvalue /etc/synoinfo.conf otp_enforce_option none - _info "Temporary disabled enforce 2FA-OTP to complete authentication." + _info "Temporary disabled enforce 2FA-OTP to complete temp admin authentication." _info "previous_otp_enforce_option" "$otp_enforce_option" else otp_enforce_option="" @@ -230,7 +233,7 @@ synology_dsm_deploy() { error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*') _debug2 error_code "$error_code" # Account has 2FA-OTP enabled, since error 403 reported. - # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/All/enu/Synology_DiskStation_Administration_CLI_Guide.pdf + # https://global.download.synology.com/download/Document/Software/DeveloperGuide/Os/DSM/All/enu/DSM_Login_Web_API_Guide_enu.pdf if [ "$error_code" == "403" ]; then if [ -z "$SYNO_DEVICE_NAME" ]; then printf "Enter device name or leave empty for default (CertRenewal): " @@ -274,12 +277,16 @@ synology_dsm_deploy() { _err "Failed to authenticate with provided 2FA-OTP code, please try again in a new terminal window." elif [ "$error_code" == "406" ]; then if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then - _err "SYNO_USE_TEMP_ADMIN=1 is not supported if enforce auth with 2FA-OTP is enabled." + _err "Failed with unexcepted error, please report this by providing full log with '--debug 3'." else _err "Enforce auth with 2FA-OTP enabled, please configure the user to enable 2FA-OTP to continue." fi - elif [ "$error_code" == "400" ] || [ "$error_code" == "401" ] || [ "$error_code" == "408" ] || [ "$error_code" == "409" ] || [ "$error_code" == "410" ]; then - _err "Failed to authenticate with a non-existent or disabled account, or the account password is incorrect or has expired." + elif [ "$error_code" == "400" ]; then + _err "Failed to authenticate, no such account or incorrect password." + elif [ "$error_code" == "401" ]; then + _err "Failed to authenticate with a non-existent account." + elif [ "$error_code" == "408" ] || [ "$error_code" == "409" ] || [ "$error_code" == "410" ]; then + _err "Failed to authenticate, the account password has expired or must be changed." else _err "Failed to authenticate with error: $error_code." fi @@ -293,7 +300,7 @@ synology_dsm_deploy() { _debug SynoToken "$token" if [ -z "$sid" ] || [ -z "$token" ]; then # Still can't get necessary info even got no errors, may Synology have API updated? - _err "Unable to authenticate to $_base_url, you may report the full log to the community." + _err "Unable to authenticate to $_base_url, you may report this by providing full log with '--debug 3'." _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME" return 1 fi @@ -331,7 +338,7 @@ synology_dsm_deploy() { if [ "$error_code" -eq 105 ]; then _err "Current user is not administrator and does not have sufficient permission for deploying." else - _err "Failed to fetch certificate info with error: $error_code, please try again or contact Synology to learn more." + _err "Failed to fetch certificate info: $error_code, please try again or contact Synology to learn more." fi _temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME" return 1 From 47ccb2848215a7733ff5cfc5d8e967722e35d5cc Mon Sep 17 00:00:00 2001 From: Scruel Tao Date: Wed, 8 May 2024 04:46:51 +0800 Subject: [PATCH 26/47] chore: typo --- deploy/synology_dsm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index e6f44e8d..a9057a57 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -187,7 +187,7 @@ synology_dsm_deploy() { _debug SYNO_LOCAL_HOSTNAME "${SYNO_LOCAL_HOSTNAME:-}" if [ "$SYNO_LOCAL_HOSTNAME" != "1" ] && [ "$SYNO_LOCAL_HOSTNAME" == "$SYNO_HOSTNAME" ]; then if [ "$SYNO_HOSTNAME" != "localhost" ] && [ "$SYNO_HOSTNAME" != "127.0.0.1" ]; then - _err "SYNO_USE_TEMP_ADMIN=1 only support local deployment, though if you are sure that the hostname $SYNO_HOSTNAME is targeting to your **current local machine**, then execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun." + _err "SYNO_USE_TEMP_ADMIN=1 only support local deployment, though if you are sure that the hostname $SYNO_HOSTNAME is targeting to your **current local machine**, execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun." return 1 fi fi From 1dbc58d4e0de6a0c1fd8fd02937b5a7313db95c4 Mon Sep 17 00:00:00 2001 From: Scruel Tao Date: Wed, 8 May 2024 14:01:43 +0800 Subject: [PATCH 27/47] chore: optimize more msgs --- deploy/synology_dsm.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index a9057a57..acac9d1e 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -73,6 +73,7 @@ synology_dsm_deploy() { if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then if ! _exists synouser || ! _exists synogroup || ! _exists synosetkeyvalue; then _err "Missing required tools to creat temp admin user, please set SYNO_USERNAME and SYNO_PASSWORD instead." + _err "Notice: temp admin user authorization method only supports local deployment on DSM." return 1 fi if synouser --help 2>&1 | grep -q 'Permission denied'; then @@ -211,11 +212,14 @@ synology_dsm_deploy() { _err "Unsupported synogroup tool detected, please set SYNO_USERNAME and SYNO_PASSWORD instead." return 1 fi - # havig a workaround to temporary disable enforce 2FA-OTP + # havig a workaround to temporary disable enforce 2FA-OTP, will restore + # it soon (after a single request), though if any accident occurs like + # unexpected interruption, this setting can be easily reverted manually. otp_enforce_option=$(synogetkeyvalue /etc/synoinfo.conf otp_enforce_option) if [ -n "$otp_enforce_option" ] && [ "${otp_enforce_option:-"none"}" != "none" ]; then synosetkeyvalue /etc/synoinfo.conf otp_enforce_option none - _info "Temporary disabled enforce 2FA-OTP to complete temp admin authentication." + _info "Enforcing 2FA-OTP has been disabled to complete temp admin authentication." + _info "Notice: it will be restored soon, if not, you can restore it manually via Control Panel." _info "previous_otp_enforce_option" "$otp_enforce_option" else otp_enforce_option="" From b1d019146ac8173cfd9e0ec86149d027beefb26f Mon Sep 17 00:00:00 2001 From: 3VAbdAVE Date: Mon, 13 May 2024 07:50:46 -0400 Subject: [PATCH 28/47] UBNT removed keytool from UnifiOS, modify to use openssl PKCS12. Also backup certificates before overwrite, and force unifi to start with unifi-core if both are installed. --- deploy/unifi.sh | 84 +++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 68 insertions(+), 16 deletions(-) diff --git a/deploy/unifi.sh b/deploy/unifi.sh index a864135e..0a574e0d 100644 --- a/deploy/unifi.sh +++ b/deploy/unifi.sh @@ -5,6 +5,16 @@ # - self-hosted Unifi Controller # - Unifi Cloud Key (Gen1/2/2+) # - Unifi Cloud Key running UnifiOS (v2.0.0+, Gen2/2+ only) +# See below regarding keytool. Not tested. +# - Unifi Dream Machine +# This has not been tested on other "all-in-one" devices such as +# UDM Pro or Unifi Express. +# +# OS Version v2.0.0+ +# Network Application version 7.0.0+ +# OS version ~3.1 removed java and keytool from the UnifiOS. +# Using PKCS12 format keystore appears to work fine. +# # Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3359 #returns 0 means success, otherwise error. @@ -74,14 +84,16 @@ unifi_deploy() { _reload_cmd="" # Unifi Controller environment (self hosted or any Cloud Key) -- - # auto-detect by file /usr/lib/unifi/data/keystore: + # auto-detect by file /usr/lib/unifi/data/keystore _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-/usr/lib/unifi/data/keystore}" if [ -f "$_unifi_keystore" ]; then - _info "Installing certificate for Unifi Controller (Java keystore)" _debug _unifi_keystore "$_unifi_keystore" if ! _exists keytool; then - _err "keytool not found" - return 1 + _do_keytool=0 + _info "Installing certificate for Unifi Controller (PKCS12 keystore)." + else + _do_keytool=1 + _info "Installing certificate for Unifi Controller (Java keystore)" fi if [ ! -w "$_unifi_keystore" ]; then _err "The file $_unifi_keystore is not writable, please change the permission." @@ -99,22 +111,57 @@ unifi_deploy() { return 1 fi - _debug "Import into keystore: $_unifi_keystore" - if keytool -importkeystore \ - -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \ - -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \ - -alias unifi -noprompt; then - _debug "Import keystore success!" - rm "$_import_pkcs12" + # Save the existing keystore in case something goes wrong. + mv -f "${_unifi_keystore}" "${_unifi_keystore}"_original + _info "Previous keystore saved to ${_unifi_keystore}_original." + + if [ "$_do_keytool" -eq 1 ]; then + _debug "Import into keystore: $_unifi_keystore" + if keytool -importkeystore \ + -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \ + -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \ + -alias unifi -noprompt; then + _debug "Import keystore success!" + else + _err "Error importing into Unifi Java keystore." + _err "Please re-run with --debug and report a bug." + _info "Restoring original keystore." + mv -f "${_unifi_keystore}"_original "${_unifi_keystore}" + rm "$_import_pkcs12" + return 1 + fi else - _err "Error importing into Unifi Java keystore." - _err "Please re-run with --debug and report a bug." - rm "$_import_pkcs12" - return 1 + _debug "Copying new keystore to $_unifi_keystore" + cp -f "$_import_pkcs12" "$_unifi_keystore" + fi + + # Update unifi service for certificate cipher compatibility + if ${ACME_OPENSSL_BIN:-openssl} pkcs12 \ + -in "$_import_pkcs12" \ + -password pass:aircontrolenterprise \ + -nokeys | ${ACME_OPENSSL_BIN:-openssl} x509 -text \ + -noout | grep -i "signature" | grep -iq ecdsa >/dev/null 2>&1; then + cp -f /usr/lib/unifi/data/system.properties /usr/lib/unifi/data/system.properties_original + _info "Updating system configuration for cipher compatibility." + _info "Saved original system config to /usr/lib/unifi/data/system.properties_original" + sed -i '/unifi\.https\.ciphers/d' /usr/lib/unifi/data/system.properties + echo "unifi.https.ciphers=ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256" >>/usr/lib/unifi/data/system.properties + sed -i '/unifi\.https\.sslEnabledProtocols/d' /usr/lib/unifi/data/system.properties + echo "unifi.https.sslEnabledProtocols=TLSv1.3,TLSv1.2" >>/usr/lib/unifi/data/system.properties + _info "System configuration updated." fi + rm "$_import_pkcs12" + + # Restarting unifi-core will bring up unifi, doing it out of order results in + # a certificate error, and may break wifiman. (unconfirmed) + # Restart if we aren't doing unifi-core, otherwise stop and let unifi-core restart it. if systemctl -q is-active unifi; then - _reload_cmd="${_reload_cmd:+$_reload_cmd && }service unifi restart" + if [ ! -f "${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}/unifi-core.key" ]; then + _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi" + else + _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl stop unifi" + fi fi _services_updated="${_services_updated} unifi" _info "Install Unifi Controller certificate success!" @@ -165,6 +212,11 @@ unifi_deploy() { return 1 fi + # Save the existing certs in case something goes wrong. + cp -f "${_unifi_core_config}"/unifi-core.crt "${_unifi_core_config}"/unifi-core_original.crt + cp -f "${_unifi_core_config}"/unifi-core.key "${_unifi_core_config}"/unifi-core_original.key + _info "Previous certificate and key saved to ${_unifi_core_config}/unifi-core_original.crt/key." + cat "$_cfullchain" >"${_unifi_core_config}/unifi-core.crt" cat "$_ckey" >"${_unifi_core_config}/unifi-core.key" From f4406565728901aba9d5219403c7cc94622fa096 Mon Sep 17 00:00:00 2001 From: zak905 Date: Tue, 14 May 2024 18:35:25 +0200 Subject: [PATCH 29/47] create new script for ionos cloud and rollback changes to dns_ionos.sh --- dnsapi/dns_ionos.sh | 168 ++++++-------------------------------- dnsapi/dns_ionos_cloud.sh | 145 ++++++++++++++++++++++++++++++++ 2 files changed, 168 insertions(+), 145 deletions(-) create mode 100644 dnsapi/dns_ionos_cloud.sh diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index 70cc858a..e4ad3318 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -1,24 +1,17 @@ #!/usr/bin/env sh -# Supports IONOS DNS API v1.0.1 and IONOS Cloud DNS API v1.15.4 +# Supports IONOS DNS API v1.0.1 # # Usage: -# Export IONOS_PREFIX and IONOS_SECRET or IONOS_TOKEN before calling acme.sh: +# Export IONOS_PREFIX and IONOS_SECRET before calling acme.sh: # # $ export IONOS_PREFIX="..." # $ export IONOS_SECRET="..." -# or -# $ export IONOS_TOKEN="..." # # $ acme.sh --issue --dns dns_ionos ... -# -# if IONOS_PREFIX and IONOS_SECRET are set, the script will use IONOS DNS API -# if IONOS_TOKEN is set, the script will use the IONOS Cloud DNS API IONOS_API="https://api.hosting.ionos.com/dns" -IONOS_CLOUD_API="https://dns.de-fra.ionos.com" IONOS_ROUTE_ZONES="/v1/zones" -IONOS_CLOUD_ROUTE_ZONES="/zones" IONOS_TXT_TTL=60 # minimum accepted by API IONOS_TXT_PRIO=10 @@ -31,21 +24,11 @@ dns_ionos_add() { return 1 fi - if [ "$_context" = "core" ]; then - _body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" - - if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "201" ]; then - _info "TXT record has been created successfully." - return 0 - fi - else - _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1) - _body="{\"properties\":{\"name\":\"$_record_name\", \"type\":\"TXT\", \"content\":\"$txtvalue\"}}" + _body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" - if _ionos_cloud_rest POST "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "202" ]; then - _info "TXT record has been created successfully." - return 0 - fi + if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "201" ]; then + _info "TXT record has been created successfully." + return 0 fi return 1 @@ -59,27 +42,14 @@ dns_ionos_rm() { return 1 fi - if [ "$_context" = "core" ]; then - if ! _ionos_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then - _err "Could not find _acme-challenge TXT record." - return 1 - fi - - if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "200" ]; then - _info "TXT record has been deleted successfully." - return 0 - fi - else - if ! _ionos_cloud_get_record "$_zone_id" "$txtvalue" "$fulldomain"; then - _err "Could not find _acme-challenge TXT record." - return 1 - fi - - if _ionos_cloud_rest DELETE "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "202" ]; then - _info "TXT record has been deleted successfully." - return 0 - fi + if ! _ionos_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then + _err "Could not find _acme-challenge TXT record." + return 1 + fi + if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "200" ]; then + _info "TXT record has been deleted successfully." + return 0 fi return 1 @@ -88,46 +58,25 @@ dns_ionos_rm() { _ionos_init() { IONOS_PREFIX="${IONOS_PREFIX:-$(_readaccountconf_mutable IONOS_PREFIX)}" IONOS_SECRET="${IONOS_SECRET:-$(_readaccountconf_mutable IONOS_SECRET)}" - IONOS_TOKEN="${IONOS_TOKEN:-$(_readaccountconf_mutable IONOS_TOKEN)}" - - if [ -n "$IONOS_PREFIX" ] && [ -n "$IONOS_SECRET" ]; then - _info "You have specified an IONOS api prefix and secret." - _info "The script will use the IONOS DNS API: $IONOS_API" - - _saveaccountconf_mutable IONOS_PREFIX "$IONOS_PREFIX" - _saveaccountconf_mutable IONOS_SECRET "$IONOS_SECRET" - if ! _get_root "$fulldomain"; then - _err "Cannot find this domain in your IONOS account." - return 1 - fi - _context="core" - elif [ -n "$IONOS_TOKEN" ]; then - _info "You have specified an IONOS token." - _info "The script will use the IONOS Cloud DNS API: $IONOS_CLOUD_API" - - _saveaccountconf_mutable IONOS_TOKEN "$IONOS_TOKEN" - - if ! _get_cloud_zone "$fulldomain"; then - _err "Cannot find zone $zone in your IONOS account." - return 1 - fi - _context="cloud" - else - _err "You didn't specify any IONOS credentials yet." - _err "If you are using the IONOS DNS API, Read https://beta.developer.hosting.ionos.de/docs/getstarted to learn how to get a prefix and secret." - _err "If you are using the IONOS Cloud DNS API, Read https://api.ionos.com/docs/authentication/v1/#tag/tokens/operation/tokensGenerate to learn how to get a token." + if [ -z "$IONOS_PREFIX" ] || [ -z "$IONOS_SECRET" ]; then + _err "You didn't specify an IONOS api prefix and secret yet." + _err "Read https://beta.developer.hosting.ionos.de/docs/getstarted to learn how to get a prefix and secret." _err "" _err "Then set them before calling acme.sh:" _err "\$ export IONOS_PREFIX=\"...\"" _err "\$ export IONOS_SECRET=\"...\"" - _err "#or" - _err "\$ export IONOS_TOKEN=\"...\"" _err "\$ acme.sh --issue -d ... --dns dns_ionos" return 1 fi - return 0 + _saveaccountconf_mutable IONOS_PREFIX "$IONOS_PREFIX" + _saveaccountconf_mutable IONOS_SECRET "$IONOS_SECRET" + + if ! _get_root "$fulldomain"; then + _err "Cannot find this domain in your IONOS account." + return 1 + fi } _get_root() { @@ -165,24 +114,6 @@ _get_root() { return 1 } -_get_cloud_zone() { - domain=$1 - zone=$(printf "%s" "$domain" | cut -d . -f 2-) - - if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES?filter.zoneName=$zone"; then - _response="$(echo "$_response" | tr -d "\n")" - - _zone_list_items=$(echo "$_response" | _egrep_o "\"items\":.*") - - _zone_id=$(printf "%s\n" "$_zone_list_items" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') - if [ "$_zone_id" ]; then - return 0 - fi - fi - - return 1 -} - _ionos_get_record() { fulldomain=$1 zone_id=$2 @@ -202,30 +133,6 @@ _ionos_get_record() { return 1 } -_ionos_cloud_get_record() { - zone_id=$1 - txtrecord=$2 - # this is to transform the domain to lower case - fulldomain=$(printf "%s" "$3" | tr "[:upper:]" "[:lower:]") - # this is to transform record name to lower case - # IONOS Cloud API transforms all record names to lower case - _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1 | tr "[:upper:]" "[:lower:]") - - if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES/$zone_id/records"; then - _response="$(echo "$_response" | tr -d "\n")" - - pattern="\{\"id\":\"[a-fA-F0-9\-]*\",\"type\":\"record\",\"href\":\"/zones/$zone_id/records/[a-fA-F0-9\-]*\",\"metadata\":\{\"createdDate\":\"[A-Z0-9\:\.\-]*\",\"lastModifiedDate\":\"[A-Z0-9\:\.\-]*\",\"fqdn\":\"$fulldomain\",\"state\":\"AVAILABLE\",\"zoneId\":\"$zone_id\"\},\"properties\":\{\"content\":\"$txtrecord\",\"enabled\":true,\"name\":\"$_record_name\",\"priority\":[0-9]*,\"ttl\":[0-9]*,\"type\":\"TXT\"\}\}" - - _record="$(echo "$_response" | _egrep_o "$pattern")" - if [ "$_record" ]; then - _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') - return 0 - fi - fi - - return 1 -} - _ionos_rest() { method="$1" route="$2" @@ -262,32 +169,3 @@ _ionos_rest() { return 0 } - -_ionos_cloud_rest() { - method="$1" - route="$2" - data="$3" - - export _H1="Authorization: Bearer $IONOS_TOKEN" - - # clear headers - : >"$HTTP_HEADER" - - if [ "$method" != "GET" ]; then - _response="$(_post "$data" "$IONOS_CLOUD_API$route" "" "$method" "application/json")" - else - _response="$(_get "$IONOS_CLOUD_API$route")" - fi - - _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" - - if [ "$?" != "0" ]; then - _err "Error $route: $_response" - return 1 - fi - - _debug2 "_response" "$_response" - _debug2 "_code" "$_code" - - return 0 -} diff --git a/dnsapi/dns_ionos_cloud.sh b/dnsapi/dns_ionos_cloud.sh new file mode 100644 index 00000000..6204fda0 --- /dev/null +++ b/dnsapi/dns_ionos_cloud.sh @@ -0,0 +1,145 @@ +#!/usr/bin/env sh + +# Supports IONOS Cloud DNS API v1.15.4 +# +# Usage: +# Export IONOS_TOKEN before calling acme.sh: +# $ export IONOS_TOKEN="..." +# +# $ acme.sh --issue --dns dns_ionos_cloud ... + +IONOS_CLOUD_API="https://dns.de-fra.ionos.com" +IONOS_CLOUD_ROUTE_ZONES="/zones" + +dns_ionos_add() { + fulldomain=$1 + txtvalue=$2 + + if ! _ionos_init; then + return 1 + fi + + _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1) + _body="{\"properties\":{\"name\":\"$_record_name\", \"type\":\"TXT\", \"content\":\"$txtvalue\"}}" + + if _ionos_cloud_rest POST "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "202" ]; then + _info "TXT record has been created successfully." + return 0 + fi + + return 1 +} + +dns_ionos_rm() { + fulldomain=$1 + txtvalue=$2 + + if ! _ionos_init; then + return 1 + fi + + if ! _ionos_cloud_get_record "$_zone_id" "$txtvalue" "$fulldomain"; then + _err "Could not find _acme-challenge TXT record." + return 1 + fi + + if _ionos_cloud_rest DELETE "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "202" ]; then + _info "TXT record has been deleted successfully." + return 0 + fi + + return 1 +} + +_ionos_init() { + IONOS_TOKEN="${IONOS_TOKEN:-$(_readaccountconf_mutable IONOS_TOKEN)}" + + if [ -z "$IONOS_TOKEN" ]; then + _err "You didn't specify an IONOS token yet." + _err "Read https://api.ionos.com/docs/authentication/v1/#tag/tokens/operation/tokensGenerate to learn how to get a token." + _err "" + _err "\$ export IONOS_TOKEN=\"...\"" + _err "\$ acme.sh --issue -d ... --dns dns_ionos_cloud" + return 1 + fi + + _saveaccountconf_mutable IONOS_TOKEN "$IONOS_TOKEN" + + if ! _get_cloud_zone "$fulldomain"; then + _err "Cannot find zone $zone in your IONOS account." + return 1 + fi + + return 0 +} + +_get_cloud_zone() { + domain=$1 + zone=$(printf "%s" "$domain" | cut -d . -f 2-) + + if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES?filter.zoneName=$zone"; then + _response="$(echo "$_response" | tr -d "\n")" + + _zone_list_items=$(echo "$_response" | _egrep_o "\"items\":.*") + + _zone_id=$(printf "%s\n" "$_zone_list_items" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') + if [ "$_zone_id" ]; then + return 0 + fi + fi + + return 1 +} + +_ionos_cloud_get_record() { + zone_id=$1 + txtrecord=$2 + # this is to transform the domain to lower case + fulldomain=$(printf "%s" "$3" | tr "[:upper:]" "[:lower:]") + # this is to transform record name to lower case + # IONOS Cloud API transforms all record names to lower case + _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1 | tr "[:upper:]" "[:lower:]") + + if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES/$zone_id/records"; then + _response="$(echo "$_response" | tr -d "\n")" + + pattern="\{\"id\":\"[a-fA-F0-9\-]*\",\"type\":\"record\",\"href\":\"/zones/$zone_id/records/[a-fA-F0-9\-]*\",\"metadata\":\{\"createdDate\":\"[A-Z0-9\:\.\-]*\",\"lastModifiedDate\":\"[A-Z0-9\:\.\-]*\",\"fqdn\":\"$fulldomain\",\"state\":\"AVAILABLE\",\"zoneId\":\"$zone_id\"\},\"properties\":\{\"content\":\"$txtrecord\",\"enabled\":true,\"name\":\"$_record_name\",\"priority\":[0-9]*,\"ttl\":[0-9]*,\"type\":\"TXT\"\}\}" + + _record="$(echo "$_response" | _egrep_o "$pattern")" + if [ "$_record" ]; then + _record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') + return 0 + fi + fi + + return 1 +} + +_ionos_cloud_rest() { + method="$1" + route="$2" + data="$3" + + export _H1="Authorization: Bearer $IONOS_TOKEN" + + # clear headers + : >"$HTTP_HEADER" + + if [ "$method" != "GET" ]; then + _response="$(_post "$data" "$IONOS_CLOUD_API$route" "" "$method" "application/json")" + else + _response="$(_get "$IONOS_CLOUD_API$route")" + fi + + _code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" + + if [ "$?" != "0" ]; then + _err "Error $route: $_response" + return 1 + fi + + _debug2 "_response" "$_response" + _debug2 "_code" "$_code" + + return 0 +} From 2797d2c5359184160fb423ad24b68cc89e2725ca Mon Sep 17 00:00:00 2001 From: zak905 Date: Tue, 14 May 2024 19:50:44 +0200 Subject: [PATCH 30/47] fix add and rm method names --- dnsapi/dns_ionos_cloud.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_ionos_cloud.sh b/dnsapi/dns_ionos_cloud.sh index 6204fda0..18a60d18 100644 --- a/dnsapi/dns_ionos_cloud.sh +++ b/dnsapi/dns_ionos_cloud.sh @@ -11,7 +11,7 @@ IONOS_CLOUD_API="https://dns.de-fra.ionos.com" IONOS_CLOUD_ROUTE_ZONES="/zones" -dns_ionos_add() { +dns_ionos_cloud_add() { fulldomain=$1 txtvalue=$2 @@ -30,7 +30,7 @@ dns_ionos_add() { return 1 } -dns_ionos_rm() { +dns_ionos_cloud_rm() { fulldomain=$1 txtvalue=$2 @@ -57,7 +57,7 @@ _ionos_init() { if [ -z "$IONOS_TOKEN" ]; then _err "You didn't specify an IONOS token yet." _err "Read https://api.ionos.com/docs/authentication/v1/#tag/tokens/operation/tokensGenerate to learn how to get a token." - _err "" + _err "You need to set it before calling acme.sh:" _err "\$ export IONOS_TOKEN=\"...\"" _err "\$ acme.sh --issue -d ... --dns dns_ionos_cloud" return 1 From 6b7b5caf54ea0b45508e158db3748d00f48672f2 Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sat, 18 Nov 2023 18:57:12 +0200 Subject: [PATCH 31/47] DNS provider API: structured description Instead of using comments declare info in a special variable. Then the variable can be used to print the DNS API provider usage. The usage can be parsed on UI and show all needed inputs for options. The info is stored in plain string that it's both human-readable and easy to parse: dns_example_info='API name An extended description. Multiline. Domains: list of alternative domains to find Site: the dns provider website e.g. example.com Docs: Link to ACME.sh wiki for the provider Options: VARIABLE1 Title for the option1. VARIABLE2 Title for the option2. Default "default value". VARIABLE3 Title for the option3. Description to show on UI. Optional. Issues: Link to a support ticket on https://github.com/acmesh-official/acme.sh Author: First Lastname , Another Author ; ' Here: VARIABLE1 will be required. VARIABLE2 will be required too but will be populated with a "default value". VARIABLE3 is optional and can be empty. A DNS provider may have alternative options like CloudFlare may use API KEY or API Token. You can use a second section OptionsAlt: section. Some providers may have alternative names or domains e.g. Aliyun and AlibabaCloud. Add them to Domains: section. Signed-off-by: Sergey Ponomarev --- dnsapi/dns_1984hosting.sh | 26 +++++++++++--------------- dnsapi/dns_acmedns.sh | 28 ++++++++++++++-------------- dnsapi/dns_acmeproxy.sh | 18 +++++++++++++----- dnsapi/dns_active24.sh | 11 +++++++++-- dnsapi/dns_ad.sh | 17 +++++++++-------- dnsapi/dns_ali.sh | 12 +++++++++--- dnsapi/dns_anx.sh | 13 ++++++++----- dnsapi/dns_artfiles.sh | 23 ++++++++++------------- dnsapi/dns_arvan.sh | 15 ++++++++++----- dnsapi/dns_aurora.sh | 16 +++++++++++----- dnsapi/dns_autodns.sh | 23 +++++++++++------------ dnsapi/dns_aws.sh | 20 +++++++++++--------- dnsapi/dns_azion.sh | 14 +++++++++----- dnsapi/dns_azure.sh | 13 +++++++++++-- dnsapi/dns_bookmyname.sh | 21 ++++++++++----------- dnsapi/dns_bunny.sh | 21 +++++++++------------ dnsapi/dns_cf.sh | 21 ++++++++++++--------- dnsapi/dns_clouddns.sh | 17 +++++++++++------ dnsapi/dns_cloudns.sh | 17 ++++++++++------- dnsapi/dns_cn.sh | 13 ++++++++++--- dnsapi/dns_conoha.sh | 11 +++++++++++ dnsapi/dns_constellix.sh | 14 ++++++++++---- dnsapi/dns_cpanel.sh | 26 +++++++++++++------------- dnsapi/dns_curanet.sh | 16 +++++++++++----- dnsapi/dns_cyon.sh | 28 +++++++++++----------------- dnsapi/dns_da.sh | 37 ++++++++++--------------------------- dnsapi/dns_ddnss.sh | 21 +++++++++------------ dnsapi/dns_desec.sh | 16 +++++++++------- dnsapi/dns_df.sh | 25 +++++++++++-------------- dnsapi/dns_dgon.sh | 20 ++++++++------------ dnsapi/dns_dnsexit.sh | 19 +++++++++++-------- dnsapi/dns_dnshome.sh | 21 ++++++++++----------- dnsapi/dns_dnsimple.sh | 16 ++++++++-------- dnsapi/dns_dnsservices.sh | 17 ++++++++++------- dnsapi/dns_doapi.sh | 19 +++++++++++-------- dnsapi/dns_domeneshop.sh | 9 +++++++++ dnsapi/dns_dp.sh | 14 ++++++++------ dnsapi/dns_dpi.sh | 14 ++++++++------ dnsapi/dns_dreamhost.sh | 14 +++++++++----- dnsapi/dns_duckdns.sh | 18 ++++++++---------- dnsapi/dns_durabledns.sh | 12 +++++++++--- dnsapi/dns_dyn.sh | 25 ++++++++++++------------- dnsapi/dns_dynu.sh | 21 +++++++++++---------- dnsapi/dns_dynv6.sh | 15 +++++++++++---- dnsapi/dns_easydns.sh | 19 +++++++++++-------- dnsapi/dns_edgedns.sh | 25 ++++++++++++++----------- dnsapi/dns_euserv.sh | 24 ++++++++++-------------- dnsapi/dns_exoscale.sh | 8 ++++++++ dnsapi/dns_fornex.sh | 11 +++++++++-- dnsapi/dns_freedns.sh | 19 ++++++++++--------- dnsapi/dns_gandi_livedns.sh | 17 ++++++++++------- dnsapi/dns_gcloud.sh | 10 ++++++++-- dnsapi/dns_gcore.sh | 12 ++++++++---- dnsapi/dns_gd.sh | 16 ++++++++-------- dnsapi/dns_geoscaling.sh | 16 ++++++++-------- dnsapi/dns_googledomains.sh | 15 ++++++++++----- dnsapi/dns_he.sh | 21 ++++++++++----------- dnsapi/dns_hetzner.sh | 12 ++++++++---- dnsapi/dns_hexonet.sh | 14 +++++++++----- dnsapi/dns_hostingde.sh | 15 +++++++++------ dnsapi/dns_huaweicloud.sh | 14 ++++++++++---- dnsapi/dns_infoblox.sh | 14 ++++++++++---- dnsapi/dns_infomaniak.sh | 15 ++++++++------- dnsapi/dns_internetbs.sh | 18 ++++++++++-------- dnsapi/dns_inwx.sh | 13 ++++++++----- dnsapi/dns_ionos.sh | 19 +++++++++---------- dnsapi/dns_ipv64.sh | 18 +++++++++--------- dnsapi/dns_ispconfig.sh | 21 ++++++++++++--------- dnsapi/dns_jd.sh | 15 ++++++++++----- dnsapi/dns_joker.sh | 33 ++++++++++----------------------- dnsapi/dns_kappernet.sh | 17 +++++++++-------- dnsapi/dns_kas.sh | 27 ++++++++++++--------------- dnsapi/dns_kinghost.sh | 19 ++++++++++--------- dnsapi/dns_knot.sh | 10 ++++++++++ dnsapi/dns_la.sh | 12 +++++++++--- dnsapi/dns_leaseweb.sh | 12 +++++++++--- dnsapi/dns_lexicon.sh | 10 +++++++--- dnsapi/dns_linode.sh | 10 ++++++++-- dnsapi/dns_linode_v4.sh | 11 ++++++++--- dnsapi/dns_loopia.sh | 16 +++++++++------- dnsapi/dns_lua.sh | 17 ++++++++++------- dnsapi/dns_maradns.sh | 9 +++++++++ dnsapi/dns_me.sh | 14 +++++++++----- dnsapi/dns_miab.sh | 23 +++++++++++------------ dnsapi/dns_misaka.sh | 15 ++++++++------- dnsapi/dns_myapi.sh | 17 ++++++++++++----- dnsapi/dns_mydevil.sh | 21 +++++++++++---------- dnsapi/dns_mydnsjp.sh | 18 +++++++++--------- dnsapi/dns_mythic_beasts.sh | 9 +++++++++ dnsapi/dns_namecheap.sh | 15 ++++++++++----- dnsapi/dns_namecom.sh | 13 +++++++++---- dnsapi/dns_namesilo.sh | 14 ++++++++++---- dnsapi/dns_nanelo.sh | 13 ++++++++----- dnsapi/dns_nederhost.sh | 10 ++++++++-- dnsapi/dns_neodigit.sh | 16 ++++++++-------- dnsapi/dns_netcup.sh | 12 +++++++++++- dnsapi/dns_netlify.sh | 10 ++++++++-- dnsapi/dns_nic.sh | 17 +++++++++++------ dnsapi/dns_njalla.sh | 11 ++++++++--- dnsapi/dns_nm.sh | 20 +++++++++----------- dnsapi/dns_nsd.sh | 12 +++++++++--- dnsapi/dns_nsone.sh | 15 +++++++++------ dnsapi/dns_nsupdate.sh | 10 ++++++++++ dnsapi/dns_nw.sh | 27 ++++++++++++--------------- dnsapi/dns_oci.sh | 17 +++++++++++++++-- dnsapi/dns_one.sh | 14 +++++++++----- dnsapi/dns_online.sh | 11 +++++++++-- dnsapi/dns_openprovider.sh | 21 ++++++++++----------- dnsapi/dns_openstack.sh | 27 +++++++++++++++++---------- dnsapi/dns_opnsense.sh | 24 ++++++++++++------------ dnsapi/dns_ovh.sh | 20 +++++++++++--------- dnsapi/dns_pdns.sh | 18 ++++++++++-------- dnsapi/dns_pleskxml.sh | 32 ++++++++++++-------------------- dnsapi/dns_pointhq.sh | 14 +++++++++----- dnsapi/dns_porkbun.sh | 13 +++++++++---- dnsapi/dns_rackcorp.sh | 22 ++++++++++------------ dnsapi/dns_rackspace.sh | 14 +++++++++----- dnsapi/dns_rage4.sh | 14 +++++++++----- dnsapi/dns_rcode0.sh | 14 ++++++++++---- dnsapi/dns_regru.sh | 15 +++++++++------ dnsapi/dns_scaleway.sh | 10 ++++++++-- dnsapi/dns_schlundtech.sh | 22 ++++++++++------------ dnsapi/dns_selectel.sh | 12 ++++++++---- dnsapi/dns_selfhost.sh | 15 +++++++++++---- dnsapi/dns_servercow.sh | 25 ++++++++++--------------- dnsapi/dns_simply.sh | 13 ++++++++----- dnsapi/dns_tele3.sh | 19 +++++++++---------- dnsapi/dns_tencent.sh | 12 +++++++++--- dnsapi/dns_transip.sh | 10 ++++++++++ dnsapi/dns_udr.sh | 20 ++++++++++---------- dnsapi/dns_ultra.sh | 14 +++++++++----- dnsapi/dns_unoeuro.sh | 14 +++++++++----- dnsapi/dns_variomedia.sh | 11 ++++++++--- dnsapi/dns_veesp.sh | 16 ++++++++++------ dnsapi/dns_vercel.sh | 11 +++++++---- dnsapi/dns_vscale.sh | 14 ++++++++------ dnsapi/dns_vultr.sh | 12 +++++++++--- dnsapi/dns_websupport.sh | 22 ++++++++++------------ dnsapi/dns_world4you.sh | 13 ++++++++++--- dnsapi/dns_yandex.sh | 18 +++++++++--------- dnsapi/dns_yc.sh | 19 +++++++++++++------ dnsapi/dns_zilore.sh | 8 +++++++- dnsapi/dns_zone.sh | 10 +++++++++- dnsapi/dns_zonomi.sh | 12 +++++++----- 144 files changed, 1399 insertions(+), 986 deletions(-) mode change 100644 => 100755 dnsapi/dns_acmeproxy.sh diff --git a/dnsapi/dns_1984hosting.sh b/dnsapi/dns_1984hosting.sh index e4ef2e4b..3f54a714 100755 --- a/dnsapi/dns_1984hosting.sh +++ b/dnsapi/dns_1984hosting.sh @@ -1,22 +1,18 @@ #!/usr/bin/env sh -# This file name is "dns_1984hosting.sh" -# So, here must be a method dns_1984hosting_add() -# Which will be called by acme.sh to add the txt record to your api system. -# returns 0 means success, otherwise error. - -# Author: Adrian Fedoreanu -# Report Bugs here: https://github.com/acmesh-official/acme.sh -# or here... https://github.com/acmesh-official/acme.sh/issues/2851 +# shellcheck disable=SC2034 +dns_1984hosting_info='1984.hosting +Domains: 1984.is +Site: 1984.hosting +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_1984hosting +Options: + One984HOSTING_Username Username + One984HOSTING_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/2851 +Author: Adrian Fedoreanu +' ######## Public functions ##################### -# Export 1984HOSTING username and password in following variables -# -# One984HOSTING_Username=username -# One984HOSTING_Password=password -# -# username/password and csrftoken/sessionid cookies are saved in ~/.acme.sh/account.conf - # Usage: dns_1984hosting_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" # Add a text record. dns_1984hosting_add() { diff --git a/dnsapi/dns_acmedns.sh b/dnsapi/dns_acmedns.sh index 057f9742..f3f50233 100755 --- a/dnsapi/dns_acmedns.sh +++ b/dnsapi/dns_acmedns.sh @@ -1,18 +1,18 @@ #!/usr/bin/env sh -# -#Author: Wolfgang Ebner -#Author: Sven Neubuaer -#Report Bugs here: https://github.com/dampfklon/acme.sh -# -# Usage: -# export ACMEDNS_BASE_URL="https://auth.acme-dns.io" -# -# You can optionally define an already existing account: -# -# export ACMEDNS_USERNAME="" -# export ACMEDNS_PASSWORD="" -# export ACMEDNS_SUBDOMAIN="" -# +# shellcheck disable=SC2034 +dns_acmedns_info='acme-dns Server API + The acme-dns is a limited DNS server with RESTful API to handle ACME DNS challenges. +Site: github.com/joohoi/acme-dns +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_acmedns +Options: + ACMEDNS_USERNAME Username. Optional. + ACMEDNS_PASSWORD Password. Optional. + ACMEDNS_SUBDOMAIN Subdomain. Optional. + ACMEDNS_BASE_URL API endpoint. Default: "https://auth.acme-dns.io". +Issues: github.com/dampfklon/acme.sh +Author: Wolfgang Ebner, Sven Neubuaer +' + ######## Public functions ##################### #Usage: dns_acmedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" diff --git a/dnsapi/dns_acmeproxy.sh b/dnsapi/dns_acmeproxy.sh old mode 100644 new mode 100755 index 9d5533f9..a699f645 --- a/dnsapi/dns_acmeproxy.sh +++ b/dnsapi/dns_acmeproxy.sh @@ -1,9 +1,17 @@ #!/usr/bin/env sh - -## Acmeproxy DNS provider to be used with acmeproxy (https://github.com/mdbraber/acmeproxy) -## API integration by Maarten den Braber -## -## Report any bugs via https://github.com/mdbraber/acme.sh +# shellcheck disable=SC2034 +dns_acmeproxy_info='AcmeProxy Server API + AcmeProxy can be used to as a single host in your network to request certificates through a DNS API. + Clients can connect with the one AcmeProxy host so you do not need to store DNS API credentials on every single host. +Site: github.com/mdbraber/acmeproxy +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_acmeproxy +Options: + ACMEPROXY_ENDPOINT API Endpoint + ACMEPROXY_USERNAME Username + ACMEPROXY_PASSWORD Password +Issues: github.com/acmesh-official/acme.sh/issues/2251 +Author: Maarten den Braber +' dns_acmeproxy_add() { fulldomain="${1}" diff --git a/dnsapi/dns_active24.sh b/dnsapi/dns_active24.sh index 862f734f..1a6f97f0 100755 --- a/dnsapi/dns_active24.sh +++ b/dnsapi/dns_active24.sh @@ -1,6 +1,13 @@ #!/usr/bin/env sh - -#ACTIVE24_Token="sdfsdfsdfljlbjkljlkjsdfoiwje" +# shellcheck disable=SC2034 +dns_active24_info='Active24.com +Site: Active24.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_active24 +Options: + ACTIVE24_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/2059 +Author: Milan Pála +' ACTIVE24_Api="https://api.active24.com" diff --git a/dnsapi/dns_ad.sh b/dnsapi/dns_ad.sh index fc4a664b..ccd8226f 100755 --- a/dnsapi/dns_ad.sh +++ b/dnsapi/dns_ad.sh @@ -1,12 +1,13 @@ #!/usr/bin/env sh - -# -#AD_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" - -#This is the Alwaysdata api wrapper for acme.sh -# -#Author: Paul Koppen -#Report Bugs here: https://github.com/wpk-/acme.sh +# shellcheck disable=SC2034 +dns_ad_info='AlwaysData.com +Site: AlwaysData.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ad +Options: + AD_API_KEY API Key +Issues: github.com/acmesh-official/acme.sh/pull/503 +Author: Paul Koppen +' AD_API_URL="https://$AD_API_KEY:@api.alwaysdata.com/v1" diff --git a/dnsapi/dns_ali.sh b/dnsapi/dns_ali.sh index c69839dc..9bdfc20b 100755 --- a/dnsapi/dns_ali.sh +++ b/dnsapi/dns_ali.sh @@ -1,10 +1,16 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_ali_info='AlibabaCloud.com +Domains: Aliyun.com +Site: AlibabaCloud.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ali +Options: + Ali_Key API Key + Ali_Secret API Secret +' Ali_API="https://alidns.aliyuncs.com/" -#Ali_Key="LTqIA87hOKdjevsf5" -#Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2" - #Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_ali_add() { fulldomain=$1 diff --git a/dnsapi/dns_anx.sh b/dnsapi/dns_anx.sh index c1a1130a..9e5737c9 100644 --- a/dnsapi/dns_anx.sh +++ b/dnsapi/dns_anx.sh @@ -1,9 +1,12 @@ #!/usr/bin/env sh - -# Anexia CloudDNS acme.sh hook -# Author: MA - -#ANX_Token="xxxx" +# shellcheck disable=SC2034 +dns_anx_info='Anexia.com CloudDNS +Site: Anexia.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_anx +Options: + ANX_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/3238 +' ANX_API='https://engine.anexia-it.com/api/clouddns/v1' diff --git a/dnsapi/dns_artfiles.sh b/dnsapi/dns_artfiles.sh index a762837e..abd088f6 100644 --- a/dnsapi/dns_artfiles.sh +++ b/dnsapi/dns_artfiles.sh @@ -1,17 +1,14 @@ #!/usr/bin/env sh - -################################################################################ -# ACME.sh 3rd party DNS API plugin for ArtFiles.de -################################################################################ -# Author: Martin Arndt, https://troublezone.net/ -# Released: 2022-02-27 -# Issues: https://github.com/acmesh-official/acme.sh/issues/4718 -################################################################################ -# Usage: -# 1. export AF_API_USERNAME='api12345678' -# 2. export AF_API_PASSWORD='apiPassword' -# 3. acme.sh --issue -d example.com --dns dns_artfiles -################################################################################ +# shellcheck disable=SC2034 +dns_artfiles_info='ArtFiles.de +Site: ArtFiles.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_artfiles +Options: + AF_API_USERNAME API Username + AF_API_PASSWORD API Password +Issues: github.com/acmesh-official/acme.sh/issues/4718 +Author: Martin Arndt +' ########## API configuration ################################################### diff --git a/dnsapi/dns_arvan.sh b/dnsapi/dns_arvan.sh index 4ca5b685..ed3b1314 100644 --- a/dnsapi/dns_arvan.sh +++ b/dnsapi/dns_arvan.sh @@ -1,11 +1,16 @@ #!/usr/bin/env sh - -# Arvan_Token="Apikey xxxx" +# shellcheck disable=SC2034 +dns_arvan_info='ArvanCloud.ir +Site: ArvanCloud.ir +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_arvan +Options: + Arvan_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/2796 +Author: Vahid Fardi +' ARVAN_API_URL="https://napi.arvancloud.ir/cdn/4.0/domains" -# Author: Vahid Fardi -# Report Bugs here: https://github.com/Neilpang/acme.sh -# + ######## Public functions ##################### #Usage: dns_arvan_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" diff --git a/dnsapi/dns_aurora.sh b/dnsapi/dns_aurora.sh index 00f44739..746fce54 100644 --- a/dnsapi/dns_aurora.sh +++ b/dnsapi/dns_aurora.sh @@ -1,9 +1,15 @@ #!/usr/bin/env sh - -# -#AURORA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#AURORA_Secret="sdfsdfsdfljlbjkljlkjsdfoiwje" +# shellcheck disable=SC2034 +dns_aurora_info='versio.nl AuroraDNS +Domains: pcextreme.nl +Site: versio.nl +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_aurora +Options: + AURORA_Key API Key + AURORA_Secret API Secret +Issues: github.com/acmesh-official/acme.sh/issues/3459 +Author: Jasper Zonneveld +' AURORA_Api="https://api.auroradns.eu" diff --git a/dnsapi/dns_autodns.sh b/dnsapi/dns_autodns.sh index 92534489..309e5f27 100644 --- a/dnsapi/dns_autodns.sh +++ b/dnsapi/dns_autodns.sh @@ -1,16 +1,15 @@ #!/usr/bin/env sh -# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*- - -# This is the InternetX autoDNS xml api wrapper for acme.sh -# Author: auerswald@gmail.com -# Created: 2018-01-14 -# -# export AUTODNS_USER="username" -# export AUTODNS_PASSWORD="password" -# export AUTODNS_CONTEXT="context" -# -# Usage: -# acme.sh --issue --dns dns_autodns -d example.com +# shellcheck disable=SC2034 +dns_autodns_info='InternetX autoDNS + InternetX autoDNS XML API +Site: InternetX.com/autodns/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_autodns +Options: + AUTODNS_USER Username + AUTODNS_PASSWORD Password + AUTODNS_CONTEXT Context +Author: +' AUTODNS_API="https://gateway.autodns.com" diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 27923b64..c599b4e0 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -1,13 +1,15 @@ #!/usr/bin/env sh - -# -#AWS_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#AWS_SECRET_ACCESS_KEY="xxxxxxx" - -#This is the Amazon Route53 api wrapper for acme.sh -#All `_sleep` commands are included to avoid Route53 throttling, see -#https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests +# shellcheck disable=SC2034 +dns_aws_info='Amazon AWS Route53 domain API +Site: docs.aws.amazon.com/route53/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_aws +Options: + AWS_ACCESS_KEY_ID API Key ID + AWS_SECRET_ACCESS_KEY API Secret +' + +# All `_sleep` commands are included to avoid Route53 throttling, see +# https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests AWS_HOST="route53.amazonaws.com" AWS_URL="https://$AWS_HOST" diff --git a/dnsapi/dns_azion.sh b/dnsapi/dns_azion.sh index f215686d..2371833e 100644 --- a/dnsapi/dns_azion.sh +++ b/dnsapi/dns_azion.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# -#AZION_Email="" -#AZION_Password="" -# +# shellcheck disable=SC2034 +dns_azion_info='Azion.om +Site: Azion.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_azion +Options: + AZION_Email Email + AZION_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/3555 +' AZION_Api="https://api.azionapi.net" diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 1c33c13a..00ccd798 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -1,6 +1,15 @@ #!/usr/bin/env sh - -WIKI="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Azure-DNS" +# shellcheck disable=SC2034 +dns_azure_info='Azure +Site: Azure.microsoft.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_azure +Options: + AZUREDNS_SUBSCRIPTIONID Subscription ID + AZUREDNS_TENANTID Tenant ID + AZUREDNS_APPID App ID. App ID of the service principal + AZUREDNS_CLIENTSECRET Client Secret. Secret from creating the service principal + AZUREDNS_MANAGEDIDENTITY Use Managed Identity. Use Managed Identity assigned to a resource instead of a service principal. "true"/"false" +' ######## Public functions ##################### diff --git a/dnsapi/dns_bookmyname.sh b/dnsapi/dns_bookmyname.sh index 62548fd0..668cf074 100644 --- a/dnsapi/dns_bookmyname.sh +++ b/dnsapi/dns_bookmyname.sh @@ -1,18 +1,17 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_bookmyname_info='BookMyName.com +Site: BookMyName.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bookmyname +Options: + BOOKMYNAME_USERNAME Username + BOOKMYNAME_PASSWORD Password +Issues: github.com/acmesh-official/acme.sh/issues/3209 +Author: Neilpang +' -#Here is a sample custom api script. -#This file name is "dns_bookmyname.sh" -#So, here must be a method dns_bookmyname_add() -#Which will be called by acme.sh to add the txt record to your api system. -#returns 0 means success, otherwise error. -# -#Author: Neilpang -#Report Bugs here: https://github.com/acmesh-official/acme.sh -# ######## Public functions ##################### -# Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide - # BookMyName urls: # https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=add&value="XXXXXXXX"' # https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=remove&value="XXXXXXXX"' diff --git a/dnsapi/dns_bunny.sh b/dnsapi/dns_bunny.sh index a9b1ea5a..681f748a 100644 --- a/dnsapi/dns_bunny.sh +++ b/dnsapi/dns_bunny.sh @@ -1,16 +1,13 @@ #!/usr/bin/env sh - -## Will be called by acme.sh to add the TXT record via the Bunny DNS API. -## returns 0 means success, otherwise error. - -## Author: nosilver4u -## GitHub: https://github.com/nosilver4u/acme.sh - -## -## Environment Variables Required: -## -## BUNNY_API_KEY="75310dc4-ca77-9ac3-9a19-f6355db573b49ce92ae1-2655-3ebd-61ac-3a3ae34834cc" -## +# shellcheck disable=SC2034 +dns_bunny_info='Bunny.net +Site: Bunny.net/dns/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bunny +Options: + BUNNY_API_KEY API Key +Issues: github.com/acmesh-official/acme.sh/issues/4296 +Author: +' ##################### Public functions ##################### diff --git a/dnsapi/dns_cf.sh b/dnsapi/dns_cf.sh index cd8d9a8d..da63e771 100755 --- a/dnsapi/dns_cf.sh +++ b/dnsapi/dns_cf.sh @@ -1,13 +1,16 @@ #!/usr/bin/env sh - -# -#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#CF_Email="xxxx@sss.com" - -#CF_Token="xxxx" -#CF_Account_ID="xxxx" -#CF_Zone_ID="xxxx" +# shellcheck disable=SC2034 +dns_cf_info='CloudFlare +Site: CloudFlare.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cf +Options: + CF_Key API Key + CF_Email Your account email +OptionsAlt: + CF_Token API Token + CF_Account_ID Account ID + CF_Zone_ID Zone ID. Optional. +' CF_Api="https://api.cloudflare.com/client/v4" diff --git a/dnsapi/dns_clouddns.sh b/dnsapi/dns_clouddns.sh index 31ae4ee9..b78d70a4 100755 --- a/dnsapi/dns_clouddns.sh +++ b/dnsapi/dns_clouddns.sh @@ -1,10 +1,15 @@ #!/usr/bin/env sh - -# Author: Radek Sprta - -#CLOUDDNS_EMAIL=XXXXX -#CLOUDDNS_PASSWORD="YYYYYYYYY" -#CLOUDDNS_CLIENT_ID=XXXXX +# shellcheck disable=SC2034 +dns_clouddns_info='vshosting.cz CloudDNS +Site: github.com/vshosting/clouddns +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_clouddns +Options: + CLOUDDNS_EMAIL Email + CLOUDDNS_PASSWORD Password + CLOUDDNS_CLIENT_ID Client ID +Issues: github.com/acmesh-official/acme.sh/issues/2699 +Author: Radek Sprta +' CLOUDDNS_API='https://admin.vshosting.cloud/clouddns' CLOUDDNS_LOGIN_API='https://admin.vshosting.cloud/api/public/auth/login' diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index 8d7fd437..145a85be 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -1,12 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_cloudns_info='ClouDNS.net +Site: ClouDNS.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cloudns +Options: + CLOUDNS_AUTH_ID Regular auth ID + CLOUDNS_SUB_AUTH_ID Sub auth ID + CLOUDNS_AUTH_PASSWORD Auth Password +Author: Boyan Peychev +' -# Author: Boyan Peychev -# Repository: https://github.com/ClouDNS/acme.sh/ -# Editor: I Komang Suryadana - -#CLOUDNS_AUTH_ID=XXXXX -#CLOUDNS_SUB_AUTH_ID=XXXXX -#CLOUDNS_AUTH_PASSWORD="YYYYYYYYY" CLOUDNS_API="https://api.cloudns.net" DOMAIN_TYPE= DOMAIN_MASTER= diff --git a/dnsapi/dns_cn.sh b/dnsapi/dns_cn.sh index 38d1f4aa..797f788e 100644 --- a/dnsapi/dns_cn.sh +++ b/dnsapi/dns_cn.sh @@ -1,7 +1,14 @@ #!/usr/bin/env sh - -# DNS API for acme.sh for Core-Networks (https://beta.api.core-networks.de/doc/). -# created by 5ll and francis +# shellcheck disable=SC2034 +dns_cn_info='Core-Networks.de +Site: beta.api.Core-Networks.de/doc/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cn +Options: + CN_User User + CN_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/2142 +Author: 5ll, francis +' CN_API="https://beta.api.core-networks.de" diff --git a/dnsapi/dns_conoha.sh b/dnsapi/dns_conoha.sh index ddc32074..6ceca829 100755 --- a/dnsapi/dns_conoha.sh +++ b/dnsapi/dns_conoha.sh @@ -1,4 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_conoha_info='ConoHa.jp +Domains: ConoHa.io +Site: ConoHa.jp +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_conoha +Options: + CONOHA_Username Username + CONOHA_Password Password + CONOHA_TenantId TenantId + CONOHA_IdentityServiceApi Identity Service API. E.g. "https://identity.xxxx.conoha.io/v2.0" +' CONOHA_DNS_EP_PREFIX_REGEXP="https://dns-service\." diff --git a/dnsapi/dns_constellix.sh b/dnsapi/dns_constellix.sh index 69d216f0..0376dda1 100644 --- a/dnsapi/dns_constellix.sh +++ b/dnsapi/dns_constellix.sh @@ -1,10 +1,16 @@ #!/usr/bin/env sh - -# Author: Wout Decre +# shellcheck disable=SC2034 +dns_constellix_info='Constellix.com +Site: Constellix.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_constellix +Options: + CONSTELLIX_Key API Key + CONSTELLIX_Secret API Secret +Issues: github.com/acmesh-official/acme.sh/issues/2724 +Author: Wout Decre +' CONSTELLIX_Api="https://api.dns.constellix.com/v1" -#CONSTELLIX_Key="XXX" -#CONSTELLIX_Secret="XXX" ######## Public functions ##################### diff --git a/dnsapi/dns_cpanel.sh b/dnsapi/dns_cpanel.sh index f6126bcb..a6991403 100755 --- a/dnsapi/dns_cpanel.sh +++ b/dnsapi/dns_cpanel.sh @@ -1,18 +1,18 @@ #!/usr/bin/env sh -# -#Author: Bjarne Saltbaek -#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732 -# -# +# shellcheck disable=SC2034 +dns_cpanel_info='cPanel Server API + Manage DNS via cPanel Dashboard. +Site: cPanel.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_cpanel +Options: + cPanel_Username Username + cPanel_Apitoken API Token + cPanel_Hostname Server URL. E.g. "https://hostname:port" +Issues: github.com/acmesh-official/acme.sh/issues/3732 +Author: Bjarne Saltbaek +' + ######## Public functions ##################### -# -# Export CPANEL username,api token and hostname in the following variables -# -# cPanel_Username=username -# cPanel_Apitoken=apitoken -# cPanel_Hostname=hostname -# -# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" # Used to add txt record dns_cpanel_add() { diff --git a/dnsapi/dns_curanet.sh b/dnsapi/dns_curanet.sh index 4b39f365..a530d304 100644 --- a/dnsapi/dns_curanet.sh +++ b/dnsapi/dns_curanet.sh @@ -1,9 +1,15 @@ #!/usr/bin/env sh - -#Script to use with curanet.dk, scannet.dk, wannafind.dk, dandomain.dk DNS management. -#Requires api credentials with scope: dns -#Author: Peter L. Hansen -#Version 1.0 +# shellcheck disable=SC2034 +dns_curanet_info='Curanet.dk +Domains: scannet.dk wannafind.dk dandomain.dk +Site: Curanet.dk +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_curanet +Options: + CURANET_AUTHCLIENTID Auth ClientID. Requires scope dns + CURANET_AUTHSECRET Auth Secret +Issues: github.com/acmesh-official/acme.sh/issues/3933 +Author: Peter L. Hansen +' CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains" CURANET_AUTH_URL="https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token" diff --git a/dnsapi/dns_cyon.sh b/dnsapi/dns_cyon.sh index 830e8831..04a515aa 100644 --- a/dnsapi/dns_cyon.sh +++ b/dnsapi/dns_cyon.sh @@ -1,21 +1,15 @@ #!/usr/bin/env sh - -######## -# Custom cyon.ch DNS API for use with [acme.sh](https://github.com/acmesh-official/acme.sh) -# -# Usage: acme.sh --issue --dns dns_cyon -d www.domain.com -# -# Dependencies: -# ------------- -# - oathtool (When using 2 Factor Authentication) -# -# Issues: -# ------- -# Any issues / questions / suggestions can be posted here: -# https://github.com/noplanman/cyon-api/issues -# -# Author: Armando Lüscher -######## +# shellcheck disable=SC2034 +dns_cyon_info='cyon.ch +Site: cyon.ch +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cyon +Options: + CY_Username Username + CY_Password API Token + CY_OTP_Secret OTP token. Only required if using 2FA +Issues: github.com/noplanman/cyon-api/issues +Author: Armando Lüscher +' dns_cyon_add() { _cyon_load_credentials && diff --git a/dnsapi/dns_da.sh b/dnsapi/dns_da.sh index 4d3e09b1..b2789a6f 100755 --- a/dnsapi/dns_da.sh +++ b/dnsapi/dns_da.sh @@ -1,31 +1,14 @@ #!/usr/bin/env sh -# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*- -# vim: et ts=2 sw=2 -# -# DirectAdmin 1.41.0 API -# The DirectAdmin interface has it's own Let's encrypt functionality, but this -# script can be used to generate certificates for names which are not hosted on -# DirectAdmin -# -# User must provide login data and URL to DirectAdmin incl. port. -# You can create login key, by using the Login Keys function -# ( https://da.example.com:8443/CMD_LOGIN_KEYS ), which only has access to -# - CMD_API_DNS_CONTROL -# - CMD_API_SHOW_DOMAINS -# -# See also https://www.directadmin.com/api.php and -# https://www.directadmin.com/features.php?id=1298 -# -# Report bugs to https://github.com/TigerP/acme.sh/issues -# -# Values to export: -# export DA_Api="https://remoteUser:remotePassword@da.example.com:8443" -# export DA_Api_Insecure=1 -# -# Set DA_Api_Insecure to 1 for insecure and 0 for secure -> difference is -# whether ssl cert is checked for validity (0) or whether it is just accepted -# (1) -# +# shellcheck disable=SC2034 +dns_da_info='DirectAdmin Server API +Site: DirectAdmin.com/api.php +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_da +Options: + DA_Api API Server URL. E.g. "https://remoteUser:remotePassword@da.domain.tld:8443" + DA_Api_Insecure Insecure TLS. 0: check for cert validity, 1: always accept +Issues: github.com/TigerP/acme.sh/issues +' + ######## Public functions ##################### # Usage: dns_myapi_add _acme-challenge.www.example.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" diff --git a/dnsapi/dns_ddnss.sh b/dnsapi/dns_ddnss.sh index b9da33ff..118b148b 100644 --- a/dnsapi/dns_ddnss.sh +++ b/dnsapi/dns_ddnss.sh @@ -1,16 +1,13 @@ #!/usr/bin/env sh - -#Created by RaidenII, to use DuckDNS's API to add/remove text records -#modified by helbgd @ 03/13/2018 to support ddnss.de -#modified by mod242 @ 04/24/2018 to support different ddnss domains -#Please note: the Wildcard Feature must be turned on for the Host record -#and the checkbox for TXT needs to be enabled - -# Pass credentials before "acme.sh --issue --dns dns_ddnss ..." -# -- -# export DDNSS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" -# -- -# +# shellcheck disable=SC2034 +dns_ddnss_info='DDNSS.de +Site: DDNSS.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ddnss +Options: + DDNSS_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/2230 +Author: RaidenII, helbgd, mod242 +' DDNSS_DNS_API="https://ddnss.de/upd.php" diff --git a/dnsapi/dns_desec.sh b/dnsapi/dns_desec.sh index 495a6780..0d6a6c2f 100644 --- a/dnsapi/dns_desec.sh +++ b/dnsapi/dns_desec.sh @@ -1,11 +1,13 @@ #!/usr/bin/env sh -# -# deSEC.io Domain API -# -# Author: Zheng Qian -# -# deSEC API doc -# https://desec.readthedocs.io/en/latest/ +# shellcheck disable=SC2034 +dns_desec_info='deSEC.io +Site: desec.readthedocs.io/en/latest/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_desec +Options: + DDNSS_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/2180 +Author: Zheng Qian +' REST_API="https://desec.io/api/v1/domains" diff --git a/dnsapi/dns_df.sh b/dnsapi/dns_df.sh index c0499ddf..513e350c 100644 --- a/dnsapi/dns_df.sh +++ b/dnsapi/dns_df.sh @@ -1,18 +1,15 @@ #!/usr/bin/env sh - -######################################################################## -# https://dyndnsfree.de hook script for acme.sh -# -# Environment variables: -# -# - $DF_user (your dyndnsfree.de username) -# - $DF_password (your dyndnsfree.de password) -# -# Author: Thilo Gass -# Git repo: https://github.com/ThiloGa/acme.sh - -#-- dns_df_add() - Add TXT record -------------------------------------- -# Usage: dns_df_add _acme-challenge.subdomain.domain.com "XyZ123..." +# shellcheck disable=SC2034 +dns_df_info='DynDnsFree.de +Domains: dynup.de +Site: DynDnsFree.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_df +Options: + DF_user Username + DF_password Password +Issues: github.com/acmesh-official/acme.sh/issues/2897 +Author: Thilo Gass +' dyndnsfree_api="https://dynup.de/acme.php" diff --git a/dnsapi/dns_dgon.sh b/dnsapi/dns_dgon.sh index afe1b32e..9aaa9606 100755 --- a/dnsapi/dns_dgon.sh +++ b/dnsapi/dns_dgon.sh @@ -1,16 +1,12 @@ #!/usr/bin/env sh - -## Will be called by acme.sh to add the txt record to your api system. -## returns 0 means success, otherwise error. - -## Author: thewer -## GitHub: https://github.com/gitwer/acme.sh - -## -## Environment Variables Required: -## -## DO_API_KEY="75310dc4ca779ac39a19f6355db573b49ce92ae126553ebd61ac3a3ae34834cc" -## +# shellcheck disable=SC2034 +dns_dgon_info='DigitalOcean.com +Site: DigitalOcean.com/help/api/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dgon +Options: + DO_API_KEY API Key +Author: +' ##################### Public functions ##################### diff --git a/dnsapi/dns_dnsexit.sh b/dnsapi/dns_dnsexit.sh index 62d7d757..9f2871b4 100644 --- a/dnsapi/dns_dnsexit.sh +++ b/dnsapi/dns_dnsexit.sh @@ -1,13 +1,16 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_dnsexit_info='DNSExit.com +Site: DNSExit.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsexit +Options: + DNSEXIT_API_KEY API Key + DNSEXIT_AUTH_USER Username + DNSEXIT_AUTH_PASS Password +Issues: github.com/acmesh-official/acme.sh/issues/4719 +Author: Samuel Jimenez +' -#use dns-01 at DNSExit.com - -#Author: Samuel Jimenez -#Report Bugs here: https://github.com/acmesh-official/acme.sh - -#DNSEXIT_API_KEY=ABCDEFGHIJ0123456789abcdefghij -#DNSEXIT_AUTH_USER=login@email.address -#DNSEXIT_AUTH_PASS=aStrongPassword DNSEXIT_API_URL="https://api.dnsexit.com/dns/" DNSEXIT_HOSTS_URL="https://update.dnsexit.com/ipupdate/hosts.jsp" diff --git a/dnsapi/dns_dnshome.sh b/dnsapi/dns_dnshome.sh index 99608769..59828796 100755 --- a/dnsapi/dns_dnshome.sh +++ b/dnsapi/dns_dnshome.sh @@ -1,15 +1,14 @@ #!/usr/bin/env sh - -# dnsHome.de API for acme.sh -# -# This Script adds the necessary TXT record to a Subdomain -# -# Author dnsHome.de (https://github.com/dnsHome-de) -# -# Report Bugs to https://github.com/acmesh-official/acme.sh/issues/3819 -# -# export DNSHOME_Subdomain="" -# export DNSHOME_SubdomainPassword="" +# shellcheck disable=SC2034 +dns_dnshome_info='dnsHome.de +Site: dnsHome.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnshome +Options: + DNSHOME_Subdomain Subdomain + DNSHOME_SubdomainPassword Subdomain Password +Issues: github.com/acmesh-official/acme.sh/issues/3819 +Author: dnsHome.de https://github.com/dnsHome-de +' # Usage: add subdomain.ddnsdomain.tld "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" # Used to add txt record diff --git a/dnsapi/dns_dnsimple.sh b/dnsapi/dns_dnsimple.sh index d831eb2b..e080ecf0 100644 --- a/dnsapi/dns_dnsimple.sh +++ b/dnsapi/dns_dnsimple.sh @@ -1,12 +1,12 @@ #!/usr/bin/env sh - -# DNSimple domain api -# https://github.com/pho3nixf1re/acme.sh/issues -# -# This is your oauth token which can be acquired on the account page. Please -# note that this must be an _account_ token and not a _user_ token. -# https://dnsimple.com/a//account/access_tokens -# DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje" +# shellcheck disable=SC2034 +dns_dnsimple_info='DNSimple.com +Site: DNSimple.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dnsimple +Options: + DNSimple_OAUTH_TOKEN OAuth Token +Issues: github.com/pho3nixf1re/acme.sh/issues +' DNSimple_API="https://api.dnsimple.com/v2" diff --git a/dnsapi/dns_dnsservices.sh b/dnsapi/dns_dnsservices.sh index 008153a4..44cc6f45 100755 --- a/dnsapi/dns_dnsservices.sh +++ b/dnsapi/dns_dnsservices.sh @@ -1,12 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_dnsservices_info='DNS.Services +Site: DNS.Services +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsservices +Options: + DnsServices_Username Username + DnsServices_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/4152 +Author: Bjarke Bruun +' -#This file name is "dns_dnsservices.sh" -#Script for Danish DNS registra and DNS hosting provider https://dns.services - -#Author: Bjarke Bruun -#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/4152 - -# Global variable to connect to the DNS.Services API DNSServices_API=https://dns.services/api ######## Public functions ##################### diff --git a/dnsapi/dns_doapi.sh b/dnsapi/dns_doapi.sh index a001d52c..9bc6a4a4 100755 --- a/dnsapi/dns_doapi.sh +++ b/dnsapi/dns_doapi.sh @@ -1,12 +1,15 @@ #!/usr/bin/env sh - -# Official Let's Encrypt API for do.de / Domain-Offensive -# -# This is different from the dns_do adapter, because dns_do is only usable for enterprise customers -# This API is also available to private customers/individuals -# -# Provide the required LetsEncrypt token like this: -# DO_LETOKEN="FmD408PdqT1E269gUK57" +# shellcheck disable=SC2034 +dns_doapi_info='Domain-Offensive do.de + Official LetsEncrypt API for do.de / Domain-Offensive. + This is different from the dns_do adapter, because dns_do is only usable for enterprise customers. + This API is also available to private customers/individuals. +Site: do.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_doapi +Options: + DO_LETOKEN LetsEncrypt Token +Issues: github.com/acmesh-official/acme.sh/issues/2057 +' DO_API="https://www.do.de/api/letsencrypt" diff --git a/dnsapi/dns_domeneshop.sh b/dnsapi/dns_domeneshop.sh index 9a3791f4..16d3dbe5 100644 --- a/dnsapi/dns_domeneshop.sh +++ b/dnsapi/dns_domeneshop.sh @@ -1,4 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_domeneshop_info='DomeneShop.no +Site: DomeneShop.no +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_domeneshop +Options: + DOMENESHOP_Token Token + DOMENESHOP_Secret Secret +Issues: github.com/acmesh-official/acme.sh/issues/2457 +' DOMENESHOP_Api_Endpoint="https://api.domeneshop.no/v0" diff --git a/dnsapi/dns_dp.sh b/dnsapi/dns_dp.sh index 9b8b7a8b..29d32c27 100755 --- a/dnsapi/dns_dp.sh +++ b/dnsapi/dns_dp.sh @@ -1,10 +1,12 @@ #!/usr/bin/env sh - -# Dnspod.cn Domain api -# -#DP_Id="1234" -# -#DP_Key="sADDsdasdgdsf" +# shellcheck disable=SC2034 +dns_dp_info='DNSPod.cn +Site: DNSPod.cn +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dp +Options: + DP_Id Id + DP_Key Key +' REST_API="https://dnsapi.cn" diff --git a/dnsapi/dns_dpi.sh b/dnsapi/dns_dpi.sh index 2955effd..521f2d69 100755 --- a/dnsapi/dns_dpi.sh +++ b/dnsapi/dns_dpi.sh @@ -1,10 +1,12 @@ #!/usr/bin/env sh - -# Dnspod.com Domain api -# -#DPI_Id="1234" -# -#DPI_Key="sADDsdasdgdsf" +# shellcheck disable=SC2034 +dns_dpi_info='DNSPod.com +Site: DNSPod.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dpi +Options: + DPI_Id Id + DPI_Key Key +' REST_API="https://api.dnspod.com" diff --git a/dnsapi/dns_dreamhost.sh b/dnsapi/dns_dreamhost.sh index a4017938..ce4fff87 100644 --- a/dnsapi/dns_dreamhost.sh +++ b/dnsapi/dns_dreamhost.sh @@ -1,10 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_dreamhost_info='DreamHost.com +Site: DreamHost.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dreamhost +Options: + DH_API_KEY API Key +Issues: github.com/RhinoLance/acme.sh +Author: RhinoLance +' -#Author: RhinoLance -#Report Bugs here: https://github.com/RhinoLance/acme.sh -# - -#define the api endpoint DH_API_ENDPOINT="https://api.dreamhost.com/" querystring="" diff --git a/dnsapi/dns_duckdns.sh b/dnsapi/dns_duckdns.sh index d6e1dbdc..71594873 100755 --- a/dnsapi/dns_duckdns.sh +++ b/dnsapi/dns_duckdns.sh @@ -1,14 +1,12 @@ #!/usr/bin/env sh - -#Created by RaidenII, to use DuckDNS's API to add/remove text records -#06/27/2017 - -# Pass credentials before "acme.sh --issue --dns dns_duckdns ..." -# -- -# export DuckDNS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" -# -- -# -# Due to the fact that DuckDNS uses StartSSL as cert provider, --insecure may need to be used with acme.sh +# shellcheck disable=SC2034 +dns_duckdns_info='DuckDNS.org +Site: www.DuckDNS.org +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns +Options: + DuckDNS_Token API Token +Author: RaidenII +' DuckDNS_API="https://www.duckdns.org/update" diff --git a/dnsapi/dns_durabledns.sh b/dnsapi/dns_durabledns.sh index 677ae24d..cd4bd2eb 100644 --- a/dnsapi/dns_durabledns.sh +++ b/dnsapi/dns_durabledns.sh @@ -1,7 +1,13 @@ #!/usr/bin/env sh - -#DD_API_User="xxxxx" -#DD_API_Key="xxxxxx" +# shellcheck disable=SC2034 +dns_durabledns_info='DurableDNS.com +Site: DurableDNS.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_durabledns +Options: + DD_API_User API User + DD_API_Key API Key +Issues: github.com/acmesh-official/acme.sh/issues/2281 +' _DD_BASE="https://durabledns.com/services/dns" diff --git a/dnsapi/dns_dyn.sh b/dnsapi/dns_dyn.sh index 024e0a38..94201923 100644 --- a/dnsapi/dns_dyn.sh +++ b/dnsapi/dns_dyn.sh @@ -1,10 +1,16 @@ #!/usr/bin/env sh -# -# Dyn.com Domain API -# -# Author: Gerd Naschenweng -# https://github.com/magicdude4eva -# +# shellcheck disable=SC2034 +dns_dyn_info='Dyn.com +Domains: dynect.net +Site: Dyn.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dyn +Options: + DYN_Customer Customer + DYN_Username API Username + DYN_Password Secret +Author: Gerd Naschenweng +' + # Dyn Managed DNS API # https://help.dyn.com/dns-api-knowledge-base/ # @@ -20,13 +26,6 @@ # ZoneRemoveNode # ZonePublish # -- -# -# Pass credentials before "acme.sh --issue --dns dns_dyn ..." -# -- -# export DYN_Customer="customer" -# export DYN_Username="apiuser" -# export DYN_Password="secret" -# -- DYN_API="https://api.dynect.net/REST" diff --git a/dnsapi/dns_dynu.sh b/dnsapi/dns_dynu.sh index 406ef17d..0dbeda24 100644 --- a/dnsapi/dns_dynu.sh +++ b/dnsapi/dns_dynu.sh @@ -1,20 +1,21 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_dynu_info='Dynu.com +Site: Dynu.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dynu +Options: + Dynu_ClientId Client ID + Dynu_Secret Secret +Issues: github.com/shar0119/acme.sh +Author: Dynu Systems Inc +' -#Client ID -#Dynu_ClientId="0b71cae7-a099-4f6b-8ddf-94571cdb760d" -# -#Secret -#Dynu_Secret="aCUEY4BDCV45KI8CSIC3sp2LKQ9" -# #Token Dynu_Token="" # #Endpoint Dynu_EndPoint="https://api.dynu.com/v2" -# -#Author: Dynu Systems, Inc. -#Report Bugs here: https://github.com/shar0119/acme.sh -# + ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" diff --git a/dnsapi/dns_dynv6.sh b/dnsapi/dns_dynv6.sh index 90814b1b..8b94dae7 100644 --- a/dnsapi/dns_dynv6.sh +++ b/dnsapi/dns_dynv6.sh @@ -1,8 +1,15 @@ #!/usr/bin/env sh -#Author StefanAbl -#Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"' -#or use the HTTP REST API by by specifying a token 'export DYNV6_TOKEN="value" -#if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub +# shellcheck disable=SC2034 +dns_dynv6_info='DynV6.com +Site: DynV6.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dynv6 +Options: + DYNV6_TOKEN REST API token. Get from https://DynV6.com/keys +OptionsAlt: + KEY Path to SSH private key file. E.g. "/root/.ssh/dynv6" +Issues: github.com/acmesh-official/acme.sh/issues/2702 +Author: StefanAbl +' dynv6_api="https://dynv6.com/api/v2" ######## Public functions ##################### diff --git a/dnsapi/dns_easydns.sh b/dnsapi/dns_easydns.sh index ab47a0bc..d168054a 100644 --- a/dnsapi/dns_easydns.sh +++ b/dnsapi/dns_easydns.sh @@ -1,14 +1,17 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_easydns_info='easyDNS.net +Site: easyDNS.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_easydns +Options: + EASYDNS_Token API Token + EASYDNS_Key API Key +Issues: github.com/acmesh-official/acme.sh/issues/2647 +Author: Neilpang, wurzelpanzer +' -####################################################### -# -# easyDNS REST API for acme.sh by Neilpang based on dns_cf.sh -# # API Documentation: https://sandbox.rest.easydns.net:3001/ -# -# Author: wurzelpanzer [wurzelpanzer@maximolider.net] -# Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/2647 -# + #################### Public functions ################# #EASYDNS_Key="xxxxxxxxxxxxxxxxxxxxxxxx" diff --git a/dnsapi/dns_edgedns.sh b/dnsapi/dns_edgedns.sh index 27650eb1..e88a1483 100755 --- a/dnsapi/dns_edgedns.sh +++ b/dnsapi/dns_edgedns.sh @@ -1,4 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_edgedns_info='Akamai.com Edge DNS +Site: techdocs.Akamai.com/edge-dns/reference/edge-dns-api +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_edgedns +Options: Specify individual credentials + AKAMAI_HOST Host + AKAMAI_ACCESS_TOKEN Access token + AKAMAI_CLIENT_TOKEN Client token + AKAMAI_CLIENT_SECRET Client secret +Issues: github.com/acmesh-official/acme.sh/issues/3157 +' # Akamai Edge DNS v2 API # User must provide Open Edgegrid API credentials to the EdgeDNS installation. The remote user in EdgeDNS must have CRUD access to @@ -6,18 +17,10 @@ # Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support -# Values to export: -# --EITHER-- # *** TBD. NOT IMPLEMENTED YET *** -# specify Edgegrid credentials file and section -# AKAMAI_EDGERC= -# AKAMAI_EDGERC_SECTION="default" -## --OR-- -# specify indiviual credentials -# export AKAMAI_HOST = -# export AKAMAI_ACCESS_TOKEN = -# export AKAMAI_CLIENT_TOKEN = -# export AKAMAI_CLIENT_SECRET = +# Specify Edgegrid credentials file and section. +# AKAMAI_EDGERC Edge RC. Full file path +# AKAMAI_EDGERC_SECTION Edge RC Section. E.g. "default" ACME_EDGEDNS_VERSION="0.1.0" diff --git a/dnsapi/dns_euserv.sh b/dnsapi/dns_euserv.sh index cfb4b814..2da00c3d 100644 --- a/dnsapi/dns_euserv.sh +++ b/dnsapi/dns_euserv.sh @@ -1,18 +1,14 @@ #!/usr/bin/env sh - -#This is the euserv.eu api wrapper for acme.sh -# -#Author: Michael Brueckner -#Report Bugs: https://www.github.com/initit/acme.sh or mbr@initit.de - -# -#EUSERV_Username="username" -# -#EUSERV_Password="password" -# -# Dependencies: -# ------------- -# - none - +# shellcheck disable=SC2034 +dns_euserv_info='EUserv.com +Domains: EUserv.eu +Site: EUserv.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_euserv +Options: + EUSERV_Username Username + EUSERV_Password Password +Author: Michael Brueckner +' EUSERV_Api="https://api.euserv.net" diff --git a/dnsapi/dns_exoscale.sh b/dnsapi/dns_exoscale.sh index ccf05fc5..4cc5a513 100755 --- a/dnsapi/dns_exoscale.sh +++ b/dnsapi/dns_exoscale.sh @@ -1,4 +1,12 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_exoscale_info='Exoscale.com +Site: Exoscale.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_exoscale +Options: + EXOSCALE_API_KEY API Key + EXOSCALE_SECRET_KEY API Secret key +' EXOSCALE_API=https://api.exoscale.com/dns/v1 diff --git a/dnsapi/dns_fornex.sh b/dnsapi/dns_fornex.sh index 53be307a..38cdf5e6 100644 --- a/dnsapi/dns_fornex.sh +++ b/dnsapi/dns_fornex.sh @@ -1,6 +1,13 @@ #!/usr/bin/env sh - -#Author: Timur Umarov +# shellcheck disable=SC2034 +dns_fornex_info='Fornex.com +Site: Fornex.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_fornex +Options: + FORNEX_API_KEY API Key +Issues: github.com/acmesh-official/acme.sh/issues/3998 +Author: Timur Umarov +' FORNEX_API_URL="https://fornex.com/api/dns/v0.1" diff --git a/dnsapi/dns_freedns.sh b/dnsapi/dns_freedns.sh index 29cee430..114f30e0 100755 --- a/dnsapi/dns_freedns.sh +++ b/dnsapi/dns_freedns.sh @@ -1,14 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_freedns_info='FreeDNS +Site: FreeDNS.afraid.org +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_freedns +Options: + FREEDNS_User Username + FREEDNS_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/2305 +Author: David Kerr +' -#This file name is "dns_freedns.sh" -#So, here must be a method dns_freedns_add() -#Which will be called by acme.sh to add the txt record to your api system. -#returns 0 means success, otherwise error. -# -#Author: David Kerr -#Report Bugs here: https://github.com/dkerr64/acme.sh -#or here... https://github.com/acmesh-official/acme.sh/issues/2305 -# ######## Public functions ##################### # Export FreeDNS userid and password in following variables... diff --git a/dnsapi/dns_gandi_livedns.sh b/dnsapi/dns_gandi_livedns.sh index 6092f45c..141ddccf 100644 --- a/dnsapi/dns_gandi_livedns.sh +++ b/dnsapi/dns_gandi_livedns.sh @@ -1,16 +1,19 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_gandi_livedns_info='Gandi.net LiveDNS +Site: Gandi.net/domain/dns +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gandi_livedns +Options: + GANDI_LIVEDNS_KEY API Key +Issues: github.com/fcrozat/acme.sh +Author: Frédéric Crozat , Dominik Röttsches +' # Gandi LiveDNS v5 API # https://api.gandi.net/docs/livedns/ # https://api.gandi.net/docs/authentication/ for token + apikey (deprecated) authentication # currently under beta -# -# Requires GANDI API KEY set in GANDI_LIVEDNS_KEY set as environment variable -# -#Author: Frédéric Crozat -# Dominik Röttsches -#Report Bugs here: https://github.com/fcrozat/acme.sh -# + ######## Public functions ##################### GANDI_LIVEDNS_API="https://api.gandi.net/v5/livedns" diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index dc82c09d..a6016abc 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -1,6 +1,12 @@ #!/usr/bin/env sh - -# Author: Janos Lenart +# shellcheck disable=SC2034 +dns_gcloud_info='Google Cloud DNS +Site: Cloud.Google.com/dns +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gcloud +Options: + CLOUDSDK_ACTIVE_CONFIG_NAME Active config name. E.g. "default" +Author: Janos Lenart +' ######## Public functions ##################### diff --git a/dnsapi/dns_gcore.sh b/dnsapi/dns_gcore.sh index 5f7f037e..ac2e614c 100755 --- a/dnsapi/dns_gcore.sh +++ b/dnsapi/dns_gcore.sh @@ -1,8 +1,12 @@ #!/usr/bin/env sh - -# -#GCORE_Key='773$7b7adaf2a2b32bfb1b83787b4ff32a67eb178e3ada1af733e47b1411f2461f7f4fa7ed7138e2772a46124377bad7384b3bb8d87748f87b3f23db4b8bbe41b2bb' -# +# shellcheck disable=SC2034 +dns_gcore_info='Gcore.com +Site: Gcore.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gcore +Options: + GCORE_Key API Key +Issues: github.com/acmesh-official/acme.sh/issues/4460 +' GCORE_Api="https://api.gcore.com/dns/v2" GCORE_Doc="https://api.gcore.com/docs/dns" diff --git a/dnsapi/dns_gd.sh b/dnsapi/dns_gd.sh index 1729115e..08afa8f5 100755 --- a/dnsapi/dns_gd.sh +++ b/dnsapi/dns_gd.sh @@ -1,12 +1,12 @@ #!/usr/bin/env sh - -#Godaddy domain api -# Get API key and secret from https://developer.godaddy.com/ -# -# GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# GD_Secret="asdfsdfsfsdfsdfdfsdf" -# -# Ex.: acme.sh --issue --staging --dns dns_gd -d "*.s.example.com" -d "s.example.com" +# shellcheck disable=SC2034 +dns_gd_info='GoDaddy.com +Site: GoDaddy.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gd +Options: + GD_Key API Key + GD_Secret API Secret +' GD_Api="https://api.godaddy.com/v1" diff --git a/dnsapi/dns_geoscaling.sh b/dnsapi/dns_geoscaling.sh index 6ccf4daf..96b3e218 100755 --- a/dnsapi/dns_geoscaling.sh +++ b/dnsapi/dns_geoscaling.sh @@ -1,12 +1,12 @@ #!/usr/bin/env sh - -######################################################################## -# Geoscaling hook script for acme.sh -# -# Environment variables: -# -# - $GEOSCALING_Username (your Geoscaling username - this is usually NOT an amail address) -# - $GEOSCALING_Password (your Geoscaling password) +# shellcheck disable=SC2034 +dns_geoscaling_info='GeoScaling.com +Site: GeoScaling.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_geoscaling +Options: + GEOSCALING_Username Username. This is usually NOT an email address + GEOSCALING_Password Password +' #-- dns_geoscaling_add() - Add TXT record -------------------------------------- # Usage: dns_geoscaling_add _acme-challenge.subdomain.domain.com "XyZ123..." diff --git a/dnsapi/dns_googledomains.sh b/dnsapi/dns_googledomains.sh index 63e3073b..7d241ab6 100755 --- a/dnsapi/dns_googledomains.sh +++ b/dnsapi/dns_googledomains.sh @@ -1,10 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_googledomains_info='Google Domains +Site: Domains.Google.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_googledomains +Options: + GOOGLEDOMAINS_ACCESS_TOKEN API Access Token + GOOGLEDOMAINS_ZONE Zone +Issues: github.com/acmesh-official/acme.sh/issues/4545 +Author: Alex Leigh +' -# Author: Alex Leigh -# Created: 2023-03-02 - -#GOOGLEDOMAINS_ACCESS_TOKEN="xxxx" -#GOOGLEDOMAINS_ZONE="xxxx" GOOGLEDOMAINS_API="https://acmedns.googleapis.com/v1/acmeChallengeSets" ######## Public functions ######## diff --git a/dnsapi/dns_he.sh b/dnsapi/dns_he.sh index bf4a5030..cfb6efb8 100755 --- a/dnsapi/dns_he.sh +++ b/dnsapi/dns_he.sh @@ -1,15 +1,14 @@ #!/usr/bin/env sh - -######################################################################## -# Hurricane Electric hook script for acme.sh -# -# Environment variables: -# -# - $HE_Username (your dns.he.net username) -# - $HE_Password (your dns.he.net password) -# -# Author: Ondrej Simek -# Git repo: https://github.com/angel333/acme.sh +# shellcheck disable=SC2034 +dns_he_info='Hurricane Electric HE.net +Site: dns.he.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_he +Options: + HE_Username Username + HE_Password Password +Issues: github.com/angel333/acme.sh/issues/ +Author: Ondrej Simek +' #-- dns_he_add() - Add TXT record -------------------------------------- # Usage: dns_he_add _acme-challenge.subdomain.domain.com "XyZ123..." diff --git a/dnsapi/dns_hetzner.sh b/dnsapi/dns_hetzner.sh index 911d4a35..a60bd55d 100644 --- a/dnsapi/dns_hetzner.sh +++ b/dnsapi/dns_hetzner.sh @@ -1,8 +1,12 @@ #!/usr/bin/env sh - -# -#HETZNER_Token="sdfsdfsdfljlbjkljlkjsdfoiwje" -# +# shellcheck disable=SC2034 +dns_hetzner_info='Hetzner.com +Site: Hetzner.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_hetzner +Options: + HETZNER_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/2943 +' HETZNER_Api="https://dns.hetzner.com/api/v1" diff --git a/dnsapi/dns_hexonet.sh b/dnsapi/dns_hexonet.sh index 525efe73..6c86e6a4 100755 --- a/dnsapi/dns_hexonet.sh +++ b/dnsapi/dns_hexonet.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# -# Hexonet_Login="username!roleId" -# -# Hexonet_Password="rolePassword" +# shellcheck disable=SC2034 +dns_hexonet_info='Hexonet.com +Site: Hexonet.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_hexonet +Options: + Hexonet_Login Login. E.g. "username!roleId" + Hexonet_Password Role Password +Issues: github.com/acmesh-official/acme.sh/issues/2389 +' Hexonet_Api="https://coreapi.1api.net/api/call.cgi" diff --git a/dnsapi/dns_hostingde.sh b/dnsapi/dns_hostingde.sh index 9e3e5664..41ccab2b 100644 --- a/dnsapi/dns_hostingde.sh +++ b/dnsapi/dns_hostingde.sh @@ -1,10 +1,13 @@ #!/usr/bin/env sh - -# hosting.de API - -# Values to export: -# export HOSTINGDE_ENDPOINT='https://secure.hosting.de' -# export HOSTINGDE_APIKEY='xxxxx' +# shellcheck disable=SC2034 +dns_hostingde_info='Hosting.de +Site: Hosting.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_hostingde +Options: + HOSTINGDE_ENDPOINT Endpoint. E.g. "https://secure.hosting.de" + HOSTINGDE_APIKEY API Key +Issues: github.com/acmesh-official/acme.sh/issues/2058 +' ######## Public functions ##################### diff --git a/dnsapi/dns_huaweicloud.sh b/dnsapi/dns_huaweicloud.sh index b61c1d43..f3df41f4 100644 --- a/dnsapi/dns_huaweicloud.sh +++ b/dnsapi/dns_huaweicloud.sh @@ -1,8 +1,14 @@ #!/usr/bin/env sh - -# HUAWEICLOUD_Username -# HUAWEICLOUD_Password -# HUAWEICLOUD_DomainName +# shellcheck disable=SC2034 +dns_huaweicloud_info='HuaweiCloud.com +Site: HuaweiCloud.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_huaweicloud +Options: + HUAWEICLOUD_Username Username + HUAWEICLOUD_Password Password + HUAWEICLOUD_DomainName DomainName +Issues: github.com/acmesh-official/acme.sh/issues/3265 +' iam_api="https://iam.myhuaweicloud.com" dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work diff --git a/dnsapi/dns_infoblox.sh b/dnsapi/dns_infoblox.sh index 6bfd36ee..27f1e61e 100644 --- a/dnsapi/dns_infoblox.sh +++ b/dnsapi/dns_infoblox.sh @@ -1,8 +1,14 @@ #!/usr/bin/env sh - -## Infoblox API integration by Jason Keller and Elijah Tenai -## -## Report any bugs via https://github.com/jasonkeller/acme.sh +# shellcheck disable=SC2034 +dns_infoblox_info='Infoblox.com +Site: Infoblox.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_infoblox +Options: + Infoblox_Creds Credentials. E.g. "username:password" + Infoblox_Server Server hostname. IP or FQDN of infoblox appliance +Issues: github.com/jasonkeller/acme.sh +Author: Jason Keller, Elijah Tenai +' dns_infoblox_add() { diff --git a/dnsapi/dns_infomaniak.sh b/dnsapi/dns_infomaniak.sh index a005132c..ea5ef461 100755 --- a/dnsapi/dns_infomaniak.sh +++ b/dnsapi/dns_infomaniak.sh @@ -1,19 +1,20 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_infomaniak_info='Infomaniak.com +Site: Infomaniak.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_infomaniak +Options: + INFOMANIAK_API_TOKEN API Token +Issues: github.com/acmesh-official/acme.sh/issues/3188 +' -############################################################################### -# Infomaniak API integration -# # To use this API you need visit the API dashboard of your account # once logged into https://manager.infomaniak.com add /api/dashboard to the URL # -# Please report bugs to -# https://github.com/acmesh-official/acme.sh/issues/3188 -# # Note: the URL looks like this: # https://manager.infomaniak.com/v3//api/dashboard # Then generate a token with the scope Domain # this is given as an environment variable INFOMANIAK_API_TOKEN -############################################################################### # base variables diff --git a/dnsapi/dns_internetbs.sh b/dnsapi/dns_internetbs.sh index ae6b9e1e..84dfd70f 100755 --- a/dnsapi/dns_internetbs.sh +++ b/dnsapi/dns_internetbs.sh @@ -1,12 +1,14 @@ #!/usr/bin/env sh - -#This is the Internet.BS api wrapper for acme.sh -# -#Author: Ne-Lexa -#Report Bugs here: https://github.com/Ne-Lexa/acme.sh - -#INTERNETBS_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" -#INTERNETBS_API_PASSWORD="sdfsdfsdfljlbjkljlkjsdfoiwje" +# shellcheck disable=SC2034 +dns_internetbs_info='InternetBS.net +Site: InternetBS.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_internetbs +Options: + INTERNETBS_API_KEY API Key + INTERNETBS_API_PASSWORD API Password +Issues: github.com/acmesh-official/acme.sh/issues/2261 +Author: Ne-Lexa +' INTERNETBS_API_URL="https://api.internet.bs" diff --git a/dnsapi/dns_inwx.sh b/dnsapi/dns_inwx.sh index e483c0e8..8c89a697 100755 --- a/dnsapi/dns_inwx.sh +++ b/dnsapi/dns_inwx.sh @@ -1,10 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_inwx_info='INWX.de +Site: INWX.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_inwx +Options: + INWX_User Username + INWX_Password Password +' -# -#INWX_User="username" -# -#INWX_Password="password" -# # Dependencies: # ------------- # - oathtool (When using 2 Factor Authentication) diff --git a/dnsapi/dns_ionos.sh b/dnsapi/dns_ionos.sh index e4ad3318..e4d28e11 100755 --- a/dnsapi/dns_ionos.sh +++ b/dnsapi/dns_ionos.sh @@ -1,14 +1,13 @@ #!/usr/bin/env sh - -# Supports IONOS DNS API v1.0.1 -# -# Usage: -# Export IONOS_PREFIX and IONOS_SECRET before calling acme.sh: -# -# $ export IONOS_PREFIX="..." -# $ export IONOS_SECRET="..." -# -# $ acme.sh --issue --dns dns_ionos ... +# shellcheck disable=SC2034 +dns_ionos_info='IONOS.de +Site: IONOS.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_ionos +Options: + IONOS_PREFIX Prefix + IONOS_SECRET Secret +Issues: github.com/acmesh-official/acme.sh/issues/3379 +' IONOS_API="https://api.hosting.ionos.com/dns" IONOS_ROUTE_ZONES="/v1/zones" diff --git a/dnsapi/dns_ipv64.sh b/dnsapi/dns_ipv64.sh index 54470119..51025d1e 100755 --- a/dnsapi/dns_ipv64.sh +++ b/dnsapi/dns_ipv64.sh @@ -1,13 +1,13 @@ #!/usr/bin/env sh - -#Created by Roman Lumetsberger, to use ipv64.net's API to add/remove text records -#2022/11/29 - -# Pass credentials before "acme.sh --issue --dns dns_ipv64 ..." -# -- -# export IPv64_Token="aaaaaaaaaaaaaaaaaaaaaaaaaa" -# -- -# +# shellcheck disable=SC2034 +dns_ipv64_info='IPv64.net +Site: IPv64.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_ipv64 +Options: + IPv64_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/4419 +Author: Roman Lumetsberger +' IPv64_API="https://ipv64.net/api" diff --git a/dnsapi/dns_ispconfig.sh b/dnsapi/dns_ispconfig.sh index 560f073e..7fd0d99c 100755 --- a/dnsapi/dns_ispconfig.sh +++ b/dnsapi/dns_ispconfig.sh @@ -1,17 +1,20 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_ispconfig_info='ISPConfig Server API +Site: ISPConfig.org +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ispconfig +Options: + ISPC_User Remote User + ISPC_Password Remote Password + ISPC_Api API URL. E.g. "https://ispc.domain.tld:8080/remote/json.php" + ISPC_Api_Insecure Insecure TLS. 0: check for cert validity, 1: always accept +' # ISPConfig 3.1 API -# User must provide login data and URL to the ISPConfig installation incl. port. The remote user in ISPConfig must have access to: +# User must provide login data and URL to the ISPConfig installation incl. port. +# The remote user in ISPConfig must have access to: # - DNS txt Functions -# Report bugs to https://github.com/sjau/acme.sh - -# Values to export: -# export ISPC_User="remoteUser" -# export ISPC_Password="remotePassword" -# export ISPC_Api="https://ispc.domain.tld:8080/remote/json.php" -# export ISPC_Api_Insecure=1 # Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1) - ######## Public functions ##################### #Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" diff --git a/dnsapi/dns_jd.sh b/dnsapi/dns_jd.sh index d0f2a501..a45aa2ca 100644 --- a/dnsapi/dns_jd.sh +++ b/dnsapi/dns_jd.sh @@ -1,9 +1,14 @@ #!/usr/bin/env sh - -# -#JD_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje" -#JD_ACCESS_KEY_SECRET="xxxxxxx" -#JD_REGION="cn-north-1" +# shellcheck disable=SC2034 +dns_jd_info='jdcloud.com +Site: jdcloud.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_jd +Options: + JD_ACCESS_KEY_ID Access key ID + JD_ACCESS_KEY_SECRET Access key secret + JD_REGION Region. E.g. "cn-north-1" +Issues: github.com/acmesh-official/acme.sh/issues/2388 +' _JD_ACCOUNT="https://uc.jdcloud.com/account/accesskey" diff --git a/dnsapi/dns_joker.sh b/dnsapi/dns_joker.sh index 78399a1d..49c544b9 100644 --- a/dnsapi/dns_joker.sh +++ b/dnsapi/dns_joker.sh @@ -1,27 +1,14 @@ #!/usr/bin/env sh - -# Joker.com API for acme.sh -# -# This script adds the necessary TXT record to a domain in Joker.com. -# -# You must activate Dynamic DNS in Joker.com DNS configuration first. -# Username and password below refer to Dynamic DNS authentication, -# not your Joker.com login credentials. -# See: https://joker.com/faq/content/11/427/en/what-is-dynamic-dns-dyndns.html -# -# NOTE: This script does not support wildcard certificates, because -# Joker.com API does not support adding two TXT records with the same -# subdomain. Adding the second record will overwrite the first one. -# See: https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html -# "... this request will replace all TXT records for the specified -# label by the provided content" -# -# Author: aattww (https://github.com/aattww/) -# -# Report bugs to https://github.com/acmesh-official/acme.sh/issues/2840 -# -# JOKER_USERNAME="xxxx" -# JOKER_PASSWORD="xxxx" +# shellcheck disable=SC2034 +dns_joker_info='Joker.com +Site: Joker.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_joker +Options: + JOKER_USERNAME Username + JOKER_PASSWORD Password +Issues: github.com/acmesh-official/acme.sh/issues/2840 +Author: +' JOKER_API="https://svc.joker.com/nic/replace" diff --git a/dnsapi/dns_kappernet.sh b/dnsapi/dns_kappernet.sh index 914671d6..7b6fb8a6 100644 --- a/dnsapi/dns_kappernet.sh +++ b/dnsapi/dns_kappernet.sh @@ -1,12 +1,13 @@ #!/usr/bin/env sh - -# kapper.net domain api -# for further questions please contact: support@kapper.net -# please report issues here: https://github.com/acmesh-official/acme.sh/issues/2977 - -#KAPPERNETDNS_Key="yourKAPPERNETapikey" -#KAPPERNETDNS_Secret="yourKAPPERNETapisecret" -#KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret" +# shellcheck disable=SC2034 +dns_kappernet_info='kapper.net +Site: kapper.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_kappernet +Options: + KAPPERNETDNS_Key API Key + KAPPERNETDNS_Secret API Secret +Issues: github.com/acmesh-official/acme.sh/issues/2977 +' ############################################################################### # called with diff --git a/dnsapi/dns_kas.sh b/dnsapi/dns_kas.sh index 1253cf27..2164a8e8 100755 --- a/dnsapi/dns_kas.sh +++ b/dnsapi/dns_kas.sh @@ -1,19 +1,16 @@ #!/usr/bin/env sh -######################################################################## -# All-inkl Kasserver hook script for acme.sh -# -# Environment variables: -# -# - $KAS_Login (Kasserver API login name) -# - $KAS_Authtype (Kasserver API auth type. Default: plain) -# - $KAS_Authdata (Kasserver API auth data.) -# -# Last update: squared GmbH -# Credits: -# - dns_he.sh. Thanks a lot man! -# - Martin Kammerlander, Phlegx Systems OG -# - Marc-Oliver Lange -# - https://github.com/o1oo11oo/kasapi.sh +# shellcheck disable=SC2034 +dns_kas_info='All-inkl Kas Server +Site: kas.all-inkl.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_kas +Options: + KAS_Login API login name + KAS_Authtype API auth type. Default: "plain" + KAS_Authdata API auth data +Issues: github.com/acmesh-official/acme.sh/issues/2715 +Author: squared GmbH , Martin Kammerlander , Marc-Oliver Lange +' + ######################################################################## KAS_Api_GET="$(_get "https://kasapi.kasserver.com/soap/wsdl/KasApi.wsdl")" KAS_Api="$(echo "$KAS_Api_GET" | tr -d ' ' | grep -i "//g")" diff --git a/dnsapi/dns_kinghost.sh b/dnsapi/dns_kinghost.sh index f640242f..0496008e 100644 --- a/dnsapi/dns_kinghost.sh +++ b/dnsapi/dns_kinghost.sh @@ -1,16 +1,17 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_kinghost_info='King.host +Domains: KingHost.net KingHost.com.br +Site: King.host +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_kinghost +Options: + KINGHOST_Username Username + KINGHOST_Password Password +Author: Felipe Keller Braz +' -############################################################ # KingHost API support # # https://api.kinghost.net/doc/ # -# # -# Author: Felipe Keller Braz # -# Report Bugs here: https://github.com/kinghost/acme.sh # -# # -# Values to export: # -# export KINGHOST_Username="email@provider.com" # -# export KINGHOST_Password="xxxxxxxxxx" # -############################################################ KING_Api="https://api.kinghost.net/acme" diff --git a/dnsapi/dns_knot.sh b/dnsapi/dns_knot.sh index 729a89cb..5636804a 100644 --- a/dnsapi/dns_knot.sh +++ b/dnsapi/dns_knot.sh @@ -1,4 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_knot_info='Knot Server knsupdate +Site: www.knot-dns.cz/docs/2.5/html/man_knsupdate.html +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_knot +Options: + KNOT_SERVER Server hostname. Default: "localhost". + KNOT_KEY File path to TSIG key +' + +# See also dns_nsupdate.sh ######## Public functions ##################### diff --git a/dnsapi/dns_la.sh b/dnsapi/dns_la.sh index 674df410..7a1c0a1c 100644 --- a/dnsapi/dns_la.sh +++ b/dnsapi/dns_la.sh @@ -1,7 +1,13 @@ #!/usr/bin/env sh - -#LA_Id="test123" -#LA_Key="d1j2fdo4dee3948" +# shellcheck disable=SC2034 +dns_la_info='dns.la +Site: dns.la +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_la +Options: + LA_Id API ID + LA_Key API key +Issues: github.com/acmesh-official/acme.sh/issues/4257 +' LA_Api="https://api.dns.la/api" diff --git a/dnsapi/dns_leaseweb.sh b/dnsapi/dns_leaseweb.sh index 4cd3a8f8..66b1f61f 100644 --- a/dnsapi/dns_leaseweb.sh +++ b/dnsapi/dns_leaseweb.sh @@ -1,8 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_leaseweb_info='Leaseweb.com +Site: Leaseweb.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_leaseweb +Options: + LSW_Key API Key +Issues: github.com/acmesh-official/acme.sh/issues/2558 +Author: Rolph Haspers +' -#Author: Rolph Haspers -#Utilize leaseweb.com API to finish dns-01 verifications. -#Requires a Leaseweb API Key (export LSW_Key="Your Key") #See https://developer.leaseweb.com for more information. ######## Public functions ##################### diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index 19702343..a4b2a801 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -1,8 +1,12 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_lexicon_info='Lexicon DNS client +Site: github.com/AnalogJ/lexicon +Docs: github.com/acmesh-official/acme.sh/wiki/How-to-use-lexicon-DNS-API +Options: + PROVIDER Provider +' -# dns api wrapper of lexicon for acme.sh - -# https://github.com/AnalogJ/lexicon lexicon_cmd="lexicon" wiki="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-lexicon-dns-api" diff --git a/dnsapi/dns_linode.sh b/dnsapi/dns_linode.sh index ead5b164..5e4c694b 100755 --- a/dnsapi/dns_linode.sh +++ b/dnsapi/dns_linode.sh @@ -1,6 +1,12 @@ #!/usr/bin/env sh - -#Author: Philipp Grosswiler +# shellcheck disable=SC2034 +dns_linode_info='Linode.com (Old) + Deprecated. Use dns_linode_v4 +Site: Linode.com +Options: + LINODE_API_KEY API Key +Author: Philipp Grosswiler +' LINODE_API_URL="https://api.linode.com/?api_key=$LINODE_API_KEY&api_action=" diff --git a/dnsapi/dns_linode_v4.sh b/dnsapi/dns_linode_v4.sh index 9504afbf..e562f80f 100755 --- a/dnsapi/dns_linode_v4.sh +++ b/dnsapi/dns_linode_v4.sh @@ -1,7 +1,12 @@ #!/usr/bin/env sh - -#Original Author: Philipp Grosswiler -#v4 Update Author: Aaron W. Swenson +# shellcheck disable=SC2034 +dns_linode_v4_info='Linode.com +Site: Linode.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_linode_v4 +Options: + LINODE_V4_API_KEY API Key +Author: Philipp Grosswiler , Aaron W. Swenson +' LINODE_V4_API_URL="https://api.linode.com/v4/domains" diff --git a/dnsapi/dns_loopia.sh b/dnsapi/dns_loopia.sh index 60d072e0..1f943e51 100644 --- a/dnsapi/dns_loopia.sh +++ b/dnsapi/dns_loopia.sh @@ -1,11 +1,13 @@ #!/usr/bin/env sh - -# -#LOOPIA_User="username" -# -#LOOPIA_Password="password" -# -#LOOPIA_Api="https://api.loopia./RPCSERV" +# shellcheck disable=SC2034 +dns_loopia_info='Loopia.se +Site: Loopia.se +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_loopia +Options: + LOOPIA_Api API URL. E.g. "https://api.loopia./RPCSERV" where the is one of: com, no, rs, se. Default: "se". + LOOPIA_User Username + LOOPIA_Password Password +' LOOPIA_Api_Default="https://api.loopia.se/RPCSERV" diff --git a/dnsapi/dns_lua.sh b/dnsapi/dns_lua.sh index 30c15579..b037e90f 100755 --- a/dnsapi/dns_lua.sh +++ b/dnsapi/dns_lua.sh @@ -1,11 +1,14 @@ #!/usr/bin/env sh - -# bug reports to dev@1e.ca - -# -#LUA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#LUA_Email="user@luadns.net" +# shellcheck disable=SC2034 +dns_lua_info='LuaDNS.com +Domains: LuaDNS.net +Site: LuaDNS.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_lua +Options: + LUA_Key API key + LUA_Email Email +Author: +' LUA_Api="https://api.luadns.com/v1" diff --git a/dnsapi/dns_maradns.sh b/dnsapi/dns_maradns.sh index 4ff6ca2d..09d7248e 100755 --- a/dnsapi/dns_maradns.sh +++ b/dnsapi/dns_maradns.sh @@ -1,4 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_maradns_info='MaraDNS Server +Site: MaraDNS.samiam.org +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_maradns +Options: + MARA_ZONE_FILE Zone file path. E.g. "/etc/maradns/db.domain.com" + MARA_DUENDE_PID_PATH Duende PID Path. E.g. "/run/maradns/etc_maradns_mararc.pid" +Issues: github.com/acmesh-official/acme.sh/issues/2072 +' #Usage: dns_maradns_add _acme-challenge.www.domain.com "token" dns_maradns_add() { diff --git a/dnsapi/dns_me.sh b/dnsapi/dns_me.sh index 49007402..66545c46 100644 --- a/dnsapi/dns_me.sh +++ b/dnsapi/dns_me.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# bug reports to dev@1e.ca - -# ME_Key=qmlkdjflmkqdjf -# ME_Secret=qmsdlkqmlksdvnnpae +# shellcheck disable=SC2034 +dns_me_info='DnsMadeEasy.com +Site: DnsMadeEasy.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_me +Options: + ME_Key API Key + ME_Secret API Secret +Author: +' ME_Api=https://api.dnsmadeeasy.com/V2.0/dns/managed diff --git a/dnsapi/dns_miab.sh b/dnsapi/dns_miab.sh index dad69bde..ec9867db 100644 --- a/dnsapi/dns_miab.sh +++ b/dnsapi/dns_miab.sh @@ -1,17 +1,16 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_miab_info='Mail-in-a-Box +Site: MailInaBox.email +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_miab +Options: + MIAB_Username Admin username + MIAB_Password Admin password + MIAB_Server Server hostname. FQDN of your_MIAB Server +Issues: github.com/acmesh-official/acme.sh/issues/2550 +Author: Darven Dissek, William Gertz +' -# Name: dns_miab.sh -# -# Authors: -# Darven Dissek 2018 -# William Gertz 2019 -# -# Thanks to Neil Pang and other developers here for code reused from acme.sh from DNS-01 -# used to communicate with the MailinaBox Custom DNS API -# Report Bugs here: -# https://github.com/billgertz/MIAB_dns_api (for dns_miab.sh) -# https://github.com/acmesh-official/acme.sh (for acme.sh) -# ######## Public functions ##################### #Usage: dns_miab_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" diff --git a/dnsapi/dns_misaka.sh b/dnsapi/dns_misaka.sh index 36ba5cfd..c6c0f5f3 100755 --- a/dnsapi/dns_misaka.sh +++ b/dnsapi/dns_misaka.sh @@ -1,11 +1,12 @@ #!/usr/bin/env sh - -# bug reports to support+acmesh@misaka.io -# based on dns_nsone.sh by dev@1e.ca - -# -#Misaka_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# +# shellcheck disable=SC2034 +dns_misaka_info='Misaka.io +Site: Misaka.io +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_misaka +Options: + Misaka_Key API Key +Author: +' Misaka_Api="https://dnsapi.misaka.io/dns" diff --git a/dnsapi/dns_myapi.sh b/dnsapi/dns_myapi.sh index 7f3c5a86..c9f5eb9f 100755 --- a/dnsapi/dns_myapi.sh +++ b/dnsapi/dns_myapi.sh @@ -1,14 +1,21 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_myapi_info='Custom API Example + A sample custom DNS API script. +Domains: example.com +Site: github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns +Options: + MYAPI_Token API Token. Get API Token from https://example.com/api/. Optional. +Issues: github.com/acmesh-official/acme.sh +Author: Neil Pang +' -#Here is a sample custom api script. #This file name is "dns_myapi.sh" #So, here must be a method dns_myapi_add() #Which will be called by acme.sh to add the txt record to your api system. #returns 0 means success, otherwise error. -# -#Author: Neilpang -#Report Bugs here: https://github.com/acmesh-official/acme.sh -# + ######## Public functions ##################### # Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide diff --git a/dnsapi/dns_mydevil.sh b/dnsapi/dns_mydevil.sh index 953290af..e9b3d3c8 100755 --- a/dnsapi/dns_mydevil.sh +++ b/dnsapi/dns_mydevil.sh @@ -1,15 +1,16 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_mydevil_info='MyDevil.net + MyDevil.net already supports automatic Lets Encrypt certificates, + except for wildcard domains. + This script depends on devil command that MyDevil.net provides, + which means that it works only on server side. +Site: MyDevil.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_mydevil +Issues: github.com/acmesh-official/acme.sh/issues/2079 +Author: Marcin Konicki +' -# MyDevil.net API (2019-02-03) -# -# MyDevil.net already supports automatic Let's Encrypt certificates, -# except for wildcard domains. -# -# This script depends on `devil` command that MyDevil.net provides, -# which means that it works only on server side. -# -# Author: Marcin Konicki -# ######## Public functions ##################### #Usage: dns_mydevil_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" diff --git a/dnsapi/dns_mydnsjp.sh b/dnsapi/dns_mydnsjp.sh index 13866f70..4fa646e8 100755 --- a/dnsapi/dns_mydnsjp.sh +++ b/dnsapi/dns_mydnsjp.sh @@ -1,14 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_mydnsjp_info='MyDNS.JP +Site: MyDNS.JP +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_mydnsjp +Options: + MYDNSJP_MasterID Master ID + MYDNSJP_Password Password +Author: epgdatacapbon +' -#Here is a api script for MyDNS.JP. -#This file name is "dns_mydnsjp.sh" -#So, here must be a method dns_mydnsjp_add() -#Which will be called by acme.sh to add the txt record to your api system. -#returns 0 means success, otherwise error. -# -#Author: epgdatacapbon -#Report Bugs here: https://github.com/epgdatacapbon/acme.sh -# ######## Public functions ##################### # Export MyDNS.JP MasterID and Password in following variables... diff --git a/dnsapi/dns_mythic_beasts.sh b/dnsapi/dns_mythic_beasts.sh index 294ae84c..b85401f4 100755 --- a/dnsapi/dns_mythic_beasts.sh +++ b/dnsapi/dns_mythic_beasts.sh @@ -1,4 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_mythic_beasts_info='Mythic-Beasts.com +Site: Mythic-Beasts.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_mythic_beasts +Options: + MB_AK API Key + MB_AS API Secret +Issues: github.com/acmesh-official/acme.sh/issues/3848 +' # Mythic Beasts is a long-standing UK service provider using standards-based OAuth2 authentication # To test: ./acme.sh --dns dns_mythic_beasts --test --debug 1 --output-insecure --issue --domain domain.com # Cannot retest once cert is issued diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh index a5f667a9..abe64d09 100755 --- a/dnsapi/dns_namecheap.sh +++ b/dnsapi/dns_namecheap.sh @@ -1,12 +1,17 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_namecheap_info='NameCheap.com +Site: NameCheap.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_namecheap +Options: + NAMECHEAP_API_KEY API Key + NAMECHEAP_USERNAME Username + NAMECHEAP_SOURCEIP Source IP +Issues: github.com/acmesh-official/acme.sh/issues/2107 +' # Namecheap API # https://www.namecheap.com/support/api/intro.aspx -# -# Requires Namecheap API key set in -#NAMECHEAP_API_KEY, -#NAMECHEAP_USERNAME, -#NAMECHEAP_SOURCEIP # Due to Namecheap's API limitation all the records of your domain will be read and re applied, make sure to have a backup of your records you could apply if any issue would arise. ######## Public functions ##################### diff --git a/dnsapi/dns_namecom.sh b/dnsapi/dns_namecom.sh index 0d5dd2c4..2d146974 100755 --- a/dnsapi/dns_namecom.sh +++ b/dnsapi/dns_namecom.sh @@ -1,9 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_namecom_info='Name.com +Site: Name.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_namecom +Options: + Namecom_Username Username + Namecom_Token API Token +Author: RaidenII +' -#Author: RaidenII -#Created 06/28/2017 -#Updated 03/01/2018, rewrote to support name.com API v4 -#Utilize name.com API to finish dns-01 verifications. ######## Public functions ##################### Namecom_API="https://api.name.com/v4" diff --git a/dnsapi/dns_namesilo.sh b/dnsapi/dns_namesilo.sh index f961d0bd..2995e7dc 100755 --- a/dnsapi/dns_namesilo.sh +++ b/dnsapi/dns_namesilo.sh @@ -1,8 +1,14 @@ #!/usr/bin/env sh - -#Author: meowthink -#Created 01/14/2017 -#Utilize namesilo.com API to finish dns-01 verifications. +# shellcheck disable=SC2034 +dns_namesilo_info='NameSilo.com +Site: NameSilo.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_namesilo +Options: + Namesilo_Key API Key +Author: meowthink +' + +#Utilize API to finish dns-01 verifications. Namesilo_API="https://www.namesilo.com/api" diff --git a/dnsapi/dns_nanelo.sh b/dnsapi/dns_nanelo.sh index 8ccc8c29..1ab47a89 100644 --- a/dnsapi/dns_nanelo.sh +++ b/dnsapi/dns_nanelo.sh @@ -1,9 +1,12 @@ #!/usr/bin/env sh - -# Official DNS API for Nanelo.com - -# Provide the required API Key like this: -# NANELO_TOKEN="FmD408PdqT1E269gUK57" +# shellcheck disable=SC2034 +dns_nanelo_info='Nanelo.com +Site: Nanelo.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_nanelo +Options: + NANELO_TOKEN API Token +Issues: github.com/acmesh-official/acme.sh/issues/4519 +' NANELO_API="https://api.nanelo.com/v1/" diff --git a/dnsapi/dns_nederhost.sh b/dnsapi/dns_nederhost.sh index abaae42b..d0b97d3c 100755 --- a/dnsapi/dns_nederhost.sh +++ b/dnsapi/dns_nederhost.sh @@ -1,6 +1,12 @@ #!/usr/bin/env sh - -#NederHost_Key="sdfgikogfdfghjklkjhgfcdcfghj" +# shellcheck disable=SC2034 +dns_nederhost_info='NederHost.nl +Site: NederHost.nl +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_nederhost +Options: + NederHost_Key API Key +Issues: github.com/acmesh-official/acme.sh/issues/2089 +' NederHost_Api="https://api.nederhost.nl/dns/v1" diff --git a/dnsapi/dns_neodigit.sh b/dnsapi/dns_neodigit.sh index 64ea8786..1119f916 100644 --- a/dnsapi/dns_neodigit.sh +++ b/dnsapi/dns_neodigit.sh @@ -1,13 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_neodigit_info='Neodigit.net +Site: Neodigit.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_neodigit +Options: + NEODIGIT_API_TOKEN API Token +Author: Adrian Almenar +' -# -# NEODIGIT_API_TOKEN="jasdfhklsjadhflnhsausdfas" - -# This is Neodigit.net api wrapper for acme.sh -# -# Author: Adrian Almenar -# Report Bugs here: https://github.com/tecnocratica/acme.sh -# NEODIGIT_API_URL="https://api.neodigit.net/v1" # ######## Public functions ##################### diff --git a/dnsapi/dns_netcup.sh b/dnsapi/dns_netcup.sh index 776fa02d..687b99bc 100644 --- a/dnsapi/dns_netcup.sh +++ b/dnsapi/dns_netcup.sh @@ -1,5 +1,15 @@ #!/usr/bin/env sh -#developed by linux-insideDE +# shellcheck disable=SC2034 +dns_netcup_info='netcup.eu +Domains: netcup.de netcup.net +Site: netcup.eu/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_netcup +Options: + NC_Apikey API Key + NC_Apipw API Password + NC_CID Customer Number +Author: linux-insideDE +' NC_Apikey="${NC_Apikey:-$(_readaccountconf_mutable NC_Apikey)}" NC_Apipw="${NC_Apipw:-$(_readaccountconf_mutable NC_Apipw)}" diff --git a/dnsapi/dns_netlify.sh b/dnsapi/dns_netlify.sh index 0e5dc327..bb5f5809 100644 --- a/dnsapi/dns_netlify.sh +++ b/dnsapi/dns_netlify.sh @@ -1,6 +1,12 @@ #!/usr/bin/env sh - -#NETLIFY_ACCESS_TOKEN="xxxx" +# shellcheck disable=SC2034 +dns_netlify_info='Netlify.com +Site: Netlify.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_netlify +Options: + NETLIFY_ACCESS_TOKEN API Token +Issues: github.com/acmesh-official/acme.sh/issues/3088 +' NETLIFY_HOST="api.netlify.com/api/v1/" NETLIFY_URL="https://$NETLIFY_HOST" diff --git a/dnsapi/dns_nic.sh b/dnsapi/dns_nic.sh index 56170f87..42f35cb0 100644 --- a/dnsapi/dns_nic.sh +++ b/dnsapi/dns_nic.sh @@ -1,10 +1,15 @@ #!/usr/bin/env sh - -# -#NIC_ClientID='0dc0xxxxxxxxxxxxxxxxxxxxxxxxce88' -#NIC_ClientSecret='3LTtxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxnuW8' -#NIC_Username="000000/NIC-D" -#NIC_Password="xxxxxxx" +# shellcheck disable=SC2034 +dns_nic_info='nic.ru +Site: nic.ru +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_nic +Options: + NIC_ClientID Client ID + NIC_ClientSecret Client Secret + NIC_Username Username + NIC_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/2547 +' NIC_Api="https://api.nic.ru" diff --git a/dnsapi/dns_njalla.sh b/dnsapi/dns_njalla.sh index e9243288..5d241ebf 100644 --- a/dnsapi/dns_njalla.sh +++ b/dnsapi/dns_njalla.sh @@ -1,7 +1,12 @@ #!/usr/bin/env sh - -# -#NJALLA_Token="sdfsdfsdfljlbjkljlkjsdfoiwje" +# shellcheck disable=SC2034 +dns_njalla_info='Njalla +Site: Njal.la +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_njalla +Options: + NJALLA_Token API Token +Issues: github.com/acmesh-official/acme.sh/issues/2913 +' NJALLA_Api="https://njal.la/api/1/" diff --git a/dnsapi/dns_nm.sh b/dnsapi/dns_nm.sh index 4dfcc777..1f818a29 100644 --- a/dnsapi/dns_nm.sh +++ b/dnsapi/dns_nm.sh @@ -1,15 +1,13 @@ #!/usr/bin/env sh - -######################################################################## -# https://namemaster.de hook script for acme.sh -# -# Environment variables: -# -# - $NM_user (your namemaster.de API username) -# - $NM_sha256 (your namemaster.de API password_as_sha256hash) -# -# Author: Thilo Gass -# Git repo: https://github.com/ThiloGa/acme.sh +# shellcheck disable=SC2034 +dns_nm_info='NameMaster.de +Site: NameMaster.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_nm +Options: + NM_user API Username + NM_sha256 API Password as SHA256 hash +Author: Thilo Gass +' #-- dns_nm_add() - Add TXT record -------------------------------------- # Usage: dns_nm_add _acme-challenge.subdomain.domain.com "XyZ123..." diff --git a/dnsapi/dns_nsd.sh b/dnsapi/dns_nsd.sh index 0d29a485..3ddaa98c 100644 --- a/dnsapi/dns_nsd.sh +++ b/dnsapi/dns_nsd.sh @@ -1,7 +1,13 @@ #!/usr/bin/env sh - -#Nsd_ZoneFile="/etc/nsd/zones/example.com.zone" -#Nsd_Command="sudo nsd-control reload" +# shellcheck disable=SC2034 +dns_nsd_info='NLnetLabs NSD Server +Site: github.com/NLnetLabs/nsd +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#nsd +Options: + Nsd_ZoneFile Zone File path. E.g. "/etc/nsd/zones/example.com.zone" + Nsd_Command Command. E.g. "sudo nsd-control reload" +Issues: github.com/acmesh-official/acme.sh/issues/2245 +' # args: fulldomain txtvalue dns_nsd_add() { diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index 9a998341..2a073950 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -1,10 +1,13 @@ #!/usr/bin/env sh - -# bug reports to dev@1e.ca - -# -#NS1_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# +# shellcheck disable=SC2034 +dns_nsone_info='ns1.com +Domains: ns1.net +Site: ns1.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_nsone +Options: + NS1_Key API Key +Author: +' NS1_Api="https://api.nsone.net/v1" diff --git a/dnsapi/dns_nsupdate.sh b/dnsapi/dns_nsupdate.sh index cd4b7140..9df6262e 100755 --- a/dnsapi/dns_nsupdate.sh +++ b/dnsapi/dns_nsupdate.sh @@ -1,4 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_nsupdate_info='nsupdate RFC 2136 DynDNS client +Site: bind9.readthedocs.io/en/v9.18.19/manpages.html#nsupdate-dynamic-dns-update-utility +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_nsupdate +Options: + NSUPDATE_SERVER Server hostname. Default: "localhost". + NSUPDATE_SERVER_PORT Server port. Default: "53". + NSUPDATE_KEY File path to TSIG key. + NSUPDATE_ZONE Domain zone to update. Optional. +' ######## Public functions ##################### diff --git a/dnsapi/dns_nw.sh b/dnsapi/dns_nw.sh index c57d27c2..8c68ead8 100644 --- a/dnsapi/dns_nw.sh +++ b/dnsapi/dns_nw.sh @@ -1,17 +1,16 @@ #!/usr/bin/env sh -######################################################################## -# NocWorx script for acme.sh -# -# Handles DNS Updates for the Following vendors: -# - Nexcess.net -# - Thermo.io -# - Futurehosting.com -# -# Environment variables: -# -# - NW_API_TOKEN (Your API Token) -# - NW_API_ENDPOINT (One of the following listed below) -# +# shellcheck disable=SC2034 +dns_nw_info='Nexcess.net (NocWorx) +Domains: Thermo.io Futurehosting.com +Site: Nexcess.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_nw +Options: + NW_API_TOKEN API Token + NW_API_ENDPOINT API Endpoint. Default: "https://portal.nexcess.net". +Issues: github.com/acmesh-official/acme.sh/issues/2088 +Author: Frank Laszlo +' + # Endpoints: # - https://portal.nexcess.net (default) # - https://core.thermo.io @@ -22,8 +21,6 @@ # - https://portal.nexcess.net/api-token # - https://core.thermo.io/api-token # - https://my.futurehosting.com/api-token -# -# Author: Frank Laszlo NW_API_VERSION="0" diff --git a/dnsapi/dns_oci.sh b/dnsapi/dns_oci.sh index 3b81143f..f1138efa 100644 --- a/dnsapi/dns_oci.sh +++ b/dnsapi/dns_oci.sh @@ -1,6 +1,19 @@ #!/usr/bin/env sh -# -# Acme.sh DNS API plugin for Oracle Cloud Infrastructure +# shellcheck disable=SC2034 +dns_oci_info='Oracle Cloud Infrastructure (OCI) + If OCI CLI configuration file ~/.oci/config has a DEFAULT profile then it will be used. +Site: Cloud.Oracle.com +Docs: github.com/acmesh-official/acme.sh/wiki/How-to-use-Oracle-Cloud-Infrastructure-DNS +Options: + OCI_CLI_TENANCY OCID of tenancy that contains the target DNS zone. Optional. + OCI_CLI_USER OCID of user with permission to add/remove records from zones. Optional. + OCI_CLI_REGION Should point to the tenancy home region. Optional. + OCI_CLI_KEY_FILE Path to private API signing key file in PEM format. Optional. + OCI_CLI_KEY The private API signing key in PEM format. Optional. +Issues: github.com/acmesh-official/acme.sh/issues/3540 +Author: Avi Miller +' + # Copyright (c) 2021, Oracle and/or its affiliates # # The plugin will automatically use the default profile from an OCI SDK and CLI diff --git a/dnsapi/dns_one.sh b/dnsapi/dns_one.sh index 1565b767..b2adf253 100644 --- a/dnsapi/dns_one.sh +++ b/dnsapi/dns_one.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh -# one.com ui wrapper for acme.sh - -# -# export ONECOM_User="username" -# export ONECOM_Password="password" +# shellcheck disable=SC2034 +dns_one_info='one.com +Site: one.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_one +Options: + ONECOM_User Username + ONECOM_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/2103 +' dns_one_add() { fulldomain=$1 diff --git a/dnsapi/dns_online.sh b/dnsapi/dns_online.sh index 9158c268..c83cd458 100755 --- a/dnsapi/dns_online.sh +++ b/dnsapi/dns_online.sh @@ -1,9 +1,16 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_online_info='online.net +Domains: scaleway.com +Site: online.net +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_online +Options: + ONLINE_API_KEY API Key +Issues: github.com/acmesh-official/acme.sh/issues/2093 +' # Online API # https://console.online.net/en/api/ -# -# Requires Online API key set in ONLINE_API_KEY ######## Public functions ##################### diff --git a/dnsapi/dns_openprovider.sh b/dnsapi/dns_openprovider.sh index 0a9e5ade..0e93ecf8 100755 --- a/dnsapi/dns_openprovider.sh +++ b/dnsapi/dns_openprovider.sh @@ -1,15 +1,14 @@ #!/usr/bin/env sh - -# This is the OpenProvider API wrapper for acme.sh -# -# Author: Sylvia van Os -# Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/2104 -# -# export OPENPROVIDER_USER="username" -# export OPENPROVIDER_PASSWORDHASH="hashed_password" -# -# Usage: -# acme.sh --issue --dns dns_openprovider -d example.com +# shellcheck disable=SC2034 +dns_openprovider_info='OpenProvider.eu +Site: OpenProvider.eu +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_openprovider +Options: + OPENPROVIDER_USER Username + OPENPROVIDER_PASSWORDHASH Password hash +Issues: github.com/acmesh-official/acme.sh/issues/2104 +Author: Sylvia van Os +' OPENPROVIDER_API="https://api.openprovider.eu/" #OPENPROVIDER_API="https://api.cte.openprovider.eu/" # Test API diff --git a/dnsapi/dns_openstack.sh b/dnsapi/dns_openstack.sh index fcc1dc2e..fa38bc0b 100755 --- a/dnsapi/dns_openstack.sh +++ b/dnsapi/dns_openstack.sh @@ -1,14 +1,21 @@ #!/usr/bin/env sh - -# OpenStack Designate API plugin -# -# This requires you to have OpenStackClient and python-desginateclient -# installed. -# -# You will require Keystone V3 credentials loaded into your environment, which -# could be either password or v3applicationcredential type. -# -# Author: Andy Botting +# shellcheck disable=SC2034 +dns_openstack_info='OpenStack Designate API + Depends on OpenStackClient and python-desginateclient. + You will require Keystone V3 credentials loaded into your environment, + which could be either password or v3 application credential type. +Site: docs.openstack.org/api-ref/dns/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_openstack +Options: + OS_AUTH_URL Auth URL. E.g. "https://keystone.example.com:5000/" + OS_USERNAME Username + OS_PASSWORD Password + OS_PROJECT_NAME Project name + OS_PROJECT_DOMAIN_NAME Project domain name. E.g. "Default" + OS_USER_DOMAIN_NAME User domain name. E.g. "Default" +Issues: github.com/acmesh-official/acme.sh/issues/3054 +Author: Andy Botting +' ######## Public functions ##################### diff --git a/dnsapi/dns_opnsense.sh b/dnsapi/dns_opnsense.sh index d40cbe28..6d3d3eec 100755 --- a/dnsapi/dns_opnsense.sh +++ b/dnsapi/dns_opnsense.sh @@ -1,16 +1,16 @@ #!/usr/bin/env sh - -#OPNsense Bind API -#https://docs.opnsense.org/development/api.html -# -#OPNs_Host="opnsense.example.com" -#OPNs_Port="443" -# optional, defaults to 443 if unset -#OPNs_Key="qocfU9RSbt8vTIBcnW8bPqCrpfAHMDvj5OzadE7Str+rbjyCyk7u6yMrSCHtBXabgDDXx/dY0POUp7ZA" -#OPNs_Token="pZEQ+3ce8dDlfBBdg3N8EpqpF5I1MhFqdxX06le6Gl8YzyQvYCfCzNaFX9O9+IOSyAs7X71fwdRiZ+Lv" -#OPNs_Api_Insecure=0 -# optional, defaults to 0 if unset -# Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1) +# shellcheck disable=SC2034 +dns_opnsense_info='OPNsense Server +Site: docs.opnsense.org/development/api.html +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_opnsense +Options: + OPNs_Host Server Hostname. E.g. "opnsense.example.com" + OPNs_Port Port. Default: "443". + OPNs_Key API Key + OPNs_Token API Token + OPNs_Api_Insecure Insecure TLS. 0: check for cert validity, 1: always accept +Issues: github.com/acmesh-official/acme.sh/issues/2480 +' ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000" diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index e1a958f6..7f62c05e 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -1,13 +1,15 @@ #!/usr/bin/env sh - -#Application Key -#OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#Application Secret -#OVH_AS="sdfsafsdfsdfdsfsdfsa" -# -#Consumer Key -#OVH_CK="sdfsdfsdfsdfsdfdsf" +# shellcheck disable=SC2034 +dns_ovh_info='OVH.com +Domains: kimsufi.com soyoustart.com +Site: OVH.com +Docs: github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api +Options: + OVH_END_POINT Endpoint. "ovh-eu", "ovh-us", "ovh-ca", "kimsufi-eu", "kimsufi-ca", "soyoustart-eu", "soyoustart-ca" or raw URL. Default: "ovh-eu". + OVH_AK Application Key + OVH_AS Application Secret + OVH_CK Consumer Key +' #OVH_END_POINT=ovh-eu diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index 6aa2e953..cde3b1a6 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -1,12 +1,14 @@ #!/usr/bin/env sh - -#PowerDNS Embedded API -#https://doc.powerdns.com/md/httpapi/api_spec/ -# -#PDNS_Url="http://ns.example.com:8081" -#PDNS_ServerId="localhost" -#PDNS_Token="0123456789ABCDEF" -#PDNS_Ttl=60 +# shellcheck disable=SC2034 +dns_pdns_info='PowerDNS Server API +Site: PowerDNS.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_pdns +Options: + PDNS_Url API URL. E.g. "http://ns.example.com:8081" + PDNS_ServerId Server ID. E.g. "localhost" + PDNS_Token API Token + PDNS_Ttl=60 Domain TTL. Default: "60". +' DEFAULT_PDNS_TTL=60 diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh index 81973e07..6b38abcb 100644 --- a/dnsapi/dns_pleskxml.sh +++ b/dnsapi/dns_pleskxml.sh @@ -1,10 +1,17 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_pleskxml_info='Plesk Server API +Site: Plesk.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_pleskxml +Options: + pleskxml_uri Plesk server API URL. E.g. "https://your-plesk-server.net:8443/enterprise/control/agent.php" + pleskxml_user Username + pleskxml_pass Password +Issues: github.com/acmesh-official/acme.sh/issues/2577 +Author: Stilez, +' -## Name: dns_pleskxml.sh -## Created by Stilez. -## Also uses some code from PR#1832 by @romanlum (https://github.com/acmesh-official/acme.sh/pull/1832/files) - -## This DNS-01 method uses the Plesk XML API described at: +## Plesk XML API described at: ## https://docs.plesk.com/en-US/12.5/api-rpc/about-xml-api.28709 ## and more specifically: https://docs.plesk.com/en-US/12.5/api-rpc/reference.28784 @@ -16,21 +23,6 @@ ## For ACME v2 purposes, new TXT records are appended when added, and removing one TXT record will not affect any other TXT records. ## The user credentials (username+password) and URL/URI for the Plesk XML API must be set by the user -## before this module is called (case sensitive): -## -## ``` -## export pleskxml_uri="https://address-of-my-plesk-server.net:8443/enterprise/control/agent.php" -## (or probably something similar) -## export pleskxml_user="my plesk username" -## export pleskxml_pass="my plesk password" -## ``` - -## Ok, let's issue a cert now: -## ``` -## acme.sh --issue --dns dns_pleskxml -d example.com -d www.example.com -## ``` -## -## The `pleskxml_uri`, `pleskxml_user` and `pleskxml_pass` will be saved in `~/.acme.sh/account.conf` and reused when needed. #################### INTERNAL VARIABLES + NEWLINE + API TEMPLATES ################################## diff --git a/dnsapi/dns_pointhq.sh b/dnsapi/dns_pointhq.sh index 62313109..fe95cd52 100644 --- a/dnsapi/dns_pointhq.sh +++ b/dnsapi/dns_pointhq.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# -#PointHQ_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#PointHQ_Email="xxxx@sss.com" +# shellcheck disable=SC2034 +dns_pointhq_info='pointhq.com PointDNS +Site: pointhq.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_pointhq +Options: + PointHQ_Key API Key + PointHQ_Email Email +Issues: github.com/acmesh-official/acme.sh/issues/2060 +' PointHQ_Api="https://api.pointhq.com" diff --git a/dnsapi/dns_porkbun.sh b/dnsapi/dns_porkbun.sh index ad4455b6..bbc7a027 100644 --- a/dnsapi/dns_porkbun.sh +++ b/dnsapi/dns_porkbun.sh @@ -1,8 +1,13 @@ #!/usr/bin/env sh - -# -#PORKBUN_API_KEY="pk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" -#PORKBUN_SECRET_API_KEY="sk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +# shellcheck disable=SC2034 +dns_porkbun_info='Porkbun.com +Site: Porkbun.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_porkbun +Options: + PORKBUN_API_KEY API Key + PORKBUN_SECRET_API_KEY API Secret +Issues: github.com/acmesh-official/acme.sh/issues/3450 +' PORKBUN_Api="https://porkbun.com/api/json/v3" diff --git a/dnsapi/dns_rackcorp.sh b/dnsapi/dns_rackcorp.sh index 6aabfddc..e1e4f27d 100644 --- a/dnsapi/dns_rackcorp.sh +++ b/dnsapi/dns_rackcorp.sh @@ -1,16 +1,14 @@ #!/usr/bin/env sh - -# Provider: RackCorp (www.rackcorp.com) -# Author: Stephen Dendtler (sdendtler@rackcorp.com) -# Report Bugs here: https://github.com/senjoo/acme.sh -# Alternate email contact: support@rackcorp.com -# -# You'll need an API key (Portal: ADMINISTRATION -> API) -# Set the environment variables as below: -# -# export RACKCORP_APIUUID="UUIDHERE" -# export RACKCORP_APISECRET="SECRETHERE" -# +# shellcheck disable=SC2034 +dns_rackcorp_info='RackCorp.com +Site: RackCorp.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_rackcorp +Options: + RACKCORP_APIUUID API UUID. See Portal: ADMINISTRATION -> API + RACKCORP_APISECRET API Secret +Issues: github.com/acmesh-official/acme.sh/issues/3351 +Author: Stephen Dendtler +' RACKCORP_API_ENDPOINT="https://api.rackcorp.net/api/rest/v2.4/json.php" diff --git a/dnsapi/dns_rackspace.sh b/dnsapi/dns_rackspace.sh index b50d9168..03edce0d 100644 --- a/dnsapi/dns_rackspace.sh +++ b/dnsapi/dns_rackspace.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh -# -# -#RACKSPACE_Username="" -# -#RACKSPACE_Apikey="" +# shellcheck disable=SC2034 +dns_rackspace_info='RackSpace.com +Site: RackSpace.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_rackspace +Options: + RACKSPACE_Apikey API Key + RACKSPACE_Username Username +Issues: github.com/acmesh-official/acme.sh/issues/2091 +' RACKSPACE_Endpoint="https://dns.api.rackspacecloud.com/v1.0" diff --git a/dnsapi/dns_rage4.sh b/dnsapi/dns_rage4.sh index 4af4541d..ad312759 100755 --- a/dnsapi/dns_rage4.sh +++ b/dnsapi/dns_rage4.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# -#RAGE4_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#RAGE4_USERNAME="xxxx@sss.com" +# shellcheck disable=SC2034 +dns_rage4_info='rage4.com +Site: rage4.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_rage4 +Options: + RAGE4_TOKEN API Key + RAGE4_USERNAME Username +Issues: github.com/acmesh-official/acme.sh/issues/4306 +' RAGE4_Api="https://rage4.com/rapi/" diff --git a/dnsapi/dns_rcode0.sh b/dnsapi/dns_rcode0.sh index d3f7f219..131a22b1 100755 --- a/dnsapi/dns_rcode0.sh +++ b/dnsapi/dns_rcode0.sh @@ -1,14 +1,20 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_rcode0_info='Rcode0 rcodezero.at +Site: rcodezero.at +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_rcode0 +Options: + RCODE0_URL API URL. E.g. "https://my.rcodezero.at" + RCODE0_API_TOKEN API Token + RCODE0_TTL TTL. Default: "60". +Issues: github.com/acmesh-official/acme.sh/issues/2490 +' #Rcode0 API Integration #https://my.rcodezero.at/api-doc # # log into https://my.rcodezero.at/enableapi and get your ACME API Token (the ACME API token has limited # access to the REST calls needed for acme.sh only) -# -#RCODE0_URL="https://my.rcodezero.at" -#RCODE0_API_TOKEN="0123456789ABCDEF" -#RCODE0_TTL=60 DEFAULT_RCODE0_URL="https://my.rcodezero.at" DEFAULT_RCODE0_TTL=60 diff --git a/dnsapi/dns_regru.sh b/dnsapi/dns_regru.sh index 8ff380f0..be5ae117 100644 --- a/dnsapi/dns_regru.sh +++ b/dnsapi/dns_regru.sh @@ -1,10 +1,13 @@ #!/usr/bin/env sh - -# -# REGRU_API_Username="test" -# -# REGRU_API_Password="test" -# +# shellcheck disable=SC2034 +dns_regru_info='reg.ru +Site: reg.ru +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_regru +Options: + REGRU_API_Username Username + REGRU_API_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/2336 +' REGRU_API_URL="https://api.reg.ru/api/regru2" diff --git a/dnsapi/dns_scaleway.sh b/dnsapi/dns_scaleway.sh index a0a0f318..64bfcc38 100755 --- a/dnsapi/dns_scaleway.sh +++ b/dnsapi/dns_scaleway.sh @@ -1,9 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_scaleway_info='ScaleWay.com +Site: ScaleWay.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_scaleway +Options: + SCALEWAY_API_TOKEN API Token +Issues: github.com/acmesh-official/acme.sh/issues/3295 +' # Scaleway API # https://developers.scaleway.com/en/products/domain/dns/api/ -# -# Requires Scaleway API token set in SCALEWAY_API_TOKEN ######## Public functions ##################### diff --git a/dnsapi/dns_schlundtech.sh b/dnsapi/dns_schlundtech.sh index 399c50e0..02146494 100644 --- a/dnsapi/dns_schlundtech.sh +++ b/dnsapi/dns_schlundtech.sh @@ -1,16 +1,14 @@ #!/usr/bin/env sh -# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*- - -# Schlundtech DNS API -# Author: mod242 -# Created: 2019-40-29 -# Completly based on the autoDNS xml api wrapper by auerswald@gmail.com -# -# export SCHLUNDTECH_USER="username" -# export SCHLUNDTECH_PASSWORD="password" -# -# Usage: -# acme.sh --issue --dns dns_schlundtech -d example.com +# shellcheck disable=SC2034 +dns_schlundtech_info='SchlundTech.de +Site: SchlundTech.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_schlundtech +Options: + SCHLUNDTECH_USER Username + SCHLUNDTECH_PASSWORD Password +Issues: github.com/acmesh-official/acme.sh/issues/2246 +Author: +' SCHLUNDTECH_API="https://gateway.schlundtech.de" diff --git a/dnsapi/dns_selectel.sh b/dnsapi/dns_selectel.sh index 1b09882d..32b0737f 100644 --- a/dnsapi/dns_selectel.sh +++ b/dnsapi/dns_selectel.sh @@ -1,8 +1,12 @@ #!/usr/bin/env sh - -# -#SL_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# +# shellcheck disable=SC2034 +dns_selectel_info='Selectel.com +Domains: Selectel.ru +Site: Selectel.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_selectel +Options: + SL_Key API Key +' SL_Api="https://api.selectel.ru/domains/v1" diff --git a/dnsapi/dns_selfhost.sh b/dnsapi/dns_selfhost.sh index a6ef1f94..4912dfdf 100644 --- a/dnsapi/dns_selfhost.sh +++ b/dnsapi/dns_selfhost.sh @@ -1,8 +1,15 @@ #!/usr/bin/env sh -# -# Author: Marvin Edeler -# Report Bugs here: https://github.com/Marvo2011/acme.sh/issues/1 -# Last Edit: 17.02.2022 +# shellcheck disable=SC2034 +dns_selfhost_info='SelfHost.de +Site: SelfHost.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_selfhost +Options: + SELFHOSTDNS_USERNAME Username + SELFHOSTDNS_PASSWORD Password + SELFHOSTDNS_MAP Subdomain name +Issues: github.com/acmesh-official/acme.sh/issues/4291 +Author: Marvin Edeler +' dns_selfhost_add() { fulldomain=$1 diff --git a/dnsapi/dns_servercow.sh b/dnsapi/dns_servercow.sh index 52137905..37c2a97b 100755 --- a/dnsapi/dns_servercow.sh +++ b/dnsapi/dns_servercow.sh @@ -1,19 +1,14 @@ #!/usr/bin/env sh - -########## -# Custom servercow.de DNS API v1 for use with [acme.sh](https://github.com/acmesh-official/acme.sh) -# -# Usage: -# export SERVERCOW_API_Username=username -# export SERVERCOW_API_Password=password -# acme.sh --issue -d example.com --dns dns_servercow -# -# Issues: -# Any issues / questions / suggestions can be posted here: -# https://github.com/jhartlep/servercow-dns-api/issues -# -# Author: Jens Hartlep -########## +# shellcheck disable=SC2034 +dns_servercow_info='ServerCow.de +Site: ServerCow.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_servercow +Options: + SERVERCOW_API_Username Username + SERVERCOW_API_Password Password +Issues: github.com/jhartlep/servercow-dns-api/issues +Author: Jens Hartlep +' SERVERCOW_API="https://api.servercow.de/dns/v1/domains" diff --git a/dnsapi/dns_simply.sh b/dnsapi/dns_simply.sh index 6a8d0e18..9fac3ef7 100644 --- a/dnsapi/dns_simply.sh +++ b/dnsapi/dns_simply.sh @@ -1,10 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_simply_info='Simply.com +Site: Simply.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_simply +Options: + SIMPLY_AccountName Account name + SIMPLY_ApiKey API Key +' -# API-integration for Simply.com (https://www.simply.com) - -#SIMPLY_AccountName="accountname" -#SIMPLY_ApiKey="apikey" -# #SIMPLY_Api="https://api.simply.com/2/" SIMPLY_Api_Default="https://api.simply.com/2" diff --git a/dnsapi/dns_tele3.sh b/dnsapi/dns_tele3.sh index 76c90913..e5974951 100644 --- a/dnsapi/dns_tele3.sh +++ b/dnsapi/dns_tele3.sh @@ -1,14 +1,13 @@ #!/usr/bin/env sh -# -# tele3.cz DNS API -# -# Author: Roman Blizik -# Report Bugs here: https://github.com/par-pa/acme.sh -# -# -- -# export TELE3_Key="MS2I4uPPaI..." -# export TELE3_Secret="kjhOIHGJKHg" -# -- +# shellcheck disable=SC2034 +dns_tele3_info='tele3.cz +Site: tele3.cz +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#tele3 +Options: + TELE3_Key API Key + TELE3_Secret API Secret +Author: Roman Blizik +' TELE3_API="https://www.tele3.cz/acme/" diff --git a/dnsapi/dns_tencent.sh b/dnsapi/dns_tencent.sh index 2f8d3b67..d82768b9 100644 --- a/dnsapi/dns_tencent.sh +++ b/dnsapi/dns_tencent.sh @@ -1,9 +1,15 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_tencent_info='Tencent.com +Site: cloud.Tencent.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_tencent +Options: + Tencent_SecretId Secret ID + Tencent_SecretKey Secret Key +Issues: github.com/acmesh-official/acme.sh/issues/4781 +' Tencent_API="https://dnspod.tencentcloudapi.com" -#Tencent_SecretId="AKIDz81d2cd22cdcdc2dcd1cc1d1A" -#Tencent_SecretKey="Gu5t9abcabcaabcbabcbbbcbcbbccbbcb" - #Usage: dns_tencent_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_tencent_add() { fulldomain=$1 diff --git a/dnsapi/dns_transip.sh b/dnsapi/dns_transip.sh index 64a256ec..6171678e 100644 --- a/dnsapi/dns_transip.sh +++ b/dnsapi/dns_transip.sh @@ -1,4 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_transip_info='TransIP.nl +Site: TransIP.nl +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_transip +Options: + TRANSIP_Username Username + TRANSIP_Key_File Private key file path +Issues: github.com/acmesh-official/acme.sh/issues/2949 +' + TRANSIP_Api_Url="https://api.transip.nl/v6" TRANSIP_Token_Read_Only="false" TRANSIP_Token_Expiration="30 minutes" diff --git a/dnsapi/dns_udr.sh b/dnsapi/dns_udr.sh index caada826..24a843b9 100644 --- a/dnsapi/dns_udr.sh +++ b/dnsapi/dns_udr.sh @@ -1,14 +1,14 @@ #!/usr/bin/env sh - -# united-domains Reselling (https://www.ud-reselling.com/) DNS API -# Author: Andreas Scherer (https://github.com/andischerer) -# Created: 2021-02-01 -# -# Set the environment variables as below: -# -# export UDR_USER="your_username_goes_here" -# export UDR_PASS="some_password_goes_here" -# +# shellcheck disable=SC2034 +dns_udr_info='united-domains Reselling +Site: ud-reselling.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_udr +Options: + UDR_USER Username + UDR_PASS Password +Issues: github.com/acmesh-official/acme.sh/issues/3923 +Author: Andreas Scherer +' UDR_API="https://api.domainreselling.de/api/call.cgi" UDR_TTL="30" diff --git a/dnsapi/dns_ultra.sh b/dnsapi/dns_ultra.sh index 0f26bd97..8b8c9122 100644 --- a/dnsapi/dns_ultra.sh +++ b/dnsapi/dns_ultra.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# -# ULTRA_USR="your_user_goes_here" -# -# ULTRA_PWD="some_password_goes_here" +# shellcheck disable=SC2034 +dns_ultra_info='UltraDNS.com +Site: UltraDNS.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ultra +Options: + ULTRA_USR Username + ULTRA_PWD Password +Issues: github.com/acmesh-official/acme.sh/issues/2118 +' ULTRA_API="https://api.ultradns.com/v3/" ULTRA_AUTH_API="https://api.ultradns.com/v2/" diff --git a/dnsapi/dns_unoeuro.sh b/dnsapi/dns_unoeuro.sh index 13ba8a00..a1263abe 100644 --- a/dnsapi/dns_unoeuro.sh +++ b/dnsapi/dns_unoeuro.sh @@ -1,9 +1,13 @@ #!/usr/bin/env sh - -# -#UNO_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#UNO_User="UExxxxxx" +# shellcheck disable=SC2034 +dns_unoeuro_info='unoeuro.com + Deprecated. The unoeuro.com is now simply.com +Site: unoeuro.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_unoeuro +Options: + UNO_Key API Key + UNO_User Username +' Uno_Api="https://api.simply.com/1" diff --git a/dnsapi/dns_variomedia.sh b/dnsapi/dns_variomedia.sh index aa743807..23ec29bf 100644 --- a/dnsapi/dns_variomedia.sh +++ b/dnsapi/dns_variomedia.sh @@ -1,7 +1,12 @@ #!/usr/bin/env sh - -# -#VARIOMEDIA_API_TOKEN=000011112222333344445555666677778888 +# shellcheck disable=SC2034 +dns_variomedia_info='variomedia.de +Site: variomedia.de +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_variomedia +Options: + VARIOMEDIA_API_TOKEN API Token +Issues: github.com/acmesh-official/acme.sh/issues/2564 +' VARIOMEDIA_API="https://api.variomedia.de" diff --git a/dnsapi/dns_veesp.sh b/dnsapi/dns_veesp.sh index b8a41d00..5ea6e718 100644 --- a/dnsapi/dns_veesp.sh +++ b/dnsapi/dns_veesp.sh @@ -1,10 +1,14 @@ #!/usr/bin/env sh - -# bug reports to stepan@plyask.in - -# -# export VEESP_User="username" -# export VEESP_Password="password" +# shellcheck disable=SC2034 +dns_veesp_info='veesp.com +Site: veesp.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_veesp +Options: + VEESP_User Username + VEESP_Password Password +Issues: github.com/acmesh-official/acme.sh/issues/3712 +Author: +' VEESP_Api="https://secure.veesp.com/api" diff --git a/dnsapi/dns_vercel.sh b/dnsapi/dns_vercel.sh index 7bf6b0e5..46a4cb7e 100644 --- a/dnsapi/dns_vercel.sh +++ b/dnsapi/dns_vercel.sh @@ -1,11 +1,14 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_vercel_info='Vercel.com +Site: Vercel.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_vercel +Options: + VERCEL_TOKEN API Token +' -# Vercel DNS API -# # This is your API token which can be acquired on the account page. # https://vercel.com/account/tokens -# -# VERCEL_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje" VERCEL_API="https://api.vercel.com" diff --git a/dnsapi/dns_vscale.sh b/dnsapi/dns_vscale.sh index d717d6e2..54abb439 100755 --- a/dnsapi/dns_vscale.sh +++ b/dnsapi/dns_vscale.sh @@ -1,11 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_vscale_info='vscale.io +Site: vscale.io +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_vscale +Options: + VSCALE_API_KEY API Key +Author: Alex Loban +' -#This is the vscale.io api wrapper for acme.sh -# -#Author: Alex Loban -#Report Bugs here: https://github.com/LAV45/acme.sh - -#VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" VSCALE_API_URL="https://api.vscale.io/v1" ######## Public functions ##################### diff --git a/dnsapi/dns_vultr.sh b/dnsapi/dns_vultr.sh index 54e5b6ce..94d14f02 100644 --- a/dnsapi/dns_vultr.sh +++ b/dnsapi/dns_vultr.sh @@ -1,7 +1,13 @@ #!/usr/bin/env sh - -# -#VULTR_API_KEY=000011112222333344445555666677778888 +# shellcheck disable=SC2034 +dns_vultr_info='vultr.com +Site: vultr.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_vultr +Options: + VULTR_API_KEY API Key +Issues: github.com/acmesh-official/acme.sh/issues/2374 +Author: +' VULTR_Api="https://api.vultr.com/v2" diff --git a/dnsapi/dns_websupport.sh b/dnsapi/dns_websupport.sh index e824c9c0..3df8d81c 100644 --- a/dnsapi/dns_websupport.sh +++ b/dnsapi/dns_websupport.sh @@ -1,18 +1,16 @@ #!/usr/bin/env sh - -# Acme.sh DNS API wrapper for websupport.sk -# -# Original author: trgo.sk (https://github.com/trgosk) -# Tweaks by: akulumbeg (https://github.com/akulumbeg) -# Report Bugs here: https://github.com/akulumbeg/acme.sh +# shellcheck disable=SC2034 +dns_websupport_info='Websupport.sk +Site: Websupport.sk +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_websupport +Options: + WS_ApiKey API Key. Called "Identifier" in the WS Admin + WS_ApiSecret API Secret. Called "Secret key" in the WS Admin +Issues: github.com/acmesh-official/acme.sh/issues/3486 +Author: trgo.sk , akulumbeg +' # Requirements: API Key and Secret from https://admin.websupport.sk/en/auth/apiKey -# -# WS_ApiKey="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -# (called "Identifier" in the WS Admin) -# -# WS_ApiSecret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -# (called "Secret key" in the WS Admin) WS_Api="https://rest.websupport.sk" diff --git a/dnsapi/dns_world4you.sh b/dnsapi/dns_world4you.sh index dfda4efd..be6ef5c8 100644 --- a/dnsapi/dns_world4you.sh +++ b/dnsapi/dns_world4you.sh @@ -1,7 +1,14 @@ #!/usr/bin/env sh - -# World4You - www.world4you.com -# Lorenz Stechauner, 2020 - https://www.github.com/NerLOR +# shellcheck disable=SC2034 +dns_world4you_info='World4You.com +Site: World4You.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_world4you +Options: + WORLD4YOU_USERNAME Username + WORLD4YOU_PASSWORD Password +Issues: github.com/acmesh-official/acme.sh/issues/3269 +Author: Lorenz Stechauner +' WORLD4YOU_API="https://my.world4you.com/en" PAKETNR='' diff --git a/dnsapi/dns_yandex.sh b/dnsapi/dns_yandex.sh index 0a2c3330..d780459f 100755 --- a/dnsapi/dns_yandex.sh +++ b/dnsapi/dns_yandex.sh @@ -1,13 +1,13 @@ #!/usr/bin/env sh -# Author: non7top@gmail.com -# 07 Jul 2017 -# report bugs at https://github.com/non7top/acme.sh - -# Values to export: -# export PDD_Token="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - -# Sometimes cloudflare / google doesn't pick new dns records fast enough. -# You can add --dnssleep XX to params as workaround. +# shellcheck disable=SC2034 +dns_yandex_info='Yandex Domains +Site: tech.Yandex.com/domain/ +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_yandex +Options: + PDD_Token API Token +Issues: github.com/non7top/acme.sh/issues +Author: +' ######## Public functions ##################### diff --git a/dnsapi/dns_yc.sh b/dnsapi/dns_yc.sh index ec3bbc87..e81b6fd2 100644 --- a/dnsapi/dns_yc.sh +++ b/dnsapi/dns_yc.sh @@ -1,11 +1,18 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_yc_info='Yandex Cloud DNS +Site: Cloud.Yandex.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_yc +Options: + YC_Zone_ID DNS Zone ID + YC_Folder_ID YC Folder ID + YC_SA_ID Service Account ID + YC_SA_Key_ID Service Account IAM Key ID + YC_SA_Key_File_Path Private key file path. Optional. + YC_SA_Key_File_PEM_b64 Base64 content of private key file. Use instead of Path to private key file. Optional. +Issues: github.com/acmesh-official/acme.sh/issues/4210 +' -#YC_Zone_ID="" # DNS Zone ID -#YC_Folder_ID="" # YC Folder ID -#YC_SA_ID="" # Service Account ID -#YC_SA_Key_ID="" # Service Account IAM Key ID -#YC_SA_Key_File_Path="/path/to/private.key" # Path to private.key use instead of YC_SA_Key_File_PEM_b64 -#YC_SA_Key_File_PEM_b64="" # Base64 content of private.key use instead of YC_SA_Key_File_Path YC_Api="https://dns.api.cloud.yandex.net/dns/v1" ######## Public functions ##################### diff --git a/dnsapi/dns_zilore.sh b/dnsapi/dns_zilore.sh index 42111025..369ce152 100644 --- a/dnsapi/dns_zilore.sh +++ b/dnsapi/dns_zilore.sh @@ -1,7 +1,13 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_zilore_info='Zilore.com +Site: Zilore.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_zilore +Options: + Zilore_Key API Key +' Zilore_API="https://api.zilore.com/dns/v1" -# Zilore_Key="YOUR-ZILORE-API-KEY" ######## Public functions ##################### diff --git a/dnsapi/dns_zone.sh b/dnsapi/dns_zone.sh index 176fc494..e4685707 100755 --- a/dnsapi/dns_zone.sh +++ b/dnsapi/dns_zone.sh @@ -1,8 +1,16 @@ #!/usr/bin/env sh +# shellcheck disable=SC2034 +dns_zone_info='Zone.eu +Site: Zone.eu +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_zone +Options: + ZONE_Username Username + ZONE_Key API Key +Issues: github.com/acmesh-official/acme.sh/issues/2146 +' # Zone.ee dns API # https://help.zone.eu/kb/zoneid-api-v2/ -# required ZONE_Username and ZONE_Key ZONE_Api="https://api.zone.eu/v2" ######## Public functions ##################### diff --git a/dnsapi/dns_zonomi.sh b/dnsapi/dns_zonomi.sh index 52a889ea..ee817381 100644 --- a/dnsapi/dns_zonomi.sh +++ b/dnsapi/dns_zonomi.sh @@ -1,9 +1,11 @@ #!/usr/bin/env sh - -# -#ZM_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" -# -#https://zonomi.com dns api +# shellcheck disable=SC2034 +dns_zonomi_info='zonomi.com +Site: zonomi.com +Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_zonomi +Options: + ZM_Key API Key +' ZM_Api="https://zonomi.com/app/dns/dyndns.jsp" From cc9c85cc1aab1f4aa5a06b6b1e44f5d1ecee4a3c Mon Sep 17 00:00:00 2001 From: zak905 Date: Sun, 9 Jun 2024 21:02:54 +0200 Subject: [PATCH 32/47] use lower_case util function instead of raw bash command --- dnsapi/dns_ionos_cloud.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_ionos_cloud.sh b/dnsapi/dns_ionos_cloud.sh index 18a60d18..d7d72f8e 100644 --- a/dnsapi/dns_ionos_cloud.sh +++ b/dnsapi/dns_ionos_cloud.sh @@ -95,10 +95,10 @@ _ionos_cloud_get_record() { zone_id=$1 txtrecord=$2 # this is to transform the domain to lower case - fulldomain=$(printf "%s" "$3" | tr "[:upper:]" "[:lower:]") + fulldomain=$(printf "%s" "$3" | _lower_case # this is to transform record name to lower case # IONOS Cloud API transforms all record names to lower case - _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1 | tr "[:upper:]" "[:lower:]") + _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1 | _lower_case) if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES/$zone_id/records"; then _response="$(echo "$_response" | tr -d "\n")" From 74ffbb2172a782a96c378ec364d6f17110d64047 Mon Sep 17 00:00:00 2001 From: zak905 Date: Mon, 10 Jun 2024 19:53:05 +0200 Subject: [PATCH 33/47] fix forgotten parenthensis --- dnsapi/dns_ionos_cloud.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_ionos_cloud.sh b/dnsapi/dns_ionos_cloud.sh index d7d72f8e..fa229e03 100644 --- a/dnsapi/dns_ionos_cloud.sh +++ b/dnsapi/dns_ionos_cloud.sh @@ -95,7 +95,7 @@ _ionos_cloud_get_record() { zone_id=$1 txtrecord=$2 # this is to transform the domain to lower case - fulldomain=$(printf "%s" "$3" | _lower_case + fulldomain=$(printf "%s" "$3" | _lower_case) # this is to transform record name to lower case # IONOS Cloud API transforms all record names to lower case _record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1 | _lower_case) From e0c63d58b2e969aa11058b88835597b124e9b3d8 Mon Sep 17 00:00:00 2001 From: Marek Wester Date: Tue, 28 May 2024 22:46:27 +0200 Subject: [PATCH 34/47] improve compatibility with FreeBSD it is related to this bug report: opnsense/plugins#3525 FreeBSD's sed doesn't have the -z option, so empty certificates are delivered to vault when running the script on FreeBSD. --- deploy/vault.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/vault.sh b/deploy/vault.sh index 569faba2..03a0de83 100644 --- a/deploy/vault.sh +++ b/deploy/vault.sh @@ -70,10 +70,10 @@ vault_deploy() { # JSON does not allow multiline strings. # So replacing new-lines with "\n" here - _ckey=$(sed -z 's/\n/\\n/g' <"$2") - _ccert=$(sed -z 's/\n/\\n/g' <"$3") - _cca=$(sed -z 's/\n/\\n/g' <"$4") - _cfullchain=$(sed -z 's/\n/\\n/g' <"$5") + _ckey=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$2") + _ccert=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$3") + _cca=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$4") + _cfullchain=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$5") export _H1="X-Vault-Token: $VAULT_TOKEN" From fe4113d6234d5b224f4ad32f290506ef3db0215c Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 17 Jun 2024 15:30:00 +0200 Subject: [PATCH 35/47] add PROJECT_API for https://github.com/acmesh-official/acme.sh/issues/5170 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index d154cf77..5f09e29d 100755 --- a/acme.sh +++ b/acme.sh @@ -7075,7 +7075,7 @@ installOnline() { _getRepoHash() { _hash_path=$1 shift - _hash_url="https://api.github.com/repos/acmesh-official/$PROJECT_NAME/git/refs/$_hash_path" + _hash_url="${PROJECT_API:-https://api.github.com/repos/acmesh-official}/$PROJECT_NAME/git/refs/$_hash_path" _get $_hash_url | tr -d "\r\n" | tr '{},' '\n\n\n' | grep '"sha":' | cut -d '"' -f 4 } From 65868ab8a76869ebb6edbd1372fc22ee52a4344c Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 3 Jul 2024 18:27:47 +0800 Subject: [PATCH 36/47] remove centos --- .github/workflows/Linux.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/Linux.yml b/.github/workflows/Linux.yml index 4afebaf0..c74e9d3e 100644 --- a/.github/workflows/Linux.yml +++ b/.github/workflows/Linux.yml @@ -26,7 +26,7 @@ jobs: Linux: strategy: matrix: - os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:7", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"] + os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"] runs-on: ubuntu-latest env: TEST_LOCAL: 1 From 9bdfd8f4fe1c625aa773b4875bf1fd2d09283ef1 Mon Sep 17 00:00:00 2001 From: Vlad-Stefan Harbuz Date: Fri, 12 Jul 2024 13:04:42 +0100 Subject: [PATCH 37/47] Improve grammar --- acme.sh | 714 ++++++++++++++++++++++++++++---------------------------- 1 file changed, 356 insertions(+), 358 deletions(-) diff --git a/acme.sh b/acme.sh index d154cf77..219a3caa 100755 --- a/acme.sh +++ b/acme.sh @@ -231,11 +231,11 @@ _dlg_versions() { echo "$ACME_OPENSSL_BIN doesn't exist." fi - echo "apache:" + echo "Apache:" if [ "$_APACHECTL" ] && _exists "$_APACHECTL"; then $_APACHECTL -V 2>&1 else - echo "apache doesn't exist." + echo "Apache doesn't exist." fi echo "nginx:" @@ -949,7 +949,7 @@ _getfile() { i="$(grep -n -- "$startline" "$filename" | cut -d : -f 1)" if [ -z "$i" ]; then - _err "Can not find start line: $startline" + _err "Cannot find start line: $startline" return 1 fi i="$(_math "$i" + 1)" @@ -957,7 +957,7 @@ _getfile() { j="$(grep -n -- "$endline" "$filename" | cut -d : -f 1)" if [ -z "$j" ]; then - _err "Can not find end line: $endline" + _err "Cannot find end line: $endline" return 1 fi j="$(_math "$j" - 1)" @@ -1065,7 +1065,7 @@ _sign() { if ! _signedECText="$($_sign_openssl -sha$__ECC_KEY_LEN | ${ACME_OPENSSL_BIN:-openssl} asn1parse -inform DER)"; then _err "Sign failed: $_sign_openssl" _err "Key file: $keyfile" - _err "Key content:$(wc -l <"$keyfile") lines" + _err "Key content: $(wc -l <"$keyfile") lines" return 1 fi _debug3 "_signedECText" "$_signedECText" @@ -1145,14 +1145,14 @@ _createkey() { length=2048 fi - _debug "Use length $length" + _debug "Using length $length" if ! [ -e "$f" ]; then if ! touch "$f" >/dev/null 2>&1; then _f_path="$(dirname "$f")" _debug _f_path "$_f_path" if ! mkdir -p "$_f_path"; then - _err "Can not create path: $_f_path" + _err "Cannot create path: $_f_path" return 1 fi fi @@ -1163,11 +1163,11 @@ _createkey() { fi if _isEccKey "$length"; then - _debug "Using ec name: $eccname" + _debug "Using EC name: $eccname" if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -noout -genkey 2>/dev/null)"; then echo "$_opkey" >"$f" else - _err "error ecc key name: $eccname" + _err "Error encountered for ECC key named $eccname" return 1 fi else @@ -1179,13 +1179,13 @@ _createkey() { if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa $__traditional "$length" 2>/dev/null)"; then echo "$_opkey" >"$f" else - _err "error rsa key: $length" + _err "Error encountered for RSA key of length $length" return 1 fi fi if [ "$?" != "0" ]; then - _err "Create key error." + _err "Key creation error." return 1 fi } @@ -1452,7 +1452,7 @@ toPkcs() { _toPkcs "$CERT_PFX_PATH" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$pfxPassword" if [ "$?" = "0" ]; then - _info "Success, Pfx is exported to: $CERT_PFX_PATH" + _info "Success, PFX has been exported to: $CERT_PFX_PATH" fi } @@ -1496,7 +1496,7 @@ _create_account_key() { length=$1 if [ -z "$length" ] || [ "$length" = "$NO_VALUE" ]; then - _debug "Use default length $DEFAULT_ACCOUNT_KEY_LENGTH" + _debug "Using default length $DEFAULT_ACCOUNT_KEY_LENGTH" length="$DEFAULT_ACCOUNT_KEY_LENGTH" fi @@ -1505,15 +1505,15 @@ _create_account_key() { mkdir -p "$CA_DIR" if [ -s "$ACCOUNT_KEY_PATH" ]; then - _info "Account key exists, skip" + _info "Account key exists, skipping" return 0 else #generate account key if _createkey "$length" "$ACCOUNT_KEY_PATH"; then - _info "Create account key ok." + _info "Account key creation OK." return 0 else - _err "Create account key error." + _err "Account key creation error." return 1 fi fi @@ -1532,7 +1532,7 @@ createDomainKey() { _cdl=$2 if [ -z "$_cdl" ]; then - _debug "Use DEFAULT_DOMAIN_KEY_LENGTH=$DEFAULT_DOMAIN_KEY_LENGTH" + _debug "Using DEFAULT_DOMAIN_KEY_LENGTH=$DEFAULT_DOMAIN_KEY_LENGTH" _cdl="$DEFAULT_DOMAIN_KEY_LENGTH" fi @@ -1544,16 +1544,16 @@ createDomainKey() { _info "The domain key is here: $(__green $CERT_KEY_PATH)" return 0 else - _err "Can not create domain key" + _err "Cannot create domain key" return 1 fi else if [ "$_ACME_IS_RENEW" ]; then - _info "Domain key exists, skip" + _info "Domain key exists, skipping" return 0 else - _err "Domain key exists, do you want to overwrite the key?" - _err "Add '--force', and try again." + _err "Domain key exists, do you want to overwrite it?" + _err "If so, add '--force' and try again." return 1 fi fi @@ -1562,7 +1562,7 @@ createDomainKey() { # domain domainlist isEcc createCSR() { - _info "Creating csr" + _info "Creating CSR" if [ -z "$1" ]; then _usage "Usage: $PROJECT_ENTRY --create-csr --domain [--domain ...] [--ecc]" return @@ -1575,13 +1575,13 @@ createCSR() { _initpath "$domain" "$_isEcc" if [ -f "$CSR_PATH" ] && [ "$_ACME_IS_RENEW" ] && [ -z "$FORCE" ]; then - _info "CSR exists, skip" + _info "CSR exists, skipping" return fi if [ ! -f "$CERT_KEY_PATH" ]; then - _err "The key file is not found: $CERT_KEY_PATH" - _err "Please create the key file first." + _err "This key file was not found: $CERT_KEY_PATH" + _err "Please create it first." return 1 fi _createcsr "$domain" "$domainlist" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF" @@ -1725,7 +1725,7 @@ _calcjwk() { __ECC_KEY_LEN=512 ;; *) - _err "ECC oid : $crv_oid" + _err "ECC oid: $crv_oid" return 1 ;; esac @@ -1768,7 +1768,7 @@ _calcjwk() { JWK_HEADERPLACE_PART1='{"nonce": "' JWK_HEADERPLACE_PART2='", "alg": "ES'$__ECC_KEY_LEN'"' else - _err "Only RSA or EC key is supported. keyfile=$keyfile" + _err "Only RSA or EC keys are supported. keyfile=$keyfile" _debug2 "$(cat "$keyfile")" return 1 fi @@ -1802,7 +1802,7 @@ _date2time() { if da="$(echo "$1" | tr -d "Z" | tr "T" ' ')" perl -MTime::Piece -e 'print Time::Piece->strptime($ENV{da}, "%Y-%m-%d %H:%M:%S")->epoch, "\n";' 2>/dev/null; then return fi - _err "Can not parse _date2time $1" + _err "Cannot parse _date2time $1" return 1 } @@ -1826,7 +1826,7 @@ _mktemp() { echo "/$LE_TEMP_DIR/wefADf24sf.$(_time).tmp" return 0 fi - _err "Can not create temp file." + _err "Cannot create temp file." } #clear all the https envs to cause _inithttp() to run next time. @@ -2015,7 +2015,7 @@ _post() { _ret="$?" if [ "$_ret" = "8" ]; then _ret=0 - _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later." + _debug "wget returned 8 as the server returned a 'Bad Request' response. Let's process the response later." fi if [ "$_ret" != "0" ]; then _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret" @@ -2029,7 +2029,7 @@ _post() { _sed_i 's/^ //g' "$HTTP_HEADER" else _ret="$?" - _err "Neither curl nor wget is found, can not do $httpmethod." + _err "Neither curl nor wget have been found, cannot make $httpmethod request." fi _debug "_ret" "$_ret" printf "%s" "$response" @@ -2098,14 +2098,14 @@ _get() { ret=$? if [ "$ret" = "8" ]; then ret=0 - _debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later." + _debug "wget returned 8 as the server returned a 'Bad Request' response. Let's process the response later." fi if [ "$ret" != "0" ]; then _err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret" fi else ret=$? - _err "Neither curl nor wget is found, can not do GET." + _err "Neither curl nor wget have been found, cannot make GET request." fi _debug "ret" "$ret" return $ret @@ -2137,7 +2137,7 @@ _send_signed_request() { if [ -z "$keyfile" ]; then keyfile="$ACCOUNT_KEY_PATH" fi - _debug "=======Begin Send Signed Request=======" + _debug "=======Sending Signed Request=======" _debug url "$url" _debug payload "$payload" @@ -2183,7 +2183,7 @@ _send_signed_request() { fi _debug2 _CACHED_NONCE "$_CACHED_NONCE" if [ "$?" != "0" ]; then - _err "Can not connect to $nonceurl to get nonce." + _err "Cannot connect to $nonceurl to get nonce." return 1 fi else @@ -2226,7 +2226,7 @@ _send_signed_request() { _CACHED_NONCE="" if [ "$?" != "0" ]; then - _err "Can not post to $url" + _err "Cannot make POST request to $url" return 1 fi @@ -2258,21 +2258,21 @@ _send_signed_request() { _sleep_overload_retry_sec=5 fi if [ $_sleep_overload_retry_sec -le 600 ]; then - _info "It seems the CA server is currently overloaded, let's wait and retry. Sleeping $_sleep_overload_retry_sec seconds." + _info "It seems the CA server is currently overloaded, let's wait and retry. Sleeping for $_sleep_overload_retry_sec seconds." _sleep $_sleep_overload_retry_sec continue else - _info "The retryafter=$_retryafter is too large > 600, not retry anymore." + _info "The retryafter=$_retryafter value is too large (> 600), will not retry anymore." fi fi if _contains "$_body" "JWS has invalid anti-replay nonce" || _contains "$_body" "JWS has an invalid anti-replay nonce"; then - _info "It seems the CA server is busy now, let's wait and retry. Sleeping $_sleep_retry_sec seconds." + _info "It seems the CA server is busy now, let's wait and retry. Sleeping for $_sleep_retry_sec seconds." _CACHED_NONCE="" _sleep $_sleep_retry_sec continue fi if _contains "$_body" "The Replay Nonce is not recognized"; then - _info "The replay Nonce is not valid, let's get a new one, Sleeping $_sleep_retry_sec seconds." + _info "The replay nonce is not valid, let's get a new one. Sleeping for $_sleep_retry_sec seconds." _CACHED_NONCE="" _sleep $_sleep_retry_sec continue @@ -2344,7 +2344,7 @@ _save_conf() { if [ "$_s_c_f" ]; then _setopt "$_s_c_f" "$_sdkey" "=" "'$_sdvalue'" else - _err "config file is empty, can not save $_sdkey=$_sdvalue" + _err "Config file is empty, cannot save $_sdkey=$_sdvalue" fi } @@ -2356,7 +2356,7 @@ _clear_conf() { _conf_data="$(cat "$_c_c_f")" echo "$_conf_data" | sed "s/^$_sdkey *=.*$//" >"$_c_c_f" else - _err "config file is empty, can not clear" + _err "Config file is empty, cannot clear" fi } @@ -2374,7 +2374,7 @@ _read_conf() { fi printf "%s" "$_sdv" else - _debug "config file is empty, can not read $_sdkey" + _debug "Config file is empty, cannot read $_sdkey" fi } @@ -2592,7 +2592,7 @@ _starttlsserver() { #create key TLS_KEY if ! _createkey "2048" "$TLS_KEY"; then - _err "Create tls validation key error." + _err "Error creating TLS validation key." return 1 fi @@ -2602,13 +2602,13 @@ _starttlsserver() { alt="$alt,$san_b" fi if ! _createcsr "tls.acme.sh" "$alt" "$TLS_KEY" "$TLS_CSR" "$TLS_CONF" "$acmeValidationv1"; then - _err "Create tls validation csr error." + _err "Error creating TLS validation CSR." return 1 fi #self signed if ! _signcsr "$TLS_KEY" "$TLS_CSR" "$TLS_CONF" "$TLS_CERT"; then - _err "Create tls validation cert error." + _err "Error creating TLS validation cert." return 1 fi @@ -2662,7 +2662,7 @@ _conapath() { __initHome() { if [ -z "$_SCRIPT_HOME" ]; then if _exists readlink && _exists dirname; then - _debug "Lets find script dir." + _debug "Let's find the script directory." _debug "_SCRIPT_" "$_SCRIPT_" _script="$(_readlink "$_SCRIPT_")" _debug "_script" "$_script" @@ -2671,7 +2671,7 @@ __initHome() { if [ -d "$_script_home" ]; then export _SCRIPT_HOME="$_script_home" else - _err "It seems the script home is not correct:$_script_home" + _err "It seems the script home is not correct: $_script_home" fi fi fi @@ -2686,7 +2686,7 @@ __initHome() { # fi if [ -z "$LE_WORKING_DIR" ]; then - _debug "Using default home:$DEFAULT_INSTALL_HOME" + _debug "Using default home: $DEFAULT_INSTALL_HOME" LE_WORKING_DIR="$DEFAULT_INSTALL_HOME" fi export LE_WORKING_DIR @@ -2694,7 +2694,7 @@ __initHome() { if [ -z "$LE_CONFIG_HOME" ]; then LE_CONFIG_HOME="$LE_WORKING_DIR" fi - _debug "Using config home:$LE_CONFIG_HOME" + _debug "Using config home: $LE_CONFIG_HOME" export LE_CONFIG_HOME _DEFAULT_ACCOUNT_CONF_PATH="$LE_CONFIG_HOME/account.conf" @@ -2731,7 +2731,7 @@ _clearAPI() { #server _initAPI() { _api_server="${1:-$ACME_DIRECTORY}" - _debug "_init api for server: $_api_server" + _debug "_init API for server: $_api_server" MAX_API_RETRY_TIMES=10 _sleep_retry_sec=10 @@ -2741,8 +2741,8 @@ _initAPI() { response=$(_get "$_api_server") if [ "$?" != "0" ]; then _debug2 "response" "$response" - _info "Can not init api for: $_api_server." - _info "Sleep $_sleep_retry_sec and retry." + _info "Cannot init API for: $_api_server." + _info "Sleeping for $_sleep_retry_sec seconds and retrying." _sleep "$_sleep_retry_sec" continue fi @@ -2780,13 +2780,13 @@ _initAPI() { if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then return 0 fi - _info "Sleep $_sleep_retry_sec and retry." + _info "Sleeping for $_sleep_retry_sec seconds and retrying." _sleep "$_sleep_retry_sec" done if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then return 0 fi - _err "Can not init api, for $_api_server" + _err "Cannot init API for $_api_server" return 1 } @@ -2918,7 +2918,7 @@ _initpath() { DOMAIN_PATH="$domainhomeecc" elif [ -z "$__SELECTED_RSA_KEY" ]; then if [ ! -d "$domainhome" ] && [ -d "$domainhomeecc" ]; then - _info "The domain '$domain' seems to have a ECC cert already, lets use ecc cert." + _info "The domain '$domain' seems to already have an ECC cert, let's use it." DOMAIN_PATH="$domainhomeecc" fi fi @@ -2981,7 +2981,7 @@ _apachePath() { if _exists apache2ctl; then _APACHECTL="apache2ctl" else - _err "'apachectl not found. It seems that apache is not installed, or you are not root user.'" + _err "'apachectl not found. It seems that Apache is not installed or you are not root.'" _err "Please use webroot mode to try again." return 1 fi @@ -3000,7 +3000,7 @@ _apachePath() { _debug httpdconfname "$httpdconfname" if [ -z "$httpdconfname" ]; then - _err "Can not read apache config file." + _err "Cannot read Apache config file." return 1 fi @@ -3017,7 +3017,7 @@ _apachePath() { _debug httpdconf "$httpdconf" _debug httpdconfname "$httpdconfname" if [ ! -f "$httpdconf" ]; then - _err "Apache Config file not found" "$httpdconf" + _err "Apache config file not found" "$httpdconf" return 1 fi return 0 @@ -3040,7 +3040,7 @@ _restoreApache() { cat "$APACHE_CONF_BACKUP_DIR/$httpdconfname" >"$httpdconf" _debug "Restored: $httpdconf." if ! $_APACHECTL -t; then - _err "Sorry, restore apache config error, please contact me." + _err "Sorry, there's been an error restoring the Apache config. Please ask for support on $PROJECT." return 1 fi _debug "Restored successfully." @@ -3055,26 +3055,26 @@ _setApache() { fi #test the conf first - _info "Checking if there is an error in the apache config file before starting." + _info "Checking if there is an error in the Apache config file before starting." if ! $_APACHECTL -t >/dev/null; then - _err "The apache config file has error, please fix it first, then try again." - _err "Don't worry, there is nothing changed to your system." + _err "The Apache config file has errors, please fix them first then try again." + _err "Don't worry, no changes to your system have been made." return 1 else _info "OK" fi #backup the conf - _debug "Backup apache config file" "$httpdconf" + _debug "Backing up Apache config file" "$httpdconf" if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then - _err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed." - _err "This might be a bug of $PROJECT_NAME , please report issue: $PROJECT" + _err "Cannot backup Apache config file, aborting. Don't worry, the Apache config has not been changed." + _err "This might be an $PROJECT_NAME bug, please open an issue on $PROJECT" return 1 fi - _info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname" - _info "In case there is an error that can not be restored automatically, you may try restore it yourself." - _info "The backup file will be deleted on success, just forget it." + _info "Config file $httpdconf has been backed up to $APACHE_CONF_BACKUP_DIR/$httpdconfname" + _info "In case an error causes it to not be restored automatically, you can restore it yourself." + _info "You do not need to do anything on success, as the backup file will automatically be deleted." #add alias @@ -3104,11 +3104,11 @@ Allow from all _msg="$($_APACHECTL -t 2>&1)" if [ "$?" != "0" ]; then - _err "Sorry, apache config error" + _err "Sorry, an Apache config error has occurred" if _restoreApache; then - _err "The apache config file is restored." + _err "The Apache config file has been restored." else - _err "Sorry, the apache config file can not be restored, please report bug." + _err "Sorry, the Apache config file cannot be restored, please open an issue on $PROJECT." fi return 1 fi @@ -3119,7 +3119,7 @@ Allow from all fi if ! $_APACHECTL graceful; then - _err "$_APACHECTL graceful error, please contact me." + _err "$_APACHECTL graceful error, please open an issue on $PROJECT." _restoreApache return 1 fi @@ -3143,10 +3143,10 @@ _setNginx() { _start_f="$(echo "$_croot" | cut -d : -f 2)" _debug _start_f "$_start_f" if [ -z "$_start_f" ]; then - _debug "find start conf from nginx command" + _debug "Finding config using the nginx command" if [ -z "$NGINX_CONF" ]; then if ! _exists "nginx"; then - _err "nginx command is not found." + _err "nginx command not found." return 1 fi NGINX_CONF="$(nginx -V 2>&1 | _egrep_o "\-\-conf-path=[^ ]* " | tr -d " ")" @@ -3154,7 +3154,7 @@ _setNginx() { NGINX_CONF="$(echo "$NGINX_CONF" | cut -d = -f 2)" _debug NGINX_CONF "$NGINX_CONF" if [ -z "$NGINX_CONF" ]; then - _err "Can not find nginx conf." + _err "Cannot find nginx config." NGINX_CONF="" return 1 fi @@ -3163,16 +3163,16 @@ _setNginx() { NGINX_CONF="" return 1 fi - _debug "Found nginx conf file:$NGINX_CONF" + _debug "Found nginx config file: $NGINX_CONF" fi _start_f="$NGINX_CONF" fi - _debug "Start detect nginx conf for $_d from:$_start_f" + _debug "Detecting nginx conf for $_d from: $_start_f" if ! _checkConf "$_d" "$_start_f"; then - _err "Can not find conf file for domain $d" + _err "Cannot find config file for domain $d" return 1 fi - _info "Found conf file: $FOUND_REAL_NGINX_CONF" + _info "Found config file: $FOUND_REAL_NGINX_CONF" _ln=$FOUND_REAL_NGINX_CONF_LN _debug "_ln" "$_ln" @@ -3182,7 +3182,7 @@ _setNginx() { _start_tag="$(sed -n "$_lnn,${_lnn}p" "$FOUND_REAL_NGINX_CONF")" _debug "_start_tag" "$_start_tag" if [ "$_start_tag" = "$NGINX_START" ]; then - _info "The domain $_d is already configured, skip" + _info "The domain $_d is already configured, skipping" FOUND_REAL_NGINX_CONF="" return 0 fi @@ -3191,28 +3191,28 @@ _setNginx() { _backup_conf="$DOMAIN_BACKUP_PATH/$_d.nginx.conf" _debug _backup_conf "$_backup_conf" BACKUP_NGINX_CONF="$_backup_conf" - _info "Backup $FOUND_REAL_NGINX_CONF to $_backup_conf" + _info "Backing $FOUND_REAL_NGINX_CONF up to $_backup_conf" if ! cp "$FOUND_REAL_NGINX_CONF" "$_backup_conf"; then - _err "backup error." + _err "Backup error." FOUND_REAL_NGINX_CONF="" return 1 fi if ! _exists "nginx"; then - _err "nginx command is not found." + _err "nginx command not found." return 1 fi - _info "Check the nginx conf before setting up." + _info "Checking the nginx config before setting up." if ! nginx -t >/dev/null 2>&1; then - _err "It seems that nginx conf is not correct, cannot continue." + _err "It seems that the nginx config is not correct, cannot continue." return 1 fi - _info "OK, Set up nginx config file" + _info "OK, setting up the nginx config file" if ! sed -n "1,${_ln}p" "$_backup_conf" >"$FOUND_REAL_NGINX_CONF"; then cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF" - _err "write nginx conf error, but don't worry, the file is restored to the original version." + _err "Error writing nginx config. Restoring it to its original version." return 1 fi @@ -3226,20 +3226,20 @@ location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" { if ! sed -n "${_lnn},99999p" "$_backup_conf" >>"$FOUND_REAL_NGINX_CONF"; then cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF" - _err "write nginx conf error, but don't worry, the file is restored." + _err "Error writing nginx config. Restoring it to its original version." return 1 fi _debug3 "Modified config:$(cat $FOUND_REAL_NGINX_CONF)" - _info "nginx conf is done, let's check it again." + _info "nginx config has been written, let's check it again." if ! nginx -t >/dev/null 2>&1; then - _err "It seems that nginx conf was broken, let's restore." + _err "There seems to be a problem with the nginx config, let's restore it to its original version." cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF" return 1 fi - _info "Reload nginx" + _info "Reloading nginx" if ! nginx -s reload >/dev/null 2>&1; then - _err "It seems that nginx reload error, let's restore." + _err "There seems to be a problem with the nginx config, let's restore it to its original version." cat "$_backup_conf" >"$FOUND_REAL_NGINX_CONF" return 1 fi @@ -3251,7 +3251,7 @@ location ~ \"^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)\$\" { _checkConf() { _d="$1" _c_file="$2" - _debug "Start _checkConf from:$_c_file" + _debug "Starting _checkConf from: $_c_file" if [ ! -f "$2" ] && ! echo "$2" | grep '*$' >/dev/null && echo "$2" | grep '*' >/dev/null; then _debug "wildcard" for _w_f in $2; do @@ -3264,14 +3264,14 @@ _checkConf() { elif [ -f "$2" ]; then _debug "single" if _isRealNginxConf "$1" "$2"; then - _debug "$2 is found." + _debug "$2 found." FOUND_REAL_NGINX_CONF="$2" return 0 fi if cat "$2" | tr "\t" " " | grep "^ *include *.*;" >/dev/null; then - _debug "Try include files" + _debug "Trying include files" for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do - _debug "check included $included" + _debug "Checking included $included" if ! _startswith "$included" "/" && _exists dirname; then _relpath="$(dirname "$2")" _debug "_relpath" "$_relpath" @@ -3347,7 +3347,7 @@ _isRealNginxConf() { #restore all the nginx conf _restoreNginx() { if [ -z "$NGINX_RESTORE_VLIST" ]; then - _debug "No need to restore nginx, skip." + _debug "No need to restore nginx config, skipping." return fi _debug "_restoreNginx" @@ -3362,9 +3362,9 @@ _restoreNginx() { cat "$_ngbackupconf" >"$_ngconf" done - _info "Reload nginx" + _info "Reloading nginx" if ! nginx -s reload >/dev/null; then - _err "It seems that nginx reload error, please report bug." + _err "An error occurred while reloading nginx, please open an issue on $PROJECT." return 1 fi return 0 @@ -3389,7 +3389,7 @@ _clearupdns() { _debug "dns_entries" "$dns_entries" if [ -z "$dns_entries" ]; then - _debug "skip dns." + _debug "Skipping dns." return fi _info "Removing DNS records." @@ -3412,7 +3412,7 @@ _clearupdns() { fi if [ -z "$d_api" ]; then - _info "Not Found domain api file: $d_api" + _info "Domain API file was not found: $d_api" continue fi @@ -3422,21 +3422,21 @@ _clearupdns() { ( if ! . "$d_api"; then - _err "Load file $d_api error. Please check your api file and try again." + _err "Error loading file $d_api. Please check your API file and try again." return 1 fi rmcommand="${_currentRoot}_rm" if ! _exists "$rmcommand"; then - _err "It seems that your api file doesn't define $rmcommand" + _err "It seems that your API file doesn't define $rmcommand" return 1 fi _info "Removing txt: $txt for domain: $txtdomain" if ! $rmcommand "$txtdomain" "$txt"; then - _err "Error removing txt for domain:$txtdomain" + _err "Error removing txt for domain: $txtdomain" return 1 fi - _info "Removed: Success" + _info "Successfully removed" ) done @@ -3446,7 +3446,7 @@ _clearupdns() { _clearupwebbroot() { __webroot="$1" if [ -z "$__webroot" ]; then - _debug "no webroot specified, skip" + _debug "No webroot specified, skipping" return 0 fi @@ -3458,12 +3458,12 @@ _clearupwebbroot() { elif [ "$2" = '3' ]; then _rmpath="$__webroot/.well-known/acme-challenge/$3" else - _debug "Skip for removelevel:$2" + _debug "Skipping for removelevel: $2" fi if [ "$_rmpath" ]; then if [ "$DEBUG" ]; then - _debug "Debugging, skip removing: $_rmpath" + _debug "Debugging, not removing: $_rmpath" else rm -rf "$_rmpath" fi @@ -3484,13 +3484,13 @@ _on_before_issue() { _debug _chk_alt_domains "$_chk_alt_domains" #run pre hook if [ "$_chk_pre_hook" ]; then - _info "Run pre hook:'$_chk_pre_hook'" + _info "Runing pre hook:'$_chk_pre_hook'" if ! ( export Le_Domain="$_chk_main_domain" export Le_Alt="$_chk_alt_domains" cd "$DOMAIN_PATH" && eval "$_chk_pre_hook" ); then - _err "Error when run pre hook." + _err "Error occurred when running pre hook." return 1 fi fi @@ -3515,7 +3515,7 @@ _on_before_issue() { if [ -z "$d" ]; then break fi - _debug "Check for domain" "$d" + _debug "Checking for domain" "$d" _currentRoot="$(_getfield "$_chk_web_roots" $_index)" _debug "_currentRoot" "$_currentRoot" _index=$(_math $_index + 1) @@ -3562,7 +3562,7 @@ _on_before_issue() { if _hasfield "$_chk_web_roots" "apache"; then if ! _setApache; then - _err "set up apache error. Report error to me." + _err "Error setting up Apache. Please open an issue on $PROJECT." return 1 fi else @@ -3579,17 +3579,17 @@ _on_issue_err() { if [ "$LOG_FILE" ]; then _err "Please check log file for more details: $LOG_FILE" else - _err "Please add '--debug' or '--log' to check more details." + _err "Please add '--debug' or '--log' to see more information." _err "See: $_DEBUG_WIKI" fi #run the post hook if [ "$_chk_post_hook" ]; then - _info "Run post hook:'$_chk_post_hook'" + _info "Running post hook: '$_chk_post_hook'" if ! ( cd "$DOMAIN_PATH" && eval "$_chk_post_hook" ); then - _err "Error when run post hook." + _err "Error encountered while running post hook." return 1 fi fi @@ -3628,7 +3628,7 @@ _on_issue_success() { #run the post hook if [ "$_chk_post_hook" ]; then - _info "Run post hook:'$_chk_post_hook'" + _info "Running post hook:'$_chk_post_hook'" if ! ( export CERT_PATH export CERT_KEY_PATH @@ -3637,14 +3637,14 @@ _on_issue_success() { export Le_Domain="$_main_domain" cd "$DOMAIN_PATH" && eval "$_chk_post_hook" ); then - _err "Error when run post hook." + _err "Error encountered while running post hook." return 1 fi fi #run renew hook if [ "$_ACME_IS_RENEW" ] && [ "$_chk_renew_hook" ]; then - _info "Run renew hook:'$_chk_renew_hook'" + _info "Running renew hook: '$_chk_renew_hook'" if ! ( export CERT_PATH export CERT_KEY_PATH @@ -3653,7 +3653,7 @@ _on_issue_success() { export Le_Domain="$_main_domain" cd "$DOMAIN_PATH" && eval "$_chk_renew_hook" ); then - _err "Error when run renew hook." + _err "Error encountered while running renew hook." return 1 fi fi @@ -3709,7 +3709,7 @@ _regAccount() { if [ ! -f "$ACCOUNT_KEY_PATH" ]; then if ! _create_account_key "$_reg_length"; then - _err "Create account key error." + _err "Error creating account key." return 1 fi fi @@ -3732,7 +3732,7 @@ _regAccount() { if [ "$ACME_DIRECTORY" = "$CA_ZEROSSL" ]; then if [ -z "$_eab_id" ] || [ -z "$_eab_hmac_key" ]; then - _info "No EAB credentials found for ZeroSSL, let's get one" + _info "No EAB credentials found for ZeroSSL, let's obtain them" if [ -z "$_email" ]; then _info "$(__green "$PROJECT_NAME is using ZeroSSL as default CA now.")" _info "$(__green "Please update your account with an email address first.")" @@ -3743,20 +3743,20 @@ _regAccount() { _eabresp=$(_post "email=$_email" $_ZERO_EAB_ENDPOINT) if [ "$?" != "0" ]; then _debug2 "$_eabresp" - _err "Can not get EAB credentials from ZeroSSL." + _err "Cannot get EAB credentials from ZeroSSL." return 1 fi _secure_debug2 _eabresp "$_eabresp" _eab_id="$(echo "$_eabresp" | tr ',}' '\n\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')" _secure_debug2 _eab_id "$_eab_id" if [ -z "$_eab_id" ]; then - _err "Can not resolve _eab_id" + _err "Cannot resolve _eab_id" return 1 fi _eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')" _secure_debug2 _eab_hmac_key "$_eab_hmac_key" if [ -z "$_eab_hmac_key" ]; then - _err "Can not resolve _eab_hmac_key" + _err "Cannot resolve _eab_hmac_key" return 1 fi _savecaconf CA_EAB_KEY_ID "$_eab_id" @@ -3793,7 +3793,7 @@ _regAccount() { _info "Registering account: $ACME_DIRECTORY" if ! _send_signed_request "${ACME_NEW_ACCOUNT}" "$regjson"; then - _err "Register account Error: $response" + _err "Error registering account: $response" return 1 fi @@ -3804,10 +3804,10 @@ _regAccount() { elif [ "$code" = '409' ] || [ "$code" = '200' ]; then _info "Already registered" elif [ "$code" = '400' ] && _contains "$response" 'The account is not awaiting external account binding'; then - _info "Already register EAB." + _info "EAB already registered" _eabAlreadyBound=1 else - _err "Register account Error: $response" + _err "Account registration error: $response" return 1 fi @@ -3816,7 +3816,7 @@ _regAccount() { _accUri="$(echo "$responseHeaders" | grep -i "^Location:" | _head_n 1 | cut -d ':' -f 2- | tr -d "\r\n ")" _debug "_accUri" "$_accUri" if [ -z "$_accUri" ]; then - _err "Can not find account id url." + _err "Cannot find account id url." _err "$responseHeaders" return 1 fi @@ -3831,7 +3831,7 @@ _regAccount() { _savecaconf CA_KEY_HASH "$CA_KEY_HASH" if [ "$code" = '403' ]; then - _err "It seems that the account key is already deactivated, please use a new account key." + _err "It seems that the account key has been deactivated, please use a new account key." return 1 fi @@ -3844,7 +3844,7 @@ updateaccount() { _initpath if [ ! -f "$ACCOUNT_KEY_PATH" ]; then - _err "Account key is not found at: $ACCOUNT_KEY_PATH" + _err "Account key not found at: $ACCOUNT_KEY_PATH" return 1 fi @@ -3852,8 +3852,7 @@ updateaccount() { _debug _accUri "$_accUri" if [ -z "$_accUri" ]; then - _err "The account url is empty, please run '--update-account' first to update the account info first," - _err "Then try again." + _err "The account URL is empty, please run '--update-account' first to update the account info, then try again." return 1 fi @@ -3876,7 +3875,7 @@ updateaccount() { echo "$response" >"$ACCOUNT_JSON_PATH" _info "Account update success for $_accUri." else - _info "Error. The account was not updated." + _info "An error occurred and the account was not updated." return 1 fi } @@ -3886,7 +3885,7 @@ deactivateaccount() { _initpath if [ ! -f "$ACCOUNT_KEY_PATH" ]; then - _err "Account key is not found at: $ACCOUNT_KEY_PATH" + _err "Account key not found at: $ACCOUNT_KEY_PATH" return 1 fi @@ -3894,8 +3893,7 @@ deactivateaccount() { _debug _accUri "$_accUri" if [ -z "$_accUri" ]; then - _err "The account url is empty, please run '--update-account' first to update the account info first," - _err "Then try again." + _err "The account URL is empty, please run '--update-account' first to update the account info, then try again." return 1 fi @@ -3907,13 +3905,13 @@ deactivateaccount() { _djson="{\"status\":\"deactivated\"}" if _send_signed_request "$_accUri" "$_djson" && _contains "$response" '"deactivated"'; then - _info "Deactivate account success for $_accUri." + _info "Successfully deactivated account $_accUri." _accid=$(echo "$response" | _egrep_o "\"id\" *: *[^,]*," | cut -d : -f 2 | tr -d ' ,') elif [ "$code" = "403" ]; then _info "The account is already deactivated." _accid=$(_getfield "$_accUri" "999" "/") else - _err "Deactivate: account failed for $_accUri." + _err "Account deactivation failed for $_accUri." return 1 fi @@ -3927,7 +3925,7 @@ deactivateaccount() { mv "$ACCOUNT_JSON_PATH" "$_deactivated_account_path/" mv "$ACCOUNT_KEY_PATH" "$_deactivated_account_path/" else - _err "Can not create dir: $_deactivated_account_path, try to remove the deactivated account key." + _err "Cannot create dir: $_deactivated_account_path, try to remove the deactivated account key." rm -f "$CA_CONF" rm -f "$ACCOUNT_JSON_PATH" rm -f "$ACCOUNT_KEY_PATH" @@ -3970,28 +3968,28 @@ __get_domain_new_authz() { _Max_new_authz_retry_times=5 _authz_i=0 while [ "$_authz_i" -lt "$_Max_new_authz_retry_times" ]; do - _debug "Try new-authz for the $_authz_i time." + _debug "Trying new-authz, attempt number $_authz_i." if ! _send_signed_request "${ACME_NEW_AUTHZ}" "{\"resource\": \"new-authz\", \"identifier\": {\"type\": \"dns\", \"value\": \"$(_idn "$_gdnd")\"}}"; then - _err "Can not get domain new authz." + _err "Cannot get new authz for domain." return 1 fi if _contains "$response" "No registration exists matching provided key"; then - _err "It seems there is an error, but it's recovered now, please try again." - _err "If you see this message for a second time, please report bug: $(__green "$PROJECT")" + _err "There has been an error, but it might now be resolved, please try again." + _err "If you see this message for a second time, please report this as a bug: $(__green "$PROJECT")" _clearcaconf "CA_KEY_HASH" break fi if ! _contains "$response" "An error occurred while processing your request"; then - _info "The new-authz request is ok." + _info "new-authz request successful." break fi _authz_i="$(_math "$_authz_i" + 1)" - _info "The server is busy, Sleep $_authz_i to retry." + _info "The server is busy, sleeping for $_authz_i seconds and retrying." _sleep "$_authz_i" done if [ "$_authz_i" = "$_Max_new_authz_retry_times" ]; then - _err "new-authz retry reach the max $_Max_new_authz_retry_times times." + _err "new-authz has been retried $_Max_new_authz_retry_times times, stopping." fi if [ "$code" ] && [ "$code" != '201' ]; then @@ -4047,7 +4045,7 @@ _ns_lookup_cf() { _ns_purge_cf() { _cf_d="$1" _cf_d_type="$2" - _debug "Cloudflare purge $_cf_d_type record for domain $_cf_d" + _debug "Purging Cloudflare $_cf_d_type record for domain $_cf_d" _cf_purl="https://cloudflare-dns.com/api/v1/purge?domain=$_cf_d&type=$_cf_d_type" response="$(_post "" "$_cf_purl")" _debug2 response "$response" @@ -4112,21 +4110,21 @@ _ns_lookup_dp() { _ns_select_doh() { if [ -z "$DOH_USE" ]; then - _debug "Detect dns server first." + _debug "Detecting DNS server first." if _ns_is_available_cf; then - _debug "Use cloudflare doh server" + _debug "Using Cloudflare doh server" export DOH_USE=$DOH_CLOUDFLARE elif _ns_is_available_google; then - _debug "Use google doh server" + _debug "Using Google DOH server" export DOH_USE=$DOH_GOOGLE elif _ns_is_available_ali; then - _debug "Use aliyun doh server" + _debug "Using Aliyun DOH server" export DOH_USE=$DOH_ALI elif _ns_is_available_dp; then - _debug "Use dns pod doh server" + _debug "Using DNS POD DOH server" export DOH_USE=$DOH_DP else - _err "No doh" + _err "No DOH" fi fi } @@ -4143,7 +4141,7 @@ _ns_lookup() { elif [ "$DOH_USE" = "$DOH_DP" ]; then _ns_lookup_dp "$@" else - _err "Unknown doh provider: DOH_USE=$DOH_USE" + _err "Unknown DOH provider: DOH_USE=$DOH_USE" fi } @@ -4169,7 +4167,7 @@ __purge_txt() { if [ "$DOH_USE" = "$DOH_CLOUDFLARE" ] || [ -z "$DOH_USE" ]; then _ns_purge_cf "$_p_txtdomain" "TXT" else - _debug "no purge api for this doh api, just sleep 5 secs" + _debug "No purge API for this DOH API, just sleeping for 5 seconds" _sleep 5 fi @@ -4200,17 +4198,17 @@ _check_dns_entries() { _debug "d_api" "$d_api" _info "Checking $d for $aliasDomain" if _contains "$_success_txt" ",$txt,"; then - _info "Already success, continue next one." + _info "Already succeeded, continuing." continue fi if __check_txt "$txtdomain" "$aliasDomain" "$txt"; then - _info "Domain $d '$aliasDomain' success." + _info "Success for domain $d '$aliasDomain'." _success_txt="$_success_txt,$txt," continue fi _left=1 - _info "Not valid yet, let's wait 10 seconds and check next one." + _info "Not valid yet, let's wait for 10 seconds then check the next one." __purge_txt "$txtdomain" if [ "$txtdomain" != "$aliasDomain" ]; then __purge_txt "$aliasDomain" @@ -4218,10 +4216,10 @@ _check_dns_entries() { _sleep 10 done if [ "$_left" ]; then - _info "Let's wait 10 seconds and check again". + _info "Let's wait for 10 seconds and check again". _sleep 10 else - _info "All success, let's return" + _info "All checks succeeded" return 0 fi done @@ -4337,14 +4335,14 @@ _convertValidaty() { elif _endswith "$_dateTo" "d"; then _v_end=$(_math "$_v_begin + 60 * 60 * 24 * $(echo "$_dateTo" | tr -d '+d')") else - _err "Not recognized format for _dateTo: $_dateTo" + _err "Unrecognized format for _dateTo: $_dateTo" return 1 fi _debug2 "_v_end" "$_v_end" _time2str "$_v_end" else if [ "$(_time)" -gt "$(_date2time "$_dateTo")" ]; then - _err "The validaty to is in the past: _dateTo = $_dateTo" + _err "The validity end date is in the past: _dateTo = $_dateTo" return 1 fi echo "$_dateTo" @@ -4408,7 +4406,7 @@ issue() { _valid_to_saved=$(_readdomainconf Le_Valid_to) if [ "$_valid_to_saved" ] && ! _startswith "$_valid_to_saved" "+"; then _info "The domain is set to be valid to: $_valid_to_saved" - _info "It can not be renewed automatically" + _info "It cannot be renewed automatically" _info "See: $_VALIDITY_WIKI" return $RENEW_SKIP fi @@ -4424,8 +4422,8 @@ issue() { if [ "$_normized_saved_domains" = "$_normized_domains" ]; then _info "Domains not changed." - _info "Skip, Next renewal time is: $(__green "$(_readdomainconf Le_NextRenewTimeStr)")" - _info "Add '$(__red '--force')' to force to renew." + _info "Skipping. Next renewal time is: $(__green "$(_readdomainconf Le_NextRenewTimeStr)")" + _info "Add '$(__red '--force')' to force renewal." return $RENEW_SKIP else _info "Domains have changed." @@ -4484,7 +4482,7 @@ issue() { return 1 fi else - _debug "_saved_account_key_hash is not changed, skip register account." + _debug "_saved_account_key_hash was not changed, skipping account registration." fi export Le_Next_Domain_Key="$CERT_KEY_PATH.next" @@ -4498,15 +4496,15 @@ issue() { if [ -z "$_key" ]; then _key=2048 fi - _debug "Read key length:$_key" + _debug "Read key length: $_key" if [ ! -f "$CERT_KEY_PATH" ] || [ "$_key_length" != "$_key" ] || [ "$Le_ForceNewDomainKey" = "1" ]; then if [ "$Le_ForceNewDomainKey" = "1" ] && [ -f "$Le_Next_Domain_Key" ]; then - _info "Using pre generated key: $Le_Next_Domain_Key" + _info "Using pre-generated key: $Le_Next_Domain_Key" cat "$Le_Next_Domain_Key" >"$CERT_KEY_PATH" echo "" >"$Le_Next_Domain_Key" else if ! createDomainKey "$_main_domain" "$_key_length"; then - _err "Create domain key error." + _err "Error creating domain key." _clearup _on_issue_err "$_post_hook" return 1 @@ -4514,18 +4512,18 @@ issue() { fi fi if [ "$Le_ForceNewDomainKey" ]; then - _info "Generate next pre-generate key." + _info "Generating next pre-generate key." if [ ! -e "$Le_Next_Domain_Key" ]; then touch "$Le_Next_Domain_Key" chmod 600 "$Le_Next_Domain_Key" fi if ! _createkey "$_key_length" "$Le_Next_Domain_Key"; then - _err "Can not pre generate domain key" + _err "Cannot pre-generate domain key" return 1 fi fi if ! _createcsr "$_main_domain" "$_alt_domains" "$CERT_KEY_PATH" "$CSR_PATH" "$DOMAIN_SSL_CONF"; then - _err "Create CSR error." + _err "Error creating CSR." _clearup _on_issue_err "$_post_hook" return 1 @@ -4561,7 +4559,7 @@ issue() { _debug2 "_valid_from" "$_valid_from" _notBefore="$(_convertValidaty "" "$_valid_from")" if [ "$?" != "0" ]; then - _err "Can not parse _valid_from: $_valid_from" + _err "Cannot parse _valid_from: $_valid_from" return 1 fi if [ "$(_time)" -gt "$(_date2time "$_notBefore")" ]; then @@ -4577,7 +4575,7 @@ issue() { _savedomainconf "Le_Valid_To" "$_valid_to" _notAfter="$(_convertValidaty "$_notBefore" "$_valid_to")" if [ "$?" != "0" ]; then - _err "Can not parse _valid_to: $_valid_to" + _err "Cannot parse _valid_to: $_valid_to" return 1 fi else @@ -4594,7 +4592,7 @@ issue() { fi _debug "STEP 1, Ordering a Certificate" if ! _send_signed_request "$ACME_NEW_ORDER" "$_newOrderObj}"; then - _err "Create new order error." + _err "Error creating new order." _clearup _on_issue_err "$_post_hook" return 1 @@ -4614,7 +4612,7 @@ issue() { Le_OrderFinalize="$(echo "$response" | _egrep_o '"finalize" *: *"[^"]*"' | cut -d '"' -f 4)" _debug Le_OrderFinalize "$Le_OrderFinalize" if [ -z "$Le_OrderFinalize" ]; then - _err "Create new order error. Le_OrderFinalize not found. $response" + _err "Error creating new order. Le_OrderFinalize not found. $response" _clearup _on_issue_err "$_post_hook" return 1 @@ -4638,7 +4636,7 @@ issue() { for _authz_url in $(echo "$_authorizations_seg" | tr ',' ' '); do _debug2 "_authz_url" "$_authz_url" if ! _send_signed_request "$_authz_url"; then - _err "get to authz error." + _err "Error getting authz." _err "_authorizations_seg" "$_authorizations_seg" _err "_authz_url" "$_authz_url" _err "$response" @@ -4711,7 +4709,7 @@ $_authorizations_map" response="$(echo "$_candidates" | sed "s/$_idn_d,//")" _debug2 "response" "$response" if [ -z "$response" ]; then - _err "get to authz error." + _err "Error getting authz." _err "_authorizations_map" "$_authorizations_map" _clearup _on_issue_err "$_post_hook" @@ -4735,10 +4733,10 @@ $_authorizations_map" _debug entry "$entry" if [ -z "$keyauthorization" -a -z "$entry" ]; then - _err "Error, can not get domain token entry $d for $vtype" + _err "Cannot get domain token entry $d for $vtype" _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')" if [ "$_supported_vtypes" ]; then - _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype" + _err "Supported validation types are: $_supported_vtypes, but you specified: $vtype" fi _clearup _on_issue_err "$_post_hook" @@ -4750,7 +4748,7 @@ $_authorizations_map" _debug token "$token" if [ -z "$token" ]; then - _err "Error, can not get domain token $entry" + _err "Cannot get domain token $entry" _clearup _on_issue_err "$_post_hook" return 1 @@ -4761,7 +4759,7 @@ $_authorizations_map" _debug uri "$uri" if [ -z "$uri" ]; then - _err "Error, can not get domain uri. $entry" + _err "Cannot get domain URI $entry" _clearup _on_issue_err "$_post_hook" return 1 @@ -4790,7 +4788,7 @@ $_authorizations_map" _authz_url=$(echo "$ventry" | cut -d "$sep" -f 6) _debug d "$d" if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then - _debug "$d is already verified, skip $vtype." + _debug "$d has already been verified, skipping $vtype." _alias_index="$(_math "$_alias_index" + 1)" continue fi @@ -4827,37 +4825,37 @@ $_authorizations_map" dns_entry="$dns_entry$dvsep$txt${dvsep}$d_api" _debug2 dns_entry "$dns_entry" if [ "$d_api" ]; then - _debug "Found domain api file: $d_api" + _debug "Found domain API file: $d_api" else if [ "$_currentRoot" != "$W_DNS" ]; then - _err "Can not find dns api hook for: $_currentRoot" - _info "You need to add the txt record manually." + _err "Cannot find DNS API hook for: $_currentRoot" + _info "You need to add the TXT record manually." fi _info "$(__red "Add the following TXT record:")" _info "$(__red "Domain: '$(__green "$txtdomain")'")" _info "$(__red "TXT value: '$(__green "$txt")'")" - _info "$(__red "Please be aware that you prepend _acme-challenge. before your domain")" - _info "$(__red "so the resulting subdomain will be: $txtdomain")" + _info "$(__red "Please make sure to prepend '_acme-challenge.' to your domain")" + _info "$(__red "so that the resulting subdomain is: $txtdomain")" continue fi ( if ! . "$d_api"; then - _err "Load file $d_api error. Please check your api file and try again." + _err "Error loading file $d_api. Please check your API file and try again." return 1 fi addcommand="${_currentRoot}_add" if ! _exists "$addcommand"; then - _err "It seems that your api file is not correct, it must have a function named: $addcommand" + _err "It seems that your API file is incorrect. Make sure it has a function named: $addcommand" return 1 fi - _info "Adding txt value: $txt for domain: $txtdomain" + _info "Adding TXT value: $txt for domain: $txtdomain" if ! $addcommand "$txtdomain" "$txt"; then - _err "Error add txt for domain:$txtdomain" + _err "Error adding TXT record to domain: $txtdomain" return 1 fi - _info "The txt record is added: Success." + _info "The TXT record has been successfully added." ) if [ "$?" != "0" ]; then @@ -4874,7 +4872,7 @@ $_authorizations_map" if [ "$dnsadded" = '0' ]; then _savedomainconf "Le_Vlist" "$vlist" - _debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit." + _debug "DNS record not yet added. Will save to $DOMAIN_CONF and exit." _err "Please add the TXT records to the domains, and re-run with --renew." _on_issue_err "$_post_hook" _clearup @@ -4887,23 +4885,23 @@ $_authorizations_map" if [ "$dns_entries" ]; then if [ -z "$Le_DNSSleep" ]; then - _info "Let's check each DNS record now. Sleep 20 seconds first." + _info "Let's check each DNS record now. Sleeping for 20 seconds first." _sleep 20 if ! _check_dns_entries; then - _err "check dns error." + _err "Error checking DNS." _on_issue_err "$_post_hook" _clearup return 1 fi else _savedomainconf "Le_DNSSleep" "$Le_DNSSleep" - _info "Sleep $(__green $Le_DNSSleep) seconds for the txt records to take effect" + _info "Sleeping for $(__green $Le_DNSSleep) seconds to wait for the the TXT records to take effect" _sleep "$Le_DNSSleep" fi fi NGINX_RESTORE_VLIST="" - _debug "ok, let's start to verify" + _debug "OK, let's start verification" _ncIndex=1 ventries=$(echo "$vlist" | tr "$dvsep" ' ') @@ -4915,7 +4913,7 @@ $_authorizations_map" _currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5) _authz_url=$(echo "$ventry" | cut -d "$sep" -f 6) if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then - _info "$d is already verified, skip $vtype." + _info "$d is already verified, skipping $vtype." continue fi @@ -4943,10 +4941,10 @@ $_authorizations_map" sleep 1 _debug serverproc "$serverproc" elif [ "$_currentRoot" = "$MODE_STATELESS" ]; then - _info "Stateless mode for domain:$d" + _info "Stateless mode for domain: $d" _sleep 1 elif _startswith "$_currentRoot" "$NGINX"; then - _info "Nginx mode for domain:$d" + _info "Nginx mode for domain: $d" #set up nginx server FOUND_REAL_NGINX_CONF="" BACKUP_NGINX_CONF="" @@ -4979,26 +4977,26 @@ $_authorizations_map" _debug wellknown_path "$wellknown_path" - _debug "writing token:$token to $wellknown_path/$token" + _debug "Writing token: $token to $wellknown_path/$token" mkdir -p "$wellknown_path" if ! printf "%s" "$keyauthorization" >"$wellknown_path/$token"; then - _err "$d:Can not write token to file : $wellknown_path/$token" + _err "$d: Cannot write token to file: $wellknown_path/$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" return 1 fi if ! chmod a+r "$wellknown_path/$token"; then - _debug "chmod failed, but we just continue." + _debug "chmod failed, will just continue." fi fi elif [ "$vtype" = "$VTYPE_ALPN" ]; then acmevalidationv1="$(printf "%s" "$keyauthorization" | _digest "sha256" "hex")" _debug acmevalidationv1 "$acmevalidationv1" if ! _starttlsserver "$d" "" "$Le_TLSPort" "$keyauthorization" "$_ncaddr" "$acmevalidationv1"; then - _err "Start tls server error." + _err "Error starting TLS server." _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" @@ -5007,7 +5005,7 @@ $_authorizations_map" fi if ! __trigger_validation "$uri" "$keyauthorization" "$vtype"; then - _err "$d:Can not get challenge: $response" + _err "$d: Cannot get challenge: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" @@ -5016,9 +5014,9 @@ $_authorizations_map" if [ "$code" ] && [ "$code" != '202' ]; then if [ "$code" = '200' ]; then - _debug "trigger validation code: $code" + _debug "Trigger validation code: $code" else - _err "$d:Challenge error: $response" + _err "$d: Challenge error: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" @@ -5031,11 +5029,11 @@ $_authorizations_map" MAX_RETRY_TIMES=30 fi - _debug "Lets check the status of the authz" + _debug "Let's check the authz status" while true; do waittimes=$(_math "$waittimes" + 1) if [ "$waittimes" -ge "$MAX_RETRY_TIMES" ]; then - _err "$d:Timeout" + _err "$d: Timeout" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" @@ -5055,13 +5053,13 @@ $_authorizations_map" errordetail="$(echo "$error" | _egrep_o '"detail": *"[^"]*' | cut -d '"' -f 4)" _debug2 errordetail "$errordetail" if [ "$errordetail" ]; then - _err "Invalid status, $d:Verify error detail:$errordetail" + _err "$d: Invalid status. Verification error details: $errordetail" else - _err "Invalid status, $d:Verify error:$error" + _err "$d: Invalid status, Verification error: $error" fi if [ "$DEBUG" ]; then if [ "$vtype" = "$VTYPE_HTTP" ]; then - _debug "Debug: get token url." + _debug "Debug: GET token URL." _get "http://$d/.well-known/acme-challenge/$token" "" 1 fi fi @@ -5080,24 +5078,24 @@ $_authorizations_map" fi if _contains "$status" "pending"; then - _info "Pending, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)" + _info "Pending. The CA is processing your order, please wait. ($waittimes/$MAX_RETRY_TIMES)" elif _contains "$status" "processing"; then - _info "Processing, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)" + _info "Processing. The CA is processing your order, please wait. ($waittimes/$MAX_RETRY_TIMES)" else - _err "Unknown status: $status, $d:Verify error:$response" + _err "$d: Unknown status: $status. Verification error: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" return 1 fi - _debug "sleep 2 secs to verify again" + _debug "Sleep 2 seconds before verifying again" _sleep 2 - _debug "checking" + _debug "Checking" _send_signed_request "$_authz_url" if [ "$?" != "0" ]; then - _err "Invalid code, $d:Verify error:$response" + _err "$d: Invalid code. Verification error: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup _on_issue_err "$_post_hook" "$vlist" @@ -5108,18 +5106,18 @@ $_authorizations_map" done _clearup - _info "Verify finished, start to sign." + _info "Verification finished, beginning signing." der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)" - _info "Lets finalize the order." + _info "Let's finalize the order." _info "Le_OrderFinalize" "$Le_OrderFinalize" if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then - _err "Sign failed." + _err "Signing failed." _on_issue_err "$_post_hook" return 1 fi if [ "$code" != "200" ]; then - _err "Sign failed, finalize code is not 200." + _err "Signing failed. Finalize code was not 200." _err "$response" _on_issue_err "$_post_hook" return 1 @@ -5138,38 +5136,38 @@ $_authorizations_map" Le_LinkCert="$(echo "$response" | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)" _debug Le_LinkCert "$Le_LinkCert" if [ -z "$Le_LinkCert" ]; then - _err "Sign error, can not find Le_LinkCert" + _err "A signing error occurred: could not find Le_LinkCert" _err "$response" _on_issue_err "$_post_hook" return 1 fi break elif _contains "$response" "\"processing\""; then - _info "Order status is processing, lets sleep and retry." + _info "Order status is 'processing', let's sleep and retry." _retryafter=$(echo "$responseHeaders" | grep -i "^Retry-After *:" | cut -d : -f 2 | tr -d ' ' | tr -d '\r') _debug "_retryafter" "$_retryafter" if [ "$_retryafter" ]; then - _info "Retry after: $_retryafter" + _info "Sleeping for $_retryafter seconds then retrying" _sleep $_retryafter else _sleep 2 fi else - _err "Sign error, wrong status" + _err "Signing error: wrong status" _err "$response" _on_issue_err "$_post_hook" return 1 fi #the order is processing, so we are going to poll order status if [ -z "$Le_LinkOrder" ]; then - _err "Sign error, can not get order link location header" + _err "Signing error: could not get order link location header" _err "responseHeaders" "$responseHeaders" _on_issue_err "$_post_hook" return 1 fi _info "Polling order status: $Le_LinkOrder" if ! _send_signed_request "$Le_LinkOrder"; then - _err "Sign failed, can not post to Le_LinkOrder cert:$Le_LinkOrder." + _err "Signing failed. Could not make POST request to Le_LinkOrder for cert: $Le_LinkOrder." _err "$response" _on_issue_err "$_post_hook" return 1 @@ -5178,7 +5176,7 @@ $_authorizations_map" done if [ -z "$Le_LinkCert" ]; then - _err "Sign failed, can not get Le_LinkCert, retry time limit." + _err "Signing failed. Could not get Le_LinkCert, and stopped retrying after reaching the retry limit." _err "$response" _on_issue_err "$_post_hook" return 1 @@ -5186,7 +5184,7 @@ $_authorizations_map" _info "Downloading cert." _info "Le_LinkCert" "$Le_LinkCert" if ! _send_signed_request "$Le_LinkCert"; then - _err "Sign failed, can not download cert:$Le_LinkCert." + _err "Signing failed. Could not download cert: $Le_LinkCert." _err "$response" _on_issue_err "$_post_hook" return 1 @@ -5199,15 +5197,15 @@ $_authorizations_map" fi if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then if [ "$DEBUG" ]; then - _debug "default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")" + _debug "Default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")" fi if ! _match_issuer "$CERT_FULLCHAIN_PATH" "$_preferred_chain"; then rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)" _debug2 "rels" "$rels" for rel in $rels; do - _info "Try rel: $rel" + _info "Trying rel: $rel" if ! _send_signed_request "$rel"; then - _err "Sign failed, can not download cert:$rel" + _err "Signing failed, could not download cert: $rel" _err "$response" continue fi @@ -5241,7 +5239,7 @@ $_authorizations_map" if [ -z "$Le_LinkCert" ] || ! _checkcert "$CERT_PATH"; then response="$(echo "$response" | _dbase64 "multiline" | tr -d '\0' | _normalizeJson)" - _err "Sign failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')" + _err "Signing failed: $(echo "$response" | _egrep_o '"detail":"[^"]*"')" _on_issue_err "$_post_hook" return 1 fi @@ -5263,9 +5261,9 @@ $_authorizations_map" fi [ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in: $(__green "$CA_CERT_PATH")" - [ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green "$CERT_FULLCHAIN_PATH")" + [ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full-chain cert is in: $(__green "$CERT_FULLCHAIN_PATH")" if [ "$Le_ForceNewDomainKey" ] && [ -e "$Le_Next_Domain_Key" ]; then - _info "Your pre-generated next key for future cert key change is in: $(__green "$Le_Next_Domain_Key")" + _info "Your pre-generated key for future cert key changes is in: $(__green "$Le_Next_Domain_Key")" fi Le_CertCreateTime=$(_time) @@ -5315,8 +5313,8 @@ $_authorizations_map" Le_NextRenewTime=$(_date2time "$_notAfter") Le_NextRenewTimeStr="$_notAfter" if [ "$_valid_to" ] && ! _startswith "$_valid_to" "+"; then - _info "The domain is set to be valid to: $_valid_to" - _info "It can not be renewed automatically" + _info "The domain is set to be valid until: $_valid_to" + _info "It cannot be renewed automatically" _info "See: $_VALIDITY_WIKI" else _now=$(_time) @@ -5359,7 +5357,7 @@ $_authorizations_map" fi if ! _on_issue_success "$_post_hook" "$_renew_hook"; then - _err "Call hook error." + _err "Error calling hook." return 1 fi } @@ -5395,9 +5393,9 @@ renew() { _initpath "$Le_Domain" "$_isEcc" _set_level=${NOTIFY_LEVEL:-$NOTIFY_LEVEL_DEFAULT} - _info "$(__green "Renew: '$Le_Domain'")" + _info "$(__green "Renewing: '$Le_Domain'")" if [ ! -f "$DOMAIN_CONF" ]; then - _info "'$Le_Domain' is not an issued domain, skip." + _info "'$Le_Domain' is not an issued domain, skipping." return $RENEW_SKIP fi @@ -5426,7 +5424,7 @@ renew() { if [ "$_server" ]; then Le_API="$_server" fi - _info "Renew to Le_API=$Le_API" + _info "Renewing using Le_API=$Le_API" _clearAPI _clearCA @@ -5437,8 +5435,8 @@ renew() { _initpath "$Le_Domain" "$_isEcc" if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then - _info "Skip, Next renewal time is: $(__green "$Le_NextRenewTimeStr")" - _info "Add '$(__red '--force')' to force to renew." + _info "Skipping. Next renewal time is: $(__green "$Le_NextRenewTimeStr")" + _info "Add '$(__red '--force')' to force renewal." if [ -z "$_ACME_IN_RENEWALL" ]; then if [ $_set_level -ge $NOTIFY_LEVEL_SKIP ]; then _send_notify "Renew $Le_Domain skipped" "Good, the cert is skipped." "$NOTIFY_HOOK" "$RENEW_SKIP" @@ -5448,7 +5446,7 @@ renew() { fi if [ "$_ACME_IN_CRON" = "1" ] && [ -z "$Le_CertCreateTime" ]; then - _info "Skip invalid cert for: $Le_Domain" + _info "Skipping invalid cert for: $Le_Domain" return $RENEW_SKIP fi @@ -5514,7 +5512,7 @@ renewAll() { for di in "${CERT_HOME}"/*.*/; do _debug di "$di" if ! [ -d "$di" ]; then - _debug "Not a directory, skip: $di" + _debug "Not a directory, skipping: $di" continue fi d=$(basename "$di") @@ -5572,12 +5570,12 @@ renewAll() { _error_msg="${_error_msg} $d " if [ "$_stopRenewOnError" ]; then - _err "Error renew $d, stop now." + _err "Error renewing $d, stopping." _ret="$rc" break else _ret="$rc" - _err "Error renew $d." + _err "Error renewing $d." fi fi done @@ -5588,13 +5586,13 @@ renewAll() { _msg_subject="Renew" if [ "$_error_msg" ]; then _msg_subject="${_msg_subject} Error" - _msg_data="Error certs: + _msg_data="Errored certs: ${_error_msg} " fi if [ "$_success_msg" ]; then _msg_subject="${_msg_subject} Success" - _msg_data="${_msg_data}Success certs: + _msg_data="${_msg_data}Successful certs: ${_success_msg} " fi @@ -5635,18 +5633,18 @@ signcsr() { _csrsubj=$(_readSubjectFromCSR "$_csrfile") if [ "$?" != "0" ]; then - _err "Can not read subject from csr: $_csrfile" + _err "Cannot read subject from CSR: $_csrfile" return 1 fi _debug _csrsubj "$_csrsubj" if _contains "$_csrsubj" ' ' || ! _contains "$_csrsubj" '.'; then - _info "It seems that the subject: $_csrsubj is not a valid domain name. Drop it." + _info "It seems that the subject $_csrsubj is not a valid domain name. Dropping it." _csrsubj="" fi _csrdomainlist=$(_readSubjectAltNamesFromCSR "$_csrfile") if [ "$?" != "0" ]; then - _err "Can not read domain list from csr: $_csrfile" + _err "Cannot read domain list from CSR: $_csrfile" return 1 fi _debug "_csrdomainlist" "$_csrdomainlist" @@ -5659,20 +5657,20 @@ signcsr() { fi if [ -z "$_csrsubj" ]; then - _err "Can not read subject from csr: $_csrfile" + _err "Cannot read subject from CSR: $_csrfile" return 1 fi _csrkeylength=$(_readKeyLengthFromCSR "$_csrfile") if [ "$?" != "0" ] || [ -z "$_csrkeylength" ]; then - _err "Can not read key length from csr: $_csrfile" + _err "Cannot read key length from CSR: $_csrfile" return 1 fi _initpath "$_csrsubj" "$_csrkeylength" mkdir -p "$DOMAIN_PATH" - _info "Copy csr to: $CSR_PATH" + _info "Copying CSR to: $CSR_PATH" cp "$_csrfile" "$CSR_PATH" issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" "$_preferred_chain" @@ -5691,18 +5689,18 @@ showcsr() { _csrsubj=$(_readSubjectFromCSR "$_csrfile") if [ "$?" != "0" ]; then - _err "Can not read subject from csr: $_csrfile" + _err "Cannot read subject from CSR: $_csrfile" return 1 fi if [ -z "$_csrsubj" ]; then - _info "The Subject is empty" + _info "The subject is empty" fi _info "Subject=$_csrsubj" _csrdomainlist=$(_readSubjectAltNamesFromCSR "$_csrfile") if [ "$?" != "0" ]; then - _err "Can not read domain list from csr: $_csrfile" + _err "Cannot read domain list from CSR: $_csrfile" return 1 fi _debug "_csrdomainlist" "$_csrdomainlist" @@ -5711,7 +5709,7 @@ showcsr() { _csrkeylength=$(_readKeyLengthFromCSR "$_csrfile") if [ "$?" != "0" ] || [ -z "$_csrkeylength" ]; then - _err "Can not read key length from csr: $_csrfile" + _err "Cannot read key length from CSR: $_csrfile" return 1 fi _info "KeyLength=$_csrkeylength" @@ -5767,29 +5765,29 @@ _deploy() { for _d_api in $(echo "$_hooks" | tr ',' " "); do _deployApi="$(_findHook "$_d" $_SUB_FOLDER_DEPLOY "$_d_api")" if [ -z "$_deployApi" ]; then - _err "The deploy hook $_d_api is not found." + _err "The deploy hook $_d_api was not found." return 1 fi _debug _deployApi "$_deployApi" if ! ( if ! . "$_deployApi"; then - _err "Load file $_deployApi error. Please check your api file and try again." + _err "Error loading file $_deployApi. Please check your API file and try again." return 1 fi d_command="${_d_api}_deploy" if ! _exists "$d_command"; then - _err "It seems that your api file is not correct, it must have a function named: $d_command" + _err "It seems that your API file is not correct. Make sure it has a function named: $d_command" return 1 fi if ! $d_command "$_d" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH"; then - _err "Error deploy for domain:$_d" + _err "Error deploying for domain: $_d" return 1 fi ); then - _err "Deploy error." + _err "Error encountered while deploying." return 1 else _info "$(__green Success)" @@ -5810,7 +5808,7 @@ deploy() { _initpath "$_d" "$_isEcc" if [ ! -d "$DOMAIN_PATH" ]; then _err "The domain '$_d' is not a cert name. You must use the cert name to specify the cert to install." - _err "Can not find path:'$DOMAIN_PATH'" + _err "Cannot find path: '$DOMAIN_PATH'" return 1 fi @@ -5839,7 +5837,7 @@ installcert() { _initpath "$_main_domain" "$_isEcc" if [ ! -d "$DOMAIN_PATH" ]; then _err "The domain '$_main_domain' is not a cert name. You must use the cert name to specify the cert to install." - _err "Can not find path:'$DOMAIN_PATH'" + _err "Cannot find path: '$DOMAIN_PATH'" return 1 fi @@ -5934,7 +5932,7 @@ _installcert() { fi if [ "$_reload_cmd" ]; then - _info "Run reload cmd: $_reload_cmd" + _info "Running reload cmd: $_reload_cmd" if ( export CERT_PATH export CERT_KEY_PATH @@ -5945,9 +5943,9 @@ _installcert() { export Le_Next_Domain_Key cd "$DOMAIN_PATH" && eval "$_reload_cmd" ); then - _info "$(__green "Reload success")" + _info "$(__green "Reload successful")" else - _err "Reload error for :$Le_Domain" + _err "Reload error for: $Le_Domain" fi fi @@ -5975,25 +5973,25 @@ _install_win_taskscheduler() { return 1 fi if ! _exists schtasks; then - _err "schtasks.exe is not found, are you on Windows?" + _err "schtasks.exe was not found, are you on Windows?" return 1 fi _winbash="$(cygpath -w $(which bash))" _debug _winbash "$_winbash" if [ -z "$_winbash" ]; then - _err "can not find bash path" + _err "Cannot find bash path" return 1 fi _myname="$(whoami)" _debug "_myname" "$_myname" if [ -z "$_myname" ]; then - _err "can not find my user name" + _err "Can not find own username" return 1 fi _debug "_lesh" "$_lesh" - _info "To install scheduler task in your Windows account, you must input your windows password." - _info "$PROJECT_NAME doesn't save your password." + _info "To install the scheduler task to your Windows account, you must input your Windows password." + _info "$PROJECT_NAME will not save your password." _info "Please input your Windows password for: $(__green "$_myname")" _password="$(__read_password)" #SCHTASKS.exe '/create' '/SC' 'DAILY' '/TN' "$_WINDOWS_SCHEDULER_NAME" '/F' '/ST' "00:$_randomminute" '/RU' "$_myname" '/RP' "$_password" '/TR' "$_winbash -l -c '$_lesh --cron --home \"$LE_WORKING_DIR\" $_centry'" >/dev/null @@ -6004,11 +6002,11 @@ _install_win_taskscheduler() { _uninstall_win_taskscheduler() { if ! _exists schtasks; then - _err "schtasks.exe is not found, are you on Windows?" + _err "schtasks.exe was not found, are you on Windows?" return 1 fi if ! echo SCHTASKS /query /tn "$_WINDOWS_SCHEDULER_NAME" | cmd.exe >/dev/null; then - _debug "scheduler $_WINDOWS_SCHEDULER_NAME is not found." + _debug "scheduler $_WINDOWS_SCHEDULER_NAME was not found." else _info "Removing $_WINDOWS_SCHEDULER_NAME" echo SCHTASKS /delete /f /tn "$_WINDOWS_SCHEDULER_NAME" | cmd.exe >/dev/null @@ -6027,10 +6025,10 @@ installcronjob() { _script="$(_readlink "$_SCRIPT_")" _debug _script "$_script" if [ -f "$_script" ]; then - _info "Using the current script from: $_script" + _info "Usinging the current script from: $_script" lesh="$_script" else - _err "Can not install cronjob, $PROJECT_ENTRY not found." + _err "Cannot install cronjob, $PROJECT_ENTRY not found." return 1 fi fi @@ -6047,18 +6045,18 @@ installcronjob() { if ! _exists "$_CRONTAB"; then if _exists cygpath && _exists schtasks.exe; then - _info "It seems you are on Windows, let's install Windows scheduler task." + _info "It seems you are on Windows, let's install the Windows scheduler task." if _install_win_taskscheduler "$lesh" "$_c_entry" "$random_minute"; then - _info "Install Windows scheduler task success." + _info "Successfully installed Windows scheduler task." return 0 else - _err "Install Windows scheduler task failed." + _err "Failed to install Windows scheduler task." return 1 fi fi - _err "crontab/fcrontab doesn't exist, so, we can not install cron jobs." - _err "All your certs will not be renewed automatically." - _err "You must add your own cron job to call '$PROJECT_ENTRY --cron' everyday." + _err "crontab/fcrontab doesn't exist, so we cannot install cron jobs." + _err "Your certs will not be renewed automatically." + _err "You must add your own cron job to call '$PROJECT_ENTRY --cron' every day." return 1 fi _info "Installing cron job" @@ -6074,8 +6072,8 @@ installcronjob() { } | $_CRONTAB_STDIN fi if [ "$?" != "0" ]; then - _err "Install cron job failed. You need to manually renew your certs." - _err "Or you can add cronjob by yourself:" + _err "Failed to install cron job. You need to manually renew your certs." + _err "Alternatively, you can add a cron job by yourself:" _err "$lesh --cron --home \"$LE_WORKING_DIR\" > /dev/null" return 1 fi @@ -6089,12 +6087,12 @@ uninstallcronjob() { if ! _exists "$_CRONTAB"; then if _exists cygpath && _exists schtasks.exe; then - _info "It seems you are on Windows, let's uninstall Windows scheduler task." + _info "It seems you are on Windows, let's uninstall the Windows scheduler task." if _uninstall_win_taskscheduler; then - _info "Uninstall Windows scheduler task success." + _info "Successfully uninstalled Windows scheduler task." return 0 else - _err "Uninstall Windows scheduler task failed." + _err "Failed to uninstall Windows scheduler task." return 1 fi fi @@ -6134,12 +6132,12 @@ revoke() { fi _initpath "$Le_Domain" "$_isEcc" if [ ! -f "$DOMAIN_CONF" ]; then - _err "$Le_Domain is not a issued domain, skip." + _err "$Le_Domain is not an issued domain, skipping." return 1 fi if [ ! -f "$CERT_PATH" ]; then - _err "Cert for $Le_Domain $CERT_PATH is not found, skip." + _err "Cert for $Le_Domain $CERT_PATH was not found, skipping." return 1 fi @@ -6163,7 +6161,7 @@ revoke() { cert="$(_getfile "${CERT_PATH}" "${BEGIN_CERT}" "${END_CERT}" | tr -d "\r\n" | _url_replace)" if [ -z "$cert" ]; then - _err "Cert for $Le_Domain is empty found, skip." + _err "Cert for $Le_Domain is empty, skipping." return 1 fi @@ -6173,31 +6171,31 @@ revoke() { uri="${ACME_REVOKE_CERT}" - _info "Try account key first." + _info "Trying account key first." if _send_signed_request "$uri" "$data" "" "$ACCOUNT_KEY_PATH"; then if [ -z "$response" ]; then - _info "Revoke success." + _info "Successfully revoked." rm -f "$CERT_PATH" cat "$CERT_KEY_PATH" >"$CERT_KEY_PATH.revoked" cat "$CSR_PATH" >"$CSR_PATH.revoked" return 0 else - _err "Revoke error." + _err "Error revoking." _debug "$response" fi fi if [ -f "$CERT_KEY_PATH" ]; then - _info "Try domain key." + _info "Trying domain key." if _send_signed_request "$uri" "$data" "" "$CERT_KEY_PATH"; then if [ -z "$response" ]; then - _info "Revoke success." + _info "Successfully revoked." rm -f "$CERT_PATH" cat "$CERT_KEY_PATH" >"$CERT_KEY_PATH.revoked" cat "$CSR_PATH" >"$CSR_PATH.revoked" return 0 else - _err "Revoke error by domain key." + _err "Error revoking using domain key." _err "$response" fi fi @@ -6221,19 +6219,19 @@ remove() { _removed_conf="$DOMAIN_CONF.removed" if [ ! -f "$DOMAIN_CONF" ]; then if [ -f "$_removed_conf" ]; then - _err "$Le_Domain is already removed, You can remove the folder by yourself: $DOMAIN_PATH" + _err "$Le_Domain has already been removed. You can remove the folder by yourself: $DOMAIN_PATH" else - _err "$Le_Domain is not a issued domain, skip." + _err "$Le_Domain is not an issued domain, skipping." fi return 1 fi if mv "$DOMAIN_CONF" "$_removed_conf"; then - _info "$Le_Domain is removed, the key and cert files are in $(__green $DOMAIN_PATH)" + _info "$Le_Domain has been removed. The key and cert files are in $(__green $DOMAIN_PATH)" _info "You can remove them by yourself." return 0 else - _err "Remove $Le_Domain failed." + _err "Failed to remove $Le_Domain." return 1 fi } @@ -6263,7 +6261,7 @@ _deactivate() { _identifiers="{\"type\":\"$(_getIdType "$_d_domain")\",\"value\":\"$_d_domain\"}" if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then - _err "Can not get domain new order." + _err "Cannot get new order for domain." return 1 fi _authorizations_seg="$(echo "$response" | _egrep_o '"authorizations" *: *\[[^\]*\]' | cut -d '[' -f 2 | tr -d ']' | tr -d '"')" @@ -6278,7 +6276,7 @@ _deactivate() { authzUri="$_authorizations_seg" _debug2 "authzUri" "$authzUri" if ! _send_signed_request "$authzUri"; then - _err "get to authz error." + _err "Error making GET request for authz." _err "_authorizations_seg" "$_authorizations_seg" _err "authzUri" "$authzUri" _clearup @@ -6301,7 +6299,7 @@ _deactivate() { entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" _debug entry "$entry" if [ -z "$entry" ]; then - _err "Error, can not get domain token $d" + _err "$d: Cannot get domain token" return 1 fi token="$(echo "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')" @@ -6319,13 +6317,13 @@ _deactivate() { _d_i=0 _d_max_retry=$(echo "$entries" | wc -l) while [ "$_d_i" -lt "$_d_max_retry" ]; do - _info "Deactivate: $_d_domain" + _info "Deactivating $_d_domain" _d_i="$(_math $_d_i + 1)" entry="$(echo "$entries" | sed -n "${_d_i}p")" _debug entry "$entry" if [ -z "$entry" ]; then - _info "No more valid entry found." + _info "No more valid entries found." break fi @@ -6337,27 +6335,27 @@ _deactivate() { _debug uri "$uri" if [ "$_d_type" ] && [ "$_d_type" != "$_vtype" ]; then - _info "Skip $_vtype" + _info "Skipping $_vtype" continue fi - _info "Deactivate: $_vtype" + _info "Deactivating $_vtype" _djson="{\"status\":\"deactivated\"}" if _send_signed_request "$authzUri" "$_djson" && _contains "$response" '"deactivated"'; then - _info "Deactivate: $_vtype success." + _info "Successfully deactivated $_vtype." else - _err "Can not deactivate $_vtype." + _err "Could not deactivate $_vtype." break fi done _debug "$_d_i" if [ "$_d_i" -eq "$_d_max_retry" ]; then - _info "Deactivated success!" + _info "Successfully deactivated!" else - _err "Deactivate failed." + _err "Deactivation failed." fi } @@ -6438,17 +6436,17 @@ _precheck() { _nocron="$1" if ! _exists "curl" && ! _exists "wget"; then - _err "Please install curl or wget first, we need to access http resources." + _err "Please install curl or wget first to enable access to HTTP resources." return 1 fi if [ -z "$_nocron" ]; then if ! _exists "crontab" && ! _exists "fcrontab"; then if _exists cygpath && _exists schtasks.exe; then - _info "It seems you are on Windows, we will install Windows scheduler task." + _info "It seems you are on Windows, we will install the Windows scheduler task." else - _err "It is recommended to install crontab first. try to install 'cron, crontab, crontabs or vixie-cron'." - _err "We need to set cron job to renew the certs automatically." + _err "It is recommended to install crontab first. Try to install 'cron', 'crontab', 'crontabs' or 'vixie-cron'." + _err "We need to set a cron job to renew the certs automatically." _err "Otherwise, your certs will not be able to be renewed automatically." if [ -z "$FORCE" ]; then _err "Please add '--force' and try install again to go without crontab." @@ -6467,8 +6465,8 @@ _precheck() { if ! _exists "socat"; then _err "It is recommended to install socat first." - _err "We use socat for standalone server if you use standalone mode." - _err "If you don't use standalone mode, just ignore this warning." + _err "We use socat for the standalone server, which is used for standalone mode." + _err "If you don't want to use standalone mode, you may ignore this warning." fi return 0 @@ -6516,9 +6514,9 @@ _installalias() { _debug "Found profile: $_profile" _info "Installing alias to '$_profile'" _setopt "$_profile" ". \"$_envfile\"" - _info "OK, Close and reopen your terminal to start using $PROJECT_NAME" + _info "Close and reopen your terminal to start using $PROJECT_NAME" else - _info "No profile is found, you will need to go into $LE_WORKING_DIR to use $PROJECT_NAME" + _info "No profile has been found, you will need to change your working directory to $LE_WORKING_DIR to use $PROJECT_NAME" fi #for csh @@ -6567,12 +6565,12 @@ install() { return 1 fi if [ "$_nocron" ]; then - _debug "Skip install cron job" + _debug "Skipping cron job installation" fi if [ "$_ACME_IN_CRON" != "1" ]; then if ! _precheck "$_nocron"; then - _err "Pre-check failed, can not install." + _err "Pre-check failed, cannot install." return 1 fi fi @@ -6602,7 +6600,7 @@ install() { if [ ! -d "$LE_WORKING_DIR" ]; then if ! mkdir -p "$LE_WORKING_DIR"; then - _err "Can not create working dir: $LE_WORKING_DIR" + _err "Cannot create working dir: $LE_WORKING_DIR" return 1 fi @@ -6611,7 +6609,7 @@ install() { if [ ! -d "$LE_CONFIG_HOME" ]; then if ! mkdir -p "$LE_CONFIG_HOME"; then - _err "Can not create config dir: $LE_CONFIG_HOME" + _err "Cannot create config dir: $LE_CONFIG_HOME" return 1 fi @@ -6621,7 +6619,7 @@ install() { cp "$PROJECT_ENTRY" "$LE_WORKING_DIR/" && chmod +x "$LE_WORKING_DIR/$PROJECT_ENTRY" if [ "$?" != "0" ]; then - _err "Install failed, can not copy $PROJECT_ENTRY" + _err "Installation failed, cannot copy $PROJECT_ENTRY" return 1 fi @@ -6667,7 +6665,7 @@ install() { fi fi if [ "$_bash_path" ]; then - _info "Good, bash is found, so change the shebang to use bash as preferred." + _info "bash has been found. Changing the shebang to use bash as preferred." _shebang='#!'"$_bash_path" _setShebang "$LE_WORKING_DIR/$PROJECT_ENTRY" "$_shebang" for subf in $_SUB_FOLDERS; do @@ -6698,7 +6696,7 @@ uninstall() { _uninstallalias rm -f "$LE_WORKING_DIR/$PROJECT_ENTRY" - _info "The keys and certs are in \"$(__green "$LE_CONFIG_HOME")\", you can remove them by yourself." + _info "The keys and certs are in \"$(__green "$LE_CONFIG_HOME")\". You can remove them by yourself." } @@ -6736,7 +6734,7 @@ cron() { export LE_WORKING_DIR ( if ! upgrade; then - _err "Cron:Upgrade failed!" + _err "Cron: Upgrade failed!" return 1 fi ) @@ -6746,7 +6744,7 @@ cron() { __INTERACTIVE="1" fi - _info "Auto upgraded to: $VER" + _info "Automatically upgraded to: $VER" fi renewAll _ret="$?" @@ -6768,12 +6766,12 @@ _send_notify() { _nerror="$4" if [ "$NOTIFY_LEVEL" = "$NOTIFY_LEVEL_DISABLE" ]; then - _debug "The NOTIFY_LEVEL is $NOTIFY_LEVEL, disabled, just return." + _debug "The NOTIFY_LEVEL is $NOTIFY_LEVEL, which means it's disabled, so will just return." return 0 fi if [ -z "$_nhooks" ]; then - _debug "The NOTIFY_HOOK is empty, just return." + _debug "The NOTIFY_HOOK is empty, will just return." return 0 fi @@ -6790,29 +6788,29 @@ _send_notify() { _info "Sending via: $_n_hook" _debug "Found $_n_hook_file for $_n_hook" if [ -z "$_n_hook_file" ]; then - _err "Can not find the hook file for $_n_hook" + _err "Cannot find the hook file for $_n_hook" continue fi if ! ( if ! . "$_n_hook_file"; then - _err "Load file $_n_hook_file error. Please check your api file and try again." + _err "Error loading file $_n_hook_file. Please check your API file and try again." return 1 fi d_command="${_n_hook}_send" if ! _exists "$d_command"; then - _err "It seems that your api file is not correct, it must have a function named: $d_command" + _err "It seems that your API file is not correct. Make sure it has a function named: $d_command" return 1 fi if ! $d_command "$_nsubject" "$_ncontent" "$_nerror"; then - _err "Error send message by $d_command" + _err "Error sending message using $d_command" return 1 fi return 0 ); then - _err "Set $_n_hook_file error." + _err "Error setting $_n_hook_file." _send_err=1 else _info "$_n_hook $(__green Success)" @@ -6869,7 +6867,7 @@ setnotify() { if [ "$_nhook" ]; then _info "Set notify hook to: $_nhook" if [ "$_nhook" = "$NO_VALUE" ]; then - _info "Clear notify hook" + _info "Clearing notify hook" _clearaccountconf "NOTIFY_HOOK" else if _set_notify_hook "$_nhook"; then @@ -6877,7 +6875,7 @@ setnotify() { _saveaccountconf "NOTIFY_HOOK" "$NOTIFY_HOOK" return 0 else - _err "Can not set notify hook to: $_nhook" + _err "Cannot set notify hook to: $_nhook" return 1 fi fi @@ -6897,7 +6895,7 @@ Commands: --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT. --issue Issue a cert. --deploy Deploy the cert to your server. - -i, --install-cert Install the issued cert to apache/nginx or any other server. + -i, --install-cert Install the issued cert to Apache/nginx or any other server. -r, --renew Renew a cert. --renew-all Renew all the certs. --revoke Revoke a cert. @@ -6953,7 +6951,7 @@ Parameters: --stateless Use stateless mode. See: $_STATELESS_WIKI - --apache Use apache mode. + --apache Use Apache mode. --dns [dns_hook] Use dns manual mode or dns api. Defaults to manual mode when argument is omitted. See: $_DNS_API_WIKI @@ -6968,7 +6966,7 @@ Parameters: --eab-hmac-key HMAC key for External Account Binding. - These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert: + These parameters are to install the cert to nginx/Apache or any other server after issue/renew a cert: --cert-file Path to copy the cert file to after issue/renew. --key-file Path to copy the key file to after issue/renew. @@ -7092,12 +7090,12 @@ _getUpgradeHash() { upgrade() { if ( _initpath - [ -z "$FORCE" ] && [ "$(_getUpgradeHash)" = "$(_readaccountconf "UPGRADE_HASH")" ] && _info "Already uptodate!" && exit 0 + [ -z "$FORCE" ] && [ "$(_getUpgradeHash)" = "$(_readaccountconf "UPGRADE_HASH")" ] && _info "Already up to date!" && exit 0 export LE_WORKING_DIR cd "$LE_WORKING_DIR" installOnline "--nocron" "--noprofile" ); then - _info "Upgrade success!" + _info "Upgrade successful!" exit 0 else _err "Upgrade failed!" @@ -7213,7 +7211,7 @@ _getCAShortName() { #set default ca to $ACME_DIRECTORY setdefaultca() { if [ -z "$ACME_DIRECTORY" ]; then - _err "Please give a --server parameter." + _err "Please provide a --server parameter." return 1 fi _saveaccountconf "DEFAULT_ACME_SERVER" "$ACME_DIRECTORY" @@ -7225,7 +7223,7 @@ setdefaultchain() { _initpath _preferred_chain="$1" if [ -z "$_preferred_chain" ]; then - _err "Please give a '--preferred-chain value' value." + _err "Please provide a value for '--preferred-chain'." return 1 fi mkdir -p "$CA_DIR" @@ -7423,7 +7421,7 @@ _process() { return 1 fi if _is_idn "$_dvalue" && ! _exists idn; then - _err "It seems that $_dvalue is an IDN( Internationalized Domain Names), please install 'idn' command first." + _err "It seems that $_dvalue is an IDN (Internationalized Domain Names), please install the 'idn' command first." return 1 fi @@ -7785,7 +7783,7 @@ _process() { --notify-level) _nlevel="$2" if _startswith "$_nlevel" "-"; then - _err "'$_nlevel' is not a integer for '$1'" + _err "'$_nlevel' is not an integer for '$1'" return 1 fi _notify_level="$_nlevel" @@ -7794,7 +7792,7 @@ _process() { --notify-mode) _nmode="$2" if _startswith "$_nmode" "-"; then - _err "'$_nmode' is not a integer for '$1'" + _err "'$_nmode' is not an integer for '$1'" return 1 fi _notify_mode="$_nmode" @@ -7803,7 +7801,7 @@ _process() { --notify-source) _nsource="$2" if _startswith "$_nsource" "-"; then - _err "'$_nsource' is not valid host name for '$1'" + _err "'$_nsource' is not a valid host name for '$1'" return 1 fi _notify_source="$_nsource" @@ -7812,7 +7810,7 @@ _process() { --revoke-reason) _revoke_reason="$2" if _startswith "$_revoke_reason" "-"; then - _err "'$_revoke_reason' is not a integer for '$1'" + _err "'$_revoke_reason' is not an integer for '$1'" return 1 fi shift @@ -7830,7 +7828,7 @@ _process() { shift ;; *) - _err "Unknown parameter : $1" + _err "Unknown parameter: $1" return 1 ;; esac @@ -7847,7 +7845,7 @@ _process() { if [ "$__INTERACTIVE" ] && ! _checkSudo; then if [ -z "$FORCE" ]; then #Use "echo" here, instead of _info. it's too early - echo "It seems that you are using sudo, please read this link first:" + echo "It seems that you are using sudo, please read this page first:" echo "$_SUDO_WIKI" return 1 fi @@ -7877,7 +7875,7 @@ _process() { fi SYS_LOG="$_syslog" else - _err "The 'logger' command is not found, can not enable syslog." + _err "The 'logger' command was not found, cannot enable syslog." _clearaccountconf "SYS_LOG" SYS_LOG="" fi @@ -8004,7 +8002,7 @@ _process() { _saveaccountconf "SYS_LOG" "$_syslog" fi else - _err "The 'logger' command is not found, can not enable syslog." + _err "The 'logger' command was not found, cannot enable syslog." _clearaccountconf "SYS_LOG" SYS_LOG="" fi From d81fc155cb01360e273c15447226a415d90aa950 Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 14 Jul 2024 13:50:35 +0800 Subject: [PATCH 38/47] add timeout for _getRepoHash https://github.com/acmesh-official/acme.sh/issues/5200 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 7134a633..c3564e68 100755 --- a/acme.sh +++ b/acme.sh @@ -7082,7 +7082,7 @@ _getRepoHash() { _hash_path=$1 shift _hash_url="${PROJECT_API:-https://api.github.com/repos/acmesh-official}/$PROJECT_NAME/git/refs/$_hash_path" - _get $_hash_url | tr -d "\r\n" | tr '{},' '\n\n\n' | grep '"sha":' | cut -d '"' -f 4 + _get "$_hash_url" "" 30 | tr -d "\r\n" | tr '{},' '\n\n\n' | grep '"sha":' | cut -d '"' -f 4 } _getUpgradeHash() { From 60569fdd8375d5a8f67d3a965e604e494c0d9e0e Mon Sep 17 00:00:00 2001 From: Scruel Tao Date: Sun, 14 Jul 2024 15:04:43 +0800 Subject: [PATCH 39/47] fix(deploy): respect api path with synology Auth API fix #5184 --- deploy/synology_dsm.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/synology_dsm.sh b/deploy/synology_dsm.sh index 342fb32e..b98105c2 100644 --- a/deploy/synology_dsm.sh +++ b/deploy/synology_dsm.sh @@ -169,7 +169,7 @@ synology_dsm_deploy() { _debug3 H1 "${_H1}" fi - response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$DEPRECATED_otp_code&device_name=certrenewal&device_id=$SYNO_DEVICE_ID" "$_base_url/webapi/auth.cgi?enable_syno_token=yes") + response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$DEPRECATED_otp_code&device_name=certrenewal&device_id=$SYNO_DEVICE_ID" "$_base_url/webapi/$api_path?enable_syno_token=yes") _debug3 response "$response" # ## END ## - DEPRECATED, for backward compatibility # If SYNO_DEVICE_ID or SYNO_OTP_CODE is set, we treat current account enabled 2FA-OTP. @@ -218,7 +218,7 @@ synology_dsm_deploy() { otp_enforce_option="" fi fi - response=$(_get "$_base_url/webapi/entry.cgi?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes") + response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes") if [ -n "$SYNO_USE_TEMP_ADMIN" ] && [ -n "$otp_enforce_option" ]; then synosetkeyvalue /etc/synoinfo.conf otp_enforce_option "$otp_enforce_option" _info "Restored previous enforce 2FA-OTP option." From 7ae0d0caa30a882f320028d4e2943ab060b40897 Mon Sep 17 00:00:00 2001 From: allddd <117767298+allddd@users.noreply.github.com> Date: Thu, 18 Jul 2024 21:57:22 +0200 Subject: [PATCH 40/47] dns_porkbun: remove stray backslashes --- dnsapi/dns_porkbun.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_porkbun.sh b/dnsapi/dns_porkbun.sh index c260c898..0a443855 100644 --- a/dnsapi/dns_porkbun.sh +++ b/dnsapi/dns_porkbun.sh @@ -93,7 +93,7 @@ dns_porkbun_rm() { _err "Delete record error." return 1 fi - echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null + echo "$response" | tr -d " " | grep '"status":"SUCCESS"' >/dev/null fi } From 6b6faa8129281f03ce160c30af2c02dfe3050a26 Mon Sep 17 00:00:00 2001 From: oittaa <8972248+oittaa@users.noreply.github.com> Date: Sat, 20 Jul 2024 13:31:53 +0200 Subject: [PATCH 41/47] _checkSudo: [ -z "__INTERACTIVE" ] should be [ -z "$__INTERACTIVE" ] Fixes #5216 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index c3564e68..ee2517c2 100755 --- a/acme.sh +++ b/acme.sh @@ -7139,7 +7139,7 @@ _processAccountConf() { } _checkSudo() { - if [ -z "__INTERACTIVE" ]; then + if [ -z "$__INTERACTIVE" ]; then #don't check if it's not in an interactive shell return 0 fi From de902166a83b4d1d0701f2909942f8a6b203f86a Mon Sep 17 00:00:00 2001 From: 3VAbdAVE Date: Thu, 1 Aug 2024 08:15:16 -0700 Subject: [PATCH 42/47] Replaced keytool with openssl pkcs12. Added backup of original certificates. --- deploy/unifi.sh | 69 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 50 insertions(+), 19 deletions(-) diff --git a/deploy/unifi.sh b/deploy/unifi.sh index a864135e..04ac047a 100644 --- a/deploy/unifi.sh +++ b/deploy/unifi.sh @@ -5,6 +5,16 @@ # - self-hosted Unifi Controller # - Unifi Cloud Key (Gen1/2/2+) # - Unifi Cloud Key running UnifiOS (v2.0.0+, Gen2/2+ only) +# See below regarding keytool. Not tested. +# - Unifi Dream Machine +# This has not been tested on other "all-in-one" devices such as +# UDM Pro or Unifi Express. +# +# OS Version v2.0.0+ +# Network Application version 7.0.0+ +# OS version ~3.1 removed java and keytool from the UnifiOS. +# Using PKCS12 format keystore appears to work fine. +# # Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3359 #returns 0 means success, otherwise error. @@ -74,15 +84,12 @@ unifi_deploy() { _reload_cmd="" # Unifi Controller environment (self hosted or any Cloud Key) -- - # auto-detect by file /usr/lib/unifi/data/keystore: + # auto-detect by file /usr/lib/unifi/data/keystore _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-/usr/lib/unifi/data/keystore}" if [ -f "$_unifi_keystore" ]; then - _info "Installing certificate for Unifi Controller (Java keystore)" _debug _unifi_keystore "$_unifi_keystore" - if ! _exists keytool; then - _err "keytool not found" - return 1 - fi + _info "Installing certificate for Unifi Controller (PKCS12 keystore)." + if [ ! -w "$_unifi_keystore" ]; then _err "The file $_unifi_keystore is not writable, please change the permission." return 1 @@ -92,6 +99,7 @@ unifi_deploy() { _debug "Generate import pkcs12" _import_pkcs12="$(_mktemp)" + _debug "_toPkcs $_import_pkcs12 $_ckey $_ccert $_cca $_unifi_keypass unifi root" _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root # shellcheck disable=SC2181 if [ "$?" != "0" ]; then @@ -99,22 +107,40 @@ unifi_deploy() { return 1 fi - _debug "Import into keystore: $_unifi_keystore" - if keytool -importkeystore \ - -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \ - -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \ - -alias unifi -noprompt; then - _debug "Import keystore success!" - rm "$_import_pkcs12" - else - _err "Error importing into Unifi Java keystore." - _err "Please re-run with --debug and report a bug." - rm "$_import_pkcs12" - return 1 + # Save the existing keystore in case something goes wrong. + mv -f "${_unifi_keystore}" "${_unifi_keystore}"_original + _info "Previous keystore saved to ${_unifi_keystore}_original." + + _debug "Copying new keystore to $_unifi_keystore" + cp -f "$_import_pkcs12" "$_unifi_keystore" + + # Update unifi service for certificate cipher compatibility + if ${ACME_OPENSSL_BIN:-openssl} pkcs12 \ + -in "$_import_pkcs12" \ + -password pass:aircontrolenterprise \ + -nokeys | ${ACME_OPENSSL_BIN:-openssl} x509 -text \ + -noout | grep -i "signature" | grep -iq ecdsa >/dev/null 2>&1; then + cp -f /usr/lib/unifi/data/system.properties /usr/lib/unifi/data/system.properties_original + _info "Updating system configuration for cipher compatibility." + _info "Saved original system config to /usr/lib/unifi/data/system.properties_original" + sed -i '/unifi\.https\.ciphers/d' /usr/lib/unifi/data/system.properties + echo "unifi.https.ciphers=ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256" >>/usr/lib/unifi/data/system.properties + sed -i '/unifi\.https\.sslEnabledProtocols/d' /usr/lib/unifi/data/system.properties + echo "unifi.https.sslEnabledProtocols=TLSv1.3,TLSv1.2" >>/usr/lib/unifi/data/system.properties + _info "System configuration updated." fi + rm "$_import_pkcs12" + + # Restarting unifi-core will bring up unifi, doing it out of order results in + # a certificate error. + # Restart if we aren't doing unifi-core, otherwise stop for later restart. if systemctl -q is-active unifi; then - _reload_cmd="${_reload_cmd:+$_reload_cmd && }service unifi restart" + if [ ! -f "${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}/unifi-core.key" ]; then + _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi" + else + _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl stop unifi" + fi fi _services_updated="${_services_updated} unifi" _info "Install Unifi Controller certificate success!" @@ -165,6 +191,11 @@ unifi_deploy() { return 1 fi + # Save the existing certs in case something goes wrong. + cp -f "${_unifi_core_config}"/unifi-core.crt "${_unifi_core_config}"/unifi-core_original.crt + cp -f "${_unifi_core_config}"/unifi-core.key "${_unifi_core_config}"/unifi-core_original.key + _info "Previous certificate and key saved to ${_unifi_core_config}/unifi-core_original.crt/key." + cat "$_cfullchain" >"${_unifi_core_config}/unifi-core.crt" cat "$_ckey" >"${_unifi_core_config}/unifi-core.key" From e711d168df314790a7c88b744a57ae6eca46fb18 Mon Sep 17 00:00:00 2001 From: Nathan Johnson Date: Fri, 9 Aug 2024 16:38:09 -0500 Subject: [PATCH 43/47] RouterOS - make deploy more resilient In the case where importing the cert and key removes the files from disk the existing deploy will fail when it tries to remove those files. This still attempts to remove the files but catches the error and moves on instead of bombing like before. Similarly, if the deploy had failed before, subsequent deploys would fail because the script already existed, so it would not be able to create the script. This first attempts to remove the script if it exists, and then creates the script. --- deploy/routeros.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/deploy/routeros.sh b/deploy/routeros.sh index d1779b8d..90f0ad1a 100644 --- a/deploy/routeros.sh +++ b/deploy/routeros.sh @@ -137,7 +137,8 @@ routeros_deploy() { return $_err_code fi - DEPLOY_SCRIPT_CMD="/system script add name=\"LECertDeploy-$_cdomain\" owner=$ROUTER_OS_USERNAME \ + DEPLOY_SCRIPT_CMD=":do {/system script remove \"LECertDeploy-$_cdomain\" } on-error={ }; \ +/system script add name=\"LECertDeploy-$_cdomain\" owner=$ROUTER_OS_USERNAME \ comment=\"generated by routeros deploy script in acme.sh\" \ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\ \n/certificate remove [ find name=$_cdomain.cer_1 ];\ @@ -146,8 +147,8 @@ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\ \n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\";\ \n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\";\ \ndelay 1;\ -\n/file remove $_cdomain.cer;\ -\n/file remove $_cdomain.key;\ +\n:do {/file remove $_cdomain.cer; } on-error={ }\ +\n:do {/file remove $_cdomain.key; } on-error={ }\ \ndelay 2;\ \n/ip service set www-ssl certificate=$_cdomain.cer_0;\ \n$ROUTER_OS_ADDITIONAL_SERVICES;\ From 57da04b5ec7b76f45ad82ac5035a2d6dffe5ce1c Mon Sep 17 00:00:00 2001 From: 3VAbdAVE Date: Sun, 11 Aug 2024 22:39:47 -0400 Subject: [PATCH 44/47] Updated Unifi deploy hook to use openssl's pkcs12 instead of Java Keytool after Ubiquiti removed it, update system configuration for stronger ciphers, and back up existing certificates prior to change. --- deploy/unifi.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/deploy/unifi.sh b/deploy/unifi.sh index 0a574e0d..e06f3505 100644 --- a/deploy/unifi.sh +++ b/deploy/unifi.sh @@ -104,6 +104,7 @@ unifi_deploy() { _debug "Generate import pkcs12" _import_pkcs12="$(_mktemp)" + _debug "_toPkcs $_import_pkcs12 $_ckey $_ccert $_cca $_unifi_keypass unifi root" _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root # shellcheck disable=SC2181 if [ "$?" != "0" ]; then @@ -153,9 +154,9 @@ unifi_deploy() { rm "$_import_pkcs12" - # Restarting unifi-core will bring up unifi, doing it out of order results in - # a certificate error, and may break wifiman. (unconfirmed) - # Restart if we aren't doing unifi-core, otherwise stop and let unifi-core restart it. + # Restarting unifi-core will bring up unifi, doing it out of order results in + # a certificate error, and breaks wifiman. + # Restart if we aren't doing unifi-core, otherwise stop for later restart. if systemctl -q is-active unifi; then if [ ! -f "${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}/unifi-core.key" ]; then _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi" From adfafe5c548705db19ddfb9fcb9c681a17d1c8f8 Mon Sep 17 00:00:00 2001 From: 3VAbdAVE Date: Sun, 11 Aug 2024 22:48:44 -0400 Subject: [PATCH 45/47] reverted bad merge --- deploy/unifi.sh | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/deploy/unifi.sh b/deploy/unifi.sh index 83c4c432..e06f3505 100644 --- a/deploy/unifi.sh +++ b/deploy/unifi.sh @@ -15,16 +15,6 @@ # OS version ~3.1 removed java and keytool from the UnifiOS. # Using PKCS12 format keystore appears to work fine. # -# See below regarding keytool. Not tested. -# - Unifi Dream Machine -# This has not been tested on other "all-in-one" devices such as -# UDM Pro or Unifi Express. -# -# OS Version v2.0.0+ -# Network Application version 7.0.0+ -# OS version ~3.1 removed java and keytool from the UnifiOS. -# Using PKCS12 format keystore appears to work fine. -# # Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3359 #returns 0 means success, otherwise error. @@ -95,7 +85,6 @@ unifi_deploy() { # Unifi Controller environment (self hosted or any Cloud Key) -- # auto-detect by file /usr/lib/unifi/data/keystore - # auto-detect by file /usr/lib/unifi/data/keystore _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-/usr/lib/unifi/data/keystore}" if [ -f "$_unifi_keystore" ]; then _debug _unifi_keystore "$_unifi_keystore" @@ -174,11 +163,6 @@ unifi_deploy() { else _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl stop unifi" fi - if [ ! -f "${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}/unifi-core.key" ]; then - _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi" - else - _reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl stop unifi" - fi fi _services_updated="${_services_updated} unifi" _info "Install Unifi Controller certificate success!" @@ -234,11 +218,6 @@ unifi_deploy() { cp -f "${_unifi_core_config}"/unifi-core.key "${_unifi_core_config}"/unifi-core_original.key _info "Previous certificate and key saved to ${_unifi_core_config}/unifi-core_original.crt/key." - # Save the existing certs in case something goes wrong. - cp -f "${_unifi_core_config}"/unifi-core.crt "${_unifi_core_config}"/unifi-core_original.crt - cp -f "${_unifi_core_config}"/unifi-core.key "${_unifi_core_config}"/unifi-core_original.key - _info "Previous certificate and key saved to ${_unifi_core_config}/unifi-core_original.crt/key." - cat "$_cfullchain" >"${_unifi_core_config}/unifi-core.crt" cat "$_ckey" >"${_unifi_core_config}/unifi-core.key" From ca6226359bd6843e26b8871a7f490aa662f5c707 Mon Sep 17 00:00:00 2001 From: 3VAbdAVE Date: Sun, 11 Aug 2024 22:49:20 -0400 Subject: [PATCH 46/47] removed old comment --- deploy/unifi.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/deploy/unifi.sh b/deploy/unifi.sh index e06f3505..cdf7eea5 100644 --- a/deploy/unifi.sh +++ b/deploy/unifi.sh @@ -5,7 +5,6 @@ # - self-hosted Unifi Controller # - Unifi Cloud Key (Gen1/2/2+) # - Unifi Cloud Key running UnifiOS (v2.0.0+, Gen2/2+ only) -# See below regarding keytool. Not tested. # - Unifi Dream Machine # This has not been tested on other "all-in-one" devices such as # UDM Pro or Unifi Express. From de99d6d9fcbf35bf095b3fa4040ca24782a2126a Mon Sep 17 00:00:00 2001 From: 3VAbdAVE Date: Thu, 15 Aug 2024 11:09:40 -0400 Subject: [PATCH 47/47] fixed shfmt --- deploy/unifi.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/unifi.sh b/deploy/unifi.sh index cdf7eea5..4d8c058e 100644 --- a/deploy/unifi.sh +++ b/deploy/unifi.sh @@ -103,7 +103,7 @@ unifi_deploy() { _debug "Generate import pkcs12" _import_pkcs12="$(_mktemp)" - _debug "_toPkcs $_import_pkcs12 $_ckey $_ccert $_cca $_unifi_keypass unifi root" + _debug "_toPkcs $_import_pkcs12 $_ckey $_ccert $_cca $_unifi_keypass unifi root" _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root # shellcheck disable=SC2181 if [ "$?" != "0" ]; then @@ -153,7 +153,7 @@ unifi_deploy() { rm "$_import_pkcs12" - # Restarting unifi-core will bring up unifi, doing it out of order results in + # Restarting unifi-core will bring up unifi, doing it out of order results in # a certificate error, and breaks wifiman. # Restart if we aren't doing unifi-core, otherwise stop for later restart. if systemctl -q is-active unifi; then