From e735d8d4e5a0dd7810dd6cc937fec93c8fdbaad2 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 3 Mar 2017 22:03:19 +0800 Subject: [PATCH 01/69] minor --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 0313e0e1..38bed5f6 100755 --- a/acme.sh +++ b/acme.sh @@ -146,7 +146,7 @@ _dlg_versions() { echo "apache:" if [ "$_APACHECTL" ] && _exists "$_APACHECTL"; then - _APACHECTL -V 2>&1 + $_APACHECTL -V 2>&1 else echo "apache doesn't exists." fi From 6fb2a1ed39c263407c2d1bb6d8b2e8a0cd9a7d07 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 5 Mar 2017 19:56:06 +0800 Subject: [PATCH 02/69] minor fix comments --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 38bed5f6..d6ed13a4 100755 --- a/acme.sh +++ b/acme.sh @@ -1279,12 +1279,12 @@ _url_replace() { } _time2str() { - #BSD + #Linux if date -u -d@"$1" 2>/dev/null; then return fi - #Linux + #BSD if date -u -r "$1" 2>/dev/null; then return fi From 9c87a5890dec74d7f0c7f0edac9b72699e7aa116 Mon Sep 17 00:00:00 2001 From: csmk Date: Sun, 5 Mar 2017 22:18:31 +0900 Subject: [PATCH 03/69] Add support for Knot DNS API The script is actually an adapted version of the `dns_nsupdate.sh` script, as the `knsupdate` utility is quite similar to `nsupdate`. --- README.md | 1 + dnsapi/README.md | 45 ++++++++++++++++++++++ dnsapi/dns_knot.sh | 95 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 141 insertions(+) create mode 100644 dnsapi/dns_knot.sh diff --git a/README.md b/README.md index fd867015..3a03e703 100644 --- a/README.md +++ b/README.md @@ -295,6 +295,7 @@ You don't have to do anything manually! 1. cyon.ch 1. Domain-Offensive/Resellerinterface/Domainrobot API 1. Gandi LiveDNS API +1. Knot DNS API **More APIs coming soon...** diff --git a/dnsapi/README.md b/dnsapi/README.md index 18c1ca9f..5b71e89f 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -349,6 +349,51 @@ Ok, let's issue a cert now: acme.sh --issue --dns dns_gandi_livedns -d example.com -d www.example.com ``` +## 19. Use Knot (knsupdate) DNS API to automatically issue cert + +First, generate a TSIG key for updating the zone. + +``` +keymgr tsig generate acme_key algorithm hmac-sha512 > /etc/knot/acme.key +``` + +Include this key in your knot configuration file. + +``` +include: /etc/knot/acme.key +``` + +Next, configure your zone to allow dynamic updates. + +Dynamic updates for the zone are allowed via proper ACL rule with the `update` action. For in-depth instructions, please see [Knot DNS's documentation](https://www.knot-dns.cz/documentation/). + +``` +acl: + - id: acme_acl + address: 192.168.1.0/24 + key: acme_key + action: update + +zone: + - domain: example.com + file: example.com.zone + acl: acme_acl +``` + +Finally, make the DNS server and TSIG Key available to `acme.sh` + +``` +export KNOT_SERVER="dns.example.com" +export KNOT_KEY=`grep \# /etc/knot/acme.key | cut -d' ' -f2` +``` + +Ok, let's issue a cert now: +``` +acme.sh --issue --dns dns_knot -d example.com -d www.example.com +``` + +The `KNOT_SERVER` and `KNOT_KEY` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. + # Use custom API If your API is not supported yet, you can write your own DNS API. diff --git a/dnsapi/dns_knot.sh b/dnsapi/dns_knot.sh new file mode 100644 index 00000000..b6d1e0b6 --- /dev/null +++ b/dnsapi/dns_knot.sh @@ -0,0 +1,95 @@ +#!/usr/bin/env sh + +######## Public functions ##################### + +#Usage: dns_knot_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_knot_add() { + fulldomain=$1 + txtvalue=$2 + _checkKey || return 1 + [ -n "${KNOT_SERVER}" ] || KNOT_SERVER="localhost" + # save the dns server and key to the account.conf file. + _saveaccountconf KNOT_SERVER "${KNOT_SERVER}" + _saveaccountconf KNOT_KEY "${KNOT_KEY}" + + if ! _get_root "$fulldomain"; then + _err "Domain does not exist." + return 1 + fi + + _info "Adding ${fulldomain}. 60 TXT \"${txtvalue}\"" + + knsupdate -y "${KNOT_KEY}" < Date: Mon, 6 Mar 2017 11:09:12 +0900 Subject: [PATCH 04/69] deploy for OSX Keychain --- deploy/keychain.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 deploy/keychain.sh diff --git a/deploy/keychain.sh b/deploy/keychain.sh new file mode 100644 index 00000000..a99ed465 --- /dev/null +++ b/deploy/keychain.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env sh + +#Here is a sample custom api script. +#This file name is "myapi.sh" +#So, here must be a method myapi_deploy() +#Which will be called by acme.sh to deploy the cert +#returns 0 means success, otherwise error. + +######## Public functions ##################### + +#domain keyfile certfile cafile fullchain +keychain_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + /usr/bin/security import "$_ckey" -k "/Library/Keychains/System.keychain" + /usr/bin/security import "$_ccert" -k "/Library/Keychains/System.keychain" + /usr/bin/security import "$_cca" -k "/Library/Keychains/System.keychain" + /usr/bin/security import "$_cfullchain" -k "/Library/Keychains/System.keychain" + + return 0 +} From f589a1d2458556fbbd8dfc8cff758b2f666d7f38 Mon Sep 17 00:00:00 2001 From: csmk Date: Tue, 7 Mar 2017 22:21:22 +0900 Subject: [PATCH 05/69] Fix format: use double quote to prevent globbing and word splitting --- dnsapi/dns_knot.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_knot.sh b/dnsapi/dns_knot.sh index b6d1e0b6..094a6981 100644 --- a/dnsapi/dns_knot.sh +++ b/dnsapi/dns_knot.sh @@ -73,10 +73,10 @@ EOF _get_root() { domain=$1 i="$(echo "$fulldomain" | tr '.' ' ' | wc -w)" - i=$(_math $i - 1) + i=$(_math "$i" - 1) while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) + h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) if [ -z "$h" ]; then return 1 fi From bce11af09ae31284afc0d07e6205113f5390b207 Mon Sep 17 00:00:00 2001 From: hiska Date: Wed, 8 Mar 2017 08:00:17 +0900 Subject: [PATCH 06/69] Update README.md for OSX Keychain --- deploy/README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deploy/README.md b/deploy/README.md index 4a13e096..d8c2f57c 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -72,3 +72,8 @@ export DEPLOY_EXIM4_RELOAD="/etc/init.d/exim4 restart" acme.sh --deploy -d ftp.example.com --deploy-hook exim4 ``` +## 6. Deploy the cert to OSX Keychain + +```sh +acme.sh --deploy -d ftp.example.com --deploy-hook keychain +``` From 5378d9ca2655543cdf765065d0f3434b5e5ded0f Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 8 Mar 2017 13:55:01 +0800 Subject: [PATCH 07/69] fix nginx mode --- acme.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index d6ed13a4..4edc1ecf 100755 --- a/acme.sh +++ b/acme.sh @@ -2462,7 +2462,7 @@ _setNginx() { fi _debug "Start detect nginx conf for $_d from:$_start_f" if ! _checkConf "$_d" "$_start_f"; then - "Can not find conf file for domain $d" + _err "Can not find conf file for domain $d" return 1 fi _info "Found conf file: $FOUND_REAL_NGINX_CONF" @@ -2559,7 +2559,7 @@ _checkConf() { FOUND_REAL_NGINX_CONF="$2" return 0 fi - if grep "^ *include *.*;" "$2" >/dev/null; then + if cat "$2" | tr "\t" " " | grep "^ *include *.*;" >/dev/null; then _debug "Try include files" for included in $(grep "^ *include *.*;" "$2" | sed "s/include //" | tr -d " ;"); do _debug "check included $included" From f08a79d3724b8c374131a28862b954738a8085b4 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 8 Mar 2017 16:01:14 +0800 Subject: [PATCH 08/69] fix nginx mode --- acme.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index 4edc1ecf..eb1a8969 100755 --- a/acme.sh +++ b/acme.sh @@ -2546,7 +2546,7 @@ _checkConf() { if [ ! -f "$2" ] && ! echo "$2" | grep '*$' >/dev/null && echo "$2" | grep '*' >/dev/null; then _debug "wildcard" for _w_f in $2; do - if _checkConf "$1" "$_w_f"; then + if [ -f "$_w_f"] && _checkConf "$1" "$_w_f"; then return 0 fi done @@ -2559,9 +2559,9 @@ _checkConf() { FOUND_REAL_NGINX_CONF="$2" return 0 fi - if cat "$2" | tr "\t" " " | grep "^ *include *.*;" >/dev/null; then + if cat "$2" | tr "\t" " " | grep "^ *include *.*;" >/dev/null; then _debug "Try include files" - for included in $(grep "^ *include *.*;" "$2" | sed "s/include //" | tr -d " ;"); do + for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do _debug "check included $included" if _checkConf "$1" "$included"; then return 0 From 6f1c72f5b46f7f0ee114c873886496a8ccb6139b Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 8 Mar 2017 21:21:15 +0800 Subject: [PATCH 09/69] add links --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index fd867015..e851fb93 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,18 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) # [中文说明](https://github.com/Neilpang/acme.sh/wiki/%E8%AF%B4%E6%98%8E) +# Who are using **acme.sh** +- [FreeBSD.org](https://blog.crashed.org/letsencrypt-in-freebsd-org/) +- [ruby-china.org](https://ruby-china.org/topics/31983) +- [Proxmox](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x_and_newer)) +- [pfsense](https://github.com/pfsense/FreeBSD-ports/pull/89) +- [webfaction](https://community.webfaction.com/questions/19988/using-letsencrypt) +- [Loadbalancer.org](https://www.loadbalancer.org/blog/loadbalancer-org-with-lets-encrypt-quick-and-dirty) +- [discourse.org](https://meta.discourse.org/t/setting-up-lets-encrypt/40709) +- [Centminmod](http://centminmod.com/letsencrypt-acmetool-https.html) +- [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297) +- [archlinux](https://aur.archlinux.org/packages/acme.sh-git/) +- [more and more](https://github.com/Neilpang/acme.sh/wiki/Blogs-and-tutorials) # Tested OS From 63ec05a66c71cef8ea71e8e6c6c152acb8c1ae2a Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 8 Mar 2017 21:23:12 +0800 Subject: [PATCH 10/69] fix links --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e851fb93..450de49a 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) - [Centminmod](http://centminmod.com/letsencrypt-acmetool-https.html) - [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297) - [archlinux](https://aur.archlinux.org/packages/acme.sh-git/) -- [more and more](https://github.com/Neilpang/acme.sh/wiki/Blogs-and-tutorials) +- [more...](https://github.com/Neilpang/acme.sh/wiki/Blogs-and-tutorials) # Tested OS From c4bf5eef73aa749393101f50683e4391ac8e46d2 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 8 Mar 2017 21:51:25 +0800 Subject: [PATCH 11/69] add _upper_case and _lower_case --- acme.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/acme.sh b/acme.sh index eb1a8969..699ea268 100755 --- a/acme.sh +++ b/acme.sh @@ -299,6 +299,16 @@ _secure_debug3() { fi } +_upper_case() { + # shellcheck disable=SC2018,SC2019 + tr 'a-z' 'A-Z' +} + +_lower_case() { + # shellcheck disable=SC2018,SC2019 + tr 'A-Z' 'a-z' +} + _startswith() { _str="$1" _sub="$2" From ac690fceaf5a1fcba7632d340e709258f4fdbc3f Mon Sep 17 00:00:00 2001 From: thewer Date: Thu, 9 Mar 2017 22:28:30 +1000 Subject: [PATCH 12/69] Added DigitalOcean (native) API that requires only a read/write API key for DigitalOcean, updated 2 reads files. --- README.md | 1 + dnsapi/README.md | 13 +++ dnsapi/dns_dgon.sh | 205 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 219 insertions(+) create mode 100755 dnsapi/dns_dgon.sh diff --git a/README.md b/README.md index 7d5ab846..52231d0f 100644 --- a/README.md +++ b/README.md @@ -308,6 +308,7 @@ You don't have to do anything manually! 1. Domain-Offensive/Resellerinterface/Domainrobot API 1. Gandi LiveDNS API 1. Knot DNS API +1. DigitalOcean API (native) **More APIs coming soon...** diff --git a/dnsapi/README.md b/dnsapi/README.md index 5b71e89f..fe243cb5 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -394,6 +394,19 @@ acme.sh --issue --dns dns_knot -d example.com -d www.example.com The `KNOT_SERVER` and `KNOT_KEY` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. +## 20. Use DigitalOcean API (native) + +You need to obtain a read and write capable API key from your DigitalOcean account. See: https://www.digitalocean.com/help/api/ + +``` +export DO_API_KEY="75310dc4ca779ac39a19f6355db573b49ce92ae126553ebd61ac3a3ae34834cc" +``` + +Ok, let's issue a cert now: +``` +acme.sh --issue --dns dns_dgon -d example.com -d www.example.com +``` + # Use custom API If your API is not supported yet, you can write your own DNS API. diff --git a/dnsapi/dns_dgon.sh b/dnsapi/dns_dgon.sh new file mode 100755 index 00000000..9ceede44 --- /dev/null +++ b/dnsapi/dns_dgon.sh @@ -0,0 +1,205 @@ +#!/usr/bin/env sh + +## Will be called by acme.sh to add the txt record to your api system. +## returns 0 means success, otherwise error. + +## Author: thewer +## GitHub: https://github.com/gitwer/acme.sh + +## +## Environment Variables Required: +## +## DO_API_KEY="75310dc4ca779ac39a19f6355db573b49ce92ae126553ebd61ac3a3ae34834cc" +## + +##################### Public functions ##################### + +## Create the text record for validation. +## Usage: fulldomain txtvalue +## EG: "_acme-challenge.www.other.domain.com" "XKrxpRBosdq0HG9i01zxXp5CPBs" +dns_dgon_add() { + fulldomain="$(echo "$1" | _lower_case)" + txtvalue=$2 + _info "Using digitalocean dns validation - add record" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + ## save the env vars (key and domain split location) for later automated use + _saveaccountconf DO_API_KEY "$DO_API_KEY" + + ## split the domain for DO API + if ! _get_base_domain "$fulldomain"; then + _err "domain not found in your account for addition" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + ## Set the header with our post type and key auth key + export _H1="Content-Type: application/json" + export _H2="Authorization: Bearer $DO_API_KEY" + PURL='https://api.digitalocean.com/v2/domains/'$_domain'/records' + PBODY='{"type":"TXT","name":"'$_sub_domain'","data":"'$txtvalue'"}' + + _debug PURL "$PURL" + _debug PBODY "$PBODY" + + ## the create request - post + ## args: BODY, URL, [need64, httpmethod] + response="$(_post "$PBODY" "$PURL")" + + ## check response + if [ "$?" != "0" ]; then + _err "error in response: $response" + return 1 + fi + _debug2 response "$response" + + ## finished correctly + return 0 +} + +## Remove the txt record after validation. +## Usage: fulldomain txtvalue +## EG: "_acme-challenge.www.other.domain.com" "XKrxpRBosdq0HG9i01zxXp5CPBs" +dns_dgon_rm() { + fulldomain="$(echo "$1" | _lower_case)" + txtvalue=$2 + _info "Using digitalocean dns validation - remove record" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + ## split the domain for DO API + if ! _get_base_domain "$fulldomain"; then + _err "domain not found in your account for removal" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + ## Set the header with our post type and key auth key + export _H1="Content-Type: application/json" + export _H2="Authorization: Bearer $DO_API_KEY" + ## get URL for the list of domains + ## may get: "links":{"pages":{"last":".../v2/domains/DOM/records?page=2","next":".../v2/domains/DOM/records?page=2"}} + GURL="https://api.digitalocean.com/v2/domains/$_domain/records" + + ## while we dont have a record ID we keep going + while [ -z "$record" ]; do + ## 1) get the URL + ## the create request - get + ## args: URL, [onlyheader, timeout] + domain_list="$(_get "$GURL")" + ## 2) find record + ## check for what we are looing for: "type":"A","name":"$_sub_domain" + record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*\d+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")" + ## 3) check record and get next page + if [ -z "$record" ]; then + ## find the next page if we dont have a match + nextpage="$(echo "$domain_list" | _egrep_o "\"links\".*" | _egrep_o "\"next\".*" | _egrep_o "http.*page\=\d+")" + if [ -z "$nextpage" ]; then + _err "no record and no nextpage in digital ocean DNS removal" + return 1 + fi + _debug2 nextpage "$nextpage" + GURL="$nextpage" + fi + ## we break out of the loop when we have a record + done + + ## we found the record + rec_id="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*\d+" | _egrep_o "\d+")" + _debug rec_id "$rec_id" + + ## delete the record + ## delete URL for removing the one we dont want + DURL="https://api.digitalocean.com/v2/domains/$_domain/records/$rec_id" + + ## the create request - delete + ## args: BODY, URL, [need64, httpmethod] + response="$(_post "" "$DURL" "" "DELETE")" + + ## check response (sort of) + if [ "$?" != "0" ]; then + _err "error in remove response: $response" + return 1 + fi + _debug2 response "$response" + + ## finished correctly + return 0 +} + +##################### Private functions below ##################### + +## Split the domain provided into the "bade domain" and the "start prefix". +## This function searches for the longest subdomain in your account +## for the full domain given and splits it into the base domain (zone) +## and the prefix/record to be added/removed +## USAGE: fulldomain +## EG: "_acme-challenge.two.three.four.domain.com" +## returns +## _sub_domain="_acme-challenge.two" +## _domain="three.four.domain.com" *IF* zone "three.four.domain.com" exists +## if only "domain.com" exists it will return +## _sub_domain="_acme-challenge.two.three.four" +## _domain="domain.com" +_get_base_domain() { + # args + fulldomain="$(echo "$1" | tr '[:upper:]' '[:lower:]')" + _debug fulldomain "$fulldomain" + + # domain max legal length = 253 + MAX_DOM=255 + + ## get a list of domains for the account to check thru + ## Set the headers + export _H1="Content-Type: application/json" + export _H2="Authorization: Bearer $DO_API_KEY" + _debug DO_API_KEY "$DO_API_KEY" + ## get URL for the list of domains + ## havent seen this request paginated, tested with 18 domains (more requres manual requests with DO) + DOMURL="https://api.digitalocean.com/v2/domains" + + ## get the domain list (DO gives basically a full XFER!) + domain_list="$(_get "$DOMURL")" + + ## check response + if [ "$?" != "0" ]; then + _err "error in domain_list response: $domain_list" + return 1 + fi + _debug2 domain_list "$domain_list" + + ## for each shortening of our $fulldomain, check if it exists in the $domain_list + ## can never start on 1 (aka whole $fulldomain) as $fulldomain starts with "_acme-challenge" + i=2 + while [ $i -gt 0 ]; do + ## get next longest domain + _domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM") + ## check we got something back from our cut (or are we at the end) + if [ -z "$_domain" ]; then + ## we got to the end of the domain - invalid domain + _err "domain not found in DigitalOcean account" + return 1 + fi + ## we got part of a domain back - grep it out + found="$(echo "$domain_list" | _egrep_o "\"name\"\s*\:\s*\"$_domain\"")" + ## check if it exists + if [ ! -z "$found" ]; then + ## exists - exit loop returning the parts + sub_point=$(_math $i - 1) + _sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point") + _debug _domain "$_domain" + _debug _sub_domain "$_sub_domain" + return 0 + fi + ## increment cut point $i + i=$(_math $i + 1) + done + + ## we went through the entire domain zone list and dint find one that matched + ## doesnt look like we can add in the record + _err "domain not found in DigitalOcean account, but we should never get here" + return 1 +} From 04683338a21bda18da6d3dafce6167de1fb699f2 Mon Sep 17 00:00:00 2001 From: neilpang Date: Sat, 11 Mar 2017 10:06:40 +0800 Subject: [PATCH 13/69] fix cloudxns api https://github.com/Neilpang/acme.sh/issues/717 --- dnsapi/dns_cx.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_cx.sh b/dnsapi/dns_cx.sh index 2b6d5691..e2f0f099 100755 --- a/dnsapi/dns_cx.sh +++ b/dnsapi/dns_cx.sh @@ -209,8 +209,7 @@ _rest() { return 1 fi _debug2 response "$response" - if ! _contains "$response" '"message":"success"'; then - return 1 - fi - return 0 + + _contains "$response" '"code":1' + } From 4dd646a424a0f91267f3c198437319548dfb66be Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 13 Mar 2017 11:18:04 +0800 Subject: [PATCH 14/69] fix https://github.com/Neilpang/acme.sh/issues/719 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 699ea268..7906aa4c 100755 --- a/acme.sh +++ b/acme.sh @@ -4628,7 +4628,7 @@ install() { #Modify shebang if _exists bash; then _info "Good, bash is found, so change the shebang to use bash as preferred." - _shebang='#!/usr/bin/env bash' + _shebang='#!'"$(env bash -c "command -v bash")" _setShebang "$LE_WORKING_DIR/$PROJECT_ENTRY" "$_shebang" for subf in $_SUB_FOLDERS; do if [ -d "$LE_WORKING_DIR/$subf" ]; then From 3b7fbcd0c322b152d566dc65a6bca97cc483d4d5 Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Tue, 14 Mar 2017 13:24:09 +0200 Subject: [PATCH 15/69] Add DNS API support for ClouDNS --- dnsapi/README.md | 14 ++++ dnsapi/dns_cloudns.sh | 158 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 172 insertions(+) create mode 100755 dnsapi/dns_cloudns.sh diff --git a/dnsapi/README.md b/dnsapi/README.md index fe243cb5..702efc1c 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -407,6 +407,20 @@ Ok, let's issue a cert now: acme.sh --issue --dns dns_dgon -d example.com -d www.example.com ``` +## 21. Use ClouDNS API + +You need to set the HTTP API user ID and password credentials. See: https://www.cloudns.net/wiki/article/42/ + +``` +export CLOUDNS_AUTH_ID=XXXXX +export CLOUDNS_AUTH_PASSWORD="YYYYYYYYY" +``` + +Ok, let's issue a cert now: +``` +acme.sh --issue --dns dns_cloudns -d example.com -d www.example.com +``` + # Use custom API If your API is not supported yet, you can write your own DNS API. diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh new file mode 100755 index 00000000..9b93b1ca --- /dev/null +++ b/dnsapi/dns_cloudns.sh @@ -0,0 +1,158 @@ +#!/usr/bin/env sh + +#CLOUDNS_AUTH_ID=XXXXX +#CLOUDNS_AUTH_PASSWORD="YYYYYYYYY" +CLOUDNS_API="https://api.cloudns.net" + +######## Public functions ##################### + +#Usage: dns_cloudns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_cloudns_add() { + _info "Using cloudns" + + if ! _dns_cloudns_init_check; then + return 1 + fi + + zone="$(_dns_cloudns_get_zone_name $1)" + if [ -z "$zone" ]; then + _err "Missing DNS zone at ClouDNS. Please log into your control panel and create the required DNS zone for the initial setup." + return 1 + fi + + host="$(echo $1|sed "s/\.$zone\$//")" + record=$2 + record_id=$(_dns_cloudns_get_record_id "$zone" "$host") + + _debug zone "$zone" + _debug host "$host" + _debug record "$record" + _debug record_id "$record_id" + + + if [ -z "$record_id" ]; then + _info "Adding the TXT record for $1" + _dns_cloudns_http_api_call "dns/add-record.json" "domain-name=$zone&record-type=TXT&host=$host&record=$record&ttl=60" + if ! _contains "$response" "\"status\":\"Success\""; then + _err "Record cannot be added." + return 1 + fi + _info "Added." + else + _info "Updating the TXT record for $1" + _dns_cloudns_http_api_call "dns/mod-record.json" "domain-name=$zone&record-id=$record_id&record-type=TXT&host=$host&record=$record&ttl=60" + if ! _contains "$response" "\"status\":\"Success\""; then + _err "The TXT record for $1 cannot be updated." + return 1 + fi + _info "Updated." + fi + + return 0 +} + +#Usage: dns_cloudns_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_cloudns_rm() { + _info "Using cloudns" + + if ! _dns_cloudns_init_check; then + return 1 + fi + + if [ -z $zone]; then + zone="$(_dns_cloudns_get_zone_name $1)" + if [ -z "$zone" ]; then + _err "Missing DNS zone at ClouDNS. Please log into your control panel and create the required DNS zone for the initial setup." + return 1 + fi + fi + + host="$(echo $1|sed "s/\.$zone\$//")" + record=$2 + record_id=$(_dns_cloudns_get_record_id "$zone" "$host") + + _debug zone "$zone" + _debug host "$host" + _debug record "$record" + _debug record_id "$record_id" + + if [ ! -z "$record_id" ]; then + _info "Deleting the TXT record for $1" + _dns_cloudns_http_api_call "dns/delete-record.json" "domain-name=$zone&record-id=" + if ! _contains "$response" "\"status\":\"Success\""; then + _err "The TXT record for $1 cannot be deleted." + return 1 + fi + _info "Deleted." + fi + return 0 +} + +#################### Private functions below ################################## +_dns_cloudns_init_check() { + if [ ! -z $CLOUDNS_INIT_CHECK_COMPLETED]; then + return 0 + fi + + if [ -z "$CLOUDNS_AUTH_ID" ]; then + _err "CLOUDNS_AUTH_ID is not configured" + return 1 + fi + + if [ -z "$CLOUDNS_AUTH_PASSWORD" ]; then + _err "CLOUDNS_AUTH_PASSWORD is not configured" + return 1 + fi + + CLOUDNS_INIT_CHECK_COMPLETED=1 + + return 0 +} + +_dns_cloudns_get_zone_name() { + i=2 + while true; do + zoneForCheck=$(printf "%s" "$1" | cut -d . -f $i-100) + + if [ -z "$zoneForCheck" ]; then + # missing zone + return 1; + fi + + _debug zoneForCheck $zoneForCheck + + _dns_cloudns_http_api_call "dns/get-zone-info.json" "domain-name=$zoneForCheck" + + if ! _contains "$response" "\"status\":\"Failed\""; then + echo $zoneForCheck + return 0; + fi + + i=$(expr $i + 1) + done + return 1; +} + +_dns_cloudns_get_record_id() { + _dns_cloudns_http_api_call "dns/records.json" "domain-name=$1&host=$2&type=TXT" + if _contains "$response" "\"id\":"; then + echo $response | awk 'BEGIN { FS="\"" } {print $2}' + return 0 + fi + return 1 +} + +_dns_cloudns_http_api_call () { + method=$1 + + _debug CLOUDNS_AUTH_ID "$CLOUDNS_AUTH_ID" + _debug CLOUDNS_AUTH_PASSWORD "$CLOUDNS_AUTH_PASSWORD" + + data="auth-id=$CLOUDNS_AUTH_ID&auth-password=$CLOUDNS_AUTH_PASSWORD&$2" + + response="$(_get "$CLOUDNS_API/$method?$data")" + + _debug response "$response" + + return 1; +} \ No newline at end of file From c7257e0a3c6b4883a1ccde8dbcf4338483d26f48 Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Tue, 14 Mar 2017 14:20:58 +0200 Subject: [PATCH 16/69] Add DNS API for ClouDNS --- dnsapi/dns_cloudns.sh | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index 9b93b1ca..39d8c3a6 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -7,20 +7,20 @@ CLOUDNS_API="https://api.cloudns.net" ######## Public functions ##################### #Usage: dns_cloudns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_cloudns_add() { +dns_cloudns_add () { _info "Using cloudns" if ! _dns_cloudns_init_check; then - return 1 + return 1 fi zone="$(_dns_cloudns_get_zone_name $1)" if [ -z "$zone" ]; then - _err "Missing DNS zone at ClouDNS. Please log into your control panel and create the required DNS zone for the initial setup." - return 1 + _err "Missing DNS zone at ClouDNS. Please log into your control panel and create the required DNS zone for the initial setup." + return 1 fi - host="$(echo $1|sed "s/\.$zone\$//")" + host="$(echo $1 | sed "s/\.$zone\$//")" record=$2 record_id=$(_dns_cloudns_get_record_id "$zone" "$host") @@ -52,14 +52,14 @@ dns_cloudns_add() { } #Usage: dns_cloudns_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_cloudns_rm() { +dns_cloudns_rm () { _info "Using cloudns" if ! _dns_cloudns_init_check; then return 1 fi - if [ -z $zone]; then + if [ -z $zone ]; then zone="$(_dns_cloudns_get_zone_name $1)" if [ -z "$zone" ]; then _err "Missing DNS zone at ClouDNS. Please log into your control panel and create the required DNS zone for the initial setup." @@ -89,8 +89,8 @@ dns_cloudns_rm() { } #################### Private functions below ################################## -_dns_cloudns_init_check() { - if [ ! -z $CLOUDNS_INIT_CHECK_COMPLETED]; then +_dns_cloudns_init_check () { + if [ ! -z $CLOUDNS_INIT_CHECK_COMPLETED ]; then return 0 fi @@ -109,14 +109,13 @@ _dns_cloudns_init_check() { return 0 } -_dns_cloudns_get_zone_name() { +_dns_cloudns_get_zone_name () { i=2 while true; do zoneForCheck=$(printf "%s" "$1" | cut -d . -f $i-100) if [ -z "$zoneForCheck" ]; then - # missing zone - return 1; + return 1 fi _debug zoneForCheck $zoneForCheck @@ -125,15 +124,15 @@ _dns_cloudns_get_zone_name() { if ! _contains "$response" "\"status\":\"Failed\""; then echo $zoneForCheck - return 0; + return 0 fi i=$(expr $i + 1) done - return 1; + return 1 } -_dns_cloudns_get_record_id() { +_dns_cloudns_get_record_id () { _dns_cloudns_http_api_call "dns/records.json" "domain-name=$1&host=$2&type=TXT" if _contains "$response" "\"id\":"; then echo $response | awk 'BEGIN { FS="\"" } {print $2}' @@ -154,5 +153,5 @@ _dns_cloudns_http_api_call () { _debug response "$response" - return 1; + return 1 } \ No newline at end of file From 0dd6377fe666ded6d0919acd6e8fb8adc0d497ea Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Tue, 14 Mar 2017 14:25:50 +0200 Subject: [PATCH 17/69] Add DNS API for ClouDNS --- dnsapi/dns_cloudns.sh | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index 39d8c3a6..1726b81a 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -7,7 +7,7 @@ CLOUDNS_API="https://api.cloudns.net" ######## Public functions ##################### #Usage: dns_cloudns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_cloudns_add () { +dns_cloudns_add() { _info "Using cloudns" if ! _dns_cloudns_init_check; then @@ -20,8 +20,8 @@ dns_cloudns_add () { return 1 fi - host="$(echo $1 | sed "s/\.$zone\$//")" - record=$2 + host="$(echo "$1" | sed "s/\.$zone\$//")" + record=$2 record_id=$(_dns_cloudns_get_record_id "$zone" "$host") _debug zone "$zone" @@ -52,14 +52,14 @@ dns_cloudns_add () { } #Usage: dns_cloudns_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" -dns_cloudns_rm () { +dns_cloudns_rm() { _info "Using cloudns" if ! _dns_cloudns_init_check; then - return 1 + return 1 fi - if [ -z $zone ]; then + if [ -z "$zone" ]; then zone="$(_dns_cloudns_get_zone_name $1)" if [ -z "$zone" ]; then _err "Missing DNS zone at ClouDNS. Please log into your control panel and create the required DNS zone for the initial setup." @@ -67,8 +67,8 @@ dns_cloudns_rm () { fi fi - host="$(echo $1|sed "s/\.$zone\$//")" - record=$2 + host="$(echo "$1" | sed "s/\.$zone\$//")" + record=$2 record_id=$(_dns_cloudns_get_record_id "$zone" "$host") _debug zone "$zone" @@ -89,8 +89,8 @@ dns_cloudns_rm () { } #################### Private functions below ################################## -_dns_cloudns_init_check () { - if [ ! -z $CLOUDNS_INIT_CHECK_COMPLETED ]; then +_dns_cloudns_init_check() { + if [ ! -z "$CLOUDNS_INIT_CHECK_COMPLETED" ]; then return 0 fi @@ -109,7 +109,7 @@ _dns_cloudns_init_check () { return 0 } -_dns_cloudns_get_zone_name () { +_dns_cloudns_get_zone_name() { i=2 while true; do zoneForCheck=$(printf "%s" "$1" | cut -d . -f $i-100) @@ -123,7 +123,7 @@ _dns_cloudns_get_zone_name () { _dns_cloudns_http_api_call "dns/get-zone-info.json" "domain-name=$zoneForCheck" if ! _contains "$response" "\"status\":\"Failed\""; then - echo $zoneForCheck + echo "$zoneForCheck" return 0 fi @@ -132,16 +132,16 @@ _dns_cloudns_get_zone_name () { return 1 } -_dns_cloudns_get_record_id () { +_dns_cloudns_get_record_id() { _dns_cloudns_http_api_call "dns/records.json" "domain-name=$1&host=$2&type=TXT" if _contains "$response" "\"id\":"; then - echo $response | awk 'BEGIN { FS="\"" } {print $2}' + echo "$response" | awk 'BEGIN { FS="\"" } {print $2}' return 0 fi return 1 } -_dns_cloudns_http_api_call () { +_dns_cloudns_http_api_call() { method=$1 _debug CLOUDNS_AUTH_ID "$CLOUDNS_AUTH_ID" From a15f87ae39d33e0d35838e4dc5c810bd934fc232 Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Tue, 14 Mar 2017 14:26:57 +0200 Subject: [PATCH 18/69] Add DNS API for ClouDNS --- dnsapi/dns_cloudns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index 1726b81a..3eb10b33 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -127,7 +127,7 @@ _dns_cloudns_get_zone_name() { return 0 fi - i=$(expr $i + 1) + i=$(expr "$i" + 1) done return 1 } From 5df2ca3ef301fe8bbcf0c7e11c5ef9a1c0484aca Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Tue, 14 Mar 2017 14:38:02 +0200 Subject: [PATCH 19/69] Add DNS API for ClouDNS --- dnsapi/dns_cloudns.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index 3eb10b33..cd83619f 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -14,7 +14,7 @@ dns_cloudns_add() { return 1 fi - zone="$(_dns_cloudns_get_zone_name $1)" + zone="$(_dns_cloudns_get_zone_name "$1")" if [ -z "$zone" ]; then _err "Missing DNS zone at ClouDNS. Please log into your control panel and create the required DNS zone for the initial setup." return 1 @@ -28,7 +28,6 @@ dns_cloudns_add() { _debug host "$host" _debug record "$record" _debug record_id "$record_id" - if [ -z "$record_id" ]; then _info "Adding the TXT record for $1" @@ -60,7 +59,7 @@ dns_cloudns_rm() { fi if [ -z "$zone" ]; then - zone="$(_dns_cloudns_get_zone_name $1)" + zone="$(_dns_cloudns_get_zone_name "$1")" if [ -z "$zone" ]; then _err "Missing DNS zone at ClouDNS. Please log into your control panel and create the required DNS zone for the initial setup." return 1 @@ -118,7 +117,7 @@ _dns_cloudns_get_zone_name() { return 1 fi - _debug zoneForCheck $zoneForCheck + _debug zoneForCheck "$zoneForCheck" _dns_cloudns_http_api_call "dns/get-zone-info.json" "domain-name=$zoneForCheck" @@ -127,7 +126,7 @@ _dns_cloudns_get_zone_name() { return 0 fi - i=$(expr "$i" + 1) + i=$(($i+1)) done return 1 } From f881d6c44ff6f5043399ae3b379c158aa2ec69e8 Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Tue, 14 Mar 2017 14:40:18 +0200 Subject: [PATCH 20/69] Add DNS API for ClouDNS --- dnsapi/dns_cloudns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index cd83619f..698cc26e 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -153,4 +153,4 @@ _dns_cloudns_http_api_call() { _debug response "$response" return 1 -} \ No newline at end of file +} From 55a5da2102c2bfe9e41e2d32e7e29c7eb301e9ce Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Tue, 14 Mar 2017 14:42:51 +0200 Subject: [PATCH 21/69] Add DNS API for ClouDNS --- dnsapi/dns_cloudns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index 698cc26e..efa7ce7e 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -126,7 +126,7 @@ _dns_cloudns_get_zone_name() { return 0 fi - i=$(($i+1)) + i=$(($i + 1)) done return 1 } From 3d8598654c82128ac8e6be44f9f6127f9c778f09 Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Tue, 14 Mar 2017 14:43:43 +0200 Subject: [PATCH 22/69] Add DNS API for ClouDNS --- dnsapi/dns_cloudns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index efa7ce7e..d12db033 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -126,7 +126,7 @@ _dns_cloudns_get_zone_name() { return 0 fi - i=$(($i + 1)) + i=$((${i} + 1)) done return 1 } From ac11ba3d60534bc52478c6016e6025d4be8e93ad Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Tue, 14 Mar 2017 15:12:02 +0200 Subject: [PATCH 23/69] Add DNS API for ClouDNS --- dnsapi/dns_cloudns.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index d12db033..d000d6a2 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -28,7 +28,7 @@ dns_cloudns_add() { _debug host "$host" _debug record "$record" _debug record_id "$record_id" - + if [ -z "$record_id" ]; then _info "Adding the TXT record for $1" _dns_cloudns_http_api_call "dns/add-record.json" "domain-name=$zone&record-type=TXT&host=$host&record=$record&ttl=60" @@ -126,7 +126,7 @@ _dns_cloudns_get_zone_name() { return 0 fi - i=$((${i} + 1)) + i=$((i + 1)) done return 1 } From be972fc0b5dc13171380fe0c88ac371539d45ef9 Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Wed, 15 Mar 2017 10:00:21 +0200 Subject: [PATCH 24/69] fixes for the comments in #723 --- dnsapi/dns_cloudns.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index d000d6a2..a9615c58 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -126,7 +126,7 @@ _dns_cloudns_get_zone_name() { return 0 fi - i=$((i + 1)) + i=$(_math "$i" + 1) done return 1 } @@ -150,7 +150,7 @@ _dns_cloudns_http_api_call() { response="$(_get "$CLOUDNS_API/$method?$data")" - _debug response "$response" + _debug2 response "$response" - return 1 + return 0 } From f063dd195e44c099c0c65322049745af5cbb063a Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Wed, 15 Mar 2017 15:49:14 +0200 Subject: [PATCH 25/69] some additional fixes and removed awk --- dnsapi/dns_cloudns.sh | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index a9615c58..9f6f1679 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -77,7 +77,7 @@ dns_cloudns_rm() { if [ ! -z "$record_id" ]; then _info "Deleting the TXT record for $1" - _dns_cloudns_http_api_call "dns/delete-record.json" "domain-name=$zone&record-id=" + _dns_cloudns_http_api_call "dns/delete-record.json" "domain-name=$zone&record-id=$record_id" if ! _contains "$response" "\"status\":\"Success\""; then _err "The TXT record for $1 cannot be deleted." return 1 @@ -103,6 +103,13 @@ _dns_cloudns_init_check() { return 1 fi + _dns_cloudns_http_api_call "dns/login.json" "" + + if ! _contains "$response" "\"status\":\"Success\""; then + _err "Invalid CLOUDNS_AUTH_ID or CLOUDNS_AUTH_PASSWORD. Please check your login credentials." + return 1 + fi + CLOUDNS_INIT_CHECK_COMPLETED=1 return 0 @@ -134,7 +141,7 @@ _dns_cloudns_get_zone_name() { _dns_cloudns_get_record_id() { _dns_cloudns_http_api_call "dns/records.json" "domain-name=$1&host=$2&type=TXT" if _contains "$response" "\"id\":"; then - echo "$response" | awk 'BEGIN { FS="\"" } {print $2}' + echo "$response" | cut -d '"' -f 2 return 0 fi return 1 @@ -146,7 +153,11 @@ _dns_cloudns_http_api_call() { _debug CLOUDNS_AUTH_ID "$CLOUDNS_AUTH_ID" _debug CLOUDNS_AUTH_PASSWORD "$CLOUDNS_AUTH_PASSWORD" - data="auth-id=$CLOUDNS_AUTH_ID&auth-password=$CLOUDNS_AUTH_PASSWORD&$2" + if [ -z $2 ]; then + data="auth-id=$CLOUDNS_AUTH_ID&auth-password=$CLOUDNS_AUTH_PASSWORD" + else + data="auth-id=$CLOUDNS_AUTH_ID&auth-password=$CLOUDNS_AUTH_PASSWORD&$2" + fi response="$(_get "$CLOUDNS_API/$method?$data")" From 136d1b04b5379401ab721dc0939f9b0aa24507cb Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Wed, 15 Mar 2017 15:52:05 +0200 Subject: [PATCH 26/69] some additional fixes and removed awk --- dnsapi/dns_cloudns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index 9f6f1679..4bb2c267 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -153,7 +153,7 @@ _dns_cloudns_http_api_call() { _debug CLOUDNS_AUTH_ID "$CLOUDNS_AUTH_ID" _debug CLOUDNS_AUTH_PASSWORD "$CLOUDNS_AUTH_PASSWORD" - if [ -z $2 ]; then + if [ -z "$2" ]; then data="auth-id=$CLOUDNS_AUTH_ID&auth-password=$CLOUDNS_AUTH_PASSWORD" else data="auth-id=$CLOUDNS_AUTH_ID&auth-password=$CLOUDNS_AUTH_PASSWORD&$2" From c0b20275885437ff540c747b4f936510215a74ce Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Wed, 15 Mar 2017 15:58:04 +0200 Subject: [PATCH 27/69] add ClouDNS to the list in the main README file --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 52231d0f..1cf29746 100644 --- a/README.md +++ b/README.md @@ -309,6 +309,7 @@ You don't have to do anything manually! 1. Gandi LiveDNS API 1. Knot DNS API 1. DigitalOcean API (native) +1. ClouDNS API **More APIs coming soon...** From 819d2bc560e260e09a41b1124794f8348b899f2d Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 15 Mar 2017 22:52:57 +0800 Subject: [PATCH 28/69] fix for wget. fix https://github.com/Neilpang/acme.sh/issues/724#issuecomment-286761682 --- dnsapi/dns_aws.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 84aa28d3..d5d52de0 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -143,7 +143,7 @@ aws_rest() { CanonicalHeaders="host:$aws_host\nx-amz-date:$RequestDate\n" SignedHeaders="host;x-amz-date" if [ -n "$AWS_SESSION_TOKEN" ]; then - export _H2="x-amz-security-token: $AWS_SESSION_TOKEN" + export _H3="x-amz-security-token: $AWS_SESSION_TOKEN" CanonicalHeaders="${CanonicalHeaders}x-amz-security-token:$AWS_SESSION_TOKEN\n" SignedHeaders="${SignedHeaders};x-amz-security-token" fi @@ -204,8 +204,8 @@ aws_rest() { Authorization="$Algorithm Credential=$AWS_ACCESS_KEY_ID/$CredentialScope, SignedHeaders=$SignedHeaders, Signature=$signature" _debug2 Authorization "$Authorization" - _H3="Authorization: $Authorization" - _debug _H3 "$_H3" + _H2="Authorization: $Authorization" + _debug _H2 "$_H2" url="$AWS_URL/$ep" From 5ffca2d1383c017f07897dd8c77c34beb15153c2 Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Wed, 15 Mar 2017 17:16:54 +0200 Subject: [PATCH 29/69] Update cotnact details --- dnsapi/dns_cloudns.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dnsapi/dns_cloudns.sh b/dnsapi/dns_cloudns.sh index 4bb2c267..f48a8052 100755 --- a/dnsapi/dns_cloudns.sh +++ b/dnsapi/dns_cloudns.sh @@ -1,5 +1,8 @@ #!/usr/bin/env sh +# Author: Boyan Peychev +# Repository: https://github.com/ClouDNS/acme.sh/ + #CLOUDNS_AUTH_ID=XXXXX #CLOUDNS_AUTH_PASSWORD="YYYYYYYYY" CLOUDNS_API="https://api.cloudns.net" From 3e9478b58dda04923a2c1eeae9ad9613a04cc079 Mon Sep 17 00:00:00 2001 From: boyanpeychev Date: Wed, 15 Mar 2017 17:25:01 +0200 Subject: [PATCH 30/69] Update README information for ClouDNS --- README.md | 2 +- dnsapi/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 1cf29746..5c1ddd80 100644 --- a/README.md +++ b/README.md @@ -309,7 +309,7 @@ You don't have to do anything manually! 1. Gandi LiveDNS API 1. Knot DNS API 1. DigitalOcean API (native) -1. ClouDNS API +1. ClouDNS.net API **More APIs coming soon...** diff --git a/dnsapi/README.md b/dnsapi/README.md index 702efc1c..d419d5ed 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -407,7 +407,7 @@ Ok, let's issue a cert now: acme.sh --issue --dns dns_dgon -d example.com -d www.example.com ``` -## 21. Use ClouDNS API +## 21. Use ClouDNS.net API You need to set the HTTP API user ID and password credentials. See: https://www.cloudns.net/wiki/article/42/ From c87cd0de73f263ad2ce9892213a912b3ad691d07 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 16 Mar 2017 18:02:36 +0800 Subject: [PATCH 31/69] fix https://github.com/Neilpang/acme.sh/issues/729 https://github.com/Neilpang/acme.sh/issues/721 --- acme.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 7906aa4c..671b0d33 100755 --- a/acme.sh +++ b/acme.sh @@ -3477,7 +3477,10 @@ issue() { if [ ! "$usingApache" ]; then if webroot_owner=$(_stat "$_currentRoot"); then _debug "Changing owner/group of .well-known to $webroot_owner" - chown -R "$webroot_owner" "$_currentRoot/.well-known" + if ! _exec "chown -R \"$webroot_owner\" \"$_currentRoot/.well-known\""; then + _debug "$(cat "$_EXEC_TEMP_ERR")" + _exec_err >/dev/null 2>&1 + fi else _debug "not chaning owner/group of webroot" fi From 2aa75f034ff1730bc576737b28b8002c7100129b Mon Sep 17 00:00:00 2001 From: jtbr Date: Sun, 19 Mar 2017 16:10:09 +0100 Subject: [PATCH 32/69] Adds support for --ca-path option for using non-default curl/wget CA certs --- acme.sh | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/acme.sh b/acme.sh index 671b0d33..68a3799a 100755 --- a/acme.sh +++ b/acme.sh @@ -1479,7 +1479,9 @@ _inithttp() { _ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP " fi - if [ "$CA_BUNDLE" ]; then + if [ "$CA_PATH" ]; then + _ACME_CURL="$_ACME_CURL --capath $CA_PATH " + elif [ "$CA_BUNDLE" ]; then _ACME_CURL="$_ACME_CURL --cacert $CA_BUNDLE " fi @@ -1490,8 +1492,10 @@ _inithttp() { if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then _ACME_WGET="$_ACME_WGET -d " fi - if [ "$CA_BUNDLE" ]; then - _ACME_WGET="$_ACME_WGET --ca-certificate $CA_BUNDLE " + if [ "$CA_PATH" ]; then + _ACME_WGET="$_ACME_WGET --ca-directory=$CA_PATH " + elif [ "$CA_BUNDLE" ]; then + _ACME_WGET="$_ACME_WGET --ca-certificate=$CA_BUNDLE " fi fi @@ -3702,6 +3706,12 @@ issue() { else _clearaccountconf "CA_BUNDLE" fi + + if [ "$CA_PATH" ]; then + _saveaccountconf CA_PATH "$CA_PATH" + else + _clearaccountconf "CA_PATH" + fi if [ "$HTTPS_INSECURE" ]; then _saveaccountconf HTTPS_INSECURE "$HTTPS_INSECURE" @@ -4918,6 +4928,7 @@ _process() { _stopRenewOnError="" #_insecure="" _ca_bundle="" + _ca_path="" _nocron="" _ecc="" _csr="" @@ -5232,6 +5243,11 @@ _process() { CA_BUNDLE="$_ca_bundle" shift ;; + --ca-path) + _ca_path="$2" + CA_PATH="$_ca_path" + shift + ;; --nocron) _nocron="1" ;; From f21dd9117dc470f47668439ede249916d0a8cd2c Mon Sep 17 00:00:00 2001 From: jtbr Date: Sun, 19 Mar 2017 17:55:26 +0100 Subject: [PATCH 33/69] Handle case of busybox netstat, with no pid support --- acme.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 671b0d33..d5d9f313 100755 --- a/acme.sh +++ b/acme.sh @@ -1131,8 +1131,12 @@ _ss() { elif netstat -help 2>&1 | grep -- '-P protocol' >/dev/null; then #for solaris netstat -an -P tcp | grep "\.$_port " | grep "LISTEN" - else + elif netstat -help 2>&1 | grep "\-p" > /dev/null; then + #for full linux netstat -ntpl | grep ":$_port " + else + #for busybox (embedded linux; no pid support) + netstat -ntl 2>/dev/null | grep ":$_port " fi fi return 0 From f19f21007c081074a47baba06582d53acfd8586a Mon Sep 17 00:00:00 2001 From: jtbr Date: Mon, 20 Mar 2017 18:51:45 +0100 Subject: [PATCH 34/69] formatting --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index d5d9f313..043308e9 100755 --- a/acme.sh +++ b/acme.sh @@ -1131,7 +1131,7 @@ _ss() { elif netstat -help 2>&1 | grep -- '-P protocol' >/dev/null; then #for solaris netstat -an -P tcp | grep "\.$_port " | grep "LISTEN" - elif netstat -help 2>&1 | grep "\-p" > /dev/null; then + elif netstat -help 2>&1 | grep "\-p" >/dev/null; then #for full linux netstat -ntpl | grep ":$_port " else From 4bdab73dd51f9bad4c823ab199b5c85ff0808fe4 Mon Sep 17 00:00:00 2001 From: jtbr Date: Mon, 20 Mar 2017 18:53:08 +0100 Subject: [PATCH 35/69] formatting --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 68a3799a..67b52cfe 100755 --- a/acme.sh +++ b/acme.sh @@ -3706,7 +3706,7 @@ issue() { else _clearaccountconf "CA_BUNDLE" fi - + if [ "$CA_PATH" ]; then _saveaccountconf CA_PATH "$CA_PATH" else From 5c539af7d7645723b928389bc93da526f0dcfa60 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 22 Mar 2017 21:20:35 +0800 Subject: [PATCH 36/69] rename parameters --- README.md | 10 +++++----- acme.sh | 38 +++++++++++++++++++------------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 5c1ddd80..64609067 100644 --- a/README.md +++ b/README.md @@ -161,17 +161,17 @@ You **MUST** use this command to copy the certs to the target files, **DO NOT** **Apache** example: ```bash acme.sh --install-cert -d example.com \ ---certpath /path/to/certfile/in/apache/cert.pem \ ---keypath /path/to/keyfile/in/apache/key.pem \ ---fullchainpath /path/to/fullchain/certfile/apache/fullchain.pem \ +--cert-file /path/to/certfile/in/apache/cert.pem \ +--key-file /path/to/keyfile/in/apache/key.pem \ +--fullchain-file /path/to/fullchain/certfile/apache/fullchain.pem \ --reloadcmd "service apache2 force-reload" ``` **Nginx** example: ```bash acme.sh --install-cert -d example.com \ ---keypath /path/to/keyfile/in/nginx/key.pem \ ---fullchainpath /path/to/fullchain/nginx/cert.pem \ +--key-file /path/to/keyfile/in/nginx/key.pem \ +--fullchain-file /path/to/fullchain/nginx/cert.pem \ --reloadcmd "service nginx force-reload" ``` diff --git a/acme.sh b/acme.sh index f8a1c49d..15257687 100755 --- a/acme.sh +++ b/acme.sh @@ -4035,7 +4035,7 @@ deploy() { installcert() { _main_domain="$1" if [ -z "$_main_domain" ]; then - _usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc] [--certpath cert-file-path] [--keypath key-file-path] [--capath ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchainpath fullchain-path]" + _usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc] [--cert-file cert-file-path] [--key-file key-file-path] [--ca-file ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchain-file fullchain-path]" return 1 fi @@ -4785,10 +4785,10 @@ Parameters: These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert: - --certpath /path/to/real/cert/file After issue/renew, the cert will be copied to this path. - --keypath /path/to/real/key/file After issue/renew, the key will be copied to this path. - --capath /path/to/real/ca/file After issue/renew, the intermediate cert will be copied to this path. - --fullchainpath /path/to/fullchain/file After issue/renew, the fullchain cert will be copied to this path. + --cert-file /path/to/real/cert/file After issue/renew, the cert will be copied to this path. + --key-file /path/to/real/key/file After issue/renew, the key will be copied to this path. + --ca-file /path/to/real/ca/file After issue/renew, the intermediate cert will be copied to this path. + --fullchain-file /path/to/fullchain/file After issue/renew, the fullchain cert will be copied to this path. --reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server. @@ -4913,10 +4913,10 @@ _process() { _webroot="" _keylength="" _accountkeylength="" - _certpath="" - _keypath="" - _capath="" - _fullchainpath="" + _cert_file="" + _key_file="" + _ca_file="" + _fullchain_file="" _reloadcmd="" _password="" _accountconf="" @@ -5158,20 +5158,20 @@ _process() { shift ;; - --certpath) - _certpath="$2" + --cert-file | --certpath) + _cert_file="$2" shift ;; - --keypath) - _keypath="$2" + --key-file | --keypath) + _key_file="$2" shift ;; - --capath) - _capath="$2" + --ca-file | --capath) + _ca_file="$2" shift ;; - --fullchainpath) - _fullchainpath="$2" + --fullchain-file | --fullchainpath) + _fullchain_file="$2" shift ;; --reloadcmd | --reloadCmd) @@ -5393,7 +5393,7 @@ _process() { uninstall) uninstall "$_nocron" ;; upgrade) upgrade ;; issue) - issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" + issue "$_webroot" "$_domain" "$_altdomains" "$_keylength" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" ;; deploy) deploy "$_domain" "$_deploy_hook" "$_ecc" @@ -5405,7 +5405,7 @@ _process() { showcsr "$_csr" "$_domain" ;; installcert) - installcert "$_domain" "$_certpath" "$_keypath" "$_capath" "$_reloadcmd" "$_fullchainpath" "$_ecc" + installcert "$_domain" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_ecc" ;; renew) renew "$_domain" "$_ecc" From 13fe54c938e964caefe74a9bb46087b6fbc4121f Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 22 Mar 2017 22:58:03 +0800 Subject: [PATCH 37/69] update doc --- acme.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/acme.sh b/acme.sh index 15257687..244f72e3 100755 --- a/acme.sh +++ b/acme.sh @@ -4785,10 +4785,10 @@ Parameters: These parameters are to install the cert to nginx/apache or anyother server after issue/renew a cert: - --cert-file /path/to/real/cert/file After issue/renew, the cert will be copied to this path. - --key-file /path/to/real/key/file After issue/renew, the key will be copied to this path. - --ca-file /path/to/real/ca/file After issue/renew, the intermediate cert will be copied to this path. - --fullchain-file /path/to/fullchain/file After issue/renew, the fullchain cert will be copied to this path. + --cert-file After issue/renew, the cert will be copied to this path. + --key-file After issue/renew, the key will be copied to this path. + --ca-file After issue/renew, the intermediate cert will be copied to this path. + --fullchain-file After issue/renew, the fullchain cert will be copied to this path. --reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server. @@ -4807,6 +4807,7 @@ Parameters: --stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal. --insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted. --ca-bundle Specifices the path to the CA certificate bundle to verify api server's certificate. + --ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl. --nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically. --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR' --csr Specifies the input csr. From 4ddafb8e84cc2c647f788a58f0ba148433dfa7e3 Mon Sep 17 00:00:00 2001 From: Jason Date: Thu, 23 Mar 2017 14:14:28 -0500 Subject: [PATCH 38/69] Added Infoblox reference --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 64609067..014f0db3 100644 --- a/README.md +++ b/README.md @@ -310,6 +310,7 @@ You don't have to do anything manually! 1. Knot DNS API 1. DigitalOcean API (native) 1. ClouDNS.net API +1. Infoblox NIOS API (https://www.infoblox.com/) **More APIs coming soon...** From d03929507058c13ce81a925a77b2320fcb9bb147 Mon Sep 17 00:00:00 2001 From: Jason Date: Thu, 23 Mar 2017 14:15:17 -0500 Subject: [PATCH 39/69] Added Infoblox references --- dnsapi/README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/dnsapi/README.md b/dnsapi/README.md index d419d5ed..4543d9b4 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -421,6 +421,23 @@ Ok, let's issue a cert now: acme.sh --issue --dns dns_cloudns -d example.com -d www.example.com ``` +## 22. Use Infoblox API + +First you need to create/obtain API credentials on your Infoblox appliance. + +``` +export Infoblox_Creds="username:password" +export Infoblox_Server="ip or fqdn of infoblox appliance" +``` + +Ok, let's issue a cert now: +``` +acme.sh --issue --dns dns_infoblox -d example.com -d www.example.com +``` + +Note: This script will automatically create and delete the ephemeral txt record. +The `Infoblox_Creds` and `Infoblox_Server` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. + # Use custom API If your API is not supported yet, you can write your own DNS API. From b0561058c6a19e700d19ec9233d8d656f7cbed46 Mon Sep 17 00:00:00 2001 From: Jason Date: Thu, 23 Mar 2017 14:16:31 -0500 Subject: [PATCH 40/69] Infoblox API --- dnsapi/dns_infoblox.sh | 93 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 dnsapi/dns_infoblox.sh diff --git a/dnsapi/dns_infoblox.sh b/dnsapi/dns_infoblox.sh new file mode 100644 index 00000000..e71c90c9 --- /dev/null +++ b/dnsapi/dns_infoblox.sh @@ -0,0 +1,93 @@ +#!/usr/bin/env sh + +dns_infoblox_add() { + + ## Nothing to see here, just some housekeeping + fulldomain=$1 + txtvalue=$2 + baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue" + + _info "Using Infoblox API" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + ## Check for the credentials + if [ -z "$Infoblox_Creds" ] || [ -z "$Infoblox_Server" ]; then + Infoblox_Creds="" + Infoblox_Server="" + _err "You didn't specify the credentials or server yet (Infoblox_Creds and Infoblox_Server)." + _err "Please set them via EXPORT ([username:password] and [ip or hostname]) and try again." + return 1 + fi + + ## Save the credentials to the account file + _saveaccountconf Infoblox_Creds "$Infoblox_Creds" + _saveaccountconf Infoblox_Server "$Infoblox_Server" + + ## Base64 encode the credentials + Infoblox_CredsEncoded=$(printf "$Infoblox_Creds" | _base64) + + ## Construct the HTTP Authorization header + export _H1="Accept-Language:en-US" + export _H2="Authorization: Basic $Infoblox_CredsEncoded" + + ## Add the challenge record to the Infoblox grid member + result=$(_post "" "$baseurlnObject" "" "POST") + + ## Let's see if we get something intelligible back from the unit + if echo "$result" | egrep 'record:txt/.*:.*/default'; then + _info "Successfully created the txt record" + return 0 + else + _err "Error encountered during record addition" + _err "$result" + return 1 + fi + +} + +dns_infoblox_rm() { + + ## Nothing to see here, just some housekeeping + fulldomain=$1 + txtvalue=$2 + + _info "Using Infoblox API" + _debug fulldomain "$fulldomain" + _debug txtvalue "$txtvalue" + + ## Base64 encode the credentials + Infoblox_CredsEncoded=$(printf "$Infoblox_Creds" | _base64) + + ## Construct the HTTP Authorization header + export _H1="Accept-Language:en-US" + export _H2="Authorization: Basic $Infoblox_CredsEncoded" + + ## Does the record exist? Let's check. + baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&_return_type=xml-pretty" + result=$(_get "$baseurlnObject") + + ## Let's see if we get something intelligible back from the grid + if echo "$result" | egrep 'record:txt/.*:.*/default'; then + ## Extract the object reference + objRef=$(_egrep_o 'record:txt/.*:.*/default' <<<$result) + objRmUrl="https://$Infoblox_Server/wapi/v2.2.2/$objRef" + ## Delete them! All the stale records! + rmResult=$(_post "" "$objRmUrl" "" "DELETE") + ## Let's see if that worked + if echo "$rmResult" | egrep 'record:txt/.*:.*/default'; then + _info "Successfully deleted $objRef" + return 0 + else + _err "Error occurred during txt record delete" + _err "$rmResult" + return 1 + fi + else + _err "Record to delete didn't match an existing record" + _err "$result" + return 1 + fi +} + +#################### Private functions below ################################## From b1e4a7c61570137cf04901f3f92e3f4c8449b023 Mon Sep 17 00:00:00 2001 From: Jason Date: Thu, 23 Mar 2017 14:34:29 -0500 Subject: [PATCH 41/69] Fixed (hopefully) TravisCI errors --- dnsapi/dns_infoblox.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_infoblox.sh b/dnsapi/dns_infoblox.sh index e71c90c9..347c69e7 100644 --- a/dnsapi/dns_infoblox.sh +++ b/dnsapi/dns_infoblox.sh @@ -25,7 +25,7 @@ dns_infoblox_add() { _saveaccountconf Infoblox_Server "$Infoblox_Server" ## Base64 encode the credentials - Infoblox_CredsEncoded=$(printf "$Infoblox_Creds" | _base64) + Infoblox_CredsEncoded=$(echo -n "$Infoblox_Creds" | _base64) ## Construct the HTTP Authorization header export _H1="Accept-Language:en-US" @@ -57,7 +57,7 @@ dns_infoblox_rm() { _debug txtvalue "$txtvalue" ## Base64 encode the credentials - Infoblox_CredsEncoded=$(printf "$Infoblox_Creds" | _base64) + Infoblox_CredsEncoded=$(echo -n "$Infoblox_Creds" | _base64) ## Construct the HTTP Authorization header export _H1="Accept-Language:en-US" @@ -70,7 +70,7 @@ dns_infoblox_rm() { ## Let's see if we get something intelligible back from the grid if echo "$result" | egrep 'record:txt/.*:.*/default'; then ## Extract the object reference - objRef=$(_egrep_o 'record:txt/.*:.*/default' <<<$result) + objRef=$(_egrep_o 'record:txt/.*:.*/default' <<< $result) objRmUrl="https://$Infoblox_Server/wapi/v2.2.2/$objRef" ## Delete them! All the stale records! rmResult=$(_post "" "$objRmUrl" "" "DELETE") From 2c37d946111034eacf23b20a38a511ab131b2f3c Mon Sep 17 00:00:00 2001 From: Jason Date: Thu, 23 Mar 2017 14:40:09 -0500 Subject: [PATCH 42/69] More bs --- dnsapi/dns_infoblox.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_infoblox.sh b/dnsapi/dns_infoblox.sh index 347c69e7..975dc771 100644 --- a/dnsapi/dns_infoblox.sh +++ b/dnsapi/dns_infoblox.sh @@ -70,7 +70,7 @@ dns_infoblox_rm() { ## Let's see if we get something intelligible back from the grid if echo "$result" | egrep 'record:txt/.*:.*/default'; then ## Extract the object reference - objRef=$(_egrep_o 'record:txt/.*:.*/default' <<< $result) + objRef=$(_egrep_o 'record:txt/.*:.*/default' <<<$result) objRmUrl="https://$Infoblox_Server/wapi/v2.2.2/$objRef" ## Delete them! All the stale records! rmResult=$(_post "" "$objRmUrl" "" "DELETE") From 7dc548b4b8764f8d8f36898a9f19db1ba2adb92e Mon Sep 17 00:00:00 2001 From: Jason Date: Thu, 23 Mar 2017 15:06:37 -0500 Subject: [PATCH 43/69] MORE bs --- dnsapi/dns_infoblox.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_infoblox.sh b/dnsapi/dns_infoblox.sh index 975dc771..8b9f9370 100644 --- a/dnsapi/dns_infoblox.sh +++ b/dnsapi/dns_infoblox.sh @@ -25,7 +25,7 @@ dns_infoblox_add() { _saveaccountconf Infoblox_Server "$Infoblox_Server" ## Base64 encode the credentials - Infoblox_CredsEncoded=$(echo -n "$Infoblox_Creds" | _base64) + Infoblox_CredsEncoded=$(printf "%b" "$Infoblox_Creds" | _base64) ## Construct the HTTP Authorization header export _H1="Accept-Language:en-US" @@ -57,7 +57,7 @@ dns_infoblox_rm() { _debug txtvalue "$txtvalue" ## Base64 encode the credentials - Infoblox_CredsEncoded=$(echo -n "$Infoblox_Creds" | _base64) + Infoblox_CredsEncoded=$(printf "%b" "$Infoblox_Creds" | _base64) ## Construct the HTTP Authorization header export _H1="Accept-Language:en-US" @@ -70,7 +70,7 @@ dns_infoblox_rm() { ## Let's see if we get something intelligible back from the grid if echo "$result" | egrep 'record:txt/.*:.*/default'; then ## Extract the object reference - objRef=$(_egrep_o 'record:txt/.*:.*/default' <<<$result) + objRef=$(printf "%b" "$result" | _egrep_o 'record:txt/.*:.*/default') objRmUrl="https://$Infoblox_Server/wapi/v2.2.2/$objRef" ## Delete them! All the stale records! rmResult=$(_post "" "$objRmUrl" "" "DELETE") From 1424e8a2de3f43947045a4861f3c3f9634d19748 Mon Sep 17 00:00:00 2001 From: Jason Date: Thu, 23 Mar 2017 20:20:04 -0500 Subject: [PATCH 44/69] Added attribution --- dnsapi/dns_infoblox.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dnsapi/dns_infoblox.sh b/dnsapi/dns_infoblox.sh index 8b9f9370..3846e62e 100644 --- a/dnsapi/dns_infoblox.sh +++ b/dnsapi/dns_infoblox.sh @@ -1,5 +1,9 @@ #!/usr/bin/env sh +## Infoblox API integration by Jason Keller and Elijah Tenai +## +## Report any bugs via https://github.com/jasonkeller/acme.sh + dns_infoblox_add() { ## Nothing to see here, just some housekeeping From 8afd31902fdff51ee3ce66fe124892d8cb232b3e Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:24:26 +0000 Subject: [PATCH 45/69] spelling: application --- dnsapi/dns_ovh.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index faf5b42b..71642bd4 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -#Applcation Key +#Application Key #OVH_AK="sdfsdfsdfljlbjkljlkjsdfoiwje" # #Application Secret From 3d22708f670ebcf56325631d25ca3e769f9cf8ef Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:24:38 +0000 Subject: [PATCH 46/69] spelling: automatically --- dnsapi/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/README.md b/dnsapi/README.md index 4543d9b4..9eb77915 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -302,7 +302,7 @@ acme.sh --issue --dns dns_freedns -d example.com -d www.example.com ``` Note that you cannot use acme.sh automatic DNS validation for FreeDNS public domains or for a subdomain that -you create under a FreeDNS public domain. You must own the top level domain in order to automaitcally +you create under a FreeDNS public domain. You must own the top level domain in order to automatically validate with acme.sh at FreeDNS. ## 16. Use cyon.ch From bcbecff6f6d4fed138a63255ae344bb70610d907 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:24:52 +0000 Subject: [PATCH 47/69] spelling: certificate --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 014f0db3..7a79bed4 100644 --- a/README.md +++ b/README.md @@ -329,7 +329,7 @@ Just set the `length` parameter with a prefix `ec-`. For example: -### Single domain ECC cerfiticate +### Single domain ECC certificate ```bash acme.sh --issue -w /home/wwwroot/example.com -d example.com --keylength ec-256 From 291c97dc81aeabacd40f14eda71d98bfa3f7a112 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:25:04 +0000 Subject: [PATCH 48/69] spelling: challenge --- dnsapi/dns_freedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_freedns.sh b/dnsapi/dns_freedns.sh index f30c8958..14622ad1 100755 --- a/dnsapi/dns_freedns.sh +++ b/dnsapi/dns_freedns.sh @@ -112,7 +112,7 @@ dns_freedns_add() { # not produce accurate results as the value field is truncated # on this webpage. To get full value we would need to load # another page. However we don't really need this so long as - # there is only one TXT record for the acme chalenge subdomain. + # there is only one TXT record for the acme challenge subdomain. DNSvalue="$(echo "$line" | cut -d ',' -f 4 | sed 's/^[^"]*"//;s/".*//;s/<\/td>.*//')" if [ $found != 0 ]; then break From 9b2aa974ba57d9953a18ee218468c253770a34a0 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:25:31 +0000 Subject: [PATCH 49/69] spelling: changed --- dnsapi/dns_freedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_freedns.sh b/dnsapi/dns_freedns.sh index 14622ad1..7c1f009e 100755 --- a/dnsapi/dns_freedns.sh +++ b/dnsapi/dns_freedns.sh @@ -65,7 +65,7 @@ dns_freedns_add() { htmlpage="$(_freedns_retrieve_subdomain_page "$FREEDNS_COOKIE")" if [ "$?" != "0" ]; then if [ "$using_cached_cookies" = "true" ]; then - _err "Has your FreeDNS username and password channged? If so..." + _err "Has your FreeDNS username and password changed? If so..." _err "Please export as FREEDNS_User / FREEDNS_Password and try again." fi return 1 From b54ce3107897f60d784da78c29c8e2faf75df703 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:25:23 +0000 Subject: [PATCH 50/69] spelling: changing --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 244f72e3..bbefb6bc 100755 --- a/acme.sh +++ b/acme.sh @@ -3490,7 +3490,7 @@ issue() { _exec_err >/dev/null 2>&1 fi else - _debug "not chaning owner/group of webroot" + _debug "not changing owner/group of webroot" fi fi From 4cedbf80df52aeb39489caeb4646a9625f17ea8a Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:26:20 +0000 Subject: [PATCH 51/69] spelling: delimiter --- deploy/kong.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/kong.sh b/deploy/kong.sh index 3b9c5c79..80a4b02d 100755 --- a/deploy/kong.sh +++ b/deploy/kong.sh @@ -43,7 +43,7 @@ kong_deploy() { #Save kong url if it's succesful (First run case) _saveaccountconf KONG_URL "$KONG_URL" #Generate DEIM - delim="-----MultipartDelimeter$(date "+%s%N")" + delim="-----MultipartDelimiter$(date "+%s%N")" nl="\015\012" #Set Header _H1="Content-Type: multipart/form-data; boundary=$delim" From 506f36b26ddc0dae35a5bf11316ae0fbe53c4fda Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:26:43 +0000 Subject: [PATCH 52/69] spelling: embedded --- dnsapi/dns_pdns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_pdns.sh b/dnsapi/dns_pdns.sh index ebc02949..7d807c81 100755 --- a/dnsapi/dns_pdns.sh +++ b/dnsapi/dns_pdns.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -#PowerDNS Emdedded API +#PowerDNS Embedded API #https://doc.powerdns.com/md/httpapi/api_spec/ # #PDNS_Url="http://ns.example.com:8081" From 39f3239682b98a9ac9a83a646110dd24f7aba728 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:26:55 +0000 Subject: [PATCH 53/69] spelling: following --- dnsapi/dns_freedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_freedns.sh b/dnsapi/dns_freedns.sh index 7c1f009e..6383c589 100755 --- a/dnsapi/dns_freedns.sh +++ b/dnsapi/dns_freedns.sh @@ -10,7 +10,7 @@ # ######## Public functions ##################### -# Export FreeDNS userid and password in folowing variables... +# Export FreeDNS userid and password in following variables... # FREEDNS_User=username # FREEDNS_Password=password # login cookie is saved in acme account config file so userid / pw From d39b1082746f3b7672dfe34311704163ffbe62f1 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:27:04 +0000 Subject: [PATCH 54/69] spelling: function --- dnsapi/dns_freedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_freedns.sh b/dnsapi/dns_freedns.sh index 6383c589..aebbc68c 100755 --- a/dnsapi/dns_freedns.sh +++ b/dnsapi/dns_freedns.sh @@ -192,7 +192,7 @@ dns_freedns_rm() { # Need to read cookie from conf file again in case new value set # during login to FreeDNS when TXT record was created. - # acme.sh does not have a _readaccountconf() fuction + # acme.sh does not have a _readaccountconf() function FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")" _debug "FreeDNS login cookies: $FREEDNS_COOKIE" From 357b514bc903e2e2c8acf500f760a8c7027df3ec Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:28:04 +0000 Subject: [PATCH 55/69] spelling: lines --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index bbefb6bc..22cd412c 100755 --- a/acme.sh +++ b/acme.sh @@ -879,7 +879,7 @@ _sign() { if ! _signedECText="$($_sign_openssl | $ACME_OPENSSL_BIN asn1parse -inform DER)"; then _err "Sign failed: $_sign_openssl" _err "Key file: $keyfile" - _err "Key content:$(wc -l <"$keyfile") lises" + _err "Key content:$(wc -l <"$keyfile") lines" return 1 fi _debug3 "_signedECText" "$_signedECText" From 84a6730b1a05edd91f74cd96ad902c88b8e373b7 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:28:37 +0000 Subject: [PATCH 56/69] spelling: obtain --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 22cd412c..d686834a 100755 --- a/acme.sh +++ b/acme.sh @@ -4812,7 +4812,7 @@ Parameters: --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR' --csr Specifies the input csr. --pre-hook Command to be run before obtaining any certificates. - --post-hook Command to be run after attempting to obtain/renew certificates. No matter the obain/renew is success or failed. + --post-hook Command to be run after attempting to obtain/renew certificates. No matter the obtain/renew is success or failed. --renew-hook Command to be run once for each successfully renewed certificate. --deploy-hook The hook file to deploy cert --ocsp-must-staple, --ocsp Generate ocsp must Staple extension. From 00b34eb2a4adafde6dd338ceb03bc551b3519f73 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:28:57 +0000 Subject: [PATCH 57/69] spelling: occurred --- deploy/kong.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/kong.sh b/deploy/kong.sh index 80a4b02d..e1873f35 100755 --- a/deploy/kong.sh +++ b/deploy/kong.sh @@ -72,7 +72,7 @@ kong_deploy() { response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH") fi if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then - _err "An error occured with cert upload. Check response:" + _err "An error occurred with cert upload. Check response:" _err "$response" return 1 fi From df14085ec8ab262020c35d235d29c8aeda4e5af5 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:29:11 +0000 Subject: [PATCH 58/69] spelling: oops --- deploy/exim4.sh | 4 ++-- deploy/vsftpd.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/exim4.sh b/deploy/exim4.sh index bf92b438..573f762b 100644 --- a/deploy/exim4.sh +++ b/deploy/exim4.sh @@ -79,7 +79,7 @@ exim4_deploy() { _info "Restore conf success" eval "$_reload" else - _err "Opps, error restore exim4 conf, please report bug to us." + _err "Oops, error restore exim4 conf, please report bug to us." fi return 1 fi @@ -105,7 +105,7 @@ exim4_deploy() { _info "Restore conf success" eval "$_reload" else - _err "Opps, error restore exim4 conf, please report bug to us." + _err "Oops, error restore exim4 conf, please report bug to us." fi return 1 fi diff --git a/deploy/vsftpd.sh b/deploy/vsftpd.sh index 1c6410a6..ed44e709 100644 --- a/deploy/vsftpd.sh +++ b/deploy/vsftpd.sh @@ -76,7 +76,7 @@ vsftpd_deploy() { _info "Restore conf success" eval "$_reload" else - _err "Opps, error restore vsftpd conf, please report bug to us." + _err "Oops, error restore vsftpd conf, please report bug to us." fi return 1 fi @@ -102,7 +102,7 @@ vsftpd_deploy() { _info "Restore conf success" eval "$_reload" else - _err "Opps, error restore vsftpd conf, please report bug to us." + _err "Oops, error restore vsftpd conf, please report bug to us." fi return 1 fi From 61a48a5b9f775c1f7eaa56aefcb116881f458b85 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:29:30 +0000 Subject: [PATCH 59/69] spelling: please --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index d686834a..91919e76 100755 --- a/acme.sh +++ b/acme.sh @@ -2385,7 +2385,7 @@ _setApache() { _debug "Backup apache config file" "$httpdconf" if ! cp "$httpdconf" "$APACHE_CONF_BACKUP_DIR/"; then _err "Can not backup apache config file, so abort. Don't worry, the apache config is not changed." - _err "This might be a bug of $PROJECT_NAME , pleae report issue: $PROJECT" + _err "This might be a bug of $PROJECT_NAME , please report issue: $PROJECT" return 1 fi _info "JFYI, Config file $httpdconf is backuped to $APACHE_CONF_BACKUP_DIR/$httpdconfname" From 849bed4bef08cbf303f7a97129bea804424af3da Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:30:03 +0000 Subject: [PATCH 60/69] spelling: requires --- dnsapi/dns_dgon.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_dgon.sh b/dnsapi/dns_dgon.sh index 9ceede44..7e1f1fec 100755 --- a/dnsapi/dns_dgon.sh +++ b/dnsapi/dns_dgon.sh @@ -158,7 +158,7 @@ _get_base_domain() { export _H2="Authorization: Bearer $DO_API_KEY" _debug DO_API_KEY "$DO_API_KEY" ## get URL for the list of domains - ## havent seen this request paginated, tested with 18 domains (more requres manual requests with DO) + ## havent seen this request paginated, tested with 18 domains (more requires manual requests with DO) DOMURL="https://api.digitalocean.com/v2/domains" ## get the domain list (DO gives basically a full XFER!) From 997c517ba270727c7fa220e67a8680245c7b1b48 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:30:15 +0000 Subject: [PATCH 61/69] spelling: return --- dnsapi/dns_freedns.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_freedns.sh b/dnsapi/dns_freedns.sh index aebbc68c..6c8f95a9 100755 --- a/dnsapi/dns_freedns.sh +++ b/dnsapi/dns_freedns.sh @@ -53,7 +53,7 @@ dns_freedns_add() { i="$(_math "$i" - 1)" sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")" - # Sometimes FreeDNS does not reurn the subdomain page but rather + # Sometimes FreeDNS does not return the subdomain page but rather # returns a page regarding becoming a premium member. This usually # happens after a period of inactivity. Immediately trying again # returns the correct subdomain page. So, we will try twice to @@ -196,7 +196,7 @@ dns_freedns_rm() { FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")" _debug "FreeDNS login cookies: $FREEDNS_COOKIE" - # Sometimes FreeDNS does not reurn the subdomain page but rather + # Sometimes FreeDNS does not return the subdomain page but rather # returns a page regarding becoming a premium member. This usually # happens after a period of inactivity. Immediately trying again # returns the correct subdomain page. So, we will try twice to From 0d6ce9f97773fce4ed811e7bfe2993fde48b739f Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:30:26 +0000 Subject: [PATCH 62/69] spelling: satisfy --- dnsapi/dns_cyon.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cyon.sh b/dnsapi/dns_cyon.sh index c096d8b0..d7ad712c 100644 --- a/dnsapi/dns_cyon.sh +++ b/dnsapi/dns_cyon.sh @@ -50,7 +50,7 @@ _cyon_load_credentials() { fi if [ -z "${CY_Username}" ] || [ -z "${CY_Password}" ]; then - # Dummy entries to satify script checker. + # Dummy entries to satisfy script checker. CY_Username="" CY_Password="" CY_OTP_Secret="" From 00777a10ae38de2b3d59c94be3f9ebed098a9cd4 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:30:43 +0000 Subject: [PATCH 63/69] spelling: security --- dnsapi/dns_freedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_freedns.sh b/dnsapi/dns_freedns.sh index 6c8f95a9..77e4322c 100755 --- a/dnsapi/dns_freedns.sh +++ b/dnsapi/dns_freedns.sh @@ -341,7 +341,7 @@ _freedns_add_txt_record() { return 1 elif _contains "$htmlpage" "security code was incorrect"; then _debug "$htmlpage" - _err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested seurity code" + _err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested security code" _err "Note that you cannot use automatic DNS validation for FreeDNS public domains" return 1 fi From f3c984281c927cf37cb61a556670ffb36dd0e7a0 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:30:58 +0000 Subject: [PATCH 64/69] spelling: specified --- dnsapi/dns_gandi_livedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_gandi_livedns.sh b/dnsapi/dns_gandi_livedns.sh index 41f42980..28b8f99d 100755 --- a/dnsapi/dns_gandi_livedns.sh +++ b/dnsapi/dns_gandi_livedns.sh @@ -19,7 +19,7 @@ dns_gandi_livedns_add() { txtvalue=$2 if [ -z "$GANDI_LIVEDNS_KEY" ]; then - _err "No API key specifed for Gandi LiveDNS." + _err "No API key specified for Gandi LiveDNS." _err "Create your key and export it as GANDI_LIVEDNS_KEY" return 1 fi From 8f73e241755a3ad419245e705bcbb597e9d33c3e Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:31:12 +0000 Subject: [PATCH 65/69] spelling: specifies --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 91919e76..28c0721f 100755 --- a/acme.sh +++ b/acme.sh @@ -4806,7 +4806,7 @@ Parameters: --listraw Only used for '--list' command, list the certs in raw format. --stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal. --insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted. - --ca-bundle Specifices the path to the CA certificate bundle to verify api server's certificate. + --ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate. --ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl. --nocron Only valid for '--install' command, which means: do not install the default cron job. In this case, the certs will not be renewed automatically. --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR' From 7f32488b781b5b1910839839606c71a5e3a6f69e Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:31:35 +0000 Subject: [PATCH 66/69] spelling: subdomain --- dnsapi/dns_freedns.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_freedns.sh b/dnsapi/dns_freedns.sh index 77e4322c..272a1243 100755 --- a/dnsapi/dns_freedns.sh +++ b/dnsapi/dns_freedns.sh @@ -302,12 +302,12 @@ _freedns_retrieve_subdomain_page() { export _H2="Accept-Language:en-US" url="https://freedns.afraid.org/subdomain/" - _debug "Retrieve subdmoain page from FreeDNS" + _debug "Retrieve subdomain page from FreeDNS" htmlpage="$(_get "$url")" if [ "$?" != "0" ]; then - _err "FreeDNS retrieve subdomins failed bad RC from _get" + _err "FreeDNS retrieve subdomains failed bad RC from _get" return 1 elif [ -z "$htmlpage" ]; then _err "FreeDNS returned empty subdomain page" From f94433e504c7787b93751755f3347455c61dc629 Mon Sep 17 00:00:00 2001 From: Josh Soref Date: Sun, 26 Mar 2017 05:32:29 +0000 Subject: [PATCH 67/69] spelling: validation --- acme.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/acme.sh b/acme.sh index 28c0721f..ce5b1dbd 100755 --- a/acme.sh +++ b/acme.sh @@ -2258,16 +2258,16 @@ _initpath() { fi if [ -z "$TLS_CONF" ]; then - TLS_CONF="$DOMAIN_PATH/tls.valdation.conf" + TLS_CONF="$DOMAIN_PATH/tls.validation.conf" fi if [ -z "$TLS_CERT" ]; then - TLS_CERT="$DOMAIN_PATH/tls.valdation.cert" + TLS_CERT="$DOMAIN_PATH/tls.validation.cert" fi if [ -z "$TLS_KEY" ]; then - TLS_KEY="$DOMAIN_PATH/tls.valdation.key" + TLS_KEY="$DOMAIN_PATH/tls.validation.key" fi if [ -z "$TLS_CSR" ]; then - TLS_CSR="$DOMAIN_PATH/tls.valdation.csr" + TLS_CSR="$DOMAIN_PATH/tls.validation.csr" fi } @@ -2883,7 +2883,7 @@ _on_issue_err() { uri=$(echo "$ventry" | cut -d "$sep" -f 3) vtype=$(echo "$ventry" | cut -d "$sep" -f 4) _currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5) - __trigger_validaton "$uri" "$keyauthorization" + __trigger_validation "$uri" "$keyauthorization" done ) fi @@ -3105,7 +3105,7 @@ __get_domain_new_authz() { } #uri keyAuthorization -__trigger_validaton() { +__trigger_validation() { _debug2 "tigger domain validation." _t_url="$1" _debug2 _t_url "$_t_url" @@ -3531,7 +3531,7 @@ issue() { fi fi - if ! __trigger_validaton "$uri" "$keyauthorization"; then + if ! __trigger_validation "$uri" "$keyauthorization"; then _err "$d:Can not get challenge: $response" _clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearup From 58d4c74b0bc09e4f6480ad2845a81df8b882da61 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 29 Mar 2017 09:10:42 +0800 Subject: [PATCH 68/69] export Le_Domain for reloadcmd fix https://github.com/Neilpang/acme.sh/issues/558#issuecomment-289926193 --- acme.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/acme.sh b/acme.sh index ce5b1dbd..28344c6d 100755 --- a/acme.sh +++ b/acme.sh @@ -4134,6 +4134,7 @@ _installcert() { export CERT_KEY_PATH export CA_CERT_PATH export CERT_FULLCHAIN_PATH + export Le_Domain cd "$DOMAIN_PATH" && eval "$_reload_cmd" ); then _info "$(__green "Reload success")" From 6cf7be4b7e8899e4ca1658027af535b40485afd3 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 29 Mar 2017 09:16:22 +0800 Subject: [PATCH 69/69] fix https://github.com/Neilpang/acme.sh/issues/751 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 28344c6d..7cb36afb 100755 --- a/acme.sh +++ b/acme.sh @@ -340,7 +340,7 @@ _hasfield() { _sep="," fi - for f in $(echo "$_str" | tr ',' ' '); do + for f in $(echo "$_str" | tr "$_sep" ' '); do if [ "$f" = "$_field" ]; then _debug2 "'$_str' contains '$_field'" return 0 #contains ok