Arnaud Launay
1 year ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
143 changed files with 13437 additions and 2664 deletions
-
2.github/FUNDING.yml
-
40.github/auto-comment.yml
-
336.github/workflows/DNS.yml
-
71.github/workflows/DragonFlyBSD.yml
-
76.github/workflows/FreeBSD.yml
-
116.github/workflows/LetsEncrypt.yml
-
48.github/workflows/Linux.yml
-
60.github/workflows/MacOS.yml
-
71.github/workflows/NetBSD.yml
-
76.github/workflows/OpenBSD.yml
-
47.github/workflows/PebbleStrict.yml
-
74.github/workflows/Solaris.yml
-
103.github/workflows/Ubuntu.yml
-
78.github/workflows/Windows.yml
-
27.github/workflows/dockerhub.yml
-
19.github/workflows/issue.yml
-
30.github/workflows/pr_dns.yml
-
30.github/workflows/pr_notify.yml
-
15.github/workflows/shellcheck.yml
-
21Dockerfile
-
107README.md
-
1552acme.sh
-
92deploy/cleverreach.sh
-
98deploy/consul.sh
-
167deploy/cpanel_uapi.sh
-
16deploy/docker.sh
-
48deploy/fritzbox.sh
-
26deploy/gcore_cdn.sh
-
2deploy/gitlab.sh
-
25deploy/haproxy.sh
-
2deploy/kong.sh
-
280deploy/lighttpd.sh
-
19deploy/mailcow.sh
-
156deploy/openmediavault.sh
-
123deploy/peplink.sh
-
132deploy/proxmoxve.sh
-
4deploy/qiniu.sh
-
118deploy/routeros.sh
-
396deploy/ssh.sh
-
200deploy/synology_dsm.sh
-
223deploy/truenas.sh
-
194deploy/unifi.sh
-
131deploy/vault.sh
-
55deploy/vault_cli.sh
-
251dnsapi/dns_1984hosting.sh
-
63dnsapi/dns_acmedns.sh
-
2dnsapi/dns_acmeproxy.sh
-
150dnsapi/dns_anx.sh
-
48dnsapi/dns_arvan.sh
-
171dnsapi/dns_aurora.sh
-
40dnsapi/dns_aws.sh
-
204dnsapi/dns_azion.sh
-
62dnsapi/dns_azure.sh
-
248dnsapi/dns_bunny.sh
-
17dnsapi/dns_cf.sh
-
26dnsapi/dns_cloudns.sh
-
43dnsapi/dns_constellix.sh
-
160dnsapi/dns_cpanel.sh
-
159dnsapi/dns_curanet.sh
-
185dnsapi/dns_cx.sh
-
2dnsapi/dns_cyon.sh
-
4dnsapi/dns_ddnss.sh
-
29dnsapi/dns_desec.sh
-
5dnsapi/dns_dgon.sh
-
87dnsapi/dns_dnshome.sh
-
248dnsapi/dns_dnsservices.sh
-
2dnsapi/dns_dp.sh
-
16dnsapi/dns_dpi.sh
-
8dnsapi/dns_duckdns.sh
-
8dnsapi/dns_dynv6.sh
-
470dnsapi/dns_edgedns.sh
-
146dnsapi/dns_fornex.sh
-
2dnsapi/dns_gandi_livedns.sh
-
11dnsapi/dns_gcloud.sh
-
187dnsapi/dns_gcore.sh
-
56dnsapi/dns_gd.sh
-
177dnsapi/dns_gdnsdk.sh
-
232dnsapi/dns_geoscaling.sh
-
173dnsapi/dns_googledomains.sh
-
2dnsapi/dns_he.sh
-
327dnsapi/dns_huaweicloud.sh
-
25dnsapi/dns_infoblox.sh
-
199dnsapi/dns_infomaniak.sh
-
171dnsapi/dns_ionos.sh
-
157dnsapi/dns_ipv64.sh
-
38dnsapi/dns_ispconfig.sh
-
303dnsapi/dns_kas.sh
-
2dnsapi/dns_kinghost.sh
-
6dnsapi/dns_knot.sh
-
147dnsapi/dns_la.sh
-
4dnsapi/dns_leaseweb.sh
-
3dnsapi/dns_linode_v4.sh
-
48dnsapi/dns_loopia.sh
-
1dnsapi/dns_miab.sh
-
4dnsapi/dns_mydevil.sh
-
16dnsapi/dns_mydnsjp.sh
-
261dnsapi/dns_mythic_beasts.sh
-
16dnsapi/dns_namecheap.sh
-
2dnsapi/dns_namesilo.sh
-
59dnsapi/dns_nanelo.sh
@ -1,40 +0,0 @@ |
|||
# Comment to a new issue. |
|||
issuesOpened: > |
|||
If this is a bug report, please upgrade to the latest code and try again: |
|||
|
|||
如果有 bug, 请先更新到最新版试试: |
|||
|
|||
``` |
|||
acme.sh --upgrade |
|||
``` |
|||
|
|||
please also provide the log with `--debug 2`. |
|||
|
|||
同时请提供调试输出 `--debug 2` |
|||
|
|||
see: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh |
|||
|
|||
Without `--debug 2` log, your issue will NEVER get replied. |
|||
|
|||
没有调试输出, 你的 issue 不会得到任何解答. |
|||
|
|||
|
|||
pullRequestOpened: > |
|||
First, NEVER send a PR to `master` branch, it will NEVER be accepted. Please send to the `dev` branch instead. |
|||
|
|||
If this is a PR to support new DNS API or new notification API, please read this guide first: |
|||
https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide |
|||
|
|||
Please check the guide items one by one. |
|||
|
|||
Then add your usage here: |
|||
https://github.com/acmesh-official/acme.sh/wiki/dnsapi |
|||
|
|||
Or some other wiki pages: |
|||
|
|||
https://github.com/acmesh-official/acme.sh/wiki/deployhooks |
|||
|
|||
https://github.com/acmesh-official/acme.sh/wiki/notify |
|||
|
|||
|
|||
|
@ -0,0 +1,71 @@ |
|||
name: DragonFlyBSD |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/DragonFlyBSD.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/DragonFlyBSD.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
|
|||
jobs: |
|||
DragonFlyBSD: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: macos-12 |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/dragonflybsd-vm@v0 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' |
|||
copyback: "false" |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: | |
|||
pkg install -y curl socat |
|||
usesh: true |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
|||
|
@ -0,0 +1,76 @@ |
|||
name: FreeBSD |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/FreeBSD.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/FreeBSD.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
FreeBSD: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
ACME_USE_WGET: 1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: macos-12 |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/freebsd-vm@v0 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: pkg install -y socat curl wget |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
|||
|
@ -1,116 +0,0 @@ |
|||
name: LetsEncrypt |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '**.sh' |
|||
- '**.yml' |
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '**.sh' |
|||
- '**.yml' |
|||
|
|||
|
|||
jobs: |
|||
CheckToken: |
|||
runs-on: ubuntu-latest |
|||
outputs: |
|||
hasToken: ${{ steps.step_one.outputs.hasToken }} |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
steps: |
|||
- name: Set the value |
|||
id: step_one |
|||
run: | |
|||
if [ "$NGROK_TOKEN" ] ; then |
|||
echo "::set-output name=hasToken::true" |
|||
else |
|||
echo "::set-output name=hasToken::false" |
|||
fi |
|||
- name: Check the value |
|||
run: echo ${{ steps.step_one.outputs.hasToken }} |
|||
|
|||
Ubuntu: |
|||
runs-on: ubuntu-latest |
|||
needs: CheckToken |
|||
if: "contains(needs.CheckToken.outputs.hasToken, 'true')" |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
TEST_LOCAL: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Install tools |
|||
run: sudo apt-get install -y socat |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: cd ../acmetest && sudo --preserve-env ./letest.sh |
|||
|
|||
MacOS: |
|||
runs-on: macos-latest |
|||
needs: Ubuntu |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
TEST_LOCAL: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Install tools |
|||
run: brew update && brew install socat; |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: cd ../acmetest && sudo --preserve-env ./letest.sh |
|||
|
|||
Windows: |
|||
runs-on: windows-latest |
|||
needs: MacOS |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
TEST_LOCAL: 1 |
|||
#The 80 port is used by Windows server, we have to use a custom port, ngrok will also use this port. |
|||
Le_HTTPPort: 8888 |
|||
steps: |
|||
- name: Set git to use LF |
|||
run: | |
|||
git config --global core.autocrlf false |
|||
- uses: actions/checkout@v2 |
|||
- name: Install cygwin base packages with chocolatey |
|||
run: | |
|||
choco config get cacheLocation |
|||
choco install --no-progress cygwin |
|||
shell: cmd |
|||
- name: Install cygwin additional packages |
|||
run: | |
|||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git |
|||
shell: cmd |
|||
- name: Set ENV |
|||
run: | |
|||
echo '::set-env name=PATH::C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin' |
|||
- name: Clone acmetest |
|||
shell: cmd |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
shell: cmd |
|||
run: cd ../acmetest && bash.exe -c ./letest.sh |
|||
|
|||
FreeBSD: |
|||
runs-on: macos-latest |
|||
needs: Windows |
|||
env: |
|||
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }} |
|||
TEST_LOCAL: 1 |
|||
steps: |
|||
- uses: actions/checkout@v2 |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/freebsd-vm@v0.0.5 |
|||
with: |
|||
envs: 'NGROK_TOKEN TEST_LOCAL' |
|||
prepare: pkg install -y socat curl |
|||
usesh: true |
|||
run: | |
|||
cd ../acmetest && ./letest.sh |
|||
|
@ -0,0 +1,48 @@ |
|||
name: Linux |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Linux.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Linux.yml' |
|||
|
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
|
|||
jobs: |
|||
Linux: |
|||
strategy: |
|||
matrix: |
|||
os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:7", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"] |
|||
runs-on: ubuntu-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- name: Clone acmetest |
|||
run: | |
|||
cd .. \ |
|||
&& git clone --depth=1 https://github.com/acmesh-official/acmetest.git \ |
|||
&& cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./rundocker.sh testplat ${{ matrix.os }} |
|||
|
|||
|
|||
|
@ -0,0 +1,60 @@ |
|||
name: MacOS |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/MacOS.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/MacOS.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
MacOS: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: macos-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- name: Install tools |
|||
run: brew install socat |
|||
- name: Clone acmetest |
|||
run: | |
|||
cd .. \ |
|||
&& git clone --depth=1 https://github.com/acmesh-official/acmetest.git \ |
|||
&& cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& sudo --preserve-env ./letest.sh |
|||
|
|||
|
@ -0,0 +1,71 @@ |
|||
name: NetBSD |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/NetBSD.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/NetBSD.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
|
|||
jobs: |
|||
NetBSD: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: macos-12 |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/netbsd-vm@v0 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN' |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: | |
|||
pkg_add curl socat |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
|||
|
@ -0,0 +1,76 @@ |
|||
name: OpenBSD |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/OpenBSD.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/OpenBSD.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
OpenBSD: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
ACME_USE_WGET: 1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: macos-12 |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/openbsd-vm@v0 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: pkg_add socat curl wget |
|||
usesh: true |
|||
copyback: false |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
|||
|
@ -0,0 +1,74 @@ |
|||
name: Solaris |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Solaris.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Solaris.yml' |
|||
|
|||
|
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
jobs: |
|||
Solaris: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
ACME_USE_WGET: 1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: macos-12 |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- uses: vmactions/cf-tunnel@v0 |
|||
id: tunnel |
|||
with: |
|||
protocol: http |
|||
port: 8080 |
|||
- name: Set envs |
|||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV |
|||
- name: Clone acmetest |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- uses: vmactions/solaris-vm@v0 |
|||
with: |
|||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET' |
|||
copyback: "false" |
|||
nat: | |
|||
"8080": "80" |
|||
prepare: pkgutil -y -i socat curl wget |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& ./letest.sh |
|||
|
@ -0,0 +1,103 @@ |
|||
name: Ubuntu |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Ubuntu.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Ubuntu.yml' |
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
|
|||
jobs: |
|||
Ubuntu: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
ACME_USE_WGET: 1 |
|||
- TEST_ACME_Server: "ZeroSSL.com" |
|||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
CA_EMAIL: "githubtest@acme.sh" |
|||
TEST_PREFERRED_CHAIN: "" |
|||
- TEST_ACME_Server: "https://localhost:9000/acme/acme/directory" |
|||
CA_ECDSA: "Smallstep Intermediate CA" |
|||
CA: "Smallstep Intermediate CA" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: "" |
|||
NO_REVOKE: 1 |
|||
- TEST_ACME_Server: "https://localhost:9000/acme/acme/directory" |
|||
CA_ECDSA: "Smallstep Intermediate CA" |
|||
CA: "Smallstep Intermediate CA" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: "" |
|||
NO_REVOKE: 1 |
|||
TEST_IPCERT: 1 |
|||
TestingDomain: "172.17.0.1" |
|||
|
|||
runs-on: ubuntu-latest |
|||
env: |
|||
TEST_LOCAL: 1 |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
NO_ECC_384: ${{ matrix.NO_ECC_384 }} |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
NO_REVOKE: ${{ matrix.NO_REVOKE }} |
|||
TEST_IPCERT: ${{ matrix.TEST_IPCERT }} |
|||
TestingDomain: ${{ matrix.TestingDomain }} |
|||
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }} |
|||
steps: |
|||
- uses: actions/checkout@v3 |
|||
- name: Install tools |
|||
run: sudo apt-get install -y socat wget |
|||
- name: Start StepCA |
|||
if: ${{ matrix.TEST_ACME_Server=='https://localhost:9000/acme/acme/directory' }} |
|||
run: | |
|||
docker run --rm -d \ |
|||
-p 9000:9000 \ |
|||
-e "DOCKER_STEPCA_INIT_NAME=Smallstep" \ |
|||
-e "DOCKER_STEPCA_INIT_DNS_NAMES=localhost,$(hostname -f)" \ |
|||
-e "DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT=true" \ |
|||
-e "DOCKER_STEPCA_INIT_PASSWORD=test" \ |
|||
--name stepca \ |
|||
smallstep/step-ca:0.23.1 |
|||
|
|||
sleep 5 |
|||
docker exec stepca bash -c "echo test >test" \ |
|||
&& docker exec stepca step ca provisioner add acme --type ACME --admin-subject step --admin-password-file=/home/step/test \ |
|||
&& docker exec stepca kill -1 1 \ |
|||
&& docker exec stepca cat /home/step/certs/root_ca.crt | sudo bash -c "cat - >>/etc/ssl/certs/ca-certificates.crt" |
|||
- name: Clone acmetest |
|||
run: | |
|||
cd .. \ |
|||
&& git clone --depth=1 https://github.com/acmesh-official/acmetest.git \ |
|||
&& cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
run: | |
|||
cd ../acmetest \ |
|||
&& sudo --preserve-env ./letest.sh |
|||
|
|||
|
@ -0,0 +1,78 @@ |
|||
name: Windows |
|||
on: |
|||
push: |
|||
branches: |
|||
- '*' |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Windows.yml' |
|||
|
|||
pull_request: |
|||
branches: |
|||
- dev |
|||
paths: |
|||
- '*.sh' |
|||
- '.github/workflows/Windows.yml' |
|||
|
|||
|
|||
concurrency: |
|||
group: ${{ github.workflow }}-${{ github.ref }} |
|||
cancel-in-progress: true |
|||
|
|||
|
|||
jobs: |
|||
Windows: |
|||
strategy: |
|||
matrix: |
|||
include: |
|||
- TEST_ACME_Server: "LetsEncrypt.org_test" |
|||
CA_ECDSA: "" |
|||
CA: "" |
|||
CA_EMAIL: "" |
|||
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1 |
|||
#- TEST_ACME_Server: "ZeroSSL.com" |
|||
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA" |
|||
# CA: "ZeroSSL RSA Domain Secure Site CA" |
|||
# CA_EMAIL: "githubtest@acme.sh" |
|||
# TEST_PREFERRED_CHAIN: "" |
|||
runs-on: windows-latest |
|||
env: |
|||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }} |
|||
CA_ECDSA: ${{ matrix.CA_ECDSA }} |
|||
CA: ${{ matrix.CA }} |
|||
CA_EMAIL: ${{ matrix.CA_EMAIL }} |
|||
TEST_LOCAL: 1 |
|||
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port. |
|||
Le_HTTPPort: 8888 |
|||
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }} |
|||
steps: |
|||
- name: Set git to use LF |
|||
run: | |
|||
git config --global core.autocrlf false |
|||
- uses: actions/checkout@v3 |
|||
- name: Install cygwin base packages with chocolatey |
|||
run: | |
|||
choco config get cacheLocation |
|||
choco install --no-progress cygwin |
|||
shell: cmd |
|||
- name: Install cygwin additional packages |
|||
run: | |
|||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s https://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git,xxd |
|||
shell: cmd |
|||
- name: Set ENV |
|||
shell: cmd |
|||
run: | |
|||
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin;%PATH% >> %GITHUB_ENV% |
|||
- name: Check ENV |
|||
shell: cmd |
|||
run: | |
|||
echo "PATH=%PATH%" |
|||
- name: Clone acmetest |
|||
shell: cmd |
|||
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ |
|||
- name: Run acmetest |
|||
shell: cmd |
|||
run: cd ../acmetest && bash.exe -c ./letest.sh |
|||
|
|||
|
|||
|
@ -0,0 +1,19 @@ |
|||
name: "Update issues" |
|||
on: |
|||
issues: |
|||
types: [opened] |
|||
|
|||
jobs: |
|||
comment: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/github-script@v6 |
|||
with: |
|||
script: | |
|||
github.rest.issues.createComment({ |
|||
issue_number: context.issue.number, |
|||
owner: context.repo.owner, |
|||
repo: context.repo.repo, |
|||
body: "Please upgrade to the latest code and try again first. Maybe it's already fixed. ```acme.sh --upgrade``` If it's still not working, please provide the log with `--debug 2`, otherwise, nobody can help you." |
|||
|
|||
}) |
@ -0,0 +1,30 @@ |
|||
name: Check dns api |
|||
|
|||
on: |
|||
pull_request_target: |
|||
types: |
|||
- opened |
|||
branches: |
|||
- 'dev' |
|||
paths: |
|||
- 'dnsapi/*.sh' |
|||
|
|||
|
|||
jobs: |
|||
welcome: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/github-script@v6 |
|||
with: |
|||
script: | |
|||
await github.rest.issues.createComment({ |
|||
issue_number: context.issue.number, |
|||
owner: context.repo.owner, |
|||
repo: context.repo.repo, |
|||
body: `**Welcome** |
|||
Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test). |
|||
Then reply on this message, otherwise, your code will not be reviewed or merged. |
|||
We look forward to reviewing your Pull request shortly ✨ |
|||
` |
|||
}) |
|||
|
@ -0,0 +1,30 @@ |
|||
name: Check dns api |
|||
|
|||
on: |
|||
pull_request_target: |
|||
types: |
|||
- opened |
|||
branches: |
|||
- 'dev' |
|||
paths: |
|||
- 'notify/*.sh' |
|||
|
|||
|
|||
jobs: |
|||
welcome: |
|||
runs-on: ubuntu-latest |
|||
steps: |
|||
- uses: actions/github-script@v6 |
|||
with: |
|||
script: | |
|||
await github.rest.issues.createComment({ |
|||
issue_number: context.issue.number, |
|||
owner: context.repo.owner, |
|||
repo: context.repo.repo, |
|||
body: `**Welcome** |
|||
Please make sure you're read our [Code-of-conduct](../wiki/Code-of-conduct) and add the usage here: [notify](../wiki/notify). |
|||
Then reply on this message, otherwise, your code will not be reviewed or merged. |
|||
We look forward to reviewing your Pull request shortly ✨ |
|||
` |
|||
}) |
|||
|
1552
acme.sh
File diff suppressed because it is too large
View File
File diff suppressed because it is too large
View File
@ -0,0 +1,92 @@ |
|||
#!/usr/bin/env sh |
|||
# Here is the script to deploy the cert to your CleverReach Account using the CleverReach REST API. |
|||
# Your OAuth needs the right scope, please contact CleverReach support for that. |
|||
# |
|||
# Written by Jan-Philipp Benecke <github@bnck.me> |
|||
# Public domain, 2020 |
|||
# |
|||
# Following environment variables must be set: |
|||
# |
|||
#export DEPLOY_CLEVERREACH_CLIENT_ID=myid |
|||
#export DEPLOY_CLEVERREACH_CLIENT_SECRET=mysecret |
|||
|
|||
cleverreach_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_rest_endpoint="https://rest.cleverreach.com" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
_getdeployconf DEPLOY_CLEVERREACH_CLIENT_ID |
|||
_getdeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET |
|||
_getdeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID |
|||
|
|||
if [ -z "${DEPLOY_CLEVERREACH_CLIENT_ID}" ]; then |
|||
_err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID." |
|||
return 1 |
|||
fi |
|||
if [ -z "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" ]; then |
|||
_err "CleverReach client secret is not found, please define DEPLOY_CLEVERREACH_CLIENT_SECRET." |
|||
return 1 |
|||
fi |
|||
|
|||
_savedeployconf DEPLOY_CLEVERREACH_CLIENT_ID "${DEPLOY_CLEVERREACH_CLIENT_ID}" |
|||
_savedeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" |
|||
_savedeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" |
|||
|
|||
_info "Obtaining a CleverReach access token" |
|||
|
|||
_data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${DEPLOY_CLEVERREACH_CLIENT_ID}\", \"client_secret\": \"${DEPLOY_CLEVERREACH_CLIENT_SECRET}\"}" |
|||
_auth_result="$(_post "$_data" "$_rest_endpoint/oauth/token.php" "" "POST" "application/json")" |
|||
|
|||
_debug _data "$_data" |
|||
_debug _auth_result "$_auth_result" |
|||
|
|||
_regex=".*\"access_token\":\"\([-._0-9A-Za-z]*\)\".*$" |
|||
_debug _regex "$_regex" |
|||
_access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p") |
|||
|
|||
_debug _subclient "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" |
|||
|
|||
if [ -n "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then |
|||
_info "Obtaining token for sub-client ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" |
|||
export _H1="Authorization: Bearer ${_access_token}" |
|||
_subclient_token_result="$(_get "$_rest_endpoint/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID/token")" |
|||
_access_token=$(echo "$_subclient_token_result" | sed -n "s/\"//p") |
|||
|
|||
_debug _subclient_token_result "$_access_token" |
|||
|
|||
_info "Destroying parent token at CleverReach, as it not needed anymore" |
|||
_destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")" |
|||
_debug _destroy_result "$_destroy_result" |
|||
fi |
|||
|
|||
_info "Uploading certificate and key to CleverReach" |
|||
|
|||
_certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}" |
|||
export _H1="Authorization: Bearer ${_access_token}" |
|||
_add_cert_result="$(_post "$_certData" "$_rest_endpoint/v3/ssl" "" "POST" "application/json")" |
|||
|
|||
if [ -z "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then |
|||
_info "Destroying token at CleverReach, as it not needed anymore" |
|||
_destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")" |
|||
_debug _destroy_result "$_destroy_result" |
|||
fi |
|||
|
|||
if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then |
|||
_info "Uploaded certificate successfully" |
|||
return 0 |
|||
else |
|||
_debug _add_cert_result "$_add_cert_result" |
|||
_err "Unable to update certificate" |
|||
return 1 |
|||
fi |
|||
} |
@ -0,0 +1,98 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Here is a script to deploy cert to hashicorp consul using curl |
|||
# (https://www.consul.io/) |
|||
# |
|||
# it requires following environment variables: |
|||
# |
|||
# CONSUL_PREFIX - this contains the prefix path in consul |
|||
# CONSUL_HTTP_ADDR - consul requires this to find your consul server |
|||
# |
|||
# additionally, you need to ensure that CONSUL_HTTP_TOKEN is available |
|||
# to access the consul server |
|||
|
|||
#returns 0 means success, otherwise error. |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
consul_deploy() { |
|||
|
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
# validate required env vars |
|||
_getdeployconf CONSUL_PREFIX |
|||
if [ -z "$CONSUL_PREFIX" ]; then |
|||
_err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)" |
|||
return 1 |
|||
fi |
|||
_savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX" |
|||
|
|||
_getdeployconf CONSUL_HTTP_ADDR |
|||
if [ -z "$CONSUL_HTTP_ADDR" ]; then |
|||
_err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)" |
|||
return 1 |
|||
fi |
|||
_savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR" |
|||
|
|||
CONSUL_CMD=$(command -v consul) |
|||
|
|||
# force CLI, but the binary does not exist => error |
|||
if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then |
|||
_err "Cannot find the consul binary!" |
|||
return 1 |
|||
fi |
|||
|
|||
# use the CLI first |
|||
if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then |
|||
_info "Found consul binary, deploying with CLI" |
|||
consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX" |
|||
else |
|||
_info "Did not find consul binary, deploying with API" |
|||
consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN" |
|||
fi |
|||
} |
|||
|
|||
consul_deploy_api() { |
|||
CONSUL_HTTP_ADDR="$1" |
|||
CONSUL_PREFIX="$2" |
|||
CONSUL_HTTP_TOKEN="$3" |
|||
|
|||
URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX" |
|||
export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN" |
|||
|
|||
if [ -n "$FABIO" ]; then |
|||
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1 |
|||
_post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1 |
|||
else |
|||
_post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1 |
|||
_post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1 |
|||
_post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1 |
|||
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1 |
|||
fi |
|||
} |
|||
|
|||
consul_deploy_cli() { |
|||
CONSUL_CMD="$1" |
|||
CONSUL_PREFIX="$2" |
|||
|
|||
if [ -n "$FABIO" ]; then |
|||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1 |
|||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1 |
|||
else |
|||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1 |
|||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1 |
|||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1 |
|||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1 |
|||
fi |
|||
} |
@ -0,0 +1,280 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Script for acme.sh to deploy certificates to lighttpd |
|||
# |
|||
# The following variables can be exported: |
|||
# |
|||
# export DEPLOY_LIGHTTPD_PEM_NAME="${domain}.pem" |
|||
# |
|||
# Defines the name of the PEM file. |
|||
# Defaults to "<domain>.pem" |
|||
# |
|||
# export DEPLOY_LIGHTTPD_PEM_PATH="/etc/lighttpd" |
|||
# |
|||
# Defines location of PEM file for Lighttpd. |
|||
# Defaults to /etc/lighttpd |
|||
# |
|||
# export DEPLOY_LIGHTTPD_RELOAD="systemctl reload lighttpd" |
|||
# |
|||
# OPTIONAL: Reload command used post deploy |
|||
# This defaults to be a no-op (ie "true"). |
|||
# It is strongly recommended to set this something that makes sense |
|||
# for your distro. |
|||
# |
|||
# export DEPLOY_LIGHTTPD_ISSUER="yes" |
|||
# |
|||
# OPTIONAL: Places CA file as "${DEPLOY_LIGHTTPD_PEM}.issuer" |
|||
# Note: Required for OCSP stapling to work |
|||
# |
|||
# export DEPLOY_LIGHTTPD_BUNDLE="no" |
|||
# |
|||
# OPTIONAL: Deploy this certificate as part of a multi-cert bundle |
|||
# This adds a suffix to the certificate based on the certificate type |
|||
# eg RSA certificates will have .rsa as a suffix to the file name |
|||
# Lighttpd will load all certificates and provide one or the other |
|||
# depending on client capabilities |
|||
# Note: This functionality requires Lighttpd was compiled against |
|||
# a version of OpenSSL that supports this. |
|||
# |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
lighttpd_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
# Some defaults |
|||
DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT="/etc/lighttpd" |
|||
DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT="${_cdomain}.pem" |
|||
DEPLOY_LIGHTTPD_BUNDLE_DEFAULT="no" |
|||
DEPLOY_LIGHTTPD_ISSUER_DEFAULT="yes" |
|||
DEPLOY_LIGHTTPD_RELOAD_DEFAULT="true" |
|||
|
|||
_debug _cdomain "${_cdomain}" |
|||
_debug _ckey "${_ckey}" |
|||
_debug _ccert "${_ccert}" |
|||
_debug _cca "${_cca}" |
|||
_debug _cfullchain "${_cfullchain}" |
|||
|
|||
# PEM_PATH is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}" |
|||
_getdeployconf DEPLOY_LIGHTTPD_PEM_PATH |
|||
_debug2 DEPLOY_LIGHTTPD_PEM_PATH "${DEPLOY_LIGHTTPD_PEM_PATH}" |
|||
if [ -n "${DEPLOY_LIGHTTPD_PEM_PATH}" ]; then |
|||
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH}" |
|||
_savedomainconf Le_Deploy_lighttpd_pem_path "${Le_Deploy_lighttpd_pem_path}" |
|||
elif [ -z "${Le_Deploy_lighttpd_pem_path}" ]; then |
|||
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}" |
|||
fi |
|||
|
|||
# Ensure PEM_PATH exists |
|||
if [ -d "${Le_Deploy_lighttpd_pem_path}" ]; then |
|||
_debug "PEM_PATH ${Le_Deploy_lighttpd_pem_path} exists" |
|||
else |
|||
_err "PEM_PATH ${Le_Deploy_lighttpd_pem_path} does not exist" |
|||
return 1 |
|||
fi |
|||
|
|||
# PEM_NAME is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}" |
|||
_getdeployconf DEPLOY_LIGHTTPD_PEM_NAME |
|||
_debug2 DEPLOY_LIGHTTPD_PEM_NAME "${DEPLOY_LIGHTTPD_PEM_NAME}" |
|||
if [ -n "${DEPLOY_LIGHTTPD_PEM_NAME}" ]; then |
|||
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME}" |
|||
_savedomainconf Le_Deploy_lighttpd_pem_name "${Le_Deploy_lighttpd_pem_name}" |
|||
elif [ -z "${Le_Deploy_lighttpd_pem_name}" ]; then |
|||
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}" |
|||
fi |
|||
|
|||
# BUNDLE is optional. If not provided then assume "${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}" |
|||
_getdeployconf DEPLOY_LIGHTTPD_BUNDLE |
|||
_debug2 DEPLOY_LIGHTTPD_BUNDLE "${DEPLOY_LIGHTTPD_BUNDLE}" |
|||
if [ -n "${DEPLOY_LIGHTTPD_BUNDLE}" ]; then |
|||
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE}" |
|||
_savedomainconf Le_Deploy_lighttpd_bundle "${Le_Deploy_lighttpd_bundle}" |
|||
elif [ -z "${Le_Deploy_lighttpd_bundle}" ]; then |
|||
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}" |
|||
fi |
|||
|
|||
# ISSUER is optional. If not provided then assume "${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}" |
|||
_getdeployconf DEPLOY_LIGHTTPD_ISSUER |
|||
_debug2 DEPLOY_LIGHTTPD_ISSUER "${DEPLOY_LIGHTTPD_ISSUER}" |
|||
if [ -n "${DEPLOY_LIGHTTPD_ISSUER}" ]; then |
|||
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER}" |
|||
_savedomainconf Le_Deploy_lighttpd_issuer "${Le_Deploy_lighttpd_issuer}" |
|||
elif [ -z "${Le_Deploy_lighttpd_issuer}" ]; then |
|||
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}" |
|||
fi |
|||
|
|||
# RELOAD is optional. If not provided then assume "${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}" |
|||
_getdeployconf DEPLOY_LIGHTTPD_RELOAD |
|||
_debug2 DEPLOY_LIGHTTPD_RELOAD "${DEPLOY_LIGHTTPD_RELOAD}" |
|||
if [ -n "${DEPLOY_LIGHTTPD_RELOAD}" ]; then |
|||
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD}" |
|||
_savedomainconf Le_Deploy_lighttpd_reload "${Le_Deploy_lighttpd_reload}" |
|||
elif [ -z "${Le_Deploy_lighttpd_reload}" ]; then |
|||
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}" |
|||
fi |
|||
|
|||
# Set the suffix depending if we are creating a bundle or not |
|||
if [ "${Le_Deploy_lighttpd_bundle}" = "yes" ]; then |
|||
_info "Bundle creation requested" |
|||
# Initialise $Le_Keylength if its not already set |
|||
if [ -z "${Le_Keylength}" ]; then |
|||
Le_Keylength="" |
|||
fi |
|||
if _isEccKey "${Le_Keylength}"; then |
|||
_info "ECC key type detected" |
|||
_suffix=".ecdsa" |
|||
else |
|||
_info "RSA key type detected" |
|||
_suffix=".rsa" |
|||
fi |
|||
else |
|||
_suffix="" |
|||
fi |
|||
_debug _suffix "${_suffix}" |
|||
|
|||
# Set variables for later |
|||
_pem="${Le_Deploy_lighttpd_pem_path}/${Le_Deploy_lighttpd_pem_name}${_suffix}" |
|||
_issuer="${_pem}.issuer" |
|||
_ocsp="${_pem}.ocsp" |
|||
_reload="${Le_Deploy_lighttpd_reload}" |
|||
|
|||
_info "Deploying PEM file" |
|||
# Create a temporary PEM file |
|||
_temppem="$(_mktemp)" |
|||
_debug _temppem "${_temppem}" |
|||
cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}" |
|||
_ret="$?" |
|||
|
|||
# Check that we could create the temporary file |
|||
if [ "${_ret}" != "0" ]; then |
|||
_err "Error code ${_ret} returned during PEM file creation" |
|||
[ -f "${_temppem}" ] && rm -f "${_temppem}" |
|||
return ${_ret} |
|||
fi |
|||
|
|||
# Move PEM file into place |
|||
_info "Moving new certificate into place" |
|||
_debug _pem "${_pem}" |
|||
cat "${_temppem}" >"${_pem}" |
|||
_ret=$? |
|||
|
|||
# Clean up temp file |
|||
[ -f "${_temppem}" ] && rm -f "${_temppem}" |
|||
|
|||
# Deal with any failure of moving PEM file into place |
|||
if [ "${_ret}" != "0" ]; then |
|||
_err "Error code ${_ret} returned while moving new certificate into place" |
|||
return ${_ret} |
|||
fi |
|||
|
|||
# Update .issuer file if requested |
|||
if [ "${Le_Deploy_lighttpd_issuer}" = "yes" ]; then |
|||
_info "Updating .issuer file" |
|||
_debug _issuer "${_issuer}" |
|||
cat "${_cca}" >"${_issuer}" |
|||
_ret="$?" |
|||
|
|||
if [ "${_ret}" != "0" ]; then |
|||
_err "Error code ${_ret} returned while copying issuer/CA certificate into place" |
|||
return ${_ret} |
|||
fi |
|||
else |
|||
[ -f "${_issuer}" ] && _err "Issuer file update not requested but .issuer file exists" |
|||
fi |
|||
|
|||
# Update .ocsp file if certificate was requested with --ocsp/--ocsp-must-staple option |
|||
if [ -z "${Le_OCSP_Staple}" ]; then |
|||
Le_OCSP_Staple="0" |
|||
fi |
|||
if [ "${Le_OCSP_Staple}" = "1" ]; then |
|||
_info "Updating OCSP stapling info" |
|||
_debug _ocsp "${_ocsp}" |
|||
_info "Extracting OCSP URL" |
|||
_ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}") |
|||
_debug _ocsp_url "${_ocsp_url}" |
|||
|
|||
# Only process OCSP if URL was present |
|||
if [ "${_ocsp_url}" != "" ]; then |
|||
# Extract the hostname from the OCSP URL |
|||
_info "Extracting OCSP URL" |
|||
_ocsp_host=$(echo "${_ocsp_url}" | cut -d/ -f3) |
|||
_debug _ocsp_host "${_ocsp_host}" |
|||
|
|||
# Only process the certificate if we have a .issuer file |
|||
if [ -r "${_issuer}" ]; then |
|||
# Check if issuer cert is also a root CA cert |
|||
_subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
|||
_debug _subjectdn "${_subjectdn}" |
|||
_issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
|||
_debug _issuerdn "${_issuerdn}" |
|||
_info "Requesting OCSP response" |
|||
# If the issuer is a CA cert then our command line has "-CAfile" added |
|||
if [ "${_subjectdn}" = "${_issuerdn}" ]; then |
|||
_cafile_argument="-CAfile \"${_issuer}\"" |
|||
else |
|||
_cafile_argument="" |
|||
fi |
|||
_debug _cafile_argument "${_cafile_argument}" |
|||
# if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed |
|||
_openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2) |
|||
_debug _openssl_version "${_openssl_version}" |
|||
_openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1) |
|||
_openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2) |
|||
if [ "${_openssl_major}" -eq "1" ] && [ "${_openssl_minor}" -ge "1" ] || [ "${_openssl_major}" -ge "2" ]; then |
|||
_header_sep="=" |
|||
else |
|||
_header_sep=" " |
|||
fi |
|||
# Request the OCSP response from the issuer and store it |
|||
_openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \ |
|||
-issuer \"${_issuer}\" \ |
|||
-cert \"${_pem}\" \ |
|||
-url \"${_ocsp_url}\" \ |
|||
-header Host${_header_sep}\"${_ocsp_host}\" \ |
|||
-respout \"${_ocsp}\" \ |
|||
-verify_other \"${_issuer}\" \ |
|||
${_cafile_argument} \ |
|||
| grep -q \"${_pem}: good\"" |
|||
_debug _openssl_ocsp_cmd "${_openssl_ocsp_cmd}" |
|||
eval "${_openssl_ocsp_cmd}" |
|||
_ret=$? |
|||
else |
|||
# Non fatal: No issuer file was present so no OCSP stapling file created |
|||
_err "OCSP stapling in use but no .issuer file was present" |
|||
fi |
|||
else |
|||
# Non fatal: No OCSP url was found int the certificate |
|||
_err "OCSP update requested but no OCSP URL was found in certificate" |
|||
fi |
|||
|
|||
# Non fatal: Check return code of openssl command |
|||
if [ "${_ret}" != "0" ]; then |
|||
_err "Updating OCSP stapling failed with return code ${_ret}" |
|||
fi |
|||
else |
|||
# An OCSP file was already present but certificate did not have OCSP extension |
|||
if [ -f "${_ocsp}" ]; then |
|||
_err "OCSP was not requested but .ocsp file exists." |
|||
# Could remove the file at this step, although Lighttpd just ignores it in this case |
|||
# rm -f "${_ocsp}" || _err "Problem removing stale .ocsp file" |
|||
fi |
|||
fi |
|||
|
|||
# Reload Lighttpd |
|||
_debug _reload "${_reload}" |
|||
eval "${_reload}" |
|||
_ret=$? |
|||
if [ "${_ret}" != "0" ]; then |
|||
_err "Error code ${_ret} during reload" |
|||
return ${_ret} |
|||
else |
|||
_info "Reload successful" |
|||
fi |
|||
|
|||
return 0 |
|||
} |
@ -0,0 +1,156 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# This deploy hook is tested on OpenMediaVault 5.x. It supports both local and remote deployment. |
|||
# The way it works is that if a cert with the matching domain name is not found, it will firstly create a dummy cert to get its uuid, and then replace it with your cert. |
|||
# |
|||
# DEPLOY_OMV_WEBUI_ADMIN - This is OMV web gui admin account. Default value is admin. It's required as the user parameter (-u) for the omv-rpc command. |
|||
# DEPLOY_OMV_HOST and DEPLOY_OMV_SSH_USER are optional. They are used for remote deployment through ssh (support public key authentication only). Per design, OMV web gui admin doesn't have ssh permission, so another account is needed for ssh. |
|||
# |
|||
# returns 0 means success, otherwise error. |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
openmediavault_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
_getdeployconf DEPLOY_OMV_WEBUI_ADMIN |
|||
|
|||
if [ -z "$DEPLOY_OMV_WEBUI_ADMIN" ]; then |
|||
DEPLOY_OMV_WEBUI_ADMIN="admin" |
|||
fi |
|||
|
|||
_savedeployconf DEPLOY_OMV_WEBUI_ADMIN "$DEPLOY_OMV_WEBUI_ADMIN" |
|||
|
|||
_getdeployconf DEPLOY_OMV_HOST |
|||
_getdeployconf DEPLOY_OMV_SSH_USER |
|||
|
|||
if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then |
|||
_info "[OMV deploy-hook] Deploy certificate remotely through ssh." |
|||
_savedeployconf DEPLOY_OMV_HOST "$DEPLOY_OMV_HOST" |
|||
_savedeployconf DEPLOY_OMV_SSH_USER "$DEPLOY_OMV_SSH_USER" |
|||
else |
|||
_info "[OMV deploy-hook] Deploy certificate locally." |
|||
fi |
|||
|
|||
if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then |
|||
|
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'" |
|||
# shellcheck disable=SC2029 |
|||
_uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
|||
_debug _command "$_command" |
|||
|
|||
if [ -z "$_uuid" ]; then |
|||
_info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" |
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'" |
|||
# shellcheck disable=SC2029 |
|||
_uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
|||
_debug _command "$_command" |
|||
|
|||
if [ -z "$_uuid" ]; then |
|||
_err "[OMV deploy-hook] An error occured while creating the certificate" |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
_info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid" |
|||
_fullchain=$(jq <"$_cfullchain" -aRs .) |
|||
_key=$(jq <"$_ckey" -aRs .) |
|||
|
|||
_debug _fullchain "$_fullchain" |
|||
_debug _key "$_key" |
|||
|
|||
_info "[OMV deploy-hook] Updating key and certificate in openmediavault" |
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" |
|||
# shellcheck disable=SC2029 |
|||
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')" |
|||
# shellcheck disable=SC2029 |
|||
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
_info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)" |
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" |
|||
# shellcheck disable=SC2029 |
|||
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
_info "[OMV deploy-hook] Asking nginx to reload" |
|||
_command="nginx -s reload" |
|||
# shellcheck disable=SC2029 |
|||
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
else |
|||
|
|||
# shellcheck disable=SC2086 |
|||
_uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{"start": 0, "limit": -1}' | jq -r '.data[] | select(.name=="/CN='$_cdomain'") | .uuid') |
|||
if [ -z "$_uuid" ]; then |
|||
_info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" |
|||
# shellcheck disable=SC2086 |
|||
_uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{"cn": "test.example.com", "size": 4096, "days": 3650, "c": "", "st": "", "l": "", "o": "", "ou": "", "email": ""}' | jq -r '.uuid') |
|||
|
|||
if [ -z "$_uuid" ]; then |
|||
_err "[OMB deploy-hook] An error occured while creating the certificate" |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
_info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid" |
|||
_fullchain=$(jq <"$_cfullchain" -aRs .) |
|||
_key=$(jq <"$_ckey" -aRs .) |
|||
|
|||
_debug _fullchain "$_fullchain" |
|||
_debug _key "$_key" |
|||
|
|||
_info "[OMV deploy-hook] Updating key and certificate in openmediavault" |
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" |
|||
_result=$(eval "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')" |
|||
_result=$(eval "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
_info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)" |
|||
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" |
|||
_result=$(eval "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
_info "[OMV deploy-hook] Asking nginx to reload" |
|||
_command="nginx -s reload" |
|||
_result=$(eval "$_command") |
|||
|
|||
_debug _command "$_command" |
|||
_debug _result "$_result" |
|||
|
|||
fi |
|||
|
|||
return 0 |
|||
} |
@ -0,0 +1,123 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Script to deploy cert to Peplink Routers |
|||
# |
|||
# The following environment variables must be set: |
|||
# |
|||
# PEPLINK_Hostname - Peplink hostname |
|||
# PEPLINK_Username - Peplink username to login |
|||
# PEPLINK_Password - Peplink password to login |
|||
# |
|||
# The following environmental variables may be set if you don't like their |
|||
# default values: |
|||
# |
|||
# PEPLINK_Certtype - Certificate type to target for replacement |
|||
# defaults to "webadmin", can be one of: |
|||
# * "chub" (ContentHub) |
|||
# * "openvpn" (OpenVPN CA) |
|||
# * "portal" (Captive Portal SSL) |
|||
# * "webadmin" (Web Admin SSL) |
|||
# * "webproxy" (Proxy Root CA) |
|||
# * "wwan_ca" (Wi-Fi WAN CA) |
|||
# * "wwan_client" (Wi-Fi WAN Client) |
|||
# PEPLINK_Scheme - defaults to "https" |
|||
# PEPLINK_Port - defaults to "443" |
|||
# |
|||
#returns 0 means success, otherwise error. |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
_peplink_get_cookie_data() { |
|||
grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' |
|||
} |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
peplink_deploy() { |
|||
|
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _cfullchain "$_cfullchain" |
|||
_debug _ckey "$_ckey" |
|||
|
|||
# Get Hostname, Username and Password, but don't save until we successfully authenticate |
|||
_getdeployconf PEPLINK_Hostname |
|||
_getdeployconf PEPLINK_Username |
|||
_getdeployconf PEPLINK_Password |
|||
if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then |
|||
_err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set" |
|||
return 1 |
|||
fi |
|||
_debug2 PEPLINK_Hostname "$PEPLINK_Hostname" |
|||
_debug2 PEPLINK_Username "$PEPLINK_Username" |
|||
_secure_debug2 PEPLINK_Password "$PEPLINK_Password" |
|||
|
|||
# Optional certificate type, scheme, and port for Peplink |
|||
_getdeployconf PEPLINK_Certtype |
|||
_getdeployconf PEPLINK_Scheme |
|||
_getdeployconf PEPLINK_Port |
|||
|
|||
# Don't save the certificate type until we verify it exists and is supported |
|||
_savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme" |
|||
_savedeployconf PEPLINK_Port "$PEPLINK_Port" |
|||
|
|||
# Default vaules for certificate type, scheme, and port |
|||
[ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin" |
|||
[ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https" |
|||
[ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443" |
|||
|
|||
_debug2 PEPLINK_Certtype "$PEPLINK_Certtype" |
|||
_debug2 PEPLINK_Scheme "$PEPLINK_Scheme" |
|||
_debug2 PEPLINK_Port "$PEPLINK_Port" |
|||
|
|||
_base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port" |
|||
_debug _base_url "$_base_url" |
|||
|
|||
# Login, get the auth token from the cookie |
|||
_info "Logging into $PEPLINK_Hostname:$PEPLINK_Port" |
|||
encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)" |
|||
encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)" |
|||
response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi") |
|||
auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER") |
|||
_debug3 response "$response" |
|||
_debug auth_token "$auth_token" |
|||
|
|||
if [ -z "$auth_token" ]; then |
|||
_err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme." |
|||
_err "Check your username and password." |
|||
return 1 |
|||
fi |
|||
|
|||
_H1="Cookie: $auth_token" |
|||
export _H1 |
|||
_debug2 H1 "${_H1}" |
|||
|
|||
# Now that we know the hostnameusername and password are good, save them |
|||
_savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname" |
|||
_savedeployconf PEPLINK_Username "$PEPLINK_Username" |
|||
_savedeployconf PEPLINK_Password "$PEPLINK_Password" |
|||
|
|||
_info "Generate form POST request" |
|||
|
|||
encoded_key="$(_url_encode <"$_ckey")" |
|||
encoded_fullchain="$(_url_encode <"$_cfullchain")" |
|||
body="cert_type=$PEPLINK_Certtype&cert_uid=§ion=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain" |
|||
_debug3 body "$body" |
|||
|
|||
_info "Upload $PEPLINK_Certtype certificate to the Peplink" |
|||
|
|||
response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi") |
|||
_debug3 response "$response" |
|||
|
|||
if echo "$response" | grep 'Success' >/dev/null; then |
|||
# We've verified this certificate type is valid, so save it |
|||
_savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype" |
|||
_info "Certificate was updated" |
|||
return 0 |
|||
else |
|||
_err "Unable to update certificate, error code $response" |
|||
return 1 |
|||
fi |
|||
} |
@ -0,0 +1,132 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Deploy certificates to a proxmox virtual environment node using the API. |
|||
# |
|||
# Environment variables that can be set are: |
|||
# `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to |
|||
# _cdomain. |
|||
# `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on. |
|||
# Defaults to 8006. |
|||
# `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to. |
|||
# Defaults to the host portion of the server |
|||
# domain name. |
|||
# `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root. |
|||
# `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates |
|||
# with. Defaults to pam. |
|||
# `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the |
|||
# user account. Defaults to acme. |
|||
# `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required. |
|||
|
|||
proxmoxve_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug2 _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
# "Sane" defaults. |
|||
_getdeployconf DEPLOY_PROXMOXVE_SERVER |
|||
if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then |
|||
_target_hostname="$_cdomain" |
|||
else |
|||
_target_hostname="$DEPLOY_PROXMOXVE_SERVER" |
|||
_savedeployconf DEPLOY_PROXMOXVE_SERVER "$DEPLOY_PROXMOXVE_SERVER" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT |
|||
if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then |
|||
_target_port="8006" |
|||
else |
|||
_target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" |
|||
_savedeployconf DEPLOY_PROXMOXVE_SERVER_PORT "$DEPLOY_PROXMOXVE_SERVER_PORT" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXVE_NODE_NAME |
|||
if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then |
|||
_node_name=$(echo "$_target_hostname" | cut -d. -f1) |
|||
else |
|||
_node_name="$DEPLOY_PROXMOXVE_NODE_NAME" |
|||
_savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name" |
|||
|
|||
# Complete URL. |
|||
_target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom" |
|||
_debug TARGET_URL "$_target_url" |
|||
|
|||
# More "sane" defaults. |
|||
_getdeployconf DEPLOY_PROXMOXVE_USER |
|||
if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then |
|||
_proxmoxve_user="root" |
|||
else |
|||
_proxmoxve_user="$DEPLOY_PROXMOXVE_USER" |
|||
_savedeployconf DEPLOY_PROXMOXVE_USER "$DEPLOY_PROXMOXVE_USER" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_USER "$_proxmoxve_user" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXVE_USER_REALM |
|||
if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then |
|||
_proxmoxve_user_realm="pam" |
|||
else |
|||
_proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" |
|||
_savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALM" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME |
|||
if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then |
|||
_proxmoxve_api_token_name="acme" |
|||
else |
|||
_proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" |
|||
_savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name" |
|||
|
|||
# This is required. |
|||
_getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY |
|||
if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ]; then |
|||
_err "API key not provided." |
|||
return 1 |
|||
else |
|||
_proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" |
|||
_savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key |
|||
|
|||
# PVE API Token header value. Used in "Authorization: PVEAPIToken". |
|||
_proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" |
|||
_debug2 "Auth Header" _proxmoxve_header_api_token |
|||
|
|||
# Ugly. I hate putting heredocs inside functions because heredocs don't |
|||
# account for whitespace correctly but it _does_ work and is several times |
|||
# cleaner than anything else I had here. |
|||
# |
|||
# This dumps the json payload to a variable that should be passable to the |
|||
# _psot function. |
|||
_json_payload=$( |
|||
cat <<HEREDOC |
|||
{ |
|||
"certificates": "$(tr '\n' ':' <"$_cfullchain" | sed 's/:/\\n/g')", |
|||
"key": "$(tr '\n' ':' <"$_ckey" | sed 's/:/\\n/g')", |
|||
"node":"$_node_name", |
|||
"restart":"1", |
|||
"force":"1" |
|||
} |
|||
HEREDOC |
|||
) |
|||
_debug2 Payload "$_json_payload" |
|||
|
|||
# Push certificates to server. |
|||
export _HTTPS_INSECURE=1 |
|||
export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" |
|||
_post "$_json_payload" "$_target_url" "" POST "application/json" |
|||
|
|||
} |
@ -0,0 +1,223 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Here is a scipt to deploy the cert to your TrueNAS using the REST API. |
|||
# https://www.truenas.com/docs/hub/additional-topics/api/rest_api.html |
|||
# |
|||
# Written by Frank Plass github@f-plass.de |
|||
# https://github.com/danb35/deploy-freenas/blob/master/deploy_freenas.py |
|||
# Thanks to danb35 for your template! |
|||
# |
|||
# Following environment variables must be set: |
|||
# |
|||
# export DEPLOY_TRUENAS_APIKEY="<API_KEY_GENERATED_IN_THE_WEB_UI" |
|||
# |
|||
# The following environmental variables may be set if you don't like their |
|||
# default values: |
|||
# |
|||
# DEPLOY_TRUENAS_HOSTNAME - defaults to localhost |
|||
# DEPLOY_TRUENAS_SCHEME - defaults to http, set alternatively to https |
|||
# |
|||
#returns 0 means success, otherwise error. |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
truenas_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
_getdeployconf DEPLOY_TRUENAS_APIKEY |
|||
|
|||
if [ -z "$DEPLOY_TRUENAS_APIKEY" ]; then |
|||
_err "TrueNAS API key not found, please set the DEPLOY_TRUENAS_APIKEY environment variable." |
|||
return 1 |
|||
fi |
|||
_secure_debug2 DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY" |
|||
|
|||
# Optional hostname, scheme for TrueNAS |
|||
_getdeployconf DEPLOY_TRUENAS_HOSTNAME |
|||
_getdeployconf DEPLOY_TRUENAS_SCHEME |
|||
|
|||
# default values for hostname and scheme |
|||
[ -n "${DEPLOY_TRUENAS_HOSTNAME}" ] || DEPLOY_TRUENAS_HOSTNAME="localhost" |
|||
[ -n "${DEPLOY_TRUENAS_SCHEME}" ] || DEPLOY_TRUENAS_SCHEME="http" |
|||
|
|||
_debug2 DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME" |
|||
_debug2 DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" |
|||
|
|||
_api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0" |
|||
_debug _api_url "$_api_url" |
|||
|
|||
_H1="Authorization: Bearer $DEPLOY_TRUENAS_APIKEY" |
|||
_secure_debug3 _H1 "$_H1" |
|||
|
|||
_info "Testing Connection TrueNAS" |
|||
_response=$(_get "$_api_url/system/state") |
|||
_info "TrueNAS system state: $_response." |
|||
|
|||
if [ -z "$_response" ]; then |
|||
_err "Unable to authenticate to $_api_url." |
|||
_err 'Check your connection settings are correct, e.g.' |
|||
_err 'DEPLOY_TRUENAS_HOSTNAME="192.168.x.y" or DEPLOY_TRUENAS_HOSTNAME="truenas.example.com".' |
|||
_err 'DEPLOY_TRUENAS_SCHEME="https" or DEPLOY_TRUENAS_SCHEME="http".' |
|||
_err "Verify your TrueNAS API key is valid and set correctly, e.g. DEPLOY_TRUENAS_APIKEY=xxxx...." |
|||
return 1 |
|||
fi |
|||
|
|||
_savedeployconf DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY" |
|||
_savedeployconf DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME" |
|||
_savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" |
|||
|
|||
_info "Getting current active certificate from TrueNAS" |
|||
_response=$(_get "$_api_url/system/general") |
|||
_active_cert_id=$(echo "$_response" | grep -B2 '"name":' | grep 'id' | tr -d -- '"id: ,') |
|||
_active_cert_name=$(echo "$_response" | grep '"name":' | sed -n 's/.*: "\(.\{1,\}\)",$/\1/p') |
|||
_param_httpsredirect=$(echo "$_response" | grep '"ui_httpsredirect":' | sed -n 's/.*": \(.\{1,\}\),$/\1/p') |
|||
_debug Active_UI_Certificate_ID "$_active_cert_id" |
|||
_debug Active_UI_Certificate_Name "$_active_cert_name" |
|||
_debug Active_UI_http_redirect "$_param_httpsredirect" |
|||
|
|||
if [ "$DEPLOY_TRUENAS_SCHEME" = "http" ] && [ "$_param_httpsredirect" = "true" ]; then |
|||
_info "HTTP->HTTPS redirection is enabled" |
|||
_info "Setting DEPLOY_TRUENAS_SCHEME to 'https'" |
|||
DEPLOY_TRUENAS_SCHEME="https" |
|||
_api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0" |
|||
_savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME" |
|||
fi |
|||
|
|||
_info "Uploading new certificate to TrueNAS" |
|||
_certname="Letsencrypt_$(_utc_date | tr ' ' '_' | tr -d -- ':')" |
|||
_debug3 _certname "$_certname" |
|||
|
|||
_certData="{\"create_type\": \"CERTIFICATE_CREATE_IMPORTED\", \"name\": \"${_certname}\", \"certificate\": \"$(_json_encode <"$_cfullchain")\", \"privatekey\": \"$(_json_encode <"$_ckey")\"}" |
|||
_add_cert_result="$(_post "$_certData" "$_api_url/certificate" "" "POST" "application/json")" |
|||
|
|||
_debug3 _add_cert_result "$_add_cert_result" |
|||
|
|||
_info "Fetching list of installed certificates" |
|||
_cert_list=$(_get "$_api_url/system/general/ui_certificate_choices") |
|||
_cert_id=$(echo "$_cert_list" | grep "$_certname" | sed -n 's/.*"\([0-9]\{1,\}\)".*$/\1/p') |
|||
|
|||
_debug3 _cert_id "$_cert_id" |
|||
|
|||
_info "Current activate certificate ID: $_cert_id" |
|||
_activateData="{\"ui_certificate\": \"${_cert_id}\"}" |
|||
_activate_result="$(_post "$_activateData" "$_api_url/system/general" "" "PUT" "application/json")" |
|||
|
|||
_debug3 _activate_result "$_activate_result" |
|||
|
|||
_info "Checking if WebDAV certificate is the same as the TrueNAS web UI" |
|||
_webdav_list=$(_get "$_api_url/webdav") |
|||
_webdav_cert_id=$(echo "$_webdav_list" | grep '"certssl":' | tr -d -- '"certsl: ,') |
|||
|
|||
if [ "$_webdav_cert_id" = "$_active_cert_id" ]; then |
|||
_info "Updating the WebDAV certificate" |
|||
_debug _webdav_cert_id "$_webdav_cert_id" |
|||
_webdav_data="{\"certssl\": \"${_cert_id}\"}" |
|||
_activate_webdav_cert="$(_post "$_webdav_data" "$_api_url/webdav" "" "PUT" "application/json")" |
|||
_webdav_new_cert_id=$(echo "$_activate_webdav_cert" | _json_decode | grep '"certssl":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') |
|||
if [ "$_webdav_new_cert_id" -eq "$_cert_id" ]; then |
|||
_info "WebDAV certificate updated successfully" |
|||
else |
|||
_err "Unable to set WebDAV certificate" |
|||
_debug3 _activate_webdav_cert "$_activate_webdav_cert" |
|||
_debug3 _webdav_new_cert_id "$_webdav_new_cert_id" |
|||
return 1 |
|||
fi |
|||
_debug3 _webdav_new_cert_id "$_webdav_new_cert_id" |
|||
else |
|||
_info "WebDAV certificate is not configured or is not the same as TrueNAS web UI" |
|||
fi |
|||
|
|||
_info "Checking if FTP certificate is the same as the TrueNAS web UI" |
|||
_ftp_list=$(_get "$_api_url/ftp") |
|||
_ftp_cert_id=$(echo "$_ftp_list" | grep '"ssltls_certificate":' | tr -d -- '"certislfa:_ ,') |
|||
|
|||
if [ "$_ftp_cert_id" = "$_active_cert_id" ]; then |
|||
_info "Updating the FTP certificate" |
|||
_debug _ftp_cert_id "$_ftp_cert_id" |
|||
_ftp_data="{\"ssltls_certificate\": \"${_cert_id}\"}" |
|||
_activate_ftp_cert="$(_post "$_ftp_data" "$_api_url/ftp" "" "PUT" "application/json")" |
|||
_ftp_new_cert_id=$(echo "$_activate_ftp_cert" | _json_decode | grep '"ssltls_certificate":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') |
|||
if [ "$_ftp_new_cert_id" -eq "$_cert_id" ]; then |
|||
_info "FTP certificate updated successfully" |
|||
else |
|||
_err "Unable to set FTP certificate" |
|||
_debug3 _activate_ftp_cert "$_activate_ftp_cert" |
|||
_debug3 _ftp_new_cert_id "$_ftp_new_cert_id" |
|||
return 1 |
|||
fi |
|||
_debug3 _activate_ftp_cert "$_activate_ftp_cert" |
|||
else |
|||
_info "FTP certificate is not configured or is not the same as TrueNAS web UI" |
|||
fi |
|||
|
|||
_info "Checking if S3 certificate is the same as the TrueNAS web UI" |
|||
_s3_list=$(_get "$_api_url/s3") |
|||
_s3_cert_id=$(echo "$_s3_list" | grep '"certificate":' | tr -d -- '"certifa:_ ,') |
|||
|
|||
if [ "$_s3_cert_id" = "$_active_cert_id" ]; then |
|||
_info "Updating the S3 certificate" |
|||
_debug _s3_cert_id "$_s3_cert_id" |
|||
_s3_data="{\"certificate\": \"${_cert_id}\"}" |
|||
_activate_s3_cert="$(_post "$_s3_data" "$_api_url/s3" "" "PUT" "application/json")" |
|||
_s3_new_cert_id=$(echo "$_activate_s3_cert" | _json_decode | grep '"certificate":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p') |
|||
if [ "$_s3_new_cert_id" -eq "$_cert_id" ]; then |
|||
_info "S3 certificate updated successfully" |
|||
else |
|||
_err "Unable to set S3 certificate" |
|||
_debug3 _activate_s3_cert "$_activate_s3_cert" |
|||
_debug3 _s3_new_cert_id "$_s3_new_cert_id" |
|||
return 1 |
|||
fi |
|||
_debug3 _activate_s3_cert "$_activate_s3_cert" |
|||
else |
|||
_info "S3 certificate is not configured or is not the same as TrueNAS web UI" |
|||
fi |
|||
|
|||
_info "Checking if any chart release Apps is using the same certificate as TrueNAS web UI. Tool 'jq' is required" |
|||
if _exists jq; then |
|||
_info "Query all chart release" |
|||
_release_list=$(_get "$_api_url/chart/release") |
|||
_related_name_list=$(printf "%s" "$_release_list" | jq -r "[.[] | {name,certId: .config.ingress?.main.tls[]?.scaleCert} | select(.certId==$_active_cert_id) | .name ] | unique") |
|||
_release_length=$(printf "%s" "$_related_name_list" | jq -r "length") |
|||
_info "Found $_release_length related chart release in list: $_related_name_list" |
|||
for i in $(seq 0 $((_release_length - 1))); do |
|||
_release_name=$(echo "$_related_name_list" | jq -r ".[$i]") |
|||
_info "Updating certificate from $_active_cert_id to $_cert_id for chart release: $_release_name" |
|||
#Read the chart release configuration |
|||
_chart_config=$(printf "%s" "$_release_list" | jq -r ".[] | select(.name==\"$_release_name\")") |
|||
#Replace the old certificate id with the new one in path .config.ingress.main.tls[].scaleCert. Then update .config.ingress |
|||
_updated_chart_config=$(printf "%s" "$_chart_config" | jq "(.config.ingress?.main.tls[]? | select(.scaleCert==$_active_cert_id) | .scaleCert ) |= $_cert_id | .config.ingress ") |
|||
_update_chart_result="$(_post "{\"values\" : { \"ingress\" : $_updated_chart_config } }" "$_api_url/chart/release/id/$_release_name" "" "PUT" "application/json")" |
|||
_debug3 _update_chart_result "$_update_chart_result" |
|||
done |
|||
else |
|||
_info "Tool 'jq' does not exists, skip chart release checking" |
|||
fi |
|||
|
|||
_info "Deleting old certificate" |
|||
_delete_result="$(_post "" "$_api_url/certificate/id/$_active_cert_id" "" "DELETE" "application/json")" |
|||
|
|||
_debug3 _delete_result "$_delete_result" |
|||
|
|||
_info "Reloading TrueNAS web UI" |
|||
_restart_UI=$(_get "$_api_url/system/general/ui_restart") |
|||
_debug2 _restart_UI "$_restart_UI" |
|||
|
|||
if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ]; then |
|||
return 0 |
|||
else |
|||
_err "Certificate update was not succesful, please try again with --debug" |
|||
return 1 |
|||
fi |
|||
} |
@ -0,0 +1,131 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Here is a script to deploy cert to hashicorp vault using curl |
|||
# (https://www.vaultproject.io/) |
|||
# |
|||
# it requires following environment variables: |
|||
# |
|||
# VAULT_PREFIX - this contains the prefix path in vault |
|||
# VAULT_ADDR - vault requires this to find your vault server |
|||
# VAULT_SAVE_TOKEN - set to anything if you want to save the token |
|||
# VAULT_RENEW_TOKEN - set to anything if you want to renew the token to default TTL before deploying |
|||
# VAULT_KV_V2 - set to anything if you are using v2 of the kv engine |
|||
# |
|||
# additionally, you need to ensure that VAULT_TOKEN is avialable |
|||
# to access the vault server |
|||
|
|||
#returns 0 means success, otherwise error. |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
vault_deploy() { |
|||
|
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
# validate required env vars |
|||
_getdeployconf VAULT_PREFIX |
|||
if [ -z "$VAULT_PREFIX" ]; then |
|||
_err "VAULT_PREFIX needs to be defined (contains prefix path in vault)" |
|||
return 1 |
|||
fi |
|||
_savedeployconf VAULT_PREFIX "$VAULT_PREFIX" |
|||
|
|||
_getdeployconf VAULT_ADDR |
|||
if [ -z "$VAULT_ADDR" ]; then |
|||
_err "VAULT_ADDR needs to be defined (contains vault connection address)" |
|||
return 1 |
|||
fi |
|||
_savedeployconf VAULT_ADDR "$VAULT_ADDR" |
|||
|
|||
_getdeployconf VAULT_SAVE_TOKEN |
|||
_savedeployconf VAULT_SAVE_TOKEN "$VAULT_SAVE_TOKEN" |
|||
|
|||
_getdeployconf VAULT_RENEW_TOKEN |
|||
_savedeployconf VAULT_RENEW_TOKEN "$VAULT_RENEW_TOKEN" |
|||
|
|||
_getdeployconf VAULT_KV_V2 |
|||
_savedeployconf VAULT_KV_V2 "$VAULT_KV_V2" |
|||
|
|||
_getdeployconf VAULT_TOKEN |
|||
if [ -z "$VAULT_TOKEN" ]; then |
|||
_err "VAULT_TOKEN needs to be defined" |
|||
return 1 |
|||
fi |
|||
if [ -n "$VAULT_SAVE_TOKEN" ]; then |
|||
_savedeployconf VAULT_TOKEN "$VAULT_TOKEN" |
|||
fi |
|||
|
|||
_migratedeployconf FABIO VAULT_FABIO_MODE |
|||
|
|||
# JSON does not allow multiline strings. |
|||
# So replacing new-lines with "\n" here |
|||
_ckey=$(sed -z 's/\n/\\n/g' <"$2") |
|||
_ccert=$(sed -z 's/\n/\\n/g' <"$3") |
|||
_cca=$(sed -z 's/\n/\\n/g' <"$4") |
|||
_cfullchain=$(sed -z 's/\n/\\n/g' <"$5") |
|||
|
|||
export _H1="X-Vault-Token: $VAULT_TOKEN" |
|||
|
|||
if [ -n "$VAULT_RENEW_TOKEN" ]; then |
|||
URL="$VAULT_ADDR/v1/auth/token/renew-self" |
|||
_info "Renew the Vault token to default TTL" |
|||
if ! _post "" "$URL" >/dev/null; then |
|||
_err "Failed to renew the Vault token" |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
URL="$VAULT_ADDR/v1/$VAULT_PREFIX/$_cdomain" |
|||
|
|||
if [ -n "$VAULT_FABIO_MODE" ]; then |
|||
_info "Writing certificate and key to $URL in Fabio mode" |
|||
if [ -n "$VAULT_KV_V2" ]; then |
|||
_post "{ \"data\": {\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"} }" "$URL" >/dev/null || return 1 |
|||
else |
|||
_post "{\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"}" "$URL" >/dev/null || return 1 |
|||
fi |
|||
else |
|||
if [ -n "$VAULT_KV_V2" ]; then |
|||
_info "Writing certificate to $URL/cert.pem" |
|||
_post "{\"data\": {\"value\": \"$_ccert\"}}" "$URL/cert.pem" >/dev/null || return 1 |
|||
_info "Writing key to $URL/cert.key" |
|||
_post "{\"data\": {\"value\": \"$_ckey\"}}" "$URL/cert.key" >/dev/null || return 1 |
|||
_info "Writing CA certificate to $URL/ca.pem" |
|||
_post "{\"data\": {\"value\": \"$_cca\"}}" "$URL/ca.pem" >/dev/null || return 1 |
|||
_info "Writing full-chain certificate to $URL/fullchain.pem" |
|||
_post "{\"data\": {\"value\": \"$_cfullchain\"}}" "$URL/fullchain.pem" >/dev/null || return 1 |
|||
else |
|||
_info "Writing certificate to $URL/cert.pem" |
|||
_post "{\"value\": \"$_ccert\"}" "$URL/cert.pem" >/dev/null || return 1 |
|||
_info "Writing key to $URL/cert.key" |
|||
_post "{\"value\": \"$_ckey\"}" "$URL/cert.key" >/dev/null || return 1 |
|||
_info "Writing CA certificate to $URL/ca.pem" |
|||
_post "{\"value\": \"$_cca\"}" "$URL/ca.pem" >/dev/null || return 1 |
|||
_info "Writing full-chain certificate to $URL/fullchain.pem" |
|||
_post "{\"value\": \"$_cfullchain\"}" "$URL/fullchain.pem" >/dev/null || return 1 |
|||
fi |
|||
|
|||
# To make it compatible with the wrong ca path `chain.pem` which was used in former versions |
|||
if _contains "$(_get "$URL/chain.pem")" "-----BEGIN CERTIFICATE-----"; then |
|||
_err "The CA certificate has moved from chain.pem to ca.pem, if you don't depend on chain.pem anymore, you can delete it to avoid this warning" |
|||
_info "Updating CA certificate to $URL/chain.pem for backward compatibility" |
|||
if [ -n "$VAULT_KV_V2" ]; then |
|||
_post "{\"data\": {\"value\": \"$_cca\"}}" "$URL/chain.pem" >/dev/null || return 1 |
|||
else |
|||
_post "{\"value\": \"$_cca\"}" "$URL/chain.pem" >/dev/null || return 1 |
|||
fi |
|||
fi |
|||
fi |
|||
|
|||
} |
@ -0,0 +1,150 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Anexia CloudDNS acme.sh hook |
|||
# Author: MA |
|||
|
|||
#ANX_Token="xxxx" |
|||
|
|||
ANX_API='https://engine.anexia-it.com/api/clouddns/v1' |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
dns_anx_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Using ANX CDNS API" |
|||
|
|||
ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
if [ "$ANX_Token" ]; then |
|||
_saveaccountconf_mutable ANX_Token "$ANX_Token" |
|||
else |
|||
_err "You didn't specify a ANEXIA Engine API token." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
# Always add records, wildcard need two records with the same name |
|||
_anx_rest POST "zone.json/${_domain}/records" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"rdata\":\"$txtvalue\"}" |
|||
if _contains "$response" "$txtvalue"; then |
|||
return 0 |
|||
else |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
dns_anx_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Using ANX CDNS API" |
|||
|
|||
ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}" |
|||
|
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_get_record_id |
|||
|
|||
if _is_uuid "$_record_id"; then |
|||
if ! _anx_rest DELETE "zone.json/${_domain}/records/$_record_id"; then |
|||
_err "Delete record" |
|||
return 1 |
|||
fi |
|||
else |
|||
_info "No record found." |
|||
fi |
|||
echo "$response" | tr -d " " | grep \"status\":\"OK\" >/dev/null |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_is_uuid() { |
|||
pattern='^\{?[A-Z0-9a-z]{8}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{12}\}?$' |
|||
if echo "$1" | _egrep_o "$pattern" >/dev/null; then |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
_get_record_id() { |
|||
_debug subdomain "$_sub_domain" |
|||
_debug domain "$_domain" |
|||
|
|||
if _anx_rest GET "zone.json/${_domain}/records?name=$_sub_domain&type=TXT"; then |
|||
_debug response "$response" |
|||
if _contains "$response" "\"name\":\"$_sub_domain\"" >/dev/null; then |
|||
_record_id=$(printf "%s\n" "$response" | _egrep_o "\[.\"identifier\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \") |
|||
else |
|||
_record_id='' |
|||
fi |
|||
else |
|||
_err "Search existing record" |
|||
fi |
|||
} |
|||
|
|||
_anx_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Authorization: Token $ANX_Token" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "${ANX_API}/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "${ANX_API}/$ep")" |
|||
fi |
|||
|
|||
# shellcheck disable=SC2181 |
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
_anx_rest GET "zone.json" |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"name\":\"$h\""; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
|
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
@ -0,0 +1,171 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# |
|||
#AURORA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" |
|||
# |
|||
#AURORA_Secret="sdfsdfsdfljlbjkljlkjsdfoiwje" |
|||
|
|||
AURORA_Api="https://api.auroradns.eu" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_aurora_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
AURORA_Key="${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}" |
|||
AURORA_Secret="${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}" |
|||
|
|||
if [ -z "$AURORA_Key" ] || [ -z "$AURORA_Secret" ]; then |
|||
AURORA_Key="" |
|||
AURORA_Secret="" |
|||
_err "You didn't specify an Aurora api key and secret yet." |
|||
_err "You can get yours from here https://cp.pcextreme.nl/auroradns/users." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api key and secret to the account conf file. |
|||
_saveaccountconf_mutable AURORA_Key "$AURORA_Key" |
|||
_saveaccountconf_mutable AURORA_Secret "$AURORA_Secret" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_info "Adding record" |
|||
if _aurora_rest POST "zones/$_domain_id/records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":300}"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "Added, OK" |
|||
return 0 |
|||
elif _contains "$response" "RecordExistsError"; then |
|||
_info "Already exists, OK" |
|||
return 0 |
|||
else |
|||
_err "Add txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
return 1 |
|||
|
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_aurora_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
AURORA_Key="${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}" |
|||
AURORA_Secret="${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting records" |
|||
_aurora_rest GET "zones/${_domain_id}/records" |
|||
|
|||
if ! _contains "$response" "$txtvalue"; then |
|||
_info "Don't need to remove." |
|||
else |
|||
records=$(echo "$response" | _normalizeJson | tr -d "[]" | sed "s/},{/}|{/g" | tr "|" "\n") |
|||
if [ "$(echo "$records" | wc -l)" -le 2 ]; then |
|||
_err "Can not parse records." |
|||
return 1 |
|||
fi |
|||
record_id=$(echo "$records" | grep "\"type\": *\"TXT\"" | grep "\"name\": *\"$_sub_domain\"" | grep "\"content\": *\"$txtvalue\"" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") |
|||
_debug "record_id" "$record_id" |
|||
if [ -z "$record_id" ]; then |
|||
_err "Can not get record id to remove." |
|||
return 1 |
|||
fi |
|||
if ! _aurora_rest DELETE "zones/$_domain_id/records/$record_id"; then |
|||
_err "Delete record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
return 0 |
|||
|
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _aurora_rest GET "zones/$h"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"name\": \"$h\""; then |
|||
_domain_id=$(echo "$response" | _normalizeJson | tr -d "{}" | tr "," "\n" | grep "\"id\": *\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ") |
|||
_debug _domain_id "$_domain_id" |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_aurora_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
key_trimmed=$(echo "$AURORA_Key" | tr -d '"') |
|||
secret_trimmed=$(echo "$AURORA_Secret" | tr -d '"') |
|||
|
|||
timestamp=$(date -u +"%Y%m%dT%H%M%SZ") |
|||
signature=$(printf "%s/%s%s" "$m" "$ep" "$timestamp" | _hmac sha256 "$(printf "%s" "$secret_trimmed" | _hex_dump | tr -d " ")" | _base64) |
|||
authorization=$(printf "AuroraDNSv1 %s" "$(printf "%s:%s" "$key_trimmed" "$signature" | _base64)") |
|||
|
|||
export _H1="Content-Type: application/json; charset=UTF-8" |
|||
export _H2="X-AuroraDNS-Date: $timestamp" |
|||
export _H3="Authorization: $authorization" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$AURORA_Api/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$AURORA_Api/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
@ -0,0 +1,204 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# |
|||
#AZION_Email="" |
|||
#AZION_Password="" |
|||
# |
|||
|
|||
AZION_Api="https://api.azionapi.net" |
|||
|
|||
######## Public functions ######## |
|||
|
|||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
# Used to add txt record |
|||
dns_azion_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_debug "Detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Domain not found" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
_debug _domain_id "$_domain_id" |
|||
|
|||
_info "Add or update record" |
|||
_get_record "$_domain_id" "$_sub_domain" |
|||
if [ "$record_id" ]; then |
|||
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [$answers_list, \"$txtvalue\"], \"ttl\": 20}" |
|||
if _azion_rest PUT "intelligent_dns/$_domain_id/records/$record_id" "$_payload"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "Record updated." |
|||
return 0 |
|||
fi |
|||
fi |
|||
else |
|||
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [\"$txtvalue\"], \"ttl\": 20}" |
|||
if _azion_rest POST "intelligent_dns/$_domain_id/records" "$_payload"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "Record added." |
|||
return 0 |
|||
fi |
|||
fi |
|||
fi |
|||
_err "Failed to add or update record." |
|||
return 1 |
|||
} |
|||
|
|||
# Usage: fulldomain txtvalue |
|||
# Used to remove the txt record after validation |
|||
dns_azion_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_debug "Detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Domain not found" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
_debug _domain_id "$_domain_id" |
|||
|
|||
_info "Removing record" |
|||
_get_record "$_domain_id" "$_sub_domain" |
|||
if [ "$record_id" ]; then |
|||
if _azion_rest DELETE "intelligent_dns/$_domain_id/records/$record_id"; then |
|||
_info "Record removed." |
|||
return 0 |
|||
else |
|||
_err "Failed to remove record." |
|||
return 1 |
|||
fi |
|||
else |
|||
_info "Record not found or already removed." |
|||
return 0 |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
# Usage: _acme-challenge.www.domain.com |
|||
# returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
if ! _azion_rest GET "intelligent_dns"; then |
|||
return 1 |
|||
fi |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
# not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"domain\":\"$h\""; then |
|||
_domain_id=$(echo "$response" | tr '{' "\n" | grep "\"domain\":\"$h\"" | _egrep_o "\"id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \") |
|||
_debug _domain_id "$_domain_id" |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_get_record() { |
|||
_domain_id=$1 |
|||
_record=$2 |
|||
|
|||
if ! _azion_rest GET "intelligent_dns/$_domain_id/records"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"entry\":\"$_record\""; then |
|||
_json_record=$(echo "$response" | tr '{' "\n" | grep "\"entry\":\"$_record\"") |
|||
if [ "$_json_record" ]; then |
|||
record_id=$(echo "$_json_record" | _egrep_o "\"record_id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \") |
|||
answers_list=$(echo "$_json_record" | _egrep_o "\"answers_list\":\[.*\]" | _head_n 1 | cut -d : -f 2 | tr -d \[\]) |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
_get_token() { |
|||
AZION_Email="${AZION_Email:-$(_readaccountconf_mutable AZION_Email)}" |
|||
AZION_Password="${AZION_Password:-$(_readaccountconf_mutable AZION_Password)}" |
|||
|
|||
if ! _contains "$AZION_Email" "@"; then |
|||
_err "It seems that the AZION_Email is not a valid email address. Revalidate your environments." |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$AZION_Email" ] || [ -z "$AZION_Password" ]; then |
|||
_err "You didn't specified a AZION_Email/AZION_Password to generate Azion token." |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable AZION_Email "$AZION_Email" |
|||
_saveaccountconf_mutable AZION_Password "$AZION_Password" |
|||
|
|||
_basic_auth=$(printf "%s:%s" "$AZION_Email" "$AZION_Password" | _base64) |
|||
_debug _basic_auth "$_basic_auth" |
|||
|
|||
export _H1="Accept: application/json; version=3" |
|||
export _H2="Content-Type: application/json" |
|||
export _H3="Authorization: Basic $_basic_auth" |
|||
|
|||
response="$(_post "" "$AZION_Api/tokens" "" "POST")" |
|||
if _contains "$response" "\"token\":\"" >/dev/null; then |
|||
_azion_token=$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") |
|||
export AZION_Token="$_azion_token" |
|||
else |
|||
_err "Failed to generate Azion token" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
_azion_rest() { |
|||
_method=$1 |
|||
_uri="$2" |
|||
_data="$3" |
|||
|
|||
if [ -z "$AZION_Token" ]; then |
|||
_get_token |
|||
fi |
|||
_debug2 token "$AZION_Token" |
|||
|
|||
export _H1="Accept: application/json; version=3" |
|||
export _H2="Content-Type: application/json" |
|||
export _H3="Authorization: token $AZION_Token" |
|||
|
|||
if [ "$_method" != "GET" ]; then |
|||
_debug _data "$_data" |
|||
response="$(_post "$_data" "$AZION_Api/$_uri" "" "$_method")" |
|||
else |
|||
response="$(_get "$AZION_Api/$_uri")" |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $_method $_uri $_data" |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
@ -0,0 +1,248 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
## Will be called by acme.sh to add the TXT record via the Bunny DNS API. |
|||
## returns 0 means success, otherwise error. |
|||
|
|||
## Author: nosilver4u <nosilver4u at ewww.io> |
|||
## GitHub: https://github.com/nosilver4u/acme.sh |
|||
|
|||
## |
|||
## Environment Variables Required: |
|||
## |
|||
## BUNNY_API_KEY="75310dc4-ca77-9ac3-9a19-f6355db573b49ce92ae1-2655-3ebd-61ac-3a3ae34834cc" |
|||
## |
|||
|
|||
##################### Public functions ##################### |
|||
|
|||
## Create the text record for validation. |
|||
## Usage: fulldomain txtvalue |
|||
## EG: "_acme-challenge.www.other.domain.com" "XKrxpRBosdq0HG9i01zxXp5CPBs" |
|||
dns_bunny_add() { |
|||
fulldomain="$(echo "$1" | _lower_case)" |
|||
txtvalue=$2 |
|||
|
|||
BUNNY_API_KEY="${BUNNY_API_KEY:-$(_readaccountconf_mutable BUNNY_API_KEY)}" |
|||
# Check if API Key is set |
|||
if [ -z "$BUNNY_API_KEY" ]; then |
|||
BUNNY_API_KEY="" |
|||
_err "You did not specify Bunny.net API key." |
|||
_err "Please export BUNNY_API_KEY and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Using Bunny.net dns validation - add record" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
## save the env vars (key and domain split location) for later automated use |
|||
_saveaccountconf_mutable BUNNY_API_KEY "$BUNNY_API_KEY" |
|||
|
|||
## split the domain for Bunny API |
|||
if ! _get_base_domain "$fulldomain"; then |
|||
_err "domain not found in your account for addition" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
_debug _domain_id "$_domain_id" |
|||
|
|||
## Set the header with our post type and auth key |
|||
export _H1="Accept: application/json" |
|||
export _H2="AccessKey: $BUNNY_API_KEY" |
|||
export _H3="Content-Type: application/json" |
|||
PURL="https://api.bunny.net/dnszone/$_domain_id/records" |
|||
PBODY='{"Id":'$_domain_id',"Type":3,"Name":"'$_sub_domain'","Value":"'$txtvalue'","ttl":120}' |
|||
|
|||
_debug PURL "$PURL" |
|||
_debug PBODY "$PBODY" |
|||
|
|||
## the create request - POST |
|||
## args: BODY, URL, [need64, httpmethod] |
|||
response="$(_post "$PBODY" "$PURL" "" "PUT")" |
|||
|
|||
## check response |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in response: $response" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
|
|||
## finished correctly |
|||
return 0 |
|||
} |
|||
|
|||
## Remove the txt record after validation. |
|||
## Usage: fulldomain txtvalue |
|||
## EG: "_acme-challenge.www.other.domain.com" "XKrxpRBosdq0HG9i01zxXp5CPBs" |
|||
dns_bunny_rm() { |
|||
fulldomain="$(echo "$1" | _lower_case)" |
|||
txtvalue=$2 |
|||
|
|||
BUNNY_API_KEY="${BUNNY_API_KEY:-$(_readaccountconf_mutable BUNNY_API_KEY)}" |
|||
# Check if API Key Exists |
|||
if [ -z "$BUNNY_API_KEY" ]; then |
|||
BUNNY_API_KEY="" |
|||
_err "You did not specify Bunny.net API key." |
|||
_err "Please export BUNNY_API_KEY and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Using Bunny.net dns validation - remove record" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
## split the domain for Bunny API |
|||
if ! _get_base_domain "$fulldomain"; then |
|||
_err "Domain not found in your account for TXT record removal" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
_debug _domain_id "$_domain_id" |
|||
|
|||
## Set the header with our post type and key auth key |
|||
export _H1="Accept: application/json" |
|||
export _H2="AccessKey: $BUNNY_API_KEY" |
|||
## get URL for the list of DNS records |
|||
GURL="https://api.bunny.net/dnszone/$_domain_id" |
|||
|
|||
## 1) Get the domain/zone records |
|||
## the fetch request - GET |
|||
## args: URL, [onlyheader, timeout] |
|||
domain_list="$(_get "$GURL")" |
|||
|
|||
## check response |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in domain_list response: $domain_list" |
|||
return 1 |
|||
fi |
|||
_debug2 domain_list "$domain_list" |
|||
|
|||
## 2) search through records |
|||
## check for what we are looking for: "Type":3,"Value":"$txtvalue","Name":"$_sub_domain" |
|||
record="$(echo "$domain_list" | _egrep_o "\"Id\"\s*\:\s*\"*[0-9]+\"*,\s*\"Type\"[^}]*\"Value\"\s*\:\s*\"$txtvalue\"[^}]*\"Name\"\s*\:\s*\"$_sub_domain\"")" |
|||
|
|||
if [ -n "$record" ]; then |
|||
|
|||
## We found records |
|||
rec_ids="$(echo "$record" | _egrep_o "Id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")" |
|||
_debug rec_ids "$rec_ids" |
|||
if [ -n "$rec_ids" ]; then |
|||
echo "$rec_ids" | while IFS= read -r rec_id; do |
|||
## delete the record |
|||
## delete URL for removing the one we dont want |
|||
DURL="https://api.bunny.net/dnszone/$_domain_id/records/$rec_id" |
|||
|
|||
## the removal request - DELETE |
|||
## args: BODY, URL, [need64, httpmethod] |
|||
response="$(_post "" "$DURL" "" "DELETE")" |
|||
|
|||
## check response (sort of) |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in remove response: $response" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
|
|||
done |
|||
fi |
|||
fi |
|||
|
|||
## finished correctly |
|||
return 0 |
|||
} |
|||
|
|||
##################### Private functions below ##################### |
|||
|
|||
## Split the domain provided into the "base domain" and the "start prefix". |
|||
## This function searches for the longest subdomain in your account |
|||
## for the full domain given and splits it into the base domain (zone) |
|||
## and the prefix/record to be added/removed |
|||
## USAGE: fulldomain |
|||
## EG: "_acme-challenge.two.three.four.domain.com" |
|||
## returns |
|||
## _sub_domain="_acme-challenge.two" |
|||
## _domain="three.four.domain.com" *IF* zone "three.four.domain.com" exists |
|||
## _domain_id=234 |
|||
## if only "domain.com" exists it will return |
|||
## _sub_domain="_acme-challenge.two.three.four" |
|||
## _domain="domain.com" |
|||
## _domain_id=234 |
|||
_get_base_domain() { |
|||
# args |
|||
fulldomain="$(echo "$1" | _lower_case)" |
|||
_debug fulldomain "$fulldomain" |
|||
|
|||
# domain max legal length = 253 |
|||
MAX_DOM=255 |
|||
page=1 |
|||
|
|||
## get a list of domains for the account to check thru |
|||
## Set the headers |
|||
export _H1="Accept: application/json" |
|||
export _H2="AccessKey: $BUNNY_API_KEY" |
|||
_debug BUNNY_API_KEY "$BUNNY_API_KEY" |
|||
## get URL for the list of domains |
|||
## may get: "links":{"pages":{"last":".../v2/domains/DOM/records?page=2","next":".../v2/domains/DOM/records?page=2"}} |
|||
DOMURL="https://api.bunny.net/dnszone" |
|||
|
|||
## while we dont have a matching domain we keep going |
|||
while [ -z "$found" ]; do |
|||
## get the domain list (current page) |
|||
domain_list="$(_get "$DOMURL")" |
|||
|
|||
## check response |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in domain_list response: $domain_list" |
|||
return 1 |
|||
fi |
|||
_debug2 domain_list "$domain_list" |
|||
|
|||
i=1 |
|||
while [ $i -gt 0 ]; do |
|||
## get next longest domain |
|||
_domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM") |
|||
## check we got something back from our cut (or are we at the end) |
|||
if [ -z "$_domain" ]; then |
|||
break |
|||
fi |
|||
## we got part of a domain back - grep it out |
|||
found="$(echo "$domain_list" | _egrep_o "\"Id\"\s*:\s*\"*[0-9]+\"*,\s*\"Domain\"\s*\:\s*\"$_domain\"")" |
|||
## check if it exists |
|||
if [ -n "$found" ]; then |
|||
## exists - exit loop returning the parts |
|||
sub_point=$(_math $i - 1) |
|||
_sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point") |
|||
_domain_id="$(echo "$found" | _egrep_o "Id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")" |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _domain "$_domain" |
|||
_debug _sub_domain "$_sub_domain" |
|||
found="" |
|||
return 0 |
|||
fi |
|||
## increment cut point $i |
|||
i=$(_math $i + 1) |
|||
done |
|||
|
|||
if [ -z "$found" ]; then |
|||
page=$(_math $page + 1) |
|||
nextpage="https://api.bunny.net/dnszone?page=$page" |
|||
## Find the next page if we don't have a match. |
|||
hasnextpage="$(echo "$domain_list" | _egrep_o "\"HasMoreItems\"\s*:\s*true")" |
|||
if [ -z "$hasnextpage" ]; then |
|||
_err "No record and no nextpage in Bunny.net domain search." |
|||
found="" |
|||
return 1 |
|||
fi |
|||
_debug2 nextpage "$nextpage" |
|||
DOMURL="$nextpage" |
|||
fi |
|||
|
|||
done |
|||
|
|||
## We went through the entire domain zone list and didn't find one that matched. |
|||
## If we ever get here, something is broken in the code... |
|||
_err "Domain not found in Bunny.net account, but we should never get here!" |
|||
found="" |
|||
return 1 |
|||
} |
@ -0,0 +1,160 @@ |
|||
#!/usr/bin/env sh |
|||
# |
|||
#Author: Bjarne Saltbaek |
|||
#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732 |
|||
# |
|||
# |
|||
######## Public functions ##################### |
|||
# |
|||
# Export CPANEL username,api token and hostname in the following variables |
|||
# |
|||
# cPanel_Username=username |
|||
# cPanel_Apitoken=apitoken |
|||
# cPanel_Hostname=hostname |
|||
# |
|||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
|
|||
# Used to add txt record |
|||
dns_cpanel_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Adding TXT record to cPanel based system" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
_debug cPanel_Username "$cPanel_Username" |
|||
_debug cPanel_Apitoken "$cPanel_Apitoken" |
|||
_debug cPanel_Hostname "$cPanel_Hostname" |
|||
|
|||
if ! _cpanel_login; then |
|||
_err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "No matching root domain for $fulldomain found" |
|||
return 1 |
|||
fi |
|||
# adding entry |
|||
_info "Adding the entry" |
|||
stripped_fulldomain=$(echo "$fulldomain" | sed "s/.$_domain//") |
|||
_debug "Adding $stripped_fulldomain to $_domain zone" |
|||
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=add_zone_record&domain=$_domain&name=$stripped_fulldomain&type=TXT&txtdata=$txtvalue&ttl=1" |
|||
if _successful_update; then return 0; fi |
|||
_err "Couldn't create entry!" |
|||
return 1 |
|||
} |
|||
|
|||
# Usage: fulldomain txtvalue |
|||
# Used to remove the txt record after validation |
|||
dns_cpanel_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Using cPanel based system" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
if ! _cpanel_login; then |
|||
_err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root; then |
|||
_err "No matching root domain for $fulldomain found" |
|||
return 1 |
|||
fi |
|||
|
|||
_findentry "$fulldomain" "$txtvalue" |
|||
if [ -z "$_id" ]; then |
|||
_info "Entry doesn't exist, nothing to delete" |
|||
return 0 |
|||
fi |
|||
_debug "Deleting record..." |
|||
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=remove_zone_record&domain=$_domain&line=$_id" |
|||
# removing entry |
|||
_debug "_result is: $_result" |
|||
|
|||
if _successful_update; then return 0; fi |
|||
_err "Couldn't delete entry!" |
|||
return 1 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_checkcredentials() { |
|||
cPanel_Username="${cPanel_Username:-$(_readaccountconf_mutable cPanel_Username)}" |
|||
cPanel_Apitoken="${cPanel_Apitoken:-$(_readaccountconf_mutable cPanel_Apitoken)}" |
|||
cPanel_Hostname="${cPanel_Hostname:-$(_readaccountconf_mutable cPanel_Hostname)}" |
|||
|
|||
if [ -z "$cPanel_Username" ] || [ -z "$cPanel_Apitoken" ] || [ -z "$cPanel_Hostname" ]; then |
|||
cPanel_Username="" |
|||
cPanel_Apitoken="" |
|||
cPanel_Hostname="" |
|||
_err "You haven't specified cPanel username, apitoken and hostname yet." |
|||
_err "Please add credentials and try again." |
|||
return 1 |
|||
fi |
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable cPanel_Username "$cPanel_Username" |
|||
_saveaccountconf_mutable cPanel_Apitoken "$cPanel_Apitoken" |
|||
_saveaccountconf_mutable cPanel_Hostname "$cPanel_Hostname" |
|||
return 0 |
|||
} |
|||
|
|||
_cpanel_login() { |
|||
if ! _checkcredentials; then return 1; fi |
|||
|
|||
if ! _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=CustInfo&cpanel_jsonapi_func=displaycontactinfo"; then |
|||
_err "cPanel login failed for user $cPanel_Username." |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
_myget() { |
|||
#Adds auth header to request |
|||
export _H1="Authorization: cpanel $cPanel_Username:$cPanel_Apitoken" |
|||
_result=$(_get "$cPanel_Hostname/$1") |
|||
} |
|||
|
|||
_get_root() { |
|||
_myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' |
|||
_domains=$(echo "$_result" | _egrep_o '"[a-z0-9\.\-]*":\["; cPanel first' | cut -d':' -f1 | sed 's/"//g' | sed 's/{//g') |
|||
_debug "_result is: $_result" |
|||
_debug "_domains is: $_domains" |
|||
if [ -z "$_domains" ]; then |
|||
_err "Primary domain list not found!" |
|||
return 1 |
|||
fi |
|||
for _domain in $_domains; do |
|||
_debug "Checking if $fulldomain ends with $_domain" |
|||
if (_endswith "$fulldomain" "$_domain"); then |
|||
_debug "Root domain: $_domain" |
|||
return 0 |
|||
fi |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_successful_update() { |
|||
if (echo "$_result" | _egrep_o 'data":\[[^]]*]' | grep -q '"newserial":null'); then return 1; fi |
|||
return 0 |
|||
} |
|||
|
|||
_findentry() { |
|||
_debug "In _findentry" |
|||
#returns id of dns entry, if it exists |
|||
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain" |
|||
_id=$(echo "$_result" | sed -e "s/},{/},\n{/g" | grep "$fulldomain" | grep "$txtvalue" | _egrep_o 'line":[0-9]+' | cut -d ':' -f 2) |
|||
_debug "_result is: $_result" |
|||
_debug "fulldomain. is $fulldomain." |
|||
_debug "txtvalue is $txtvalue" |
|||
_debug "_id is: $_id" |
|||
if [ -n "$_id" ]; then |
|||
_debug "Entry found with _id=$_id" |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
} |
@ -0,0 +1,159 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Script to use with curanet.dk, scannet.dk, wannafind.dk, dandomain.dk DNS management. |
|||
#Requires api credentials with scope: dns |
|||
#Author: Peter L. Hansen <peter@r12.dk> |
|||
#Version 1.0 |
|||
|
|||
CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains" |
|||
CURANET_AUTH_URL="https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token" |
|||
CURANET_ACCESS_TOKEN="" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_curanet_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_curanet_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using curanet" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}" |
|||
CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}" |
|||
if [ -z "$CURANET_AUTHCLIENTID" ] || [ -z "$CURANET_AUTHSECRET" ]; then |
|||
CURANET_AUTHCLIENTID="" |
|||
CURANET_AUTHSECRET="" |
|||
_err "You don't specify curanet api client and secret." |
|||
_err "Please create your auth info and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable CURANET_AUTHCLIENTID "$CURANET_AUTHCLIENTID" |
|||
_saveaccountconf_mutable CURANET_AUTHSECRET "$CURANET_AUTHSECRET" |
|||
|
|||
if ! _get_token; then |
|||
_err "Unable to get token" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
export _H1="Content-Type: application/json-patch+json" |
|||
export _H2="Accept: application/json" |
|||
export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN" |
|||
data="{\"name\": \"$fulldomain\",\"type\": \"TXT\",\"ttl\": 60,\"priority\": 0,\"data\": \"$txtvalue\"}" |
|||
response="$(_post "$data" "$CURANET_REST_URL/${_domain}/Records" "" "")" |
|||
|
|||
if _contains "$response" "$txtvalue"; then |
|||
_debug "TXT record added OK" |
|||
else |
|||
_err "Unable to add TXT record" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_curanet_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using curanet" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}" |
|||
CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}" |
|||
|
|||
if ! _get_token; then |
|||
_err "Unable to get token" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Getting current record list to identify TXT to delete" |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Accept: application/json" |
|||
export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN" |
|||
|
|||
response="$(_get "$CURANET_REST_URL/${_domain}/Records" "" "")" |
|||
|
|||
if ! _contains "$response" "$txtvalue"; then |
|||
_err "Unable to delete record (does not contain $txtvalue )" |
|||
return 1 |
|||
fi |
|||
|
|||
recordid=$(echo "$response" | _egrep_o "{\"id\":[0-9]+,\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":60,\"priority\":0,\"data\":\"..$txtvalue" | _egrep_o "id\":[0-9]+" | cut -c 5-) |
|||
|
|||
if [ -z "$recordid" ]; then |
|||
_err "Unable to get recordid" |
|||
_debug "regex {\"id\":[0-9]+,\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":60,\"priority\":0,\"data\":\"..$txtvalue" |
|||
_debug "response $response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Deleting recordID $recordid" |
|||
response="$(_post "" "$CURANET_REST_URL/${_domain}/Records/$recordid" "" "DELETE")" |
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_get_token() { |
|||
response="$(_post "grant_type=client_credentials&client_id=$CURANET_AUTHCLIENTID&client_secret=$CURANET_AUTHSECRET&scope=dns" "$CURANET_AUTH_URL" "" "")" |
|||
if ! _contains "$response" "access_token"; then |
|||
_err "Unable get access token" |
|||
return 1 |
|||
fi |
|||
CURANET_ACCESS_TOKEN=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]+" | cut -c 17-) |
|||
|
|||
if [ -z "$CURANET_ACCESS_TOKEN" ]; then |
|||
_err "Unable to get token" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
|
|||
} |
|||
|
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Accept: application/json" |
|||
export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN" |
|||
response="$(_get "$CURANET_REST_URL/$h/Records" "" "")" |
|||
|
|||
if [ ! "$(echo "$response" | _egrep_o "Entity not found")" ]; then |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
|
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
@ -1,185 +0,0 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# CloudXNS Domain api |
|||
# |
|||
#CX_Key="1234" |
|||
# |
|||
#CX_Secret="sADDsdasdgdsf" |
|||
|
|||
CX_Api="https://www.cloudxns.net/api2" |
|||
|
|||
#REST_API |
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_cx_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
CX_Key="${CX_Key:-$(_readaccountconf_mutable CX_Key)}" |
|||
CX_Secret="${CX_Secret:-$(_readaccountconf_mutable CX_Secret)}" |
|||
if [ -z "$CX_Key" ] || [ -z "$CX_Secret" ]; then |
|||
CX_Key="" |
|||
CX_Secret="" |
|||
_err "You don't specify cloudxns.net api key or secret yet." |
|||
_err "Please create you key and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
REST_API="$CX_Api" |
|||
|
|||
#save the api key and email to the account conf file. |
|||
_saveaccountconf_mutable CX_Key "$CX_Key" |
|||
_saveaccountconf_mutable CX_Secret "$CX_Secret" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
add_record "$_domain" "$_sub_domain" "$txtvalue" |
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_cx_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
CX_Key="${CX_Key:-$(_readaccountconf_mutable CX_Key)}" |
|||
CX_Secret="${CX_Secret:-$(_readaccountconf_mutable CX_Secret)}" |
|||
REST_API="$CX_Api" |
|||
if _get_root "$fulldomain"; then |
|||
record_id="" |
|||
existing_records "$_domain" "$_sub_domain" "$txtvalue" |
|||
if [ "$record_id" ]; then |
|||
_rest DELETE "record/$record_id/$_domain_id" "{}" |
|||
_info "Deleted record ${fulldomain}" |
|||
fi |
|||
fi |
|||
} |
|||
|
|||
#usage: root sub |
|||
#return if the sub record already exists. |
|||
#echos the existing records count. |
|||
# '0' means doesn't exist |
|||
existing_records() { |
|||
_debug "Getting txt records" |
|||
root=$1 |
|||
sub=$2 |
|||
if ! _rest GET "record/$_domain_id?:domain_id?host_id=0&offset=0&row_num=100"; then |
|||
return 1 |
|||
fi |
|||
|
|||
seg=$(printf "%s\n" "$response" | _egrep_o '"record_id":[^{]*host":"'"$_sub_domain"'"[^}]*\}') |
|||
_debug seg "$seg" |
|||
if [ -z "$seg" ]; then |
|||
return 0 |
|||
fi |
|||
|
|||
if printf "%s" "$response" | grep '"type":"TXT"' >/dev/null; then |
|||
record_id=$(printf "%s\n" "$seg" | _egrep_o '"record_id":"[^"]*"' | cut -d : -f 2 | tr -d \" | _head_n 1) |
|||
_debug record_id "$record_id" |
|||
return 0 |
|||
fi |
|||
|
|||
} |
|||
|
|||
#add the txt record. |
|||
#usage: root sub txtvalue |
|||
add_record() { |
|||
root=$1 |
|||
sub=$2 |
|||
txtvalue=$3 |
|||
fulldomain="$sub.$root" |
|||
|
|||
_info "Adding record" |
|||
|
|||
if ! _rest POST "record" "{\"domain_id\": $_domain_id, \"host\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"type\":\"TXT\",\"ttl\":600, \"line_id\":1}"; then |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=2 |
|||
p=1 |
|||
|
|||
if ! _rest GET "domain"; then |
|||
return 1 |
|||
fi |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "$h."; then |
|||
seg=$(printf "%s\n" "$response" | _egrep_o '"id":[^{]*"'"$h"'."[^}]*}') |
|||
_debug seg "$seg" |
|||
_domain_id=$(printf "%s\n" "$seg" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") |
|||
_debug _domain_id "$_domain_id" |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_debug _sub_domain "$_sub_domain" |
|||
_domain="$h" |
|||
_debug _domain "$_domain" |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p="$i" |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
#Usage: method URI data |
|||
_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
_debug ep "$ep" |
|||
url="$REST_API/$ep" |
|||
_debug url "$url" |
|||
|
|||
cdate=$(date -u "+%Y-%m-%d %H:%M:%S UTC") |
|||
_debug cdate "$cdate" |
|||
|
|||
data="$3" |
|||
_debug data "$data" |
|||
|
|||
sec="$CX_Key$url$data$cdate$CX_Secret" |
|||
_debug sec "$sec" |
|||
hmac=$(printf "%s" "$sec" | _digest md5 hex) |
|||
_debug hmac "$hmac" |
|||
|
|||
export _H1="API-KEY: $CX_Key" |
|||
export _H2="API-REQUEST-DATE: $cdate" |
|||
export _H3="API-HMAC: $hmac" |
|||
export _H4="Content-Type: application/json" |
|||
|
|||
if [ "$data" ]; then |
|||
response="$(_post "$data" "$url" "" "$m")" |
|||
else |
|||
response="$(_get "$url")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
|
|||
_contains "$response" '"code":1' |
|||
|
|||
} |
@ -0,0 +1,87 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# dnsHome.de API for acme.sh |
|||
# |
|||
# This Script adds the necessary TXT record to a Subdomain |
|||
# |
|||
# Author dnsHome.de (https://github.com/dnsHome-de) |
|||
# |
|||
# Report Bugs to https://github.com/acmesh-official/acme.sh/issues/3819 |
|||
# |
|||
# export DNSHOME_Subdomain="" |
|||
# export DNSHOME_SubdomainPassword="" |
|||
|
|||
# Usage: add subdomain.ddnsdomain.tld "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
# Used to add txt record |
|||
dns_dnshome_add() { |
|||
txtvalue=$2 |
|||
|
|||
DNSHOME_Subdomain="${DNSHOME_Subdomain:-$(_readdomainconf DNSHOME_Subdomain)}" |
|||
DNSHOME_SubdomainPassword="${DNSHOME_SubdomainPassword:-$(_readdomainconf DNSHOME_SubdomainPassword)}" |
|||
|
|||
if [ -z "$DNSHOME_Subdomain" ] || [ -z "$DNSHOME_SubdomainPassword" ]; then |
|||
DNSHOME_Subdomain="" |
|||
DNSHOME_SubdomainPassword="" |
|||
_err "Please specify/export your dnsHome.de Subdomain and Password" |
|||
return 1 |
|||
fi |
|||
|
|||
#save the credentials to the account conf file. |
|||
_savedomainconf DNSHOME_Subdomain "$DNSHOME_Subdomain" |
|||
_savedomainconf DNSHOME_SubdomainPassword "$DNSHOME_SubdomainPassword" |
|||
|
|||
DNSHOME_Api="https://$DNSHOME_Subdomain:$DNSHOME_SubdomainPassword@www.dnshome.de/dyndns.php" |
|||
|
|||
_DNSHOME_rest POST "acme=add&txt=$txtvalue" |
|||
if ! echo "$response" | grep 'successfully' >/dev/null; then |
|||
_err "Error" |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
# Usage: txtvalue |
|||
# Used to remove the txt record after validation |
|||
dns_dnshome_rm() { |
|||
txtvalue=$2 |
|||
|
|||
DNSHOME_Subdomain="${DNSHOME_Subdomain:-$(_readdomainconf DNSHOME_Subdomain)}" |
|||
DNSHOME_SubdomainPassword="${DNSHOME_SubdomainPassword:-$(_readdomainconf DNSHOME_SubdomainPassword)}" |
|||
|
|||
DNSHOME_Api="https://$DNSHOME_Subdomain:$DNSHOME_SubdomainPassword@www.dnshome.de/dyndns.php" |
|||
|
|||
if [ -z "$DNSHOME_Subdomain" ] || [ -z "$DNSHOME_SubdomainPassword" ]; then |
|||
DNSHOME_Subdomain="" |
|||
DNSHOME_SubdomainPassword="" |
|||
_err "Please specify/export your dnsHome.de Subdomain and Password" |
|||
return 1 |
|||
fi |
|||
|
|||
_DNSHOME_rest POST "acme=rm&txt=$txtvalue" |
|||
if ! echo "$response" | grep 'successfully' >/dev/null; then |
|||
_err "Error" |
|||
_err "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
_DNSHOME_rest() { |
|||
method=$1 |
|||
data="$2" |
|||
_debug "$data" |
|||
|
|||
_debug data "$data" |
|||
response="$(_post "$data" "$DNSHOME_Api" "" "$method")" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $data" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
@ -0,0 +1,248 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#This file name is "dns_dnsservices.sh" |
|||
#Script for Danish DNS registra and DNS hosting provider https://dns.services |
|||
|
|||
#Author: Bjarke Bruun <bbruun@gmail.com> |
|||
#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/4152 |
|||
|
|||
# Global variable to connect to the DNS.Services API |
|||
DNSServices_API=https://dns.services/api |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_dnsservices_add() { |
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
_info "Using dns.services to create ACME DNS challenge" |
|||
_debug2 add_fulldomain "$fulldomain" |
|||
_debug2 add_txtvalue "$txtvalue" |
|||
|
|||
# Read username/password from environment or .acme.sh/accounts.conf |
|||
DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" |
|||
DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" |
|||
if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then |
|||
DnsServices_Username="" |
|||
DnsServices_Password="" |
|||
_err "You didn't specify dns.services api username and password yet." |
|||
_err "Set environment variables DnsServices_Username and DnsServices_Password" |
|||
return 1 |
|||
fi |
|||
|
|||
# Setup GET/POST/DELETE headers |
|||
_setup_headers |
|||
|
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable DnsServices_Username "$DnsServices_Username" |
|||
_saveaccountconf_mutable DnsServices_Password "$DnsServices_Password" |
|||
|
|||
if ! _contains "$DnsServices_Username" "@"; then |
|||
_err "It seems that the username variable DnsServices_Username has not been set/left blank" |
|||
_err "or is not a valid email. Please correct and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "${fulldomain}"; then |
|||
_err "Invalid domain ${fulldomain}" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! createRecord "$fulldomain" "${txtvalue}"; then |
|||
_err "Error creating TXT record in domain $fulldomain in $rootZoneName" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 challenge-created "Created $fulldomain" |
|||
return 0 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Description: Remove the txt record after validation. |
|||
dns_dnsservices_rm() { |
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
_info "Using dns.services to remove DNS record $fulldomain TXT $txtvalue" |
|||
_debug rm_fulldomain "$fulldomain" |
|||
_debug rm_txtvalue "$txtvalue" |
|||
|
|||
# Read username/password from environment or .acme.sh/accounts.conf |
|||
DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}" |
|||
DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}" |
|||
if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then |
|||
DnsServices_Username="" |
|||
DnsServices_Password="" |
|||
_err "You didn't specify dns.services api username and password yet." |
|||
_err "Set environment variables DnsServices_Username and DnsServices_Password" |
|||
return 1 |
|||
fi |
|||
|
|||
# Setup GET/POST/DELETE headers |
|||
_setup_headers |
|||
|
|||
if ! _get_root "${fulldomain}"; then |
|||
_err "Invalid domain ${fulldomain}" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain" |
|||
|
|||
if ! deleteRecord "${fulldomain}" "${txtvalue}"; then |
|||
_err "Error removing record: $fulldomain TXT ${txtvalue}" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_setup_headers() { |
|||
# Set up API Headers for _get() and _post() |
|||
# The <function>_add or <function>_rm must have been called before to work |
|||
|
|||
if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then |
|||
_err "Could not setup BASIC authentication headers, they are missing" |
|||
return 1 |
|||
fi |
|||
|
|||
DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)" |
|||
export _H1="Authorization: Basic $DnsServiceCredentials" |
|||
export _H2="Content-Type: application/json" |
|||
|
|||
# Just return if headers are set |
|||
return 0 |
|||
} |
|||
|
|||
_get_root() { |
|||
domain="$1" |
|||
_debug2 _get_root "Get the root domain of ${domain} for DNS API" |
|||
|
|||
# Setup _get() and _post() headers |
|||
#_setup_headers |
|||
|
|||
result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns") |
|||
result2="$(printf "%s\n" "$result" | tr '[' '\n' | grep '"name"')" |
|||
result3="$(printf "%s\n" "$result2" | tr '}' '\n' | grep '"name"' | sed "s,^\,,,g" | sed "s,$,},g")" |
|||
useResult="" |
|||
_debug2 _get_root "Got the following root domain(s) $result" |
|||
_debug2 _get_root "- JSON: $result" |
|||
|
|||
if [ "$(printf "%s\n" "$result" | tr '}' '\n' | grep -c '"name"')" -gt "1" ]; then |
|||
checkMultiZones="true" |
|||
_debug2 _get_root "- multiple zones found" |
|||
else |
|||
checkMultiZones="false" |
|||
_debug2 _get_root "- single zone found" |
|||
fi |
|||
|
|||
# Find/isolate the root zone to work with in createRecord() and deleteRecord() |
|||
rootZone="" |
|||
if [ "$checkMultiZones" = "true" ]; then |
|||
#rootZone=$(for x in $(printf "%s" "${result3}" | tr ',' '\n' | sed -n 's/.*"name":"\(.*\)",.*/\1/p'); do if [ "$(echo "$domain" | grep "$x")" != "" ]; then echo "$x"; fi; done) |
|||
rootZone=$(for x in $(printf "%s\n" "${result3}" | tr ',' '\n' | grep name | cut -d'"' -f4); do if [ "$(echo "$domain" | grep "$x")" != "" ]; then echo "$x"; fi; done) |
|||
if [ "$rootZone" != "" ]; then |
|||
_debug2 _rootZone "- root zone for $domain is $rootZone" |
|||
else |
|||
_err "Could not find root zone for $domain, is it correctly typed?" |
|||
return 1 |
|||
fi |
|||
else |
|||
rootZone=$(echo "$result" | tr '}' '\n' | _egrep_o '"name":"[^"]*' | cut -d'"' -f4) |
|||
_debug2 _get_root "- only found 1 domain in API: $rootZone" |
|||
fi |
|||
|
|||
if [ -z "$rootZone" ]; then |
|||
_err "Could not find root domain for $domain - is it correctly typed?" |
|||
return 1 |
|||
fi |
|||
|
|||
# Make sure we use the correct API zone data |
|||
useResult="$(printf "%s\n" "${result3}" tr ',' '\n' | grep "$rootZone")" |
|||
_debug2 _useResult "useResult=$useResult" |
|||
|
|||
# Setup variables used by other functions to communicate with DNS.Services API |
|||
#zoneInfo=$(printf "%s\n" "$useResult" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g') |
|||
zoneInfo=$(printf "%s\n" "$useResult" | tr ',' '\n' | grep '"name"' | cut -d'"' -f4) |
|||
rootZoneName="$rootZone" |
|||
subDomainName="$(printf "%s\n" "$domain" | sed "s,\.$rootZone,,g")" |
|||
subDomainNameClean="$(printf "%s\n" "$domain" | sed "s,_acme-challenge.,,g")" |
|||
rootZoneDomainID=$(printf "%s\n" "$useResult" | tr ',' '\n' | grep domain_id | cut -d'"' -f4) |
|||
rootZoneServiceID=$(printf "%s\n" "$useResult" | tr ',' '\n' | grep service_id | cut -d'"' -f4) |
|||
|
|||
_debug2 _zoneInfo "Zone info from API : $zoneInfo" |
|||
_debug2 _get_root "Root zone name : $rootZoneName" |
|||
_debug2 _get_root "Root zone domain ID : $rootZoneDomainID" |
|||
_debug2 _get_root "Root zone service ID: $rootZoneServiceID" |
|||
_debug2 _get_root "Sub domain : $subDomainName" |
|||
|
|||
_debug _get_root "Found valid root domain $rootZone for $subDomainNameClean" |
|||
return 0 |
|||
} |
|||
|
|||
createRecord() { |
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
# Get root domain information - needed for DNS.Services API communication |
|||
if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then |
|||
_get_root "$fulldomain" |
|||
fi |
|||
if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then |
|||
_err "Something happend - could not get the API zone information" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 createRecord "CNAME TXT value is: $txtvalue" |
|||
|
|||
# Prepare data to send to API |
|||
data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}" |
|||
|
|||
_debug2 createRecord "data to API: $data" |
|||
result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST") |
|||
_debug2 createRecord "result from API: $result" |
|||
|
|||
if [ "$(echo "$result" | _egrep_o "\"success\":true")" = "" ]; then |
|||
_err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName" |
|||
_err "$result" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Record \"$fulldomain TXT $txtvalue\" has been created" |
|||
return 0 |
|||
} |
|||
|
|||
deleteRecord() { |
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
_log deleteRecord "Deleting $fulldomain TXT $txtvalue record" |
|||
|
|||
if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then |
|||
_get_root "$fulldomain" |
|||
fi |
|||
|
|||
result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")" |
|||
#recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")" |
|||
#recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')" |
|||
recordID="$(printf "%s\n" "$result" | tr '}' '\n' | grep -- "$txtvalue" | tr ',' '\n' | grep '"id"' | cut -d'"' -f4)" |
|||
_debug2 _recordID "recordID used for deletion of record: $recordID" |
|||
|
|||
if [ -z "$recordID" ]; then |
|||
_info "Record $fulldomain TXT $txtvalue not found or already deleted" |
|||
return 0 |
|||
else |
|||
_debug2 deleteRecord "Found recordID=$recordID" |
|||
fi |
|||
|
|||
_debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" |
|||
_log "curl DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" |
|||
result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")" |
|||
_debug2 deleteRecord "API Delete result \"$result\"" |
|||
_log "curl API Delete result \"$result\"" |
|||
|
|||
# Return OK regardless |
|||
return 0 |
|||
} |
@ -0,0 +1,470 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Akamai Edge DNS v2 API |
|||
# User must provide Open Edgegrid API credentials to the EdgeDNS installation. The remote user in EdgeDNS must have CRUD access to |
|||
# Edge DNS Zones and Recordsets, e.g. DNS—Zone Record Management authorization |
|||
|
|||
# Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support |
|||
|
|||
# Values to export: |
|||
# --EITHER-- |
|||
# *** TBD. NOT IMPLEMENTED YET *** |
|||
# specify Edgegrid credentials file and section |
|||
# AKAMAI_EDGERC=<full file path> |
|||
# AKAMAI_EDGERC_SECTION="default" |
|||
## --OR-- |
|||
# specify indiviual credentials |
|||
# export AKAMAI_HOST = <host> |
|||
# export AKAMAI_ACCESS_TOKEN = <access token> |
|||
# export AKAMAI_CLIENT_TOKEN = <client token> |
|||
# export AKAMAI_CLIENT_SECRET = <client secret> |
|||
|
|||
ACME_EDGEDNS_VERSION="0.1.0" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
# Usage: dns_edgedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
# Used to add txt record |
|||
# |
|||
dns_edgedns_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_debug "ENTERING DNS_EDGEDNS_ADD" |
|||
_debug2 "fulldomain" "$fulldomain" |
|||
_debug2 "txtvalue" "$txtvalue" |
|||
|
|||
if ! _EDGEDNS_credentials; then |
|||
_err "$@" |
|||
return 1 |
|||
fi |
|||
if ! _EDGEDNS_getZoneInfo "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 "Add: zone" "$zone" |
|||
acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "$edge_endpoint" "$zone" "$fulldomain") |
|||
_debug3 "Add URL" "$acmeRecordURI" |
|||
# Get existing TXT record |
|||
_edge_result=$(_edgedns_rest GET "$acmeRecordURI") |
|||
_api_status="$?" |
|||
_debug3 "_edge_result" "$_edge_result" |
|||
if [ "$_api_status" -ne 0 ]; then |
|||
if [ "$curResult" = "FATAL" ]; then |
|||
_err "$(printf "Fatal error: acme API function call : %s" "$retVal")" |
|||
fi |
|||
if [ "$_edge_result" != "404" ]; then |
|||
_err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" |
|||
return 1 |
|||
fi |
|||
fi |
|||
rdata="\"${txtvalue}\"" |
|||
record_op="POST" |
|||
if [ "$_api_status" -eq 0 ]; then |
|||
# record already exists. Get existing record data and update |
|||
record_op="PUT" |
|||
rdlist="${_edge_result#*\"rdata\":[}" |
|||
rdlist="${rdlist%%]*}" |
|||
rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\") |
|||
_debug3 "existing TXT found" |
|||
_debug3 "record data" "$rdlist" |
|||
# value already there? |
|||
if _contains "$rdlist" "$txtvalue"; then |
|||
return 0 |
|||
fi |
|||
_txt_val="" |
|||
while [ "$_txt_val" != "$rdlist" ] && [ "${rdlist}" ]; do |
|||
_txt_val="${rdlist%%,*}" |
|||
rdlist="${rdlist#*,}" |
|||
rdata="${rdata},\"${_txt_val}\"" |
|||
done |
|||
fi |
|||
# Add the txtvalue TXT Record |
|||
body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" |
|||
_debug3 "Add body '${body}'" |
|||
_edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") |
|||
_api_status="$?" |
|||
if [ "$_api_status" -eq 0 ]; then |
|||
_log "$(printf "Text value %s added to recordset %s" "$txtvalue" "$fulldomain")" |
|||
return 0 |
|||
else |
|||
_err "$(printf "error adding TXT record for validation. Error: %s" "$_edge_result")" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
# Usage: dns_edgedns_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
# Used to delete txt record |
|||
# |
|||
dns_edgedns_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_debug "ENTERING DNS_EDGEDNS_RM" |
|||
_debug2 "fulldomain" "$fulldomain" |
|||
_debug2 "txtvalue" "$txtvalue" |
|||
|
|||
if ! _EDGEDNS_credentials; then |
|||
_err "$@" |
|||
return 1 |
|||
fi |
|||
if ! _EDGEDNS_getZoneInfo "$fulldomain"; then |
|||
_err "Invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug2 "RM: zone" "${zone}" |
|||
acmeRecordURI=$(printf "%s/%s/names/%s/types/TXT" "${edge_endpoint}" "$zone" "$fulldomain") |
|||
_debug3 "RM URL" "$acmeRecordURI" |
|||
# Get existing TXT record |
|||
_edge_result=$(_edgedns_rest GET "$acmeRecordURI") |
|||
_api_status="$?" |
|||
if [ "$_api_status" -ne 0 ]; then |
|||
if [ "$curResult" = "FATAL" ]; then |
|||
_err "$(printf "Fatal error: acme API function call : %s" "$retVal")" |
|||
fi |
|||
if [ "$_edge_result" != "404" ]; then |
|||
_err "$(printf "Failure accessing Akamai Edge DNS API Server. Error: %s" "$_edge_result")" |
|||
return 1 |
|||
fi |
|||
fi |
|||
_debug3 "_edge_result" "$_edge_result" |
|||
record_op="DELETE" |
|||
body="" |
|||
if [ "$_api_status" -eq 0 ]; then |
|||
# record already exists. Get existing record data and update |
|||
rdlist="${_edge_result#*\"rdata\":[}" |
|||
rdlist="${rdlist%%]*}" |
|||
rdlist=$(echo "$rdlist" | tr -d '"' | tr -d "\\\\") |
|||
_debug3 "rdlist" "$rdlist" |
|||
if [ -n "$rdlist" ]; then |
|||
record_op="PUT" |
|||
comma="" |
|||
rdata="" |
|||
_txt_val="" |
|||
while [ "$_txt_val" != "$rdlist" ] && [ "$rdlist" ]; do |
|||
_txt_val="${rdlist%%,*}" |
|||
rdlist="${rdlist#*,}" |
|||
_debug3 "_txt_val" "$_txt_val" |
|||
_debug3 "txtvalue" "$txtvalue" |
|||
if ! _contains "$_txt_val" "$txtvalue"; then |
|||
rdata="${rdata}${comma}\"${_txt_val}\"" |
|||
comma="," |
|||
fi |
|||
done |
|||
if [ -z "$rdata" ]; then |
|||
record_op="DELETE" |
|||
else |
|||
# Recreate the txtvalue TXT Record |
|||
body="{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":600, \"rdata\":"[${rdata}]"}" |
|||
_debug3 "body" "$body" |
|||
fi |
|||
fi |
|||
fi |
|||
_edge_result=$(_edgedns_rest "$record_op" "$acmeRecordURI" "$body") |
|||
_api_status="$?" |
|||
if [ "$_api_status" -eq 0 ]; then |
|||
_log "$(printf "Text value %s removed from recordset %s" "$txtvalue" "$fulldomain")" |
|||
return 0 |
|||
else |
|||
_err "$(printf "error removing TXT record for validation. Error: %s" "$_edge_result")" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_EDGEDNS_credentials() { |
|||
_debug "GettingEdge DNS credentials" |
|||
_log "$(printf "ACME DNSAPI Edge DNS version %s" ${ACME_EDGEDNS_VERSION})" |
|||
args_missing=0 |
|||
AKAMAI_ACCESS_TOKEN="${AKAMAI_ACCESS_TOKEN:-$(_readaccountconf_mutable AKAMAI_ACCESS_TOKEN)}" |
|||
if [ -z "$AKAMAI_ACCESS_TOKEN" ]; then |
|||
AKAMAI_ACCESS_TOKEN="" |
|||
AKAMAI_CLIENT_TOKEN="" |
|||
AKAMAI_HOST="" |
|||
AKAMAI_CLIENT_SECRET="" |
|||
_err "AKAMAI_ACCESS_TOKEN is missing" |
|||
args_missing=1 |
|||
fi |
|||
AKAMAI_CLIENT_TOKEN="${AKAMAI_CLIENT_TOKEN:-$(_readaccountconf_mutable AKAMAI_CLIENT_TOKEN)}" |
|||
if [ -z "$AKAMAI_CLIENT_TOKEN" ]; then |
|||
AKAMAI_ACCESS_TOKEN="" |
|||
AKAMAI_CLIENT_TOKEN="" |
|||
AKAMAI_HOST="" |
|||
AKAMAI_CLIENT_SECRET="" |
|||
_err "AKAMAI_CLIENT_TOKEN is missing" |
|||
args_missing=1 |
|||
fi |
|||
AKAMAI_HOST="${AKAMAI_HOST:-$(_readaccountconf_mutable AKAMAI_HOST)}" |
|||
if [ -z "$AKAMAI_HOST" ]; then |
|||
AKAMAI_ACCESS_TOKEN="" |
|||
AKAMAI_CLIENT_TOKEN="" |
|||
AKAMAI_HOST="" |
|||
AKAMAI_CLIENT_SECRET="" |
|||
_err "AKAMAI_HOST is missing" |
|||
args_missing=1 |
|||
fi |
|||
AKAMAI_CLIENT_SECRET="${AKAMAI_CLIENT_SECRET:-$(_readaccountconf_mutable AKAMAI_CLIENT_SECRET)}" |
|||
if [ -z "$AKAMAI_CLIENT_SECRET" ]; then |
|||
AKAMAI_ACCESS_TOKEN="" |
|||
AKAMAI_CLIENT_TOKEN="" |
|||
AKAMAI_HOST="" |
|||
AKAMAI_CLIENT_SECRET="" |
|||
_err "AKAMAI_CLIENT_SECRET is missing" |
|||
args_missing=1 |
|||
fi |
|||
|
|||
if [ "$args_missing" = 1 ]; then |
|||
_err "You have not properly specified the EdgeDNS Open Edgegrid API credentials. Please try again." |
|||
return 1 |
|||
else |
|||
_saveaccountconf_mutable AKAMAI_ACCESS_TOKEN "$AKAMAI_ACCESS_TOKEN" |
|||
_saveaccountconf_mutable AKAMAI_CLIENT_TOKEN "$AKAMAI_CLIENT_TOKEN" |
|||
_saveaccountconf_mutable AKAMAI_HOST "$AKAMAI_HOST" |
|||
_saveaccountconf_mutable AKAMAI_CLIENT_SECRET "$AKAMAI_CLIENT_SECRET" |
|||
# Set whether curl should use secure or insecure mode |
|||
fi |
|||
export HTTPS_INSECURE=0 # All Edgegrid API calls are secure |
|||
edge_endpoint=$(printf "https://%s/config-dns/v2/zones" "$AKAMAI_HOST") |
|||
_debug3 "Edge API Endpoint:" "$edge_endpoint" |
|||
|
|||
} |
|||
|
|||
_EDGEDNS_getZoneInfo() { |
|||
_debug "Getting Zoneinfo" |
|||
zoneEnd=false |
|||
curZone=$1 |
|||
while [ -n "$zoneEnd" ]; do |
|||
# we can strip the first part of the fulldomain, since its just the _acme-challenge string |
|||
curZone="${curZone#*.}" |
|||
# suffix . needed for zone -> domain.tld. |
|||
# create zone get url |
|||
get_zone_url=$(printf "%s/%s" "$edge_endpoint" "$curZone") |
|||
_debug3 "Zone Get: " "${get_zone_url}" |
|||
curResult=$(_edgedns_rest GET "$get_zone_url") |
|||
retVal=$? |
|||
if [ "$retVal" -ne 0 ]; then |
|||
if [ "$curResult" = "FATAL" ]; then |
|||
_err "$(printf "Fatal error: acme API function call : %s" "$retVal")" |
|||
fi |
|||
if [ "$curResult" != "404" ]; then |
|||
_err "$(printf "Managed zone validation failed. Error response: %s" "$retVal")" |
|||
return 1 |
|||
fi |
|||
fi |
|||
if _contains "$curResult" "\"zone\":"; then |
|||
_debug2 "Zone data" "${curResult}" |
|||
zone=$(echo "${curResult}" | _egrep_o "\"zone\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"") |
|||
_debug3 "Zone" "${zone}" |
|||
zoneEnd="" |
|||
return 0 |
|||
fi |
|||
|
|||
if [ "${curZone#*.}" != "$curZone" ]; then |
|||
_debug3 "$(printf "%s still contains a '.' - so we can check next higher level" "$curZone")" |
|||
else |
|||
zoneEnd=true |
|||
_err "Couldn't retrieve zone data." |
|||
return 1 |
|||
fi |
|||
done |
|||
_err "Failed to retrieve zone data." |
|||
return 2 |
|||
} |
|||
|
|||
_edgedns_headers="" |
|||
|
|||
_edgedns_rest() { |
|||
_debug "Handling API Request" |
|||
m=$1 |
|||
# Assume endpoint is complete path, including query args if applicable |
|||
ep=$2 |
|||
body_data=$3 |
|||
_edgedns_content_type="" |
|||
_request_url_path="$ep" |
|||
_request_body="$body_data" |
|||
_request_method="$m" |
|||
_edgedns_headers="" |
|||
tab="" |
|||
_edgedns_headers="${_edgedns_headers}${tab}Host: ${AKAMAI_HOST}" |
|||
tab="\t" |
|||
# Set in acme.sh _post/_get |
|||
#_edgedns_headers="${_edgedns_headers}${tab}User-Agent:ACME DNSAPI Edge DNS version ${ACME_EDGEDNS_VERSION}" |
|||
_edgedns_headers="${_edgedns_headers}${tab}Accept: application/json,*/*" |
|||
if [ "$m" != "GET" ] && [ "$m" != "DELETE" ]; then |
|||
_edgedns_content_type="application/json" |
|||
_debug3 "_request_body" "$_request_body" |
|||
_body_len=$(echo "$_request_body" | tr -d "\n\r" | awk '{print length}') |
|||
_edgedns_headers="${_edgedns_headers}${tab}Content-Length: ${_body_len}" |
|||
fi |
|||
_edgedns_make_auth_header |
|||
_edgedns_headers="${_edgedns_headers}${tab}Authorization: ${_signed_auth_header}" |
|||
_secure_debug2 "Made Auth Header" "$_signed_auth_header" |
|||
hdr_indx=1 |
|||
work_header="${_edgedns_headers}${tab}" |
|||
_debug3 "work_header" "$work_header" |
|||
while [ "$work_header" ]; do |
|||
entry="${work_header%%\\t*}" |
|||
work_header="${work_header#*\\t}" |
|||
export "$(printf "_H%s=%s" "$hdr_indx" "$entry")" |
|||
_debug2 "Request Header " "$entry" |
|||
hdr_indx=$((hdr_indx + 1)) |
|||
done |
|||
|
|||
# clear headers from previous request to avoid getting wrong http code on timeouts |
|||
: >"$HTTP_HEADER" |
|||
_debug2 "$ep" |
|||
if [ "$m" != "GET" ]; then |
|||
_debug3 "Method data" "$data" |
|||
# body url [needbase64] [POST|PUT|DELETE] [ContentType] |
|||
response=$(_post "$_request_body" "$ep" false "$m" "$_edgedns_content_type") |
|||
else |
|||
response=$(_get "$ep") |
|||
fi |
|||
_ret="$?" |
|||
if [ "$_ret" -ne 0 ]; then |
|||
_err "$(printf "acme.sh API function call failed. Error: %s" "$_ret")" |
|||
echo "FATAL" |
|||
return "$_ret" |
|||
fi |
|||
_debug2 "response" "${response}" |
|||
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
|||
_debug2 "http response code" "$_code" |
|||
if [ "$_code" = "200" ] || [ "$_code" = "201" ]; then |
|||
# All good |
|||
response="$(echo "${response}" | _normalizeJson)" |
|||
echo "$response" |
|||
return 0 |
|||
fi |
|||
|
|||
if [ "$_code" = "204" ]; then |
|||
# Success, no body |
|||
echo "$_code" |
|||
return 0 |
|||
fi |
|||
|
|||
if [ "$_code" = "400" ]; then |
|||
_err "Bad request presented" |
|||
_log "$(printf "Headers: %s" "$_edgedns_headers")" |
|||
_log "$(printf "Method: %s" "$_request_method")" |
|||
_log "$(printf "URL: %s" "$ep")" |
|||
_log "$(printf "Data: %s" "$data")" |
|||
fi |
|||
|
|||
if [ "$_code" = "403" ]; then |
|||
_err "access denied make sure your Edgegrid cedentials are correct." |
|||
fi |
|||
|
|||
echo "$_code" |
|||
return 1 |
|||
} |
|||
|
|||
_edgedns_eg_timestamp() { |
|||
_debug "Generating signature Timestamp" |
|||
_debug3 "Retriving ntp time" |
|||
_timeheaders="$(_get "https://www.ntp.org" "onlyheader")" |
|||
_debug3 "_timeheaders" "$_timeheaders" |
|||
_ntpdate="$(echo "$_timeheaders" | grep -i "Date:" | _head_n 1 | cut -d ':' -f 2- | tr -d "\r\n")" |
|||
_debug3 "_ntpdate" "$_ntpdate" |
|||
_ntpdate="$(echo "${_ntpdate}" | sed -e 's/^[[:space:]]*//')" |
|||
_debug3 "_NTPDATE" "$_ntpdate" |
|||
_ntptime="$(echo "${_ntpdate}" | _head_n 1 | cut -d " " -f 5 | tr -d "\r\n")" |
|||
_debug3 "_ntptime" "$_ntptime" |
|||
_eg_timestamp=$(date -u "+%Y%m%dT") |
|||
_eg_timestamp="$(printf "%s%s+0000" "$_eg_timestamp" "$_ntptime")" |
|||
_debug "_eg_timestamp" "$_eg_timestamp" |
|||
} |
|||
|
|||
_edgedns_new_nonce() { |
|||
_debug "Generating Nonce" |
|||
_nonce=$(echo "EDGEDNS$(_time)" | _digest sha1 hex | cut -c 1-32) |
|||
_debug3 "_nonce" "$_nonce" |
|||
} |
|||
|
|||
_edgedns_make_auth_header() { |
|||
_debug "Constructing Auth Header" |
|||
_edgedns_new_nonce |
|||
_edgedns_eg_timestamp |
|||
# "Unsigned authorization header: 'EG1-HMAC-SHA256 client_token=block;access_token=block;timestamp=20200806T14:16:33+0000;nonce=72cde72c-82d9-4721-9854-2ba057929d67;'" |
|||
_auth_header="$(printf "EG1-HMAC-SHA256 client_token=%s;access_token=%s;timestamp=%s;nonce=%s;" "$AKAMAI_CLIENT_TOKEN" "$AKAMAI_ACCESS_TOKEN" "$_eg_timestamp" "$_nonce")" |
|||
_secure_debug2 "Unsigned Auth Header: " "$_auth_header" |
|||
|
|||
_edgedns_sign_request |
|||
_signed_auth_header="$(printf "%ssignature=%s" "$_auth_header" "$_signed_req")" |
|||
_secure_debug2 "Signed Auth Header: " "${_signed_auth_header}" |
|||
} |
|||
|
|||
_edgedns_sign_request() { |
|||
_debug2 "Signing http request" |
|||
_edgedns_make_data_to_sign "$_auth_header" |
|||
_secure_debug2 "Returned signed data" "$_mdata" |
|||
_edgedns_make_signing_key "$_eg_timestamp" |
|||
_edgedns_base64_hmac_sha256 "$_mdata" "$_signing_key" |
|||
_signed_req="$_hmac_out" |
|||
_secure_debug2 "Signed Request" "$_signed_req" |
|||
} |
|||
|
|||
_edgedns_make_signing_key() { |
|||
_debug2 "Creating sigining key" |
|||
ts=$1 |
|||
_edgedns_base64_hmac_sha256 "$ts" "$AKAMAI_CLIENT_SECRET" |
|||
_signing_key="$_hmac_out" |
|||
_secure_debug2 "Signing Key" "$_signing_key" |
|||
|
|||
} |
|||
|
|||
_edgedns_make_data_to_sign() { |
|||
_debug2 "Processing data to sign" |
|||
hdr=$1 |
|||
_secure_debug2 "hdr" "$hdr" |
|||
_edgedns_make_content_hash |
|||
path="$(echo "$_request_url_path" | tr -d "\n\r" | sed 's/https\?:\/\///')" |
|||
path=${path#*"$AKAMAI_HOST"} |
|||
_debug "hier path" "$path" |
|||
# dont expose headers to sign so use MT string |
|||
_mdata="$(printf "%s\thttps\t%s\t%s\t%s\t%s\t%s" "$_request_method" "$AKAMAI_HOST" "$path" "" "$_hash" "$hdr")" |
|||
_secure_debug2 "Data to Sign" "$_mdata" |
|||
} |
|||
|
|||
_edgedns_make_content_hash() { |
|||
_debug2 "Generating content hash" |
|||
_hash="" |
|||
_debug2 "Request method" "${_request_method}" |
|||
if [ "$_request_method" != "POST" ] || [ -z "$_request_body" ]; then |
|||
return 0 |
|||
fi |
|||
_debug2 "Req body" "$_request_body" |
|||
_edgedns_base64_sha256 "$_request_body" |
|||
_hash="$_sha256_out" |
|||
_debug2 "Content hash" "$_hash" |
|||
} |
|||
|
|||
_edgedns_base64_hmac_sha256() { |
|||
_debug2 "Generating hmac" |
|||
data=$1 |
|||
key=$2 |
|||
encoded_data="$(echo "$data" | iconv -t utf-8)" |
|||
encoded_key="$(echo "$key" | iconv -t utf-8)" |
|||
_secure_debug2 "encoded data" "$encoded_data" |
|||
_secure_debug2 "encoded key" "$encoded_key" |
|||
|
|||
encoded_key_hex=$(printf "%s" "$encoded_key" | _hex_dump | tr -d ' ') |
|||
data_sig="$(echo "$encoded_data" | tr -d "\n\r" | _hmac sha256 "$encoded_key_hex" | _base64)" |
|||
|
|||
_secure_debug2 "data_sig:" "$data_sig" |
|||
_hmac_out="$(echo "$data_sig" | tr -d "\n\r" | iconv -f utf-8)" |
|||
_secure_debug2 "hmac" "$_hmac_out" |
|||
} |
|||
|
|||
_edgedns_base64_sha256() { |
|||
_debug2 "Creating sha256 digest" |
|||
trg=$1 |
|||
_secure_debug2 "digest data" "$trg" |
|||
digest="$(echo "$trg" | tr -d "\n\r" | _digest "sha256")" |
|||
_sha256_out="$(echo "$digest" | tr -d "\n\r" | iconv -f utf-8)" |
|||
_secure_debug2 "digest decode" "$_sha256_out" |
|||
} |
|||
|
|||
#_edgedns_parse_edgerc() { |
|||
# filepath=$1 |
|||
# section=$2 |
|||
#} |
@ -0,0 +1,146 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Author: Timur Umarov <inbox@tumarov.com> |
|||
|
|||
FORNEX_API_URL="https://fornex.com/api/dns/v0.1" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_fornex_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_fornex_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
if ! _Fornex_API; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Unable to determine root domain" |
|||
return 1 |
|||
else |
|||
_debug _domain "$_domain" |
|||
fi |
|||
|
|||
_info "Adding record" |
|||
if _rest POST "$_domain/entry_set/add/" "host=$fulldomain&type=TXT&value=$txtvalue&apikey=$FORNEX_API_KEY"; then |
|||
_debug _response "$response" |
|||
if _contains "$response" '"ok": true' || _contains "$response" 'Такая запись уже существует.'; then |
|||
_info "Added, OK" |
|||
return 0 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
return 1 |
|||
} |
|||
|
|||
#Usage: dns_fornex_rm _acme-challenge.www.domain.com |
|||
dns_fornex_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
if ! _Fornex_API; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Unable to determine root domain" |
|||
return 1 |
|||
else |
|||
_debug _domain "$_domain" |
|||
fi |
|||
|
|||
_debug "Getting txt records" |
|||
_rest GET "$_domain/entry_set.json?apikey=$FORNEX_API_KEY" |
|||
|
|||
if ! _contains "$response" "$txtvalue"; then |
|||
_err "Txt record not found" |
|||
return 1 |
|||
fi |
|||
|
|||
_record_id="$(echo "$response" | _egrep_o "{[^{]*\"value\"*:*\"$txtvalue\"[^}]*}" | sed -n -e 's#.*"id": \([0-9]*\).*#\1#p')" |
|||
_debug "_record_id" "$_record_id" |
|||
if [ -z "$_record_id" ]; then |
|||
_err "can not find _record_id" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _rest POST "$_domain/entry_set/$_record_id/delete/" "apikey=$FORNEX_API_KEY"; then |
|||
_err "Delete record error." |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
|
|||
i=1 |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _rest GET "domain_list.json?q=$h&apikey=$FORNEX_API_KEY"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"$h\"" >/dev/null; then |
|||
_domain=$h |
|||
return 0 |
|||
else |
|||
_debug "$h not found" |
|||
fi |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_Fornex_API() { |
|||
FORNEX_API_KEY="${FORNEX_API_KEY:-$(_readaccountconf_mutable FORNEX_API_KEY)}" |
|||
if [ -z "$FORNEX_API_KEY" ]; then |
|||
FORNEX_API_KEY="" |
|||
|
|||
_err "You didn't specify the Fornex API key yet." |
|||
_err "Please create your key and try again." |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable FORNEX_API_KEY "$FORNEX_API_KEY" |
|||
} |
|||
|
|||
#method method action data |
|||
_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
export _H1="Accept: application/json" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$FORNEX_API_URL/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$FORNEX_API_URL/$ep" | _normalizeJson)" |
|||
fi |
|||
|
|||
_ret="$?" |
|||
if [ "$_ret" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
@ -0,0 +1,187 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# |
|||
#GCORE_Key='773$7b7adaf2a2b32bfb1b83787b4ff32a67eb178e3ada1af733e47b1411f2461f7f4fa7ed7138e2772a46124377bad7384b3bb8d87748f87b3f23db4b8bbe41b2bb' |
|||
# |
|||
|
|||
GCORE_Api="https://api.gcorelabs.com/dns/v2" |
|||
GCORE_Doc="https://apidocs.gcore.com/dns" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_gcore_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
GCORE_Key="${GCORE_Key:-$(_readaccountconf_mutable GCORE_Key)}" |
|||
|
|||
if [ -z "$GCORE_Key" ]; then |
|||
GCORE_Key="" |
|||
_err "You didn't specify a Gcore api key yet." |
|||
_err "You can get yours from here $GCORE_Doc" |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api key to the account conf file. |
|||
_saveaccountconf_mutable GCORE_Key "$GCORE_Key" |
|||
|
|||
_debug "First detect the zone name" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _zone_name "$_zone_name" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
_gcore_rest GET "zones/$_zone_name/$fulldomain/TXT" |
|||
payload="" |
|||
|
|||
if echo "$response" | grep "record is not found" >/dev/null; then |
|||
_info "Record doesn't exists" |
|||
payload="{\"resource_records\":[{\"content\":[\"$txtvalue\"],\"enabled\":true}],\"ttl\":120}" |
|||
elif echo "$response" | grep "$txtvalue" >/dev/null; then |
|||
_info "Already exists, OK" |
|||
return 0 |
|||
elif echo "$response" | tr -d " " | grep \"name\":\""$fulldomain"\",\"type\":\"TXT\" >/dev/null; then |
|||
_info "Record with mismatch txtvalue, try update it" |
|||
payload=$(echo "$response" | tr -d " " | sed 's/"updated_at":[0-9]\+,//g' | sed 's/"meta":{}}]}/"meta":{}},{"content":['\""$txtvalue"\"'],"enabled":true}]}/') |
|||
fi |
|||
|
|||
# For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so |
|||
# we can not use updating anymore. |
|||
# count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) |
|||
# _debug count "$count" |
|||
# if [ "$count" = "0" ]; then |
|||
_info "Adding record" |
|||
if _gcore_rest PUT "zones/$_zone_name/$fulldomain/TXT" "$payload"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "Added, OK" |
|||
return 0 |
|||
elif _contains "$response" "rrset is already exists"; then |
|||
_info "Already exists, OK" |
|||
return 0 |
|||
else |
|||
_err "Add txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
return 1 |
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_gcore_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
GCORE_Key="${GCORE_Key:-$(_readaccountconf_mutable GCORE_Key)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _zone_name "$_zone_name" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
_gcore_rest GET "zones/$_zone_name/$fulldomain/TXT" |
|||
|
|||
if echo "$response" | grep "record is not found" >/dev/null; then |
|||
_info "No such txt recrod" |
|||
return 0 |
|||
fi |
|||
|
|||
if ! echo "$response" | tr -d " " | grep \"name\":\""$fulldomain"\",\"type\":\"TXT\" >/dev/null; then |
|||
_err "Error: $response" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! echo "$response" | tr -d " " | grep \""$txtvalue"\" >/dev/null; then |
|||
_info "No such txt recrod" |
|||
return 0 |
|||
fi |
|||
|
|||
count="$(echo "$response" | grep -o "content" | wc -l)" |
|||
|
|||
if [ "$count" = "1" ]; then |
|||
if ! _gcore_rest DELETE "zones/$_zone_name/$fulldomain/TXT"; then |
|||
_err "Delete record error. $response" |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
fi |
|||
|
|||
payload="$(echo "$response" | tr -d " " | sed 's/"updated_at":[0-9]\+,//g' | sed 's/{"id":[0-9]\+,"content":\["'"$txtvalue"'"\],"enabled":true,"meta":{}}//' | sed 's/\[,/\[/' | sed 's/,,/,/' | sed 's/,\]/\]/')" |
|||
if ! _gcore_rest PUT "zones/$_zone_name/$fulldomain/TXT" "$payload"; then |
|||
_err "Delete record error. $response" |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.sub.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.sub or _acme-challenge |
|||
# _domain=domain.com |
|||
# _zone_name=domain.com or sub.domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _gcore_rest GET "zones/$h"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"name\":\"$h\""; then |
|||
_zone_name=$h |
|||
if [ "$_zone_name" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_gcore_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
key_trimmed=$(echo "$GCORE_Key" | tr -d '"') |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Authorization: APIKey $key_trimmed" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$GCORE_Api/$ep" "" "$m")" |
|||
else |
|||
response="$(_get "$GCORE_Api/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
@ -1,177 +0,0 @@ |
|||
#!/usr/bin/env sh |
|||
#Author: Herman Sletteng |
|||
#Report Bugs here: https://github.com/loial/acme.sh |
|||
# |
|||
# |
|||
# Note, gratisdns requires a login first, so the script needs to handle |
|||
# temporary cookies. Since acme.sh _get/_post currently don't directly support |
|||
# cookies, I've defined wrapper functions _myget/_mypost to set the headers |
|||
|
|||
GDNSDK_API="https://admin.gratisdns.com" |
|||
######## Public functions ##################### |
|||
#Usage: dns_gdnsdk_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_gdnsdk_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using gratisdns.dk" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
if ! _gratisdns_login; then |
|||
_err "Login failed!" |
|||
return 1 |
|||
fi |
|||
#finding domain zone |
|||
if ! _get_domain; then |
|||
_err "No matching root domain for $fulldomain found" |
|||
return 1 |
|||
fi |
|||
# adding entry |
|||
_info "Adding the entry" |
|||
_mypost "action=dns_primary_record_added_txt&user_domain=$_domain&name=$fulldomain&txtdata=$txtvalue&ttl=1" |
|||
if _successful_update; then return 0; fi |
|||
_err "Couldn't create entry!" |
|||
return 1 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_gdnsdk_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using gratisdns.dk" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
if ! _gratisdns_login; then |
|||
_err "Login failed!" |
|||
return 1 |
|||
fi |
|||
if ! _get_domain; then |
|||
_err "No matching root domain for $fulldomain found" |
|||
return 1 |
|||
fi |
|||
_findentry "$fulldomain" "$txtvalue" |
|||
if [ -z "$_id" ]; then |
|||
_info "Entry doesn't exist, nothing to delete" |
|||
return 0 |
|||
fi |
|||
_debug "Deleting record..." |
|||
_mypost "action=dns_primary_delete_txt&user_domain=$_domain&id=$_id" |
|||
# removing entry |
|||
|
|||
if _successful_update; then return 0; fi |
|||
_err "Couldn't delete entry!" |
|||
return 1 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_checkcredentials() { |
|||
GDNSDK_Username="${GDNSDK_Username:-$(_readaccountconf_mutable GDNSDK_Username)}" |
|||
GDNSDK_Password="${GDNSDK_Password:-$(_readaccountconf_mutable GDNSDK_Password)}" |
|||
|
|||
if [ -z "$GDNSDK_Username" ] || [ -z "$GDNSDK_Password" ]; then |
|||
GDNSDK_Username="" |
|||
GDNSDK_Password="" |
|||
_err "You haven't specified gratisdns.dk username and password yet." |
|||
_err "Please add credentials and try again." |
|||
return 1 |
|||
fi |
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable GDNSDK_Username "$GDNSDK_Username" |
|||
_saveaccountconf_mutable GDNSDK_Password "$GDNSDK_Password" |
|||
return 0 |
|||
} |
|||
|
|||
_checkcookie() { |
|||
GDNSDK_Cookie="${GDNSDK_Cookie:-$(_readaccountconf_mutable GDNSDK_Cookie)}" |
|||
if [ -z "$GDNSDK_Cookie" ]; then |
|||
_debug "No cached cookie found" |
|||
return 1 |
|||
fi |
|||
_myget "action=" |
|||
if (echo "$_result" | grep -q "logmeout"); then |
|||
_debug "Cached cookie still valid" |
|||
return 0 |
|||
fi |
|||
_debug "Cached cookie no longer valid" |
|||
GDNSDK_Cookie="" |
|||
_saveaccountconf_mutable GDNSDK_Cookie "$GDNSDK_Cookie" |
|||
return 1 |
|||
} |
|||
|
|||
_gratisdns_login() { |
|||
if ! _checkcredentials; then return 1; fi |
|||
|
|||
if _checkcookie; then |
|||
_debug "Already logged in" |
|||
return 0 |
|||
fi |
|||
_debug "Logging into GratisDNS with user $GDNSDK_Username" |
|||
|
|||
if ! _mypost "login=$GDNSDK_Username&password=$GDNSDK_Password&action=logmein"; then |
|||
_err "GratisDNS login failed for user $GDNSDK_Username bad RC from _post" |
|||
return 1 |
|||
fi |
|||
|
|||
GDNSDK_Cookie="$(grep -A 15 '302 Found' "$HTTP_HEADER" | _egrep_o 'Cookie: [^;]*' | _head_n 1 | cut -d ' ' -f2)" |
|||
|
|||
if [ -z "$GDNSDK_Cookie" ]; then |
|||
_err "GratisDNS login failed for user $GDNSDK_Username. Check $HTTP_HEADER file" |
|||
return 1 |
|||
fi |
|||
export GDNSDK_Cookie |
|||
_saveaccountconf_mutable GDNSDK_Cookie "$GDNSDK_Cookie" |
|||
return 0 |
|||
} |
|||
|
|||
_myget() { |
|||
#Adds cookie to request |
|||
export _H1="Cookie: $GDNSDK_Cookie" |
|||
_result=$(_get "$GDNSDK_API?$1") |
|||
} |
|||
_mypost() { |
|||
#Adds cookie to request |
|||
export _H1="Cookie: $GDNSDK_Cookie" |
|||
_result=$(_post "$1" "$GDNSDK_API") |
|||
} |
|||
|
|||
_get_domain() { |
|||
_myget 'action=dns_primarydns' |
|||
_domains=$(echo "$_result" | _egrep_o ' domain="[[:alnum:]._-]+' | sed 's/^.*"//') |
|||
if [ -z "$_domains" ]; then |
|||
_err "Primary domain list not found!" |
|||
return 1 |
|||
fi |
|||
for _domain in $_domains; do |
|||
if (_endswith "$fulldomain" "$_domain"); then |
|||
_debug "Root domain: $_domain" |
|||
return 0 |
|||
fi |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_successful_update() { |
|||
if (echo "$_result" | grep -q 'table-success'); then return 0; fi |
|||
return 1 |
|||
} |
|||
|
|||
_findentry() { |
|||
#args $1: fulldomain, $2: txtvalue |
|||
#returns id of dns entry, if it exists |
|||
_myget "action=dns_primary_changeDNSsetup&user_domain=$_domain" |
|||
_debug3 "_result: $_result" |
|||
|
|||
_tmp_result=$(echo "$_result" | tr -d '\n\r' | _egrep_o "<td>$1</td>\s*<td>$2</td>[^?]*[^&]*&id=[^&]*") |
|||
_debug _tmp_result "$_tmp_result" |
|||
if [ -z "${_tmp_result:-}" ]; then |
|||
_debug "The variable is _tmp_result is not supposed to be empty, there may be something wrong with the script" |
|||
fi |
|||
|
|||
_id=$(echo "$_tmp_result" | sed 's/^.*=//') |
|||
if [ -n "$_id" ]; then |
|||
_debug "Entry found with _id=$_id" |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
} |
@ -0,0 +1,232 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
######################################################################## |
|||
# Geoscaling hook script for acme.sh |
|||
# |
|||
# Environment variables: |
|||
# |
|||
# - $GEOSCALING_Username (your Geoscaling username - this is usually NOT an amail address) |
|||
# - $GEOSCALING_Password (your Geoscaling password) |
|||
|
|||
#-- dns_geoscaling_add() - Add TXT record -------------------------------------- |
|||
# Usage: dns_geoscaling_add _acme-challenge.subdomain.domain.com "XyZ123..." |
|||
|
|||
dns_geoscaling_add() { |
|||
full_domain=$1 |
|||
txt_value=$2 |
|||
_info "Using DNS-01 Geoscaling DNS2 hook" |
|||
|
|||
GEOSCALING_Username="${GEOSCALING_Username:-$(_readaccountconf_mutable GEOSCALING_Username)}" |
|||
GEOSCALING_Password="${GEOSCALING_Password:-$(_readaccountconf_mutable GEOSCALING_Password)}" |
|||
if [ -z "$GEOSCALING_Username" ] || [ -z "$GEOSCALING_Password" ]; then |
|||
GEOSCALING_Username= |
|||
GEOSCALING_Password= |
|||
_err "No auth details provided. Please set user credentials using the \$GEOSCALING_Username and \$GEOSCALING_Password environment variables." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable GEOSCALING_Username "${GEOSCALING_Username}" |
|||
_saveaccountconf_mutable GEOSCALING_Password "${GEOSCALING_Password}" |
|||
|
|||
# Fills in the $zone_id and $zone_name |
|||
find_zone "${full_domain}" || return 1 |
|||
_debug "Zone id '${zone_id}' will be used." |
|||
|
|||
# We're logged in here |
|||
|
|||
# we should add ${full_domain} minus the trailing ${zone_name} |
|||
|
|||
prefix=$(echo "${full_domain}" | sed "s|\\.${zone_name}\$||") |
|||
|
|||
body="id=${zone_id}&name=${prefix}&type=TXT&content=${txt_value}&ttl=300&prio=0" |
|||
|
|||
do_post "$body" "https://www.geoscaling.com/dns2/ajax/add_record.php" |
|||
exit_code="$?" |
|||
if [ "${exit_code}" -eq 0 ]; then |
|||
_info "TXT record added successfully." |
|||
else |
|||
_err "Couldn't add the TXT record." |
|||
fi |
|||
do_logout |
|||
return "${exit_code}" |
|||
} |
|||
|
|||
#-- dns_geoscaling_rm() - Remove TXT record ------------------------------------ |
|||
# Usage: dns_geoscaling_rm _acme-challenge.subdomain.domain.com "XyZ123..." |
|||
|
|||
dns_geoscaling_rm() { |
|||
full_domain=$1 |
|||
txt_value=$2 |
|||
_info "Cleaning up after DNS-01 Geoscaling DNS2 hook" |
|||
|
|||
GEOSCALING_Username="${GEOSCALING_Username:-$(_readaccountconf_mutable GEOSCALING_Username)}" |
|||
GEOSCALING_Password="${GEOSCALING_Password:-$(_readaccountconf_mutable GEOSCALING_Password)}" |
|||
if [ -z "$GEOSCALING_Username" ] || [ -z "$GEOSCALING_Password" ]; then |
|||
GEOSCALING_Username= |
|||
GEOSCALING_Password= |
|||
_err "No auth details provided. Please set user credentials using the \$GEOSCALING_Username and \$GEOSCALING_Password environment variables." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable GEOSCALING_Username "${GEOSCALING_Username}" |
|||
_saveaccountconf_mutable GEOSCALING_Password "${GEOSCALING_Password}" |
|||
|
|||
# fills in the $zone_id |
|||
find_zone "${full_domain}" || return 1 |
|||
_debug "Zone id '${zone_id}' will be used." |
|||
|
|||
# Here we're logged in |
|||
# Find the record id to clean |
|||
|
|||
# get the domain |
|||
response=$(do_get "https://www.geoscaling.com/dns2/index.php?module=domain&id=${zone_id}") |
|||
_debug2 "response" "$response" |
|||
|
|||
table="$(echo "${response}" | tr -d '\n' | sed 's|.*<div class="box"><div class="boxtitle">Basic Records</div><div class="boxtext"><table|<table|; s|</table>.*|</table>|')" |
|||
_debug2 table "${table}" |
|||
names=$(echo "${table}" | _egrep_o 'id="[0-9]+\.name">[^<]*</td>' | sed 's|</td>||; s|.*>||') |
|||
ids=$(echo "${table}" | _egrep_o 'id="[0-9]+\.name">[^<]*</td>' | sed 's|\.name">.*||; s|id="||') |
|||
types=$(echo "${table}" | _egrep_o 'id="[0-9]+\.type">[^<]*</td>' | sed 's|</td>||; s|.*>||') |
|||
values=$(echo "${table}" | _egrep_o 'id="[0-9]+\.content">[^<]*</td>' | sed 's|</td>||; s|.*>||') |
|||
|
|||
_debug2 names "${names}" |
|||
_debug2 ids "${ids}" |
|||
_debug2 types "${types}" |
|||
_debug2 values "${values}" |
|||
|
|||
# look for line whose name is ${full_domain}, whose type is TXT, and whose value is ${txt_value} |
|||
line_num="$(echo "${values}" | grep -F -n -- "${txt_value}" | _head_n 1 | cut -d ':' -f 1)" |
|||
_debug2 line_num "${line_num}" |
|||
found_id= |
|||
if [ -n "$line_num" ]; then |
|||
type=$(echo "${types}" | sed -n "${line_num}p") |
|||
name=$(echo "${names}" | sed -n "${line_num}p") |
|||
id=$(echo "${ids}" | sed -n "${line_num}p") |
|||
|
|||
_debug2 type "$type" |
|||
_debug2 name "$name" |
|||
_debug2 id "$id" |
|||
_debug2 full_domain "$full_domain" |
|||
|
|||
if [ "${type}" = "TXT" ] && [ "${name}" = "${full_domain}" ]; then |
|||
found_id=${id} |
|||
fi |
|||
fi |
|||
|
|||
if [ "${found_id}" = "" ]; then |
|||
_err "Can not find record id." |
|||
return 0 |
|||
fi |
|||
|
|||
# Remove the record |
|||
body="id=${zone_id}&record_id=${found_id}" |
|||
response=$(do_post "$body" "https://www.geoscaling.com/dns2/ajax/delete_record.php") |
|||
exit_code="$?" |
|||
if [ "$exit_code" -eq 0 ]; then |
|||
_info "Record removed successfully." |
|||
else |
|||
_err "Could not clean (remove) up the record. Please go to Geoscaling administration interface and clean it by hand." |
|||
fi |
|||
do_logout |
|||
return "${exit_code}" |
|||
} |
|||
|
|||
########################## PRIVATE FUNCTIONS ########################### |
|||
|
|||
do_get() { |
|||
_url=$1 |
|||
export _H1="Cookie: $geoscaling_phpsessid_cookie" |
|||
_get "${_url}" |
|||
} |
|||
|
|||
do_post() { |
|||
_body=$1 |
|||
_url=$2 |
|||
export _H1="Cookie: $geoscaling_phpsessid_cookie" |
|||
_post "${_body}" "${_url}" |
|||
} |
|||
|
|||
do_login() { |
|||
|
|||
_info "Logging in..." |
|||
|
|||
username_encoded="$(printf "%s" "${GEOSCALING_Username}" | _url_encode)" |
|||
password_encoded="$(printf "%s" "${GEOSCALING_Password}" | _url_encode)" |
|||
body="username=${username_encoded}&password=${password_encoded}" |
|||
|
|||
response=$(_post "$body" "https://www.geoscaling.com/dns2/index.php?module=auth") |
|||
_debug2 response "${response}" |
|||
|
|||
#retcode=$(grep '^HTTP[^ ]*' "${HTTP_HEADER}" | _head_n 1 | _egrep_o '[0-9]+$') |
|||
retcode=$(grep '^HTTP[^ ]*' "${HTTP_HEADER}" | _head_n 1 | cut -d ' ' -f 2) |
|||
|
|||
if [ "$retcode" != "302" ]; then |
|||
_err "Geoscaling login failed for user ${GEOSCALING_Username}. Check ${HTTP_HEADER} file" |
|||
return 1 |
|||
fi |
|||
|
|||
geoscaling_phpsessid_cookie="$(grep -i '^set-cookie:' "${HTTP_HEADER}" | _egrep_o 'PHPSESSID=[^;]*;' | tr -d ';')" |
|||
return 0 |
|||
|
|||
} |
|||
|
|||
do_logout() { |
|||
_info "Logging out." |
|||
response="$(do_get "https://www.geoscaling.com/dns2/index.php?module=auth")" |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
find_zone() { |
|||
domain="$1" |
|||
|
|||
# do login |
|||
do_login || return 1 |
|||
|
|||
# get zones |
|||
response="$(do_get "https://www.geoscaling.com/dns2/index.php?module=domains")" |
|||
|
|||
table="$(echo "${response}" | tr -d '\n' | sed 's|.*<div class="box"><div class="boxtitle">Your domains</div><div class="boxtext"><table|<table|; s|</table>.*|</table>|')" |
|||
_debug2 table "${table}" |
|||
zone_names="$(echo "${table}" | _egrep_o '<b>[^<]*</b>' | sed 's|<b>||;s|</b>||')" |
|||
_debug2 _matches "${zone_names}" |
|||
# Zone names and zone IDs are in same order |
|||
zone_ids=$(echo "${table}" | _egrep_o '<a href=.index\.php\?module=domain&id=[0-9]+. onclick="javascript:show_loader\(\);">' | sed 's|.*id=||;s|. .*||') |
|||
|
|||
_debug2 "These are the zones on this Geoscaling account:" |
|||
_debug2 "zone_names" "${zone_names}" |
|||
_debug2 "And these are their respective IDs:" |
|||
_debug2 "zone_ids" "${zone_ids}" |
|||
if [ -z "${zone_names}" ] || [ -z "${zone_ids}" ]; then |
|||
_err "Can not get zone names or IDs." |
|||
return 1 |
|||
fi |
|||
# Walk through all possible zone names |
|||
strip_counter=1 |
|||
while true; do |
|||
attempted_zone=$(echo "${domain}" | cut -d . -f ${strip_counter}-) |
|||
|
|||
# All possible zone names have been tried |
|||
if [ -z "${attempted_zone}" ]; then |
|||
_err "No zone for domain '${domain}' found." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Looking for zone '${attempted_zone}'" |
|||
|
|||
line_num="$(echo "${zone_names}" | grep -n "^${attempted_zone}\$" | _head_n 1 | cut -d : -f 1)" |
|||
_debug2 line_num "${line_num}" |
|||
if [ "$line_num" ]; then |
|||
zone_id=$(echo "${zone_ids}" | sed -n "${line_num}p") |
|||
zone_name=$(echo "${zone_names}" | sed -n "${line_num}p") |
|||
if [ -z "${zone_id}" ]; then |
|||
_err "Can not find zone id." |
|||
return 1 |
|||
fi |
|||
_debug "Found relevant zone '${attempted_zone}' with id '${zone_id}' - will be used for domain '${domain}'." |
|||
return 0 |
|||
fi |
|||
|
|||
_debug "Zone '${attempted_zone}' doesn't exist, let's try a less specific zone." |
|||
strip_counter=$(_math "${strip_counter}" + 1) |
|||
done |
|||
} |
|||
# vim: et:ts=2:sw=2: |
@ -0,0 +1,173 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Author: Alex Leigh <leigh at alexleigh dot me> |
|||
# Created: 2023-03-02 |
|||
|
|||
#GOOGLEDOMAINS_ACCESS_TOKEN="xxxx" |
|||
#GOOGLEDOMAINS_ZONE="xxxx" |
|||
GOOGLEDOMAINS_API="https://acmedns.googleapis.com/v1/acmeChallengeSets" |
|||
|
|||
######## Public functions ######## |
|||
|
|||
#Usage: dns_googledomains_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_googledomains_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Invoking Google Domains ACME DNS API." |
|||
|
|||
if ! _dns_googledomains_setup; then |
|||
return 1 |
|||
fi |
|||
|
|||
zone="$(_dns_googledomains_get_zone "$fulldomain")" |
|||
if [ -z "$zone" ]; then |
|||
_err "Could not find a Google Domains-managed zone containing the requested domain." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug zone "$zone" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_info "Adding TXT record for $fulldomain." |
|||
if _dns_googledomains_api "$zone" ":rotateChallenges" "{\"accessToken\":\"$GOOGLEDOMAINS_ACCESS_TOKEN\",\"recordsToAdd\":[{\"fqdn\":\"$fulldomain\",\"digest\":\"$txtvalue\"}],\"keepExpiredRecords\":true}"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_info "TXT record added." |
|||
return 0 |
|||
else |
|||
_err "Error adding TXT record." |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
_err "Error adding TXT record." |
|||
return 1 |
|||
} |
|||
|
|||
#Usage: dns_googledomains_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_googledomains_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Invoking Google Domains ACME DNS API." |
|||
|
|||
if ! _dns_googledomains_setup; then |
|||
return 1 |
|||
fi |
|||
|
|||
zone="$(_dns_googledomains_get_zone "$fulldomain")" |
|||
if [ -z "$zone" ]; then |
|||
_err "Could not find a Google Domains-managed domain based on request." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug zone "$zone" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
_info "Removing TXT record for $fulldomain." |
|||
if _dns_googledomains_api "$zone" ":rotateChallenges" "{\"accessToken\":\"$GOOGLEDOMAINS_ACCESS_TOKEN\",\"recordsToRemove\":[{\"fqdn\":\"$fulldomain\",\"digest\":\"$txtvalue\"}],\"keepExpiredRecords\":true}"; then |
|||
if _contains "$response" "$txtvalue"; then |
|||
_err "Error removing TXT record." |
|||
return 1 |
|||
else |
|||
_info "TXT record removed." |
|||
return 0 |
|||
fi |
|||
fi |
|||
|
|||
_err "Error removing TXT record." |
|||
return 1 |
|||
} |
|||
|
|||
######## Private functions ######## |
|||
|
|||
_dns_googledomains_setup() { |
|||
if [ -n "$GOOGLEDOMAINS_SETUP_COMPLETED" ]; then |
|||
return 0 |
|||
fi |
|||
|
|||
GOOGLEDOMAINS_ACCESS_TOKEN="${GOOGLEDOMAINS_ACCESS_TOKEN:-$(_readaccountconf_mutable GOOGLEDOMAINS_ACCESS_TOKEN)}" |
|||
GOOGLEDOMAINS_ZONE="${GOOGLEDOMAINS_ZONE:-$(_readaccountconf_mutable GOOGLEDOMAINS_ZONE)}" |
|||
|
|||
if [ -z "$GOOGLEDOMAINS_ACCESS_TOKEN" ]; then |
|||
GOOGLEDOMAINS_ACCESS_TOKEN="" |
|||
_err "Google Domains access token was not specified." |
|||
_err "Please visit Google Domains Security settings to provision an ACME DNS API access token." |
|||
return 1 |
|||
fi |
|||
|
|||
if [ "$GOOGLEDOMAINS_ZONE" ]; then |
|||
_savedomainconf GOOGLEDOMAINS_ACCESS_TOKEN "$GOOGLEDOMAINS_ACCESS_TOKEN" |
|||
_savedomainconf GOOGLEDOMAINS_ZONE "$GOOGLEDOMAINS_ZONE" |
|||
else |
|||
_saveaccountconf_mutable GOOGLEDOMAINS_ACCESS_TOKEN "$GOOGLEDOMAINS_ACCESS_TOKEN" |
|||
_clearaccountconf_mutable GOOGLEDOMAINS_ZONE |
|||
_clearaccountconf GOOGLEDOMAINS_ZONE |
|||
fi |
|||
|
|||
_debug GOOGLEDOMAINS_ACCESS_TOKEN "$GOOGLEDOMAINS_ACCESS_TOKEN" |
|||
_debug GOOGLEDOMAINS_ZONE "$GOOGLEDOMAINS_ZONE" |
|||
|
|||
GOOGLEDOMAINS_SETUP_COMPLETED=1 |
|||
return 0 |
|||
} |
|||
|
|||
_dns_googledomains_get_zone() { |
|||
domain=$1 |
|||
|
|||
# Use zone directly if provided |
|||
if [ "$GOOGLEDOMAINS_ZONE" ]; then |
|||
if ! _dns_googledomains_api "$GOOGLEDOMAINS_ZONE"; then |
|||
return 1 |
|||
fi |
|||
|
|||
echo "$GOOGLEDOMAINS_ZONE" |
|||
return 0 |
|||
fi |
|||
|
|||
i=2 |
|||
while true; do |
|||
curr=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug curr "$curr" |
|||
|
|||
if [ -z "$curr" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _dns_googledomains_api "$curr"; then |
|||
echo "$curr" |
|||
return 0 |
|||
fi |
|||
|
|||
i=$(_math "$i" + 1) |
|||
done |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_dns_googledomains_api() { |
|||
zone=$1 |
|||
apimethod=$2 |
|||
data="$3" |
|||
|
|||
if [ -z "$data" ]; then |
|||
response="$(_get "$GOOGLEDOMAINS_API/$zone$apimethod")" |
|||
else |
|||
_debug data "$data" |
|||
export _H1="Content-Type: application/json" |
|||
response="$(_post "$data" "$GOOGLEDOMAINS_API/$zone$apimethod")" |
|||
fi |
|||
|
|||
_debug response "$response" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error" |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"error\": {"; then |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
@ -0,0 +1,327 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# HUAWEICLOUD_Username |
|||
# HUAWEICLOUD_Password |
|||
# HUAWEICLOUD_DomainName |
|||
|
|||
iam_api="https://iam.myhuaweicloud.com" |
|||
dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
# Used to add txt record |
|||
# |
|||
# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/zh-cn_topic_0132421999.html |
|||
# |
|||
# About "DomainName" parameters see: https://support.huaweicloud.com/api-iam/iam_01_0006.html |
|||
# |
|||
|
|||
dns_huaweicloud_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" |
|||
HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" |
|||
HUAWEICLOUD_DomainName="${HUAWEICLOUD_DomainName:-$(_readaccountconf_mutable HUAWEICLOUD_DomainName)}" |
|||
|
|||
# Check information |
|||
if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_DomainName}" ]; then |
|||
_err "Not enough information provided to dns_huaweicloud!" |
|||
return 1 |
|||
fi |
|||
|
|||
unset token # Clear token |
|||
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_DomainName}")" |
|||
if [ -z "${token}" ]; then # Check token |
|||
_err "dns_api(dns_huaweicloud): Error getting token." |
|||
return 1 |
|||
fi |
|||
_secure_debug "Access token is:" "${token}" |
|||
|
|||
unset zoneid |
|||
zoneid="$(_get_zoneid "${token}" "${fulldomain}")" |
|||
if [ -z "${zoneid}" ]; then |
|||
_err "dns_api(dns_huaweicloud): Error getting zone id." |
|||
return 1 |
|||
fi |
|||
_debug "Zone ID is:" "${zoneid}" |
|||
|
|||
_debug "Adding Record" |
|||
_add_record "${token}" "${fulldomain}" "${txtvalue}" |
|||
ret="$?" |
|||
if [ "${ret}" != "0" ]; then |
|||
_err "dns_api(dns_huaweicloud): Error adding record." |
|||
return 1 |
|||
fi |
|||
|
|||
# Do saving work if all succeeded |
|||
_saveaccountconf_mutable HUAWEICLOUD_Username "${HUAWEICLOUD_Username}" |
|||
_saveaccountconf_mutable HUAWEICLOUD_Password "${HUAWEICLOUD_Password}" |
|||
_saveaccountconf_mutable HUAWEICLOUD_DomainName "${HUAWEICLOUD_DomainName}" |
|||
return 0 |
|||
} |
|||
|
|||
# Usage: fulldomain txtvalue |
|||
# Used to remove the txt record after validation |
|||
# |
|||
# Ref: https://support.huaweicloud.com/intl/zh-cn/api-dns/dns_api_64005.html |
|||
# |
|||
|
|||
dns_huaweicloud_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
HUAWEICLOUD_Username="${HUAWEICLOUD_Username:-$(_readaccountconf_mutable HUAWEICLOUD_Username)}" |
|||
HUAWEICLOUD_Password="${HUAWEICLOUD_Password:-$(_readaccountconf_mutable HUAWEICLOUD_Password)}" |
|||
HUAWEICLOUD_DomainName="${HUAWEICLOUD_DomainName:-$(_readaccountconf_mutable HUAWEICLOUD_DomainName)}" |
|||
|
|||
# Check information |
|||
if [ -z "${HUAWEICLOUD_Username}" ] || [ -z "${HUAWEICLOUD_Password}" ] || [ -z "${HUAWEICLOUD_DomainName}" ]; then |
|||
_err "Not enough information provided to dns_huaweicloud!" |
|||
return 1 |
|||
fi |
|||
|
|||
unset token # Clear token |
|||
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_DomainName}")" |
|||
if [ -z "${token}" ]; then # Check token |
|||
_err "dns_api(dns_huaweicloud): Error getting token." |
|||
return 1 |
|||
fi |
|||
_secure_debug "Access token is:" "${token}" |
|||
|
|||
unset zoneid |
|||
zoneid="$(_get_zoneid "${token}" "${fulldomain}")" |
|||
if [ -z "${zoneid}" ]; then |
|||
_err "dns_api(dns_huaweicloud): Error getting zone id." |
|||
return 1 |
|||
fi |
|||
_debug "Zone ID is:" "${zoneid}" |
|||
|
|||
record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")" |
|||
_recursive_rm_record "${token}" "${fulldomain}" "${zoneid}" "${record_id}" |
|||
ret="$?" |
|||
if [ "${ret}" != "0" ]; then |
|||
_err "dns_api(dns_huaweicloud): Error removing record." |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
################### Private functions below ################################## |
|||
|
|||
# _recursive_rm_record |
|||
# remove all records from the record set |
|||
# |
|||
# _token=$1 |
|||
# _domain=$2 |
|||
# _zoneid=$3 |
|||
# _record_id=$4 |
|||
# |
|||
# Returns 0 on success |
|||
_recursive_rm_record() { |
|||
_token=$1 |
|||
_domain=$2 |
|||
_zoneid=$3 |
|||
_record_id=$4 |
|||
|
|||
# Most likely to have problems will huaweicloud side if more than 50 attempts but still cannot fully remove the record set |
|||
# Maybe can be removed manually in the dashboard |
|||
_retry_cnt=50 |
|||
|
|||
# Remove all records |
|||
# Therotically HuaweiCloud does not allow more than one record set |
|||
# But remove them recurringly to increase robusty |
|||
|
|||
while [ "${_record_id}" != "0" ] && [ "${_retry_cnt}" != "0" ]; do |
|||
_debug "Removing Record" |
|||
_retry_cnt=$((_retry_cnt - 1)) |
|||
_rm_record "${_token}" "${_zoneid}" "${_record_id}" |
|||
_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${_zoneid}")" |
|||
_debug2 "Checking record exists: record_id=${_record_id}" |
|||
done |
|||
|
|||
# Check if retry count is reached |
|||
if [ "${_retry_cnt}" = "0" ]; then |
|||
_debug "Failed to remove record after 50 attempts, please try removing it manually in the dashboard" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
# _get_zoneid |
|||
# |
|||
# _token=$1 |
|||
# _domain_string=$2 |
|||
# |
|||
# printf "%s" "${_zoneid}" |
|||
_get_zoneid() { |
|||
_token=$1 |
|||
_domain_string=$2 |
|||
export _H1="X-Auth-Token: ${_token}" |
|||
|
|||
i=1 |
|||
while true; do |
|||
h=$(printf "%s" "${_domain_string}" | cut -d . -f "$i"-100) |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
_debug "$h" |
|||
response=$(_get "${dns_api}/v2/zones?name=${h}") |
|||
_debug2 "$response" |
|||
if _contains "${response}" '"id"'; then |
|||
zoneidlist=$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ") |
|||
zonenamelist=$(echo "${response}" | _egrep_o "\"name\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ") |
|||
_debug2 "Returned Zone ID(s):" "${zoneidlist}" |
|||
_debug2 "Returned Zone Name(s):" "${zonenamelist}" |
|||
zoneidnum=0 |
|||
zoneidcount=$(echo "${zoneidlist}" | grep -c '^') |
|||
_debug "Returned Zone ID(s) Count:" "${zoneidcount}" |
|||
while [ "${zoneidnum}" -lt "${zoneidcount}" ]; do |
|||
zoneidnum=$(_math "$zoneidnum" + 1) |
|||
_zoneid=$(echo "${zoneidlist}" | sed -n "${zoneidnum}p") |
|||
zonename=$(echo "${zonenamelist}" | sed -n "${zoneidnum}p") |
|||
_debug "Check Zone Name" "${zonename}" |
|||
if [ "${zonename}" = "${h}." ]; then |
|||
_debug "Get Zone ID Success." |
|||
_debug "ZoneID:" "${_zoneid}" |
|||
printf "%s" "${_zoneid}" |
|||
return 0 |
|||
fi |
|||
done |
|||
fi |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_get_recordset_id() { |
|||
_token=$1 |
|||
_domain=$2 |
|||
_zoneid=$3 |
|||
export _H1="X-Auth-Token: ${_token}" |
|||
|
|||
response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}") |
|||
if _contains "${response}" '"id"'; then |
|||
_id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")" |
|||
printf "%s" "${_id}" |
|||
return 0 |
|||
fi |
|||
printf "%s" "0" |
|||
return 1 |
|||
} |
|||
|
|||
_add_record() { |
|||
_token=$1 |
|||
_domain=$2 |
|||
_txtvalue=$3 |
|||
|
|||
# Get Existing Records |
|||
export _H1="X-Auth-Token: ${_token}" |
|||
response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}") |
|||
|
|||
_debug2 "${response}" |
|||
_exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g') |
|||
_debug "${_exist_record}" |
|||
|
|||
# Check if record exist |
|||
# Generate body data |
|||
if [ -z "${_exist_record}" ]; then |
|||
_post_body="{ |
|||
\"name\": \"${_domain}.\", |
|||
\"description\": \"ACME Challenge\", |
|||
\"type\": \"TXT\", |
|||
\"ttl\": 1, |
|||
\"records\": [ |
|||
\"\\\"${_txtvalue}\\\"\" |
|||
] |
|||
}" |
|||
else |
|||
_post_body="{ |
|||
\"name\": \"${_domain}.\", |
|||
\"description\": \"ACME Challenge\", |
|||
\"type\": \"TXT\", |
|||
\"ttl\": 1, |
|||
\"records\": [ |
|||
${_exist_record},\"\\\"${_txtvalue}\\\"\" |
|||
] |
|||
}" |
|||
fi |
|||
|
|||
_record_id="$(_get_recordset_id "${_token}" "${_domain}" "${zoneid}")" |
|||
_debug "Record Set ID is:" "${_record_id}" |
|||
|
|||
# Add brand new records with all old and new records |
|||
export _H2="Content-Type: application/json" |
|||
export _H1="X-Auth-Token: ${_token}" |
|||
|
|||
_debug2 "${_post_body}" |
|||
if [ -z "${_exist_record}" ]; then |
|||
_post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets" >/dev/null |
|||
else |
|||
_post "${_post_body}" "${dns_api}/v2/zones/${zoneid}/recordsets/${_record_id}" false "PUT" >/dev/null |
|||
fi |
|||
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
|||
if [ "$_code" != "202" ]; then |
|||
_err "dns_huaweicloud: http code ${_code}" |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
# _rm_record $token $zoneid $recordid |
|||
# assume ${dns_api} exist |
|||
# no output |
|||
# return 0 |
|||
_rm_record() { |
|||
_token=$1 |
|||
_zone_id=$2 |
|||
_record_id=$3 |
|||
|
|||
export _H2="Content-Type: application/json" |
|||
export _H1="X-Auth-Token: ${_token}" |
|||
|
|||
_post "" "${dns_api}/v2/zones/${_zone_id}/recordsets/${_record_id}" false "DELETE" >/dev/null |
|||
return $? |
|||
} |
|||
|
|||
_get_token() { |
|||
_username=$1 |
|||
_password=$2 |
|||
_domain_name=$3 |
|||
|
|||
_debug "Getting Token" |
|||
body="{ |
|||
\"auth\": { |
|||
\"identity\": { |
|||
\"methods\": [ |
|||
\"password\" |
|||
], |
|||
\"password\": { |
|||
\"user\": { |
|||
\"name\": \"${_username}\", |
|||
\"password\": \"${_password}\", |
|||
\"domain\": { |
|||
\"name\": \"${_domain_name}\" |
|||
} |
|||
} |
|||
} |
|||
}, |
|||
\"scope\": { |
|||
\"project\": { |
|||
\"name\": \"ap-southeast-1\" |
|||
} |
|||
} |
|||
} |
|||
}" |
|||
export _H1="Content-Type: application/json;charset=utf8" |
|||
_post "${body}" "${iam_api}/v3/auth/tokens" >/dev/null |
|||
_code=$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n") |
|||
_token=$(grep "^X-Subject-Token" "$HTTP_HEADER" | cut -d " " -f 2-) |
|||
_secure_debug "${_code}" |
|||
printf "%s" "${_token}" |
|||
return 0 |
|||
} |
@ -0,0 +1,199 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
############################################################################### |
|||
# Infomaniak API integration |
|||
# |
|||
# To use this API you need visit the API dashboard of your account |
|||
# once logged into https://manager.infomaniak.com add /api/dashboard to the URL |
|||
# |
|||
# Please report bugs to |
|||
# https://github.com/acmesh-official/acme.sh/issues/3188 |
|||
# |
|||
# Note: the URL looks like this: |
|||
# https://manager.infomaniak.com/v3/<account_id>/api/dashboard |
|||
# Then generate a token with the scope Domain |
|||
# this is given as an environment variable INFOMANIAK_API_TOKEN |
|||
############################################################################### |
|||
|
|||
# base variables |
|||
|
|||
DEFAULT_INFOMANIAK_API_URL="https://api.infomaniak.com" |
|||
DEFAULT_INFOMANIAK_TTL=300 |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_infomaniak_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_infomaniak_add() { |
|||
|
|||
INFOMANIAK_API_TOKEN="${INFOMANIAK_API_TOKEN:-$(_readaccountconf_mutable INFOMANIAK_API_TOKEN)}" |
|||
INFOMANIAK_API_URL="${INFOMANIAK_API_URL:-$(_readaccountconf_mutable INFOMANIAK_API_URL)}" |
|||
INFOMANIAK_TTL="${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}" |
|||
|
|||
if [ -z "$INFOMANIAK_API_TOKEN" ]; then |
|||
INFOMANIAK_API_TOKEN="" |
|||
_err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN" |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$INFOMANIAK_API_URL" ]; then |
|||
INFOMANIAK_API_URL="$DEFAULT_INFOMANIAK_API_URL" |
|||
fi |
|||
|
|||
if [ -z "$INFOMANIAK_TTL" ]; then |
|||
INFOMANIAK_TTL="$DEFAULT_INFOMANIAK_TTL" |
|||
fi |
|||
|
|||
#save the token to the account conf file. |
|||
_saveaccountconf_mutable INFOMANIAK_API_TOKEN "$INFOMANIAK_API_TOKEN" |
|||
|
|||
if [ "$INFOMANIAK_API_URL" != "$DEFAULT_INFOMANIAK_API_URL" ]; then |
|||
_saveaccountconf_mutable INFOMANIAK_API_URL "$INFOMANIAK_API_URL" |
|||
fi |
|||
|
|||
if [ "$INFOMANIAK_TTL" != "$DEFAULT_INFOMANIAK_TTL" ]; then |
|||
_saveaccountconf_mutable INFOMANIAK_TTL "$INFOMANIAK_TTL" |
|||
fi |
|||
|
|||
export _H1="Authorization: Bearer $INFOMANIAK_API_TOKEN" |
|||
export _H2="Content-Type: application/json" |
|||
|
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
_info "Infomaniak DNS API" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
fqdn=${fulldomain#_acme-challenge.} |
|||
|
|||
# guess which base domain to add record to |
|||
zone_and_id=$(_find_zone "$fqdn") |
|||
if [ -z "$zone_and_id" ]; then |
|||
_err "cannot find zone to modify" |
|||
return 1 |
|||
fi |
|||
zone=${zone_and_id% *} |
|||
domain_id=${zone_and_id#* } |
|||
|
|||
# extract first part of domain |
|||
key=${fulldomain%."$zone"} |
|||
|
|||
_debug "zone:$zone id:$domain_id key:$key" |
|||
|
|||
# payload |
|||
data="{\"type\": \"TXT\", \"source\": \"$key\", \"target\": \"$txtvalue\", \"ttl\": $INFOMANIAK_TTL}" |
|||
|
|||
# API call |
|||
response=$(_post "$data" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record") |
|||
if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then |
|||
_info "Record added" |
|||
_debug "Response: $response" |
|||
return 0 |
|||
fi |
|||
_err "could not create record" |
|||
_debug "Response: $response" |
|||
return 1 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_infomaniak_rm() { |
|||
|
|||
INFOMANIAK_API_TOKEN="${INFOMANIAK_API_TOKEN:-$(_readaccountconf_mutable INFOMANIAK_API_TOKEN)}" |
|||
INFOMANIAK_API_URL="${INFOMANIAK_API_URL:-$(_readaccountconf_mutable INFOMANIAK_API_URL)}" |
|||
INFOMANIAK_TTL="${INFOMANIAK_TTL:-$(_readaccountconf_mutable INFOMANIAK_TTL)}" |
|||
|
|||
if [ -z "$INFOMANIAK_API_TOKEN" ]; then |
|||
INFOMANIAK_API_TOKEN="" |
|||
_err "Please provide a valid Infomaniak API token in variable INFOMANIAK_API_TOKEN" |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$INFOMANIAK_API_URL" ]; then |
|||
INFOMANIAK_API_URL="$DEFAULT_INFOMANIAK_API_URL" |
|||
fi |
|||
|
|||
if [ -z "$INFOMANIAK_TTL" ]; then |
|||
INFOMANIAK_TTL="$DEFAULT_INFOMANIAK_TTL" |
|||
fi |
|||
|
|||
#save the token to the account conf file. |
|||
_saveaccountconf_mutable INFOMANIAK_API_TOKEN "$INFOMANIAK_API_TOKEN" |
|||
|
|||
if [ "$INFOMANIAK_API_URL" != "$DEFAULT_INFOMANIAK_API_URL" ]; then |
|||
_saveaccountconf_mutable INFOMANIAK_API_URL "$INFOMANIAK_API_URL" |
|||
fi |
|||
|
|||
if [ "$INFOMANIAK_TTL" != "$DEFAULT_INFOMANIAK_TTL" ]; then |
|||
_saveaccountconf_mutable INFOMANIAK_TTL "$INFOMANIAK_TTL" |
|||
fi |
|||
|
|||
export _H1="Authorization: Bearer $INFOMANIAK_API_TOKEN" |
|||
export _H2="ContentType: application/json" |
|||
|
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Infomaniak DNS API" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
fqdn=${fulldomain#_acme-challenge.} |
|||
|
|||
# guess which base domain to add record to |
|||
zone_and_id=$(_find_zone "$fqdn") |
|||
if [ -z "$zone_and_id" ]; then |
|||
_err "cannot find zone to modify" |
|||
return 1 |
|||
fi |
|||
zone=${zone_and_id% *} |
|||
domain_id=${zone_and_id#* } |
|||
|
|||
# extract first part of domain |
|||
key=${fulldomain%."$zone"} |
|||
|
|||
_debug "zone:$zone id:$domain_id key:$key" |
|||
|
|||
# find previous record |
|||
# shellcheck disable=SC1004 |
|||
record_id=$(_get "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record" | sed 's/.*"data":\[\(.*\)\]}/\1/; s/},{/}\ |
|||
{/g' | sed -n 's/.*"id":"*\([0-9]*\)"*.*"source_idn":"'"$fulldomain"'".*"target_idn":"'"$txtvalue"'".*/\1/p') |
|||
if [ -z "$record_id" ]; then |
|||
_err "could not find record to delete" |
|||
return 1 |
|||
fi |
|||
_debug "record_id: $record_id" |
|||
|
|||
# API call |
|||
response=$(_post "" "${INFOMANIAK_API_URL}/1/domain/$domain_id/dns/record/$record_id" "" DELETE) |
|||
if [ -n "$response" ] && echo "$response" | _contains '"result":"success"'; then |
|||
_info "Record deleted" |
|||
return 0 |
|||
fi |
|||
_err "could not delete record" |
|||
return 1 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
_get_domain_id() { |
|||
domain="$1" |
|||
|
|||
# shellcheck disable=SC1004 |
|||
_get "${INFOMANIAK_API_URL}/1/product?service_name=domain&customer_name=$domain" | sed 's/.*"data":\[{\(.*\)}\]}/\1/; s/,/\ |
|||
/g' | sed -n 's/^"id":\(.*\)/\1/p' |
|||
} |
|||
|
|||
_find_zone() { |
|||
zone="$1" |
|||
|
|||
# find domain in list, removing . parts sequentialy |
|||
while _contains "$zone" '\.'; do |
|||
_debug "testing $zone" |
|||
id=$(_get_domain_id "$zone") |
|||
if [ -n "$id" ]; then |
|||
echo "$zone $id" |
|||
return |
|||
fi |
|||
zone=${zone#*.} |
|||
done |
|||
} |
@ -0,0 +1,171 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Supports IONOS DNS API v1.0.1 |
|||
# |
|||
# Usage: |
|||
# Export IONOS_PREFIX and IONOS_SECRET before calling acme.sh: |
|||
# |
|||
# $ export IONOS_PREFIX="..." |
|||
# $ export IONOS_SECRET="..." |
|||
# |
|||
# $ acme.sh --issue --dns dns_ionos ... |
|||
|
|||
IONOS_API="https://api.hosting.ionos.com/dns" |
|||
IONOS_ROUTE_ZONES="/v1/zones" |
|||
|
|||
IONOS_TXT_TTL=60 # minimum accepted by API |
|||
IONOS_TXT_PRIO=10 |
|||
|
|||
dns_ionos_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
if ! _ionos_init; then |
|||
return 1 |
|||
fi |
|||
|
|||
_body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]" |
|||
|
|||
if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "201" ]; then |
|||
_info "TXT record has been created successfully." |
|||
return 0 |
|||
fi |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
dns_ionos_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
if ! _ionos_init; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _ionos_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then |
|||
_err "Could not find _acme-challenge TXT record." |
|||
return 1 |
|||
fi |
|||
|
|||
if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "200" ]; then |
|||
_info "TXT record has been deleted successfully." |
|||
return 0 |
|||
fi |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_ionos_init() { |
|||
IONOS_PREFIX="${IONOS_PREFIX:-$(_readaccountconf_mutable IONOS_PREFIX)}" |
|||
IONOS_SECRET="${IONOS_SECRET:-$(_readaccountconf_mutable IONOS_SECRET)}" |
|||
|
|||
if [ -z "$IONOS_PREFIX" ] || [ -z "$IONOS_SECRET" ]; then |
|||
_err "You didn't specify an IONOS api prefix and secret yet." |
|||
_err "Read https://beta.developer.hosting.ionos.de/docs/getstarted to learn how to get a prefix and secret." |
|||
_err "" |
|||
_err "Then set them before calling acme.sh:" |
|||
_err "\$ export IONOS_PREFIX=\"...\"" |
|||
_err "\$ export IONOS_SECRET=\"...\"" |
|||
_err "\$ acme.sh --issue -d ... --dns dns_ionos" |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable IONOS_PREFIX "$IONOS_PREFIX" |
|||
_saveaccountconf_mutable IONOS_SECRET "$IONOS_SECRET" |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Cannot find this domain in your IONOS account." |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
if _ionos_rest GET "$IONOS_ROUTE_ZONES"; then |
|||
_response="$(echo "$_response" | tr -d "\n")" |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
if [ -z "$h" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
_zone="$(echo "$_response" | _egrep_o "\"name\":\"$h\".*\}")" |
|||
if [ "$_zone" ]; then |
|||
_zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') |
|||
if [ "$_zone_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
|
|||
return 0 |
|||
fi |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
fi |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_ionos_get_record() { |
|||
fulldomain=$1 |
|||
zone_id=$2 |
|||
txtrecord=$3 |
|||
|
|||
if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then |
|||
_response="$(echo "$_response" | tr -d "\n")" |
|||
|
|||
_record="$(echo "$_response" | _egrep_o "\"name\":\"$fulldomain\"[^\}]*\"type\":\"TXT\"[^\}]*\"content\":\"\\\\\"$txtrecord\\\\\"\".*\}")" |
|||
if [ "$_record" ]; then |
|||
_record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') |
|||
|
|||
return 0 |
|||
fi |
|||
fi |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_ionos_rest() { |
|||
method="$1" |
|||
route="$2" |
|||
data="$3" |
|||
|
|||
IONOS_API_KEY="$(printf "%s.%s" "$IONOS_PREFIX" "$IONOS_SECRET")" |
|||
|
|||
export _H1="X-API-Key: $IONOS_API_KEY" |
|||
|
|||
# clear headers |
|||
: >"$HTTP_HEADER" |
|||
|
|||
if [ "$method" != "GET" ]; then |
|||
export _H2="Accept: application/json" |
|||
export _H3="Content-Type: application/json" |
|||
|
|||
_response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")" |
|||
else |
|||
export _H2="Accept: */*" |
|||
export _H3= |
|||
|
|||
_response="$(_get "$IONOS_API$route")" |
|||
fi |
|||
|
|||
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error $route: $_response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 "_response" "$_response" |
|||
_debug2 "_code" "$_code" |
|||
|
|||
return 0 |
|||
} |
@ -0,0 +1,157 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Created by Roman Lumetsberger, to use ipv64.net's API to add/remove text records |
|||
#2022/11/29 |
|||
|
|||
# Pass credentials before "acme.sh --issue --dns dns_ipv64 ..." |
|||
# -- |
|||
# export IPv64_Token="aaaaaaaaaaaaaaaaaaaaaaaaaa" |
|||
# -- |
|||
# |
|||
|
|||
IPv64_API="https://ipv64.net/api" |
|||
|
|||
######## Public functions ###################### |
|||
|
|||
#Usage: dns_ipv64_add _acme-challenge.domain.ipv64.net "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_ipv64_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
IPv64_Token="${IPv64_Token:-$(_readaccountconf_mutable IPv64_Token)}" |
|||
if [ -z "$IPv64_Token" ]; then |
|||
_err "You must export variable: IPv64_Token" |
|||
_err "The API Key for your IPv64 account is necessary." |
|||
_err "You can look it up in your IPv64 account." |
|||
return 1 |
|||
fi |
|||
|
|||
# Now save the credentials. |
|||
_saveaccountconf_mutable IPv64_Token "$IPv64_Token" |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" "$fulldomain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
# convert to lower case |
|||
_domain="$(echo "$_domain" | _lower_case)" |
|||
_sub_domain="$(echo "$_sub_domain" | _lower_case)" |
|||
# Now add the TXT record |
|||
_info "Trying to add TXT record" |
|||
if _ipv64_rest "POST" "add_record=$_domain&praefix=$_sub_domain&type=TXT&content=$txtvalue"; then |
|||
_info "TXT record has been successfully added." |
|||
return 0 |
|||
else |
|||
_err "Errors happened during adding the TXT record, response=$_response" |
|||
return 1 |
|||
fi |
|||
|
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Usage: dns_ipv64_rm _acme-challenge.domain.ipv64.net "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
#Remove the txt record after validation. |
|||
dns_ipv64_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
IPv64_Token="${IPv64_Token:-$(_readaccountconf_mutable IPv64_Token)}" |
|||
if [ -z "$IPv64_Token" ]; then |
|||
_err "You must export variable: IPv64_Token" |
|||
_err "The API Key for your IPv64 account is necessary." |
|||
_err "You can look it up in your IPv64 account." |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" "$fulldomain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
# convert to lower case |
|||
_domain="$(echo "$_domain" | _lower_case)" |
|||
_sub_domain="$(echo "$_sub_domain" | _lower_case)" |
|||
# Now delete the TXT record |
|||
_info "Trying to delete TXT record" |
|||
if _ipv64_rest "DELETE" "del_record=$_domain&praefix=$_sub_domain&type=TXT&content=$txtvalue"; then |
|||
_info "TXT record has been successfully deleted." |
|||
return 0 |
|||
else |
|||
_err "Errors happened during deleting the TXT record, response=$_response" |
|||
return 1 |
|||
fi |
|||
|
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain="$1" |
|||
i=1 |
|||
p=1 |
|||
|
|||
_ipv64_get "get_domains" |
|||
domain_data=$_response |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100) |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
#if _contains "$domain_data" "\""$h"\"\:"; then |
|||
if _contains "$domain_data" "\"""$h""\"\:"; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p") |
|||
_domain="$h" |
|||
return 0 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
#send get request to api |
|||
# $1 has to set the api-function |
|||
_ipv64_get() { |
|||
url="$IPv64_API?$1" |
|||
export _H1="Authorization: Bearer $IPv64_Token" |
|||
|
|||
_response=$(_get "$url") |
|||
_response="$(echo "$_response" | _normalizeJson)" |
|||
|
|||
if _contains "$_response" "429 Too Many Requests"; then |
|||
_info "API throttled, sleeping to reset the limit" |
|||
_sleep 10 |
|||
_response=$(_get "$url") |
|||
_response="$(echo "$_response" | _normalizeJson)" |
|||
fi |
|||
} |
|||
|
|||
_ipv64_rest() { |
|||
url="$IPv64_API" |
|||
export _H1="Authorization: Bearer $IPv64_Token" |
|||
export _H2="Content-Type: application/x-www-form-urlencoded" |
|||
_response=$(_post "$2" "$url" "" "$1") |
|||
|
|||
if _contains "$_response" "429 Too Many Requests"; then |
|||
_info "API throttled, sleeping to reset the limit" |
|||
_sleep 10 |
|||
_response=$(_post "$2" "$url" "" "$1") |
|||
fi |
|||
|
|||
if ! _contains "$_response" "\"info\":\"success\""; then |
|||
return 1 |
|||
fi |
|||
_debug2 response "$_response" |
|||
return 0 |
|||
} |
@ -0,0 +1,147 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#LA_Id="test123" |
|||
#LA_Key="d1j2fdo4dee3948" |
|||
|
|||
LA_Api="https://api.dns.la/api" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_la_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_la_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" |
|||
LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" |
|||
|
|||
if [ -z "$LA_Id" ] || [ -z "$LA_Key" ]; then |
|||
LA_Id="" |
|||
LA_Key="" |
|||
_err "You didn't specify a dnsla api id and key yet." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the api key and email to the account conf file. |
|||
_saveaccountconf_mutable LA_Id "$LA_Id" |
|||
_saveaccountconf_mutable LA_Key "$LA_Key" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_info "Adding record" |
|||
if _la_rest "record.ashx?cmd=create&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue&recordline="; then |
|||
if _contains "$response" '"resultid":'; then |
|||
_info "Added, OK" |
|||
return 0 |
|||
elif _contains "$response" '"code":532'; then |
|||
_info "Already exists, OK" |
|||
return 0 |
|||
else |
|||
_err "Add txt record error." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
return 1 |
|||
|
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_la_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
LA_Id="${LA_Id:-$(_readaccountconf_mutable LA_Id)}" |
|||
LA_Key="${LA_Key:-$(_readaccountconf_mutable LA_Key)}" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
if ! _la_rest "record.ashx?cmd=listn&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&host=$_sub_domain&recordtype=TXT&recorddata=$txtvalue"; then |
|||
_err "Error" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _contains "$response" '"recordid":'; then |
|||
_info "Don't need to remove." |
|||
return 0 |
|||
fi |
|||
|
|||
record_id=$(printf "%s" "$response" | grep '"recordid":' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') |
|||
_debug "record_id" "$record_id" |
|||
if [ -z "$record_id" ]; then |
|||
_err "Can not get record id to remove." |
|||
return 1 |
|||
fi |
|||
if ! _la_rest "record.ashx?cmd=remove&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domainid=$_domain_id&domain=$_domain&recordid=$record_id"; then |
|||
_err "Delete record error." |
|||
return 1 |
|||
fi |
|||
_contains "$response" '"code":300' |
|||
|
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _la_rest "domain.ashx?cmd=get&apiid=$LA_Id&apipass=$LA_Key&rtype=json&domain=$h"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" '"domainid":'; then |
|||
_domain_id=$(printf "%s" "$response" | grep '"domainid":' | cut -d : -f 2 | cut -d , -f 1 | tr -d '\r' | tr -d '\n') |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain="$h" |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p="$i" |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
#Usage: URI |
|||
_la_rest() { |
|||
url="$LA_Api/$1" |
|||
_debug "$url" |
|||
|
|||
if ! response="$(_get "$url" | tr -d ' ' | tr "}" ",")"; then |
|||
_err "Error: $url" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
@ -0,0 +1,261 @@ |
|||
#!/usr/bin/env sh |
|||
# Mythic Beasts is a long-standing UK service provider using standards-based OAuth2 authentication |
|||
# To test: ./acme.sh --dns dns_mythic_beasts --test --debug 1 --output-insecure --issue --domain domain.com |
|||
# Cannot retest once cert is issued |
|||
# OAuth2 tokens only valid for 300 seconds so we do not store |
|||
# NOTE: This will remove all TXT records matching the fulldomain, not just the added ones (_acme-challenge.www.domain.com) |
|||
|
|||
# Test OAuth2 credentials |
|||
#MB_AK="aaaaaaaaaaaaaaaa" |
|||
#MB_AS="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" |
|||
|
|||
# URLs |
|||
MB_API='https://api.mythic-beasts.com/dns/v2/zones' |
|||
MB_AUTH='https://auth.mythic-beasts.com/login' |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_mythic_beasts_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "MYTHIC BEASTS Adding record $fulldomain = $txtvalue" |
|||
if ! _initAuth; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
|
|||
# method path body_data |
|||
if _mb_rest POST "$_domain/records/$_sub_domain/TXT" "$txtvalue"; then |
|||
|
|||
if _contains "$response" "1 records added"; then |
|||
_info "Added, verifying..." |
|||
# Max 120 seconds to publish |
|||
for i in $(seq 1 6); do |
|||
# Retry on error |
|||
if ! _mb_rest GET "$_domain/records/$_sub_domain/TXT?verify"; then |
|||
_sleep 20 |
|||
else |
|||
_info "Record published!" |
|||
return 0 |
|||
fi |
|||
done |
|||
|
|||
else |
|||
_err "\n$response" |
|||
fi |
|||
|
|||
fi |
|||
_err "Add txt record error." |
|||
return 1 |
|||
} |
|||
|
|||
#Usage: rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_mythic_beasts_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "MYTHIC BEASTS Removing record $fulldomain = $txtvalue" |
|||
if ! _initAuth; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
|
|||
# method path body_data |
|||
if _mb_rest DELETE "$_domain/records/$_sub_domain/TXT" "$txtvalue"; then |
|||
_info "Record removed" |
|||
return 0 |
|||
fi |
|||
_err "Remove txt record error." |
|||
return 1 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
|
|||
#Possible formats: |
|||
# _acme-challenge.www.example.com |
|||
# _acme-challenge.example.com |
|||
# _acme-challenge.example.co.uk |
|||
# _acme-challenge.www.example.co.uk |
|||
# _acme-challenge.sub1.sub2.www.example.co.uk |
|||
# sub1.sub2.example.co.uk |
|||
# example.com |
|||
# example.co.uk |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
_debug "Detect the root zone" |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
if [ -z "$h" ]; then |
|||
_err "Domain exhausted" |
|||
return 1 |
|||
fi |
|||
|
|||
# Use the status errors to find the domain, continue on 403 Access denied |
|||
# method path body_data |
|||
_mb_rest GET "$h/records" |
|||
ret="$?" |
|||
if [ "$ret" -eq 0 ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain="$h" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
return 0 |
|||
elif [ "$ret" -eq 1 ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
|
|||
if [ "$i" -gt 50 ]; then |
|||
break |
|||
fi |
|||
done |
|||
_err "Domain too long" |
|||
return 1 |
|||
} |
|||
|
|||
_initAuth() { |
|||
MB_AK="${MB_AK:-$(_readaccountconf_mutable MB_AK)}" |
|||
MB_AS="${MB_AS:-$(_readaccountconf_mutable MB_AS)}" |
|||
|
|||
if [ -z "$MB_AK" ] || [ -z "$MB_AS" ]; then |
|||
MB_AK="" |
|||
MB_AS="" |
|||
_err "Please specify an OAuth2 Key & Secret" |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable MB_AK "$MB_AK" |
|||
_saveaccountconf_mutable MB_AS "$MB_AS" |
|||
|
|||
if ! _oauth2; then |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Checking authentication" |
|||
_secure_debug access_token "$MB_TK" |
|||
_sleep 1 |
|||
|
|||
# GET a list of zones |
|||
# method path body_data |
|||
if ! _mb_rest GET ""; then |
|||
_err "The token is invalid" |
|||
return 1 |
|||
fi |
|||
_info "Token OK" |
|||
return 0 |
|||
} |
|||
|
|||
# Github appears to use an outbound proxy for requests which means subsequent requests may not have the same |
|||
# source IP. The standard Mythic Beasts OAuth2 tokens are tied to an IP, meaning github test requests fail |
|||
# authentication. This is a work around using an undocumented MB API to obtain a token not tied to an |
|||
# IP just for the github tests. |
|||
_oauth2() { |
|||
if [ "$GITHUB_ACTIONS" = "true" ]; then |
|||
_oauth2_github |
|||
else |
|||
_oauth2_std |
|||
fi |
|||
return $? |
|||
} |
|||
|
|||
_oauth2_std() { |
|||
# HTTP Basic Authentication |
|||
_H1="Authorization: Basic $(echo "$MB_AK:$MB_AS" | _base64)" |
|||
_H2="Accepts: application/json" |
|||
export _H1 _H2 |
|||
body="grant_type=client_credentials" |
|||
|
|||
_info "Getting OAuth2 token..." |
|||
# body url [needbase64] [POST|PUT|DELETE] [ContentType] |
|||
response="$(_post "$body" "$MB_AUTH" "" "POST" "application/x-www-form-urlencoded")" |
|||
if _contains "$response" "\"token_type\":\"bearer\""; then |
|||
MB_TK="$(echo "$response" | _egrep_o "access_token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')" |
|||
if [ -z "$MB_TK" ]; then |
|||
_err "Unable to get access_token" |
|||
_err "\n$response" |
|||
return 1 |
|||
fi |
|||
else |
|||
_err "OAuth2 token_type not Bearer" |
|||
_err "\n$response" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
_oauth2_github() { |
|||
_H1="Accepts: application/json" |
|||
export _H1 |
|||
body="{\"login\":{\"handle\":\"$MB_AK\",\"pass\":\"$MB_AS\",\"floating\":1}}" |
|||
|
|||
_info "Getting Floating token..." |
|||
# body url [needbase64] [POST|PUT|DELETE] [ContentType] |
|||
response="$(_post "$body" "$MB_AUTH" "" "POST" "application/json")" |
|||
MB_TK="$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d '"')" |
|||
if [ -z "$MB_TK" ]; then |
|||
_err "Unable to get token" |
|||
_err "\n$response" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
# method path body_data |
|||
_mb_rest() { |
|||
# URL encoded body for single API operations |
|||
m="$1" |
|||
ep="$2" |
|||
data="$3" |
|||
|
|||
if [ -z "$ep" ]; then |
|||
_mb_url="$MB_API" |
|||
else |
|||
_mb_url="$MB_API/$ep" |
|||
fi |
|||
|
|||
_H1="Authorization: Bearer $MB_TK" |
|||
_H2="Accepts: application/json" |
|||
export _H1 _H2 |
|||
if [ "$data" ] || [ "$m" = "POST" ] || [ "$m" = "PUT" ] || [ "$m" = "DELETE" ]; then |
|||
# body url [needbase64] [POST|PUT|DELETE] [ContentType] |
|||
response="$(_post "data=$data" "$_mb_url" "" "$m" "application/x-www-form-urlencoded")" |
|||
else |
|||
response="$(_get "$_mb_url")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Request error" |
|||
return 1 |
|||
fi |
|||
|
|||
header="$(cat "$HTTP_HEADER")" |
|||
status="$(echo "$header" | _egrep_o "^HTTP[^ ]* .*$" | cut -d " " -f 2-100 | tr -d "\f\n")" |
|||
code="$(echo "$status" | _egrep_o "^[0-9]*")" |
|||
if [ "$code" -ge 400 ] || _contains "$response" "\"error\"" || _contains "$response" "invalid_client"; then |
|||
_err "error $status" |
|||
_err "\n$response" |
|||
_debug "\n$header" |
|||
return 2 |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
@ -0,0 +1,59 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Official DNS API for Nanelo.com |
|||
|
|||
# Provide the required API Key like this: |
|||
# NANELO_TOKEN="FmD408PdqT1E269gUK57" |
|||
|
|||
NANELO_API="https://api.nanelo.com/v1/" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_nanelo_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
NANELO_TOKEN="${NANELO_TOKEN:-$(_readaccountconf_mutable NANELO_TOKEN)}" |
|||
if [ -z "$NANELO_TOKEN" ]; then |
|||
NANELO_TOKEN="" |
|||
_err "You didn't configure a Nanelo API Key yet." |
|||
_err "Please set NANELO_TOKEN and try again." |
|||
_err "Login to Nanelo.com and go to Settings > API Keys to get a Key" |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable NANELO_TOKEN "$NANELO_TOKEN" |
|||
|
|||
_info "Adding TXT record to ${fulldomain}" |
|||
response="$(_get "$NANELO_API$NANELO_TOKEN/dns/addrecord?type=TXT&ttl=60&name=${fulldomain}&value=${txtvalue}")" |
|||
if _contains "${response}" 'success'; then |
|||
return 0 |
|||
fi |
|||
_err "Could not create resource record, please check the logs" |
|||
_err "${response}" |
|||
return 1 |
|||
} |
|||
|
|||
dns_nanelo_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
NANELO_TOKEN="${NANELO_TOKEN:-$(_readaccountconf_mutable NANELO_TOKEN)}" |
|||
if [ -z "$NANELO_TOKEN" ]; then |
|||
NANELO_TOKEN="" |
|||
_err "You didn't configure a Nanelo API Key yet." |
|||
_err "Please set NANELO_TOKEN and try again." |
|||
_err "Login to Nanelo.com and go to Settings > API Keys to get a Key" |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable NANELO_TOKEN "$NANELO_TOKEN" |
|||
|
|||
_info "Deleting resource record $fulldomain" |
|||
response="$(_get "$NANELO_API$NANELO_TOKEN/dns/deleterecord?type=TXT&ttl=60&name=${fulldomain}&value=${txtvalue}")" |
|||
if _contains "${response}" 'success'; then |
|||
return 0 |
|||
fi |
|||
_err "Could not delete resource record, please check the logs" |
|||
_err "${response}" |
|||
return 1 |
|||
} |
Some files were not shown because too many files changed in this diff
Write
Preview
Loading…
Cancel
Save
Reference in new issue