From b23e05dbc5bfe99a36b48448af2d13bc18c95d6e Mon Sep 17 00:00:00 2001 From: Charlie Garrison Date: Tue, 26 Nov 2019 20:39:08 +1100 Subject: [PATCH 01/40] Added trailing slash to end of each line of DEPLOY_SCRIPT_CMD --- deploy/routeros.sh | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/deploy/routeros.sh b/deploy/routeros.sh index 21c9196f..2f349999 100644 --- a/deploy/routeros.sh +++ b/deploy/routeros.sh @@ -85,19 +85,19 @@ routeros_deploy() { scp "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key" _info "Trying to push cert '$_cfullchain' to router" scp "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer" - DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=admin policy=ftp,read,write,password,sensitive -source=\"## generated by routeros deploy script in acme.sh -\n/certificate remove [ find name=$_cdomain.cer_0 ] -\n/certificate remove [ find name=$_cdomain.cer_1 ] -\ndelay 1 -\n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\" -\n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\" -\ndelay 1 -\n/file remove $_cdomain.cer -\n/file remove $_cdomain.key -\ndelay 2 -\n/ip service set www-ssl certificate=$_cdomain.cer_0 -\n$ROUTER_OS_ADDITIONAL_SERVICES + DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=admin policy=ftp,read,write,password,sensitive \ +source=\"## generated by routeros deploy script in acme.sh;\ +\n/certificate remove [ find name=$_cdomain.cer_0 ];\ +\n/certificate remove [ find name=$_cdomain.cer_1 ];\ +\ndelay 1;\ +\n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\";\ +\n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\";\ +\ndelay 1;\ +\n/file remove $_cdomain.cer;\ +\n/file remove $_cdomain.key;\ +\ndelay 2;\ +\n/ip service set www-ssl certificate=$_cdomain.cer_0;\ +\n$ROUTER_OS_ADDITIONAL_SERVICES;\ \n\" " # shellcheck disable=SC2029 From 5014f83b86cf456869063043a526476dd9937d46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbyszek=20=C5=BB=C3=B3=C5=82kiewski?= Date: Fri, 6 Dec 2019 09:59:35 +0100 Subject: [PATCH 02/40] Fix case sensitive detection of domain in the response request --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 4d4957f5..07838b29 100755 --- a/acme.sh +++ b/acme.sh @@ -4082,7 +4082,7 @@ $_authorizations_map" if [ "$ACME_VERSION" = "2" ]; then _idn_d="$(_idn "$d")" - _candindates="$(echo "$_authorizations_map" | grep "^$_idn_d,")" + _candindates="$(echo "$_authorizations_map" | grep -i "^$_idn_d,")" _debug2 _candindates "$_candindates" if [ "$(echo "$_candindates" | wc -l)" -gt 1 ]; then for _can in $_candindates; do From 0ffd5de6fc4a414f207f532e0501929b009935ee Mon Sep 17 00:00:00 2001 From: Gustav Genberg Date: Sun, 8 Dec 2019 00:13:30 +0100 Subject: [PATCH 03/40] Fix add record error --- dnsapi/dns_unoeuro.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_unoeuro.sh b/dnsapi/dns_unoeuro.sh index 9132f136..c4593a63 100644 --- a/dnsapi/dns_unoeuro.sh +++ b/dnsapi/dns_unoeuro.sh @@ -52,7 +52,7 @@ dns_unoeuro_add() { fi _info "Adding record" - if _uno_rest POST "my/products/$h/dns/records" "{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"data\":\"$txtvalue\",\"ttl\":120}"; then + if _uno_rest POST "my/products/$h/dns/records" "{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"data\":\"$txtvalue\",\"ttl\":120,\"priority\":0}"; then if _contains "$response" "\"status\": 200" >/dev/null; then _info "Added, OK" return 0 From f37546e173e41827a7aab169de32124d4fdfd5e9 Mon Sep 17 00:00:00 2001 From: Siyuan Miao Date: Fri, 13 Dec 2019 18:46:09 +0800 Subject: [PATCH 04/40] add acme.sh support for misaka.io dns service --- dnsapi/dns_misaka.sh | 160 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100755 dnsapi/dns_misaka.sh diff --git a/dnsapi/dns_misaka.sh b/dnsapi/dns_misaka.sh new file mode 100755 index 00000000..7d83bf51 --- /dev/null +++ b/dnsapi/dns_misaka.sh @@ -0,0 +1,160 @@ +#!/usr/bin/env sh + +# bug reports to support+acmesh@misaka.io +# based on dns_nsone.sh by dev@1e.ca + +# +#Misaka_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" +# + +Misaka_Api="https://dnsapi.misaka.io/dns" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_misaka_add() { + fulldomain=$1 + txtvalue=$2 + + if [ -z "$Misaka_Key" ]; then + Misaka_Key="" + _err "You didn't specify misaka.io dns api key yet." + _err "Please create you key and try again." + return 1 + fi + + #save the api key and email to the account conf file. + _saveaccountconf Misaka_Key "$Misaka_Key" + + _debug "checking root zone [$fulldomain]" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _misaka_rest GET "zones/${_domain}/recordsets?search=${_sub_domain}" + + if ! _contains "$response" "\"results\":"; then + _err "Error" + return 1 + fi + + count=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$_sub_domain\",[^{]*\"type\":\"TXT\"" | wc -l | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Adding record" + + if _misaka_rest PUT "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\":[{\"value\":\"\\\"$txtvalue\\\"\"}],\"filters\":[],\"ttl\":1}"; then + _debug response "$response" + if _contains "$response" "$_sub_domain"; then + _info "Added" + return 0 + else + _err "Add txt record error." + return 1 + fi + fi + _err "Add txt record error." + else + _info "Updating record" + + # todo: add existing challenges + _misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}" + if [ "$?" = "0" ] && _contains "$response" "$_sub_domain"; then + _info "Updated!" + #todo: check if the record takes effect + return 0 + fi + _err "Update error" + return 1 + fi + +} + +#fulldomain +dns_misaka_rm() { + fulldomain=$1 + txtvalue=$2 + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _misaka_rest GET "zones/${_domain}/recordsets?search=${_sub_domain}" + + count=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$_sub_domain\",[^{]*\"type\":\"TXT\"" | wc -l | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Don't need to remove." + else + if ! _misaka_rest DELETE "zones/${_domain}/recordsets/${_sub_domain}/TXT"; then + _err "Delete record error." + return 1 + fi + _contains "$response" "" + fi +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + if ! _misaka_rest GET "zones?limit=1000"; then + return 1 + fi + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if _contains "$response" "\"name\":\"$h\""; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + return 0 + fi + p=$i + i=$(_math "$i" + 1) + done + return 1 +} + +_misaka_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + export _H1="Content-Type: application/json" + export _H2="User-Agent: acme.sh/$VER misaka-dns-acmesh/20191213" + export _H3="Authorization: Token $Misaka_Key" + + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$Misaka_Api/$ep" "" "$m")" + else + response="$(_get "$Misaka_Api/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From 375b8dceb70ab9fc32e4da4aa62fcb2cb3654284 Mon Sep 17 00:00:00 2001 From: Siyuan Miao Date: Sat, 14 Dec 2019 10:44:57 +0800 Subject: [PATCH 05/40] use append mode to update recordsets --- dnsapi/dns_misaka.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/dnsapi/dns_misaka.sh b/dnsapi/dns_misaka.sh index 7d83bf51..eed4170e 100755 --- a/dnsapi/dns_misaka.sh +++ b/dnsapi/dns_misaka.sh @@ -61,8 +61,7 @@ dns_misaka_add() { else _info "Updating record" - # todo: add existing challenges - _misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}" + _misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT?append=true" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}" if [ "$?" = "0" ] && _contains "$response" "$_sub_domain"; then _info "Updated!" #todo: check if the record takes effect From 549ebbb462caa0ad49f9936f28c51dd8191f1fd4 Mon Sep 17 00:00:00 2001 From: wurzelpanzer <32928046+wurzelpanzer@users.noreply.github.com> Date: Sat, 21 Dec 2019 20:19:02 +0100 Subject: [PATCH 06/40] Add easyDNS support --- dnsapi/dns_easydns.sh | 172 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 172 insertions(+) create mode 100644 dnsapi/dns_easydns.sh diff --git a/dnsapi/dns_easydns.sh b/dnsapi/dns_easydns.sh new file mode 100644 index 00000000..1d905841 --- /dev/null +++ b/dnsapi/dns_easydns.sh @@ -0,0 +1,172 @@ +#!/usr/bin/env sh + +####################################################### +# +# easyDNS REST API for acme.sh by Neilpang based on dns_cf.sh +# +# Please note: # API is currently beta and subject to constant change +# http://sandbox.rest.easydns.net:3000/ +# +# Author: wurzelpanzer [wurzelpanzer@maximolider.net] +# Report Bugs here: https://github.com/Neilpang/acme.sh/issues/2647 +# +#################### Public functions ################# + +#EASYDNS_Key="xxxxxxxxxxxxxxxxxxxxxxxx" +#EASYDNS_Token="xxxxxxxxxxxxxxxxxxxxxxxx" +EASYDNS_Api="https://rest.easydns.net" + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_easydns_add() { + fulldomain=$1 + txtvalue=$2 + + EASYDNS_Token="${EASYDNS_Token:-$(_readaccountconf_mutable EASYDNS_Token)}" + EASYDNS_Key="${EASYDNS_Key:-$(_readaccountconf_mutable EASYDNS_Key)}" + + if [ -z "$EASYDNS_Token" ] || [ -z "$EASYDNS_Key" ]; then + _err "You didn't specify an easydns.net token or api key. Please sign up at http://docs.sandbox.rest.easydns.net/beta_signup.php" + return 1 + else + _saveaccountconf_mutable EASYDNS_Token "$EASYDNS_Token" + _saveaccountconf_mutable EASYDNS_Key "$EASYDNS_Key" + fi + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _EASYDNS_rest GET "zones/records/all/${_domain}/search/${_sub_domain}" + + if ! printf "%s" "$response" | grep \"status\":200 >/dev/null; then + _err "Error" + return 1 + fi + + _info "Adding record" + if _EASYDNS_rest PUT "zones/records/add/$_domain/TXT" "{\"host\":\"$_sub_domain\",\"rdata\":\"$txtvalue\"}"; then + if _contains "$response" "\"status\":201"; then + _info "Added, OK" + return 0 + elif _contains "$response" "Record already exists"; then + _info "Already exists, OK" + return 0 + else + _err "Add txt record error." + return 1 + fi + fi + _err "Add txt record error." + return 1 + +} + +dns_easydns_rm() { + fulldomain=$1 + txtvalue=$2 + + EASYDNS_Token="${EASYDNS_Token:-$(_readaccountconf_mutable EASYDNS_Token)}" + EASYDNS_Key="${EASYDNS_Key:-$(_readaccountconf_mutable EASYDNS_Key)}" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _EASYDNS_rest GET "zones/records/all/${_domain}/search/${_sub_domain}" + + if ! printf "%s" "$response" | grep \"status\":200 >/dev/null; then + _err "Error" + return 1 + fi + + count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Don't need to remove." + else + record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1) + _debug "record_id" "$record_id" + if [ -z "$record_id" ]; then + _err "Can not get record id to remove." + return 1 + fi + if ! _EASYDNS_rest DELETE "zones/records/$_domain/$record_id"; then + _err "Delete record error." + return 1 + fi + _contains "$response" "\"status\":200" + fi + +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +_get_root() { + domain=$1 + i=1 + p=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if ! _EASYDNS_rest GET "zones/records/all/$h"; then + return 1 + fi + + if _contains "$response" "\"status\":200"; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain=$h + return 0 + fi + + p=$i + i=$(_math "$i" + 1) + done + return 1 +} + +_EASYDNS_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + basicauth=$(printf "%s" "$EASYDNS_Token":"$EASYDNS_Key" | _base64) + + export _H1="accept: application/json" + if [ "$basicauth" ]; then + export _H2="Authorization: Basic $basicauth" + fi + + if [ "$m" != "GET" ]; then + export _H3="Content-Type: application/json" + _debug data "$data" + response="$(_post "$data" "$EASYDNS_Api/$ep" "" "$m")" + else + response="$(_get "$EASYDNS_Api/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From a44ea0ddf0ea5ee46e2cf8a6dc54d79e0584639e Mon Sep 17 00:00:00 2001 From: gildea Date: Tue, 31 Dec 2019 20:22:08 -0800 Subject: [PATCH 07/40] Return failure when falling through limiting loop In _send_signed_request and _check_dns_entries, return 1 when the timeout (or number of retries) has been exhausted. This allows the calling function to correctly handle the error. --- acme.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index 4d4957f5..902b39d4 100755 --- a/acme.sh +++ b/acme.sh @@ -2040,8 +2040,10 @@ _send_signed_request() { continue fi fi - break + return 0 done + _info "Giving up sending to CA server after $MAX_REQUEST_RETRY_TIMES retries." + return 1 } @@ -3819,9 +3821,11 @@ _check_dns_entries() { _sleep 10 else _info "All success, let's return" - break + return 0 fi done + _info "Timed out waiting for DNS." + return 1 } From b59b0f0386fd1b0a35dd68dce0d5d18054973e34 Mon Sep 17 00:00:00 2001 From: Tambet Liiv Date: Thu, 2 Jan 2020 14:55:36 +0200 Subject: [PATCH 08/40] use different method to get root --- dnsapi/dns_zone.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_zone.sh b/dnsapi/dns_zone.sh index 847e32cd..176fc494 100755 --- a/dnsapi/dns_zone.sh +++ b/dnsapi/dns_zone.sh @@ -136,10 +136,10 @@ _get_root() { if [ -z "$h" ]; then return 1 fi - if ! _zone_rest GET "dns/$h/a"; then + if ! _zone_rest GET "dns/$h"; then return 1 fi - if _contains "$response" "\"name\":\"$h\"" >/dev/null; then + if _contains "$response" "\"identificator\":\"$h\"" >/dev/null; then _domain=$h return 0 fi From 7a3c61b7449dfe57e079eb124fbe2e934139e132 Mon Sep 17 00:00:00 2001 From: neilpang Date: Fri, 3 Jan 2020 21:38:47 +0800 Subject: [PATCH 09/40] check upgrade hash https://github.com/Neilpang/acme.sh/issues/2667 --- acme.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/acme.sh b/acme.sh index fcebab7f..570e2836 100755 --- a/acme.sh +++ b/acme.sh @@ -6303,6 +6303,7 @@ _installOnline() { chmod +x $PROJECT_ENTRY if ./$PROJECT_ENTRY install "$_nocron" "" "$_noprofile"; then _info "Install success!" + _saveaccountconf "UPGRADE_HASH" "$(_getMasterHash)" fi cd .. @@ -6312,9 +6313,15 @@ _installOnline() { ) } +_getMasterHash() { + _hash_url="https://api.github.com/repos/Neilpang/acme.sh/git/refs/heads/master" + _get $_hash_url | tr -d "\r\n" | tr '{},' '\n' | grep '"sha":' | cut -d '"' -f 4 +} + upgrade() { if ( _initpath + [ -z "$FORCE" ] && [ "$(_getMasterHash)" = "$(_readaccountconf "UPGRADE_HASH")" ] && _info "Already uptodate!" && exit 0 export LE_WORKING_DIR cd "$LE_WORKING_DIR" _installOnline "nocron" "noprofile" From f174d7dd39ac0bc39f12e537e7c987afcaf950aa Mon Sep 17 00:00:00 2001 From: Silvan Raijer Date: Sun, 5 Jan 2020 15:27:04 +0100 Subject: [PATCH 10/40] dns_lexicon.sh: Add extra variable _API_KEY --- dnsapi/dns_lexicon.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index f6f54464..bb9f7efc 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -63,6 +63,16 @@ _lexicon_init() { _saveaccountconf_mutable "$Lx_domaintoken" "$Lx_domaintoken_v" eval export "$Lx_domaintoken" fi + + # shellcheck disable=SC2018,SC2019 + Lx_api_key=$(echo LEXICON_"${PROVIDER}"_API_KEY | tr 'a-z' 'A-Z') + eval "$Lx_api_key=\${$Lx_api_key:-$(_readaccountconf_mutable "$Lx_api_key")}" + Lx_api_key_v=$(eval echo \$"$Lx_api_key") + _secure_debug "$Lx_api_key" "$Lx_api_key_v" + if [ "$Lx_api_key_v" ]; then + _saveaccountconf_mutable "$Lx_api_key" "$Lx_api_key_v" + eval export "$Lx_api_key" + fi } ######## Public functions ##################### From c3fbc36ce7142e7013aa4bad3e2d2d4e8596bbca Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 6 Jan 2020 20:57:12 +0800 Subject: [PATCH 11/40] fix https://github.com/Neilpang/acme.sh/issues/2547#issuecomment-570963981 --- dnsapi/dns_nic.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_nic.sh b/dnsapi/dns_nic.sh index e3b39b0c..76e30a87 100644 --- a/dnsapi/dns_nic.sh +++ b/dnsapi/dns_nic.sh @@ -24,7 +24,7 @@ dns_nic_add() { return 1 fi - _saveaccountconf_mutable NIC_Customer "$NIC_Token" + _saveaccountconf_mutable NIC_Token "$NIC_Token" _saveaccountconf_mutable NIC_Username "$NIC_Username" _saveaccountconf_mutable NIC_Password "$NIC_Password" From a88622c1be477dead8175334c08aa450b8e75b1c Mon Sep 17 00:00:00 2001 From: Sergey Zorin Date: Mon, 6 Jan 2020 23:39:15 +0300 Subject: [PATCH 12/40] #2547 replace NIC_Token to NIC_ClientID&NIC_ClientSecret with backward compatibility --- dnsapi/dns_nic.sh | 86 +++++++++++++++++++++++++++++------------------ 1 file changed, 54 insertions(+), 32 deletions(-) diff --git a/dnsapi/dns_nic.sh b/dnsapi/dns_nic.sh index 76e30a87..4c3b280f 100644 --- a/dnsapi/dns_nic.sh +++ b/dnsapi/dns_nic.sh @@ -13,22 +13,8 @@ dns_nic_add() { fulldomain="${1}" txtvalue="${2}" - NIC_Token="${NIC_Token:-$(_readaccountconf_mutable NIC_Token)}" - NIC_Username="${NIC_Username:-$(_readaccountconf_mutable NIC_Username)}" - NIC_Password="${NIC_Password:-$(_readaccountconf_mutable NIC_Password)}" - if [ -z "$NIC_Token" ] || [ -z "$NIC_Username" ] || [ -z "$NIC_Password" ]; then - NIC_Token="" - NIC_Username="" - NIC_Password="" - _err "You must export variables: NIC_Token, NIC_Username and NIC_Password" - return 1 - fi - - _saveaccountconf_mutable NIC_Token "$NIC_Token" - _saveaccountconf_mutable NIC_Username "$NIC_Username" - _saveaccountconf_mutable NIC_Password "$NIC_Password" - if ! _nic_get_authtoken "$NIC_Username" "$NIC_Password" "$NIC_Token"; then + if ! _nic_get_authtoken save; then _err "get NIC auth token failed" return 1 fi @@ -59,18 +45,7 @@ dns_nic_rm() { fulldomain="${1}" txtvalue="${2}" - NIC_Token="${NIC_Token:-$(_readaccountconf_mutable NIC_Token)}" - NIC_Username="${NIC_Username:-$(_readaccountconf_mutable NIC_Username)}" - NIC_Password="${NIC_Password:-$(_readaccountconf_mutable NIC_Password)}" - if [ -z "$NIC_Token" ] || [ -z "$NIC_Username" ] || [ -z "$NIC_Password" ]; then - NIC_Token="" - NIC_Username="" - NIC_Password="" - _err "You must export variables: NIC_Token, NIC_Username and NIC_Password" - return 1 - fi - - if ! _nic_get_authtoken "$NIC_Username" "$NIC_Password" "$NIC_Token"; then + if ! _nic_get_authtoken; then _err "get NIC auth token failed" return 1 fi @@ -103,17 +78,64 @@ dns_nic_rm() { #################### Private functions below ################################## +#_nic_get_auth_elements [need2save] +_nic_get_auth_elements() { + _need2save=$1 + + NIC_ClientID="${NIC_ClientID:-$(_readaccountconf_mutable NIC_ClientID)}" + NIC_ClientSecret="${NIC_ClientSecret:-$(_readaccountconf_mutable NIC_ClientSecret)}" + NIC_Username="${NIC_Username:-$(_readaccountconf_mutable NIC_Username)}" + NIC_Password="${NIC_Password:-$(_readaccountconf_mutable NIC_Password)}" + + ## for backward compatibility + if [ -z "$NIC_ClientID" ] || [ -z "$NIC_ClientSecret" ]; then + NIC_Token="${NIC_Token:-$(_readaccountconf_mutable NIC_Token)}" + _debug NIC_Token "$NIC_Token" + if [ -n "$NIC_Token" ]; then + _two_values="$(echo "${NIC_Token}" | _dbase64)" + _debug _two_values "$_two_values" + IFS=":" read -r NIC_ClientID NIC_ClientSecret <<< $_two_values + _debug restored_NIC_ClientID "$NIC_ClientID" + _debug restored_NIC_ClientSecret "$NIC_ClientSecret" + fi + fi + + + if [ -z "$NIC_ClientID" ] || [ -z "$NIC_ClientSecret" ] || [ -z "$NIC_Username" ] || [ -z "$NIC_Password" ]; then + NIC_ClientID="" + NIC_ClientSecret="" + NIC_Username="" + NIC_Password="" + _err "You must export variables: NIC_ClientID, NIC_ClientSecret, NIC_Username and NIC_Password" + return 1 + fi + + if [ "$_need2save" ]; then + _saveaccountconf_mutable NIC_ClientID "$NIC_ClientID" + _saveaccountconf_mutable NIC_ClientSecret "$NIC_ClientSecret" + _saveaccountconf_mutable NIC_Username "$NIC_Username" + _saveaccountconf_mutable NIC_Password "$NIC_Password" + fi + + NIC_BasicAuth=$(printf "%s:%s" "${NIC_ClientID}" "${NIC_ClientSecret}" | _base64) + _debug NIC_BasicAuth "$NIC_BasicAuth" + +} + +#_nic_get_authtoken [need2save] _nic_get_authtoken() { - username="$1" - password="$2" - token="$3" + _need2save=$1 + + if ! _nic_get_auth_elements $_need2save; then + return 1 + fi _info "Getting NIC auth token" - export _H1="Authorization: Basic $token" + export _H1="Authorization: Basic ${NIC_BasicAuth}" export _H2="Content-Type: application/x-www-form-urlencoded" - res=$(_post "grant_type=password&username=$username&password=$password&scope=%28GET%7CPUT%7CPOST%7CDELETE%29%3A%2Fdns-master%2F.%2B" "$NIC_Api/oauth/token" "" "POST") + res=$(_post "grant_type=password&username=${NIC_Username}&password=${NIC_Password}&scope=%28GET%7CPUT%7CPOST%7CDELETE%29%3A%2Fdns-master%2F.%2B" "$NIC_Api/oauth/token" "" "POST") if _contains "$res" "access_token"; then _auth_token=$(printf "%s" "$res" | cut -d , -f2 | tr -d "\"" | sed "s/access_token://") _info "Token received" From 9666cf680e87df90238480ca960d2a7ff83692b3 Mon Sep 17 00:00:00 2001 From: Sergey Zorin Date: Mon, 6 Jan 2020 23:42:08 +0300 Subject: [PATCH 13/40] #2547 fix multiply _service selection --- dnsapi/dns_nic.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_nic.sh b/dnsapi/dns_nic.sh index 4c3b280f..9dba92c2 100644 --- a/dnsapi/dns_nic.sh +++ b/dnsapi/dns_nic.sh @@ -168,7 +168,7 @@ _get_root() { if _contains "$_all_domains" "^$h$"; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h - _service=$(printf "%s" "$response" | grep "$_domain" | sed -r "s/.*service=\"(.*)\".*$/\1/") + _service=$(printf "%s" "$response" | grep -F "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/") return 0 fi p="$i" From c822870cf850936db13d2fb5a30be230c75209d5 Mon Sep 17 00:00:00 2001 From: Sergey Zorin Date: Mon, 6 Jan 2020 23:52:11 +0300 Subject: [PATCH 14/40] comment cleaning --- dnsapi/dns_nic.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_nic.sh b/dnsapi/dns_nic.sh index 9dba92c2..5629b3be 100644 --- a/dnsapi/dns_nic.sh +++ b/dnsapi/dns_nic.sh @@ -1,10 +1,9 @@ #!/usr/bin/env sh # -#NIC_Token="sdfsdfsdfljlbjkljlkjsdfoiwjedfglgkdlfgkfgldfkg" -# +#NIC_ClientID='0dc0xxxxxxxxxxxxxxxxxxxxxxxxce88' +#NIC_ClientSecret='3LTtxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxnuW8' #NIC_Username="000000/NIC-D" - #NIC_Password="xxxxxxx" NIC_Api="https://api.nic.ru" From 346454c21bdee14074001f6e2aa6e1b7686a0d5d Mon Sep 17 00:00:00 2001 From: Sergey Zorin Date: Tue, 7 Jan 2020 00:26:44 +0300 Subject: [PATCH 15/40] fix CI warnings --- dnsapi/dns_nic.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_nic.sh b/dnsapi/dns_nic.sh index 5629b3be..d0d6e546 100644 --- a/dnsapi/dns_nic.sh +++ b/dnsapi/dns_nic.sh @@ -12,7 +12,6 @@ dns_nic_add() { fulldomain="${1}" txtvalue="${2}" - if ! _nic_get_authtoken save; then _err "get NIC auth token failed" return 1 @@ -93,7 +92,7 @@ _nic_get_auth_elements() { if [ -n "$NIC_Token" ]; then _two_values="$(echo "${NIC_Token}" | _dbase64)" _debug _two_values "$_two_values" - IFS=":" read -r NIC_ClientID NIC_ClientSecret <<< $_two_values + IFS=":" read -r NIC_ClientID NIC_ClientSecret <<<"$_two_values" _debug restored_NIC_ClientID "$NIC_ClientID" _debug restored_NIC_ClientSecret "$NIC_ClientSecret" fi @@ -117,7 +116,7 @@ _nic_get_auth_elements() { fi NIC_BasicAuth=$(printf "%s:%s" "${NIC_ClientID}" "${NIC_ClientSecret}" | _base64) - _debug NIC_BasicAuth "$NIC_BasicAuth" + _debug NIC_BasicAuth "$NIC_BasicAuth" } @@ -125,7 +124,7 @@ _nic_get_auth_elements() { _nic_get_authtoken() { _need2save=$1 - if ! _nic_get_auth_elements $_need2save; then + if ! _nic_get_auth_elements "$_need2save"; then return 1 fi From 8e2f11389d7b17c90a04ef97b2bd1ddb28176960 Mon Sep 17 00:00:00 2001 From: Sergey Zorin Date: Tue, 7 Jan 2020 00:49:13 +0300 Subject: [PATCH 16/40] fix CI warnings SC2039 --- dnsapi/dns_nic.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_nic.sh b/dnsapi/dns_nic.sh index d0d6e546..34429fe4 100644 --- a/dnsapi/dns_nic.sh +++ b/dnsapi/dns_nic.sh @@ -92,7 +92,7 @@ _nic_get_auth_elements() { if [ -n "$NIC_Token" ]; then _two_values="$(echo "${NIC_Token}" | _dbase64)" _debug _two_values "$_two_values" - IFS=":" read -r NIC_ClientID NIC_ClientSecret <<<"$_two_values" + IFS=":" read -r NIC_ClientID NIC_ClientSecret < <(echo "$_two_values") _debug restored_NIC_ClientID "$NIC_ClientID" _debug restored_NIC_ClientSecret "$NIC_ClientSecret" fi From be7688a4dfae5dac8d95707e985aefbfbccfd50d Mon Sep 17 00:00:00 2001 From: Sergey Zorin Date: Tue, 7 Jan 2020 01:05:50 +0300 Subject: [PATCH 17/40] fix CI warnings SC2039 v2 --- dnsapi/dns_nic.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_nic.sh b/dnsapi/dns_nic.sh index 34429fe4..190d4d1f 100644 --- a/dnsapi/dns_nic.sh +++ b/dnsapi/dns_nic.sh @@ -92,7 +92,8 @@ _nic_get_auth_elements() { if [ -n "$NIC_Token" ]; then _two_values="$(echo "${NIC_Token}" | _dbase64)" _debug _two_values "$_two_values" - IFS=":" read -r NIC_ClientID NIC_ClientSecret < <(echo "$_two_values") + NIC_ClientID=$(echo "$_two_values" | cut -d':' -f1) + NIC_ClientSecret=$(echo "$_two_values" | cut -d':' -f2-) _debug restored_NIC_ClientID "$NIC_ClientID" _debug restored_NIC_ClientSecret "$NIC_ClientSecret" fi From f3dd1603db9f998f2496e2baee89bac0b9ac7615 Mon Sep 17 00:00:00 2001 From: Sergey Zorin Date: Tue, 7 Jan 2020 01:11:43 +0300 Subject: [PATCH 18/40] fix CI warnings v3 --- dnsapi/dns_nic.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_nic.sh b/dnsapi/dns_nic.sh index 190d4d1f..1ad18d5b 100644 --- a/dnsapi/dns_nic.sh +++ b/dnsapi/dns_nic.sh @@ -99,7 +99,6 @@ _nic_get_auth_elements() { fi fi - if [ -z "$NIC_ClientID" ] || [ -z "$NIC_ClientSecret" ] || [ -z "$NIC_Username" ] || [ -z "$NIC_Password" ]; then NIC_ClientID="" NIC_ClientSecret="" From efd3e8067b28c269517ec89e08d77284a8907931 Mon Sep 17 00:00:00 2001 From: Sergey Zorin Date: Thu, 9 Jan 2020 17:05:18 +0300 Subject: [PATCH 19/40] remove -F option --- dnsapi/dns_nic.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_nic.sh b/dnsapi/dns_nic.sh index 1ad18d5b..5052ee10 100644 --- a/dnsapi/dns_nic.sh +++ b/dnsapi/dns_nic.sh @@ -166,7 +166,7 @@ _get_root() { if _contains "$_all_domains" "^$h$"; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain=$h - _service=$(printf "%s" "$response" | grep -F "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/") + _service=$(printf "%s" "$response" | grep "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/") return 0 fi p="$i" From 0712e98904448fd16fc5aeaece54685d099f730d Mon Sep 17 00:00:00 2001 From: neil Date: Sun, 12 Jan 2020 13:36:24 +0800 Subject: [PATCH 20/40] fix https://github.com/Neilpang/acme.sh/pull/2559 --- acme.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/acme.sh b/acme.sh index 570e2836..539e843d 100755 --- a/acme.sh +++ b/acme.sh @@ -2019,7 +2019,7 @@ _send_signed_request() { _debug code "$code" _debug2 original "$response" - if echo "$responseHeaders" | grep -i "Content-Type: application/json" >/dev/null 2>&1; then + if echo "$responseHeaders" | grep -i "Content-Type: *application/json" >/dev/null 2>&1; then response="$(echo "$response" | _normalizeJson)" fi _debug2 response "$response" @@ -3447,7 +3447,7 @@ _regAccount() { fi _debug2 responseHeaders "$responseHeaders" - _accUri="$(echo "$responseHeaders" | grep -i "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n")" + _accUri="$(echo "$responseHeaders" | grep -i "^Location:" | _head_n 1 | cut -d ':' -f 2- | tr -d "\r\n ")" _debug "_accUri" "$_accUri" if [ -z "$_accUri" ]; then _err "Can not find account id url." @@ -4006,7 +4006,7 @@ issue() { _on_issue_err "$_post_hook" return 1 fi - Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n" | cut -d " " -f 2)" + Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n" | cut -d ":" -f 2-)" _debug Le_LinkOrder "$Le_LinkOrder" Le_OrderFinalize="$(echo "$response" | _egrep_o '"finalize" *: *"[^"]*"' | cut -d '"' -f 4)" _debug Le_OrderFinalize "$Le_OrderFinalize" @@ -4521,7 +4521,7 @@ $_authorizations_map" return 1 fi if [ -z "$Le_LinkOrder" ]; then - Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n" | cut -d " " -f 2)" + Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n" | cut -d ":" -f 2-)" fi _savedomainconf "Le_LinkOrder" "$Le_LinkOrder" @@ -5572,7 +5572,7 @@ _deactivate() { return 1 fi - authzUri="$(echo "$responseHeaders" | grep "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n")" + authzUri="$(echo "$responseHeaders" | grep "^Location:" | _head_n 1 | cut -d ':' -f 2- | tr -d "\r\n")" _debug "authzUri" "$authzUri" if [ "$code" ] && [ ! "$code" = '201' ]; then _err "new-authz error: $response" From 70fdb1042fd194e6e107e57d5ce1a670f3df0070 Mon Sep 17 00:00:00 2001 From: Andrey Tuzhilin Date: Tue, 14 Jan 2020 15:55:44 +0300 Subject: [PATCH 21/40] fix: added public dns zones filter --- dnsapi/dns_gcloud.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index ebbeecf2..6365b338 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -131,7 +131,7 @@ _dns_gcloud_find_zone() { filter="$filter$part. " part="$(echo "$part" | sed 's/[^.]*\.*//')" done - filter="$filter)" + filter="$filter) AND visibility=public" _debug filter "$filter" # List domains and find the zone with the deepest sub-domain (in case of some levels of delegation) From ac3667c7652a6338aba1528de4a4dd7b0d77e8cd Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 15 Jan 2020 21:43:49 +0800 Subject: [PATCH 22/40] fix https://github.com/Neilpang/acme.sh/issues/2693 --- acme.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/acme.sh b/acme.sh index 539e843d..f461c575 100755 --- a/acme.sh +++ b/acme.sh @@ -6303,6 +6303,7 @@ _installOnline() { chmod +x $PROJECT_ENTRY if ./$PROJECT_ENTRY install "$_nocron" "" "$_noprofile"; then _info "Install success!" + _initpath _saveaccountconf "UPGRADE_HASH" "$(_getMasterHash)" fi From f8f53a6bd99d50293bc775fb74fcee9bde8a1280 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 15 Jan 2020 22:01:34 +0800 Subject: [PATCH 23/40] debug --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index f461c575..cae7c30e 100755 --- a/acme.sh +++ b/acme.sh @@ -2415,7 +2415,7 @@ __initHome() { if [ -z "$ACCOUNT_CONF_PATH" ]; then ACCOUNT_CONF_PATH="$_DEFAULT_ACCOUNT_CONF_PATH" fi - + _debug3 ACCOUNT_CONF_PATH "$ACCOUNT_CONF_PATH" DEFAULT_LOG_FILE="$LE_CONFIG_HOME/$PROJECT_NAME.log" DEFAULT_CA_HOME="$LE_CONFIG_HOME/ca" From 26309f51e380c0c60798a62ba1842b1263cc6fcf Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 15 Jan 2020 22:04:49 +0800 Subject: [PATCH 24/40] start 2.8.5 --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 539e843d..547d4a1d 100755 --- a/acme.sh +++ b/acme.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -VER=2.8.4 +VER=2.8.5 PROJECT_NAME="acme.sh" From e7d130cc11e4a52695e84fd1ea86d7c27a090b18 Mon Sep 17 00:00:00 2001 From: Radek SPRTA Date: Tue, 21 Jan 2020 06:36:31 +0100 Subject: [PATCH 25/40] Add support for CloudDNS API --- dnsapi/dns_clouddns.sh | 186 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 186 insertions(+) create mode 100755 dnsapi/dns_clouddns.sh diff --git a/dnsapi/dns_clouddns.sh b/dnsapi/dns_clouddns.sh new file mode 100755 index 00000000..2678c66b --- /dev/null +++ b/dnsapi/dns_clouddns.sh @@ -0,0 +1,186 @@ +#!/usr/bin/env sh + +# Author: Radek Sprta + +#CLOUDDNS_EMAIL=XXXXX +#CLOUDDNS_PASSWORD="YYYYYYYYY" +#CLOUDDNS_CLIENT_ID=XXXXX + +CLOUDDNS_API='https://admin.vshosting.cloud/clouddns' +CLOUDDNS_LOGIN_API='https://admin.vshosting.cloud/api/public/auth/login' + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_clouddns_add() { + fulldomain=$1 + txtvalue=$2 + + CLOUDDNS_CLIENT_ID="${CLOUDDNS_CLIENT_ID:-$(_readaccountconf_mutable CLOUDDNS_CLIENT_ID)}" + CLOUDDNS_EMAIL="${CLOUDDNS_EMAIL:-$(_readaccountconf_mutable CLOUDDNS_EMAIL)}" + CLOUDDNS_PASSWORD="${CLOUDDNS_PASSWORD:-$(_readaccountconf_mutable CLOUDDNS_PASSWORD)}" + + if [ -z "$CLOUDDNS_PASSWORD" ] || [ -z "$CLOUDDNS_EMAIL" ] || [ -z "$CLOUDDNS_CLIENT_ID" ]; then + CLOUDDNS_CLIENT_ID="" + CLOUDDNS_EMAIL="" + CLOUDDNS_PASSWORD="" + _err "You didn't specify a CloudDNS password, email and client id yet." + return 1 + fi + if ! _contains "$CLOUDDNS_EMAIL" "@"; then + _err "It seems that the CLOUDDNS_EMAIL=$CLOUDDNS_EMAIL is not a valid email address." + _err "Please check and retry." + return 1 + fi + # Save CloudDNS client id, email and password to config file + _saveaccountconf_mutable CLOUDDNS_CLIENT_ID "$CLOUDDNS_CLIENT_ID" + _saveaccountconf_mutable CLOUDDNS_EMAIL "$CLOUDDNS_EMAIL" + _saveaccountconf_mutable CLOUDDNS_PASSWORD "$CLOUDDNS_PASSWORD" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "Invalid domain" + return 1 + fi + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so + # we can not use updating anymore. + _info "Adding record" + if _clouddns_api POST "record-txt" "{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"value\":\"$txtvalue\",\"domainId\":\"$_domain_id\"}"; then + if _contains "$response" "$txtvalue"; then + _info "Added, OK" + elif _contains "$response" '"code":4136'; then + _info "Already exists, OK" + else + _err "Add txt record error." + return 1 + fi + fi + + # Publish challenge record + _debug "Publishing record changes" + _clouddns_api PUT "domain/$_domain_id/publish" "{\"soaTtl\":300}" +} + +#fulldomain txtvalue +dns_clouddns_rm() { + fulldomain=$1 + txtvalue=$2 + + CLOUDDNS_CLIENT_ID="${CLOUDDNS_CLIENT_ID:-$(_readaccountconf_mutable CLOUDDNS_CLIENT_ID)}" + CLOUDDNS_EMAIL="${CLOUDDNS_EMAIL:-$(_readaccountconf_mutable CLOUDDNS_EMAIL)}" + CLOUDDNS_PASSWORD="${CLOUDDNS_PASSWORD:-$(_readaccountconf_mutable CLOUDDNS_PASSWORD)}" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _domain_id "$_domain_id" + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + # Get record Id + response="$(_clouddns_api GET "domain/$_domain_id" | tr -d '\t\r\n ')" + _debug response "$response" + if _contains "$response" "lastDomainRecordList"; then + re="\"lastDomainRecordList\".*\"id\":\"([^\"}]*)\"[^}]*\"name\":\"$fulldomain.\"," + _last_domains=$(echo "$response" | _egrep_o "$re") + re2="\"id\":\"([^\"}]*)\"[^}]*\"name\":\"$fulldomain.\"," + _record_id=$(echo "$_last_domains" | _egrep_o "$re2" | _head_n 1 | cut -d : -f 2 | cut -d , -f 1 | tr -d "\"") + _debug _record_id "$_record_id" + else + _err "Could not retrieve record id" + return 1 + fi + + _info "Removing record" + if _clouddns_api DELETE "record/$_record_id"; then + if _contains "$response" "\"error\":"; then + _err "Could not remove record" + return 1 + fi + fi + + # Publish challenge record + _debug "Publishing record changes" + _clouddns_api PUT "domain/$_domain_id/publish" "{\"soaTtl\":300}" +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + domain_root=$(echo "$fulldomain" | _egrep_o '\.([^\.]*\.[^\.]*)$' | cut -c 2-) + _debug domain_root "$domain_root" + + # Get domain id + data="{\"search\": [{\"name\": \"clientId\", \"operator\": \"eq\", \"value\": \"$CLOUDDNS_CLIENT_ID\"}, \ + {\"name\": \"domainName\", \"operator\": \"eq\", \"value\": \"$domain_root.\"}]}" + response="$(_clouddns_api "POST" "domain/search" "$data" | tr -d '\t\r\n ')" + _debug "Domain id $response" + + if _contains "$response" "\"id\":\""; then + re='domainType\":\"[^\"]*\",\"id\":\"([^\"]*)\",' # Match domain id + _domain_id=$(echo "$response" | _egrep_o "$re" | _head_n 1 | cut -d : -f 3 | tr -d "\",") + if [ "$_domain_id" ]; then + _sub_domain=$(printf "%s" "$domain" | sed "s/.$domain_root//") + _domain="$domain_root" + return 0 + fi + _err 'Domain name not found on your CloudDNS account' + return 1 + fi + return 1 +} + +_clouddns_api() { + method=$1 + endpoint="$2" + data="$3" + _debug endpoint "$endpoint" + + if [ -z "$CLOUDDNS_TOKEN" ]; then + _clouddns_login + fi + _debug CLOUDDNS_TOKEN "$CLOUDDNS_TOKEN" + + export _H1="Content-Type: application/json" + export _H2="Authorization: Bearer $CLOUDDNS_TOKEN" + + if [ "$method" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$CLOUDDNS_API/$endpoint" "" "$method")" + else + response="$(_get "$CLOUDDNS_API/$endpoint")" + fi + + if [ "$?" != "0" ]; then + _err "error $endpoint" + return 1 + fi + printf "%s" "$response" + return 0 +} + +_clouddns_login() { + login_data="{\"email\": \"$CLOUDDNS_EMAIL\", \"password\": \"$CLOUDDNS_PASSWORD\"}" + response="$(_post "$login_data" "$CLOUDDNS_LOGIN_API" "" "POST" "Content-Type: application/json")" + _debug2 response "$response" + + if _contains "$response" "\"accessToken\":\""; then + CLOUDDNS_TOKEN=$(echo "$response" | _egrep_o "\"accessToken\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") + export CLOUDDNS_TOKEN + else + echo 'Could not get CloudDNS access token; check your credentials' + return 1 + fi + return 0 +} From 69392f67e8c49bfaaa447bd7f1dd14a428cf357c Mon Sep 17 00:00:00 2001 From: Radek SPRTA Date: Wed, 22 Jan 2020 01:33:15 +0100 Subject: [PATCH 26/40] Correctly handle .co.uk type domains --- dnsapi/dns_clouddns.sh | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns_clouddns.sh b/dnsapi/dns_clouddns.sh index 2678c66b..174d740f 100755 --- a/dnsapi/dns_clouddns.sh +++ b/dnsapi/dns_clouddns.sh @@ -118,15 +118,24 @@ dns_clouddns_rm() { # _domain_id=sdjkglgdfewsdfg _get_root() { domain=$1 - domain_root=$(echo "$fulldomain" | _egrep_o '\.([^\.]*\.[^\.]*)$' | cut -c 2-) - _debug domain_root "$domain_root" + + # Get domain root + data="{\"search\": [{\"name\": \"clientId\", \"operator\": \"eq\", \"value\": \"$CLOUDDNS_CLIENT_ID\"}]}" + response="$(_clouddns_api "POST" "domain/search" "$data" | tr -d '\t\r\n ')" + _debug2 "response" "$response" + domain_slice="$domain" + while [ -z "$domain_root" ]; do + if _contains "$response" "\"domainName\":\"$domain_slice\.\""; then + domain_root="$domain_slice" + _debug domain_root "$domain_root" + fi + domain_slice="$(echo "$domain_slice" | cut -d . -f 2-)" + done # Get domain id data="{\"search\": [{\"name\": \"clientId\", \"operator\": \"eq\", \"value\": \"$CLOUDDNS_CLIENT_ID\"}, \ - {\"name\": \"domainName\", \"operator\": \"eq\", \"value\": \"$domain_root.\"}]}" + {\"name\": \"domainName\", \"operator\": \"eq\", \"value\": \"$domain_root.\"}]}" response="$(_clouddns_api "POST" "domain/search" "$data" | tr -d '\t\r\n ')" - _debug "Domain id $response" - if _contains "$response" "\"id\":\""; then re='domainType\":\"[^\"]*\",\"id\":\"([^\"]*)\",' # Match domain id _domain_id=$(echo "$response" | _egrep_o "$re" | _head_n 1 | cut -d : -f 3 | tr -d "\",") From 36e0feea430a008d63b818a4dc3cc8b46ddf459f Mon Sep 17 00:00:00 2001 From: Radek SPRTA Date: Wed, 22 Jan 2020 01:59:40 +0100 Subject: [PATCH 27/40] Clean up comments --- dnsapi/dns_clouddns.sh | 39 +++++++++++++++++++++------------------ 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/dnsapi/dns_clouddns.sh b/dnsapi/dns_clouddns.sh index 174d740f..75d9ca6c 100755 --- a/dnsapi/dns_clouddns.sh +++ b/dnsapi/dns_clouddns.sh @@ -11,10 +11,11 @@ CLOUDDNS_LOGIN_API='https://admin.vshosting.cloud/api/public/auth/login' ######## Public functions ##################### -#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_clouddns_add() { fulldomain=$1 txtvalue=$2 + _debug "fulldomain" "$fulldomain" CLOUDDNS_CLIENT_ID="${CLOUDDNS_CLIENT_ID:-$(_readaccountconf_mutable CLOUDDNS_CLIENT_ID)}" CLOUDDNS_EMAIL="${CLOUDDNS_EMAIL:-$(_readaccountconf_mutable CLOUDDNS_EMAIL)}" @@ -24,7 +25,7 @@ dns_clouddns_add() { CLOUDDNS_CLIENT_ID="" CLOUDDNS_EMAIL="" CLOUDDNS_PASSWORD="" - _err "You didn't specify a CloudDNS password, email and client id yet." + _err "You didn't specify a CloudDNS password, email and client ID yet." return 1 fi if ! _contains "$CLOUDDNS_EMAIL" "@"; then @@ -46,8 +47,6 @@ dns_clouddns_add() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - # For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so - # we can not use updating anymore. _info "Adding record" if _clouddns_api POST "record-txt" "{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"value\":\"$txtvalue\",\"domainId\":\"$_domain_id\"}"; then if _contains "$response" "$txtvalue"; then @@ -55,20 +54,19 @@ dns_clouddns_add() { elif _contains "$response" '"code":4136'; then _info "Already exists, OK" else - _err "Add txt record error." + _err "Add TXT record error." return 1 fi fi - # Publish challenge record _debug "Publishing record changes" _clouddns_api PUT "domain/$_domain_id/publish" "{\"soaTtl\":300}" } -#fulldomain txtvalue +# Usage: rm _acme-challenge.www.domain.com dns_clouddns_rm() { fulldomain=$1 - txtvalue=$2 + _debug "fulldomain" "$fulldomain" CLOUDDNS_CLIENT_ID="${CLOUDDNS_CLIENT_ID:-$(_readaccountconf_mutable CLOUDDNS_CLIENT_ID)}" CLOUDDNS_EMAIL="${CLOUDDNS_EMAIL:-$(_readaccountconf_mutable CLOUDDNS_EMAIL)}" @@ -76,16 +74,16 @@ dns_clouddns_rm() { _debug "First detect the root zone" if ! _get_root "$fulldomain"; then - _err "invalid domain" + _err "Invalid domain" return 1 fi _debug _domain_id "$_domain_id" _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - # Get record Id + # Get record ID response="$(_clouddns_api GET "domain/$_domain_id" | tr -d '\t\r\n ')" - _debug response "$response" + _debug2 response "$response" if _contains "$response" "lastDomainRecordList"; then re="\"lastDomainRecordList\".*\"id\":\"([^\"}]*)\"[^}]*\"name\":\"$fulldomain.\"," _last_domains=$(echo "$response" | _egrep_o "$re") @@ -93,7 +91,7 @@ dns_clouddns_rm() { _record_id=$(echo "$_last_domains" | _egrep_o "$re2" | _head_n 1 | cut -d : -f 2 | cut -d , -f 1 | tr -d "\"") _debug _record_id "$_record_id" else - _err "Could not retrieve record id" + _err "Could not retrieve record ID" return 1 fi @@ -105,14 +103,14 @@ dns_clouddns_rm() { fi fi - # Publish challenge record _debug "Publishing record changes" _clouddns_api PUT "domain/$_domain_id/publish" "{\"soaTtl\":300}" } #################### Private functions below ################################## -#_acme-challenge.www.domain.com -#returns + +# Usage: _get_root _acme-challenge.www.domain.com +# Returns: # _sub_domain=_acme-challenge.www # _domain=domain.com # _domain_id=sdjkglgdfewsdfg @@ -122,7 +120,7 @@ _get_root() { # Get domain root data="{\"search\": [{\"name\": \"clientId\", \"operator\": \"eq\", \"value\": \"$CLOUDDNS_CLIENT_ID\"}]}" response="$(_clouddns_api "POST" "domain/search" "$data" | tr -d '\t\r\n ')" - _debug2 "response" "$response" + _debug2 response "$response" domain_slice="$domain" while [ -z "$domain_root" ]; do if _contains "$response" "\"domainName\":\"$domain_slice\.\""; then @@ -134,7 +132,7 @@ _get_root() { # Get domain id data="{\"search\": [{\"name\": \"clientId\", \"operator\": \"eq\", \"value\": \"$CLOUDDNS_CLIENT_ID\"}, \ - {\"name\": \"domainName\", \"operator\": \"eq\", \"value\": \"$domain_root.\"}]}" + {\"name\": \"domainName\", \"operator\": \"eq\", \"value\": \"$domain_root.\"}]}" response="$(_clouddns_api "POST" "domain/search" "$data" | tr -d '\t\r\n ')" if _contains "$response" "\"id\":\""; then re='domainType\":\"[^\"]*\",\"id\":\"([^\"]*)\",' # Match domain id @@ -150,6 +148,9 @@ _get_root() { return 1 } +# Usage: _clouddns_api GET domain/search '{"data": "value"}' +# Returns: +# response='{"message": "api response"}' _clouddns_api() { method=$1 endpoint="$2" @@ -172,13 +173,15 @@ _clouddns_api() { fi if [ "$?" != "0" ]; then - _err "error $endpoint" + _err "Error $endpoint" return 1 fi printf "%s" "$response" return 0 } +# Returns: +# CLOUDDNS_TOKEN=dslfje2rj23l _clouddns_login() { login_data="{\"email\": \"$CLOUDDNS_EMAIL\", \"password\": \"$CLOUDDNS_PASSWORD\"}" response="$(_post "$login_data" "$CLOUDDNS_LOGIN_API" "" "POST" "Content-Type: application/json")" From 6b675117481153bd8067737969f089bd24ada53e Mon Sep 17 00:00:00 2001 From: Radek SPRTA Date: Wed, 22 Jan 2020 02:03:11 +0100 Subject: [PATCH 28/40] Disable check --- dnsapi/dns_clouddns.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsapi/dns_clouddns.sh b/dnsapi/dns_clouddns.sh index 75d9ca6c..1e9987db 100755 --- a/dnsapi/dns_clouddns.sh +++ b/dnsapi/dns_clouddns.sh @@ -172,6 +172,7 @@ _clouddns_api() { response="$(_get "$CLOUDDNS_API/$endpoint")" fi + # shellcheck disable=SC2181 if [ "$?" != "0" ]; then _err "Error $endpoint" return 1 From 23f26770523807630df8d87cd38016a8359c57a9 Mon Sep 17 00:00:00 2001 From: Radek SPRTA Date: Wed, 22 Jan 2020 02:53:50 +0100 Subject: [PATCH 29/40] Do not print HTTP responses to stdout --- dnsapi/dns_clouddns.sh | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/dnsapi/dns_clouddns.sh b/dnsapi/dns_clouddns.sh index 1e9987db..cfbb1cbb 100755 --- a/dnsapi/dns_clouddns.sh +++ b/dnsapi/dns_clouddns.sh @@ -47,8 +47,9 @@ dns_clouddns_add() { _debug _sub_domain "$_sub_domain" _debug _domain "$_domain" - _info "Adding record" - if _clouddns_api POST "record-txt" "{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"value\":\"$txtvalue\",\"domainId\":\"$_domain_id\"}"; then + # Add TXT record + data="{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"value\":\"$txtvalue\",\"domainId\":\"$_domain_id\"}" + if _clouddns_api POST "record-txt" "$data"; then if _contains "$response" "$txtvalue"; then _info "Added, OK" elif _contains "$response" '"code":4136'; then @@ -82,8 +83,7 @@ dns_clouddns_rm() { _debug _domain "$_domain" # Get record ID - response="$(_clouddns_api GET "domain/$_domain_id" | tr -d '\t\r\n ')" - _debug2 response "$response" + _clouddns_api GET "domain/$_domain_id" if _contains "$response" "lastDomainRecordList"; then re="\"lastDomainRecordList\".*\"id\":\"([^\"}]*)\"[^}]*\"name\":\"$fulldomain.\"," _last_domains=$(echo "$response" | _egrep_o "$re") @@ -119,8 +119,7 @@ _get_root() { # Get domain root data="{\"search\": [{\"name\": \"clientId\", \"operator\": \"eq\", \"value\": \"$CLOUDDNS_CLIENT_ID\"}]}" - response="$(_clouddns_api "POST" "domain/search" "$data" | tr -d '\t\r\n ')" - _debug2 response "$response" + _clouddns_api "POST" "domain/search" "$data" domain_slice="$domain" while [ -z "$domain_root" ]; do if _contains "$response" "\"domainName\":\"$domain_slice\.\""; then @@ -133,7 +132,7 @@ _get_root() { # Get domain id data="{\"search\": [{\"name\": \"clientId\", \"operator\": \"eq\", \"value\": \"$CLOUDDNS_CLIENT_ID\"}, \ {\"name\": \"domainName\", \"operator\": \"eq\", \"value\": \"$domain_root.\"}]}" - response="$(_clouddns_api "POST" "domain/search" "$data" | tr -d '\t\r\n ')" + _clouddns_api "POST" "domain/search" "$data" if _contains "$response" "\"id\":\""; then re='domainType\":\"[^\"]*\",\"id\":\"([^\"]*)\",' # Match domain id _domain_id=$(echo "$response" | _egrep_o "$re" | _head_n 1 | cut -d : -f 3 | tr -d "\",") @@ -167,9 +166,9 @@ _clouddns_api() { if [ "$method" != "GET" ]; then _debug data "$data" - response="$(_post "$data" "$CLOUDDNS_API/$endpoint" "" "$method")" + response="$(_post "$data" "$CLOUDDNS_API/$endpoint" "" "$method" | tr -d '\t\r\n ')" else - response="$(_get "$CLOUDDNS_API/$endpoint")" + response="$(_get "$CLOUDDNS_API/$endpoint" | tr -d '\t\r\n ')" fi # shellcheck disable=SC2181 @@ -177,7 +176,7 @@ _clouddns_api() { _err "Error $endpoint" return 1 fi - printf "%s" "$response" + _debug2 response "$response" return 0 } @@ -186,7 +185,6 @@ _clouddns_api() { _clouddns_login() { login_data="{\"email\": \"$CLOUDDNS_EMAIL\", \"password\": \"$CLOUDDNS_PASSWORD\"}" response="$(_post "$login_data" "$CLOUDDNS_LOGIN_API" "" "POST" "Content-Type: application/json")" - _debug2 response "$response" if _contains "$response" "\"accessToken\":\""; then CLOUDDNS_TOKEN=$(echo "$response" | _egrep_o "\"accessToken\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") From 5c7feba77bd4a0b6f8ba1edaca2c1118a26cfa17 Mon Sep 17 00:00:00 2001 From: Radek SPRTA Date: Wed, 22 Jan 2020 05:33:46 +0100 Subject: [PATCH 30/40] Format with shfmt --- dnsapi/dns_clouddns.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_clouddns.sh b/dnsapi/dns_clouddns.sh index cfbb1cbb..31ae4ee9 100755 --- a/dnsapi/dns_clouddns.sh +++ b/dnsapi/dns_clouddns.sh @@ -85,7 +85,7 @@ dns_clouddns_rm() { # Get record ID _clouddns_api GET "domain/$_domain_id" if _contains "$response" "lastDomainRecordList"; then - re="\"lastDomainRecordList\".*\"id\":\"([^\"}]*)\"[^}]*\"name\":\"$fulldomain.\"," + re="\"lastDomainRecordList\".*\"id\":\"([^\"}]*)\"[^}]*\"name\":\"$fulldomain.\"," _last_domains=$(echo "$response" | _egrep_o "$re") re2="\"id\":\"([^\"}]*)\"[^}]*\"name\":\"$fulldomain.\"," _record_id=$(echo "$_last_domains" | _egrep_o "$re2" | _head_n 1 | cut -d : -f 2 | cut -d , -f 1 | tr -d "\"") @@ -94,7 +94,7 @@ dns_clouddns_rm() { _err "Could not retrieve record ID" return 1 fi - + _info "Removing record" if _clouddns_api DELETE "record/$_record_id"; then if _contains "$response" "\"error\":"; then @@ -119,7 +119,7 @@ _get_root() { # Get domain root data="{\"search\": [{\"name\": \"clientId\", \"operator\": \"eq\", \"value\": \"$CLOUDDNS_CLIENT_ID\"}]}" - _clouddns_api "POST" "domain/search" "$data" + _clouddns_api "POST" "domain/search" "$data" domain_slice="$domain" while [ -z "$domain_root" ]; do if _contains "$response" "\"domainName\":\"$domain_slice\.\""; then From 05aa26e6197241231bf968d23c03e1af4d6ad3b4 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 27 Jan 2020 21:22:42 +0800 Subject: [PATCH 31/40] minor, remove space key --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index b5f80b35..786d929a 100755 --- a/acme.sh +++ b/acme.sh @@ -4006,7 +4006,7 @@ issue() { _on_issue_err "$_post_hook" return 1 fi - Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n" | cut -d ":" -f 2-)" + Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n " | cut -d ":" -f 2-)" _debug Le_LinkOrder "$Le_LinkOrder" Le_OrderFinalize="$(echo "$response" | _egrep_o '"finalize" *: *"[^"]*"' | cut -d '"' -f 4)" _debug Le_OrderFinalize "$Le_OrderFinalize" From 4f303de00c8d640351db5fb065bf0861786fab18 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 27 Jan 2020 22:12:21 +0800 Subject: [PATCH 32/40] fix bug https://github.com/Neilpang/acme.sh/issues/2695 If a domain was already verified by http-01 method, when we try to issue a cert for them same domain with dns-01 method, we just get only one challenge object of type http-01 with "valid" status, from the authz-v3 url. So, we report error that we are not able the validate the domain, because of that we don't find dns-01 challenge. This behavior is not the same as before. I believe it was changed by the letsencrypt CA. --- acme.sh | 80 +++++++++++++++++++++++++++++++++------------------------ 1 file changed, 47 insertions(+), 33 deletions(-) diff --git a/acme.sh b/acme.sh index 786d929a..0de32794 100755 --- a/acme.sh +++ b/acme.sh @@ -4119,45 +4119,59 @@ $_authorizations_map" entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" _debug entry "$entry" + keyauthorization="" if [ -z "$entry" ]; then - _err "Error, can not get domain token entry $d" - _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')" - if [ "$_supported_vtypes" ]; then - _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype" + _err "Error, can not get domain token entry $d for $vtype" + if ! _startswith "$d" '*.'; then + _debug "Not a wildcard domain, lets check whether the validation is already valid." + if echo "$response" | grep '"status":"valid"' >/dev/null 2>&1; then + _debug "$d is already valid." + keyauthorization="$STATE_VERIFIED" + _debug keyauthorization "$keyauthorization" + fi + fi + if [ -z "$keyauthorization" ]; then + _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')" + if [ "$_supported_vtypes" ]; then + _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype" + fi + _clearup + _on_issue_err "$_post_hook" + return 1 fi - _clearup - _on_issue_err "$_post_hook" - return 1 - fi - token="$(echo "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')" - _debug token "$token" - - if [ -z "$token" ]; then - _err "Error, can not get domain token $entry" - _clearup - _on_issue_err "$_post_hook" - return 1 - fi - if [ "$ACME_VERSION" = "2" ]; then - uri="$(echo "$entry" | _egrep_o '"url":"[^"]*' | cut -d '"' -f 4 | _head_n 1)" - else - uri="$(echo "$entry" | _egrep_o '"uri":"[^"]*' | cut -d '"' -f 4)" fi - _debug uri "$uri" + + if [ -z "$keyauthorization" ]; then + token="$(echo "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')" + _debug token "$token" - if [ -z "$uri" ]; then - _err "Error, can not get domain uri. $entry" - _clearup - _on_issue_err "$_post_hook" - return 1 - fi - keyauthorization="$token.$thumbprint" - _debug keyauthorization "$keyauthorization" + if [ -z "$token" ]; then + _err "Error, can not get domain token $entry" + _clearup + _on_issue_err "$_post_hook" + return 1 + fi + if [ "$ACME_VERSION" = "2" ]; then + uri="$(echo "$entry" | _egrep_o '"url":"[^"]*' | cut -d '"' -f 4 | _head_n 1)" + else + uri="$(echo "$entry" | _egrep_o '"uri":"[^"]*' | cut -d '"' -f 4)" + fi + _debug uri "$uri" - if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then - _debug "$d is already verified." - keyauthorization="$STATE_VERIFIED" + if [ -z "$uri" ]; then + _err "Error, can not get domain uri. $entry" + _clearup + _on_issue_err "$_post_hook" + return 1 + fi + keyauthorization="$token.$thumbprint" _debug keyauthorization "$keyauthorization" + + if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then + _debug "$d is already verified." + keyauthorization="$STATE_VERIFIED" + _debug keyauthorization "$keyauthorization" + fi fi dvlist="$d$sep$keyauthorization$sep$uri$sep$vtype$sep$_currentRoot" From dc0cca8c8371e0040fea4db3c0f19bd2740776b7 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 27 Jan 2020 22:22:25 +0800 Subject: [PATCH 33/40] move the error message --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 0de32794..c8b5bf95 100755 --- a/acme.sh +++ b/acme.sh @@ -4121,7 +4121,6 @@ $_authorizations_map" _debug entry "$entry" keyauthorization="" if [ -z "$entry" ]; then - _err "Error, can not get domain token entry $d for $vtype" if ! _startswith "$d" '*.'; then _debug "Not a wildcard domain, lets check whether the validation is already valid." if echo "$response" | grep '"status":"valid"' >/dev/null 2>&1; then @@ -4131,6 +4130,7 @@ $_authorizations_map" fi fi if [ -z "$keyauthorization" ]; then + _err "Error, can not get domain token entry $d for $vtype" _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')" if [ "$_supported_vtypes" ]; then _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype" From f716f6060e7ee99704055dc57f603da3668e7da6 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 27 Jan 2020 23:02:09 +0800 Subject: [PATCH 34/40] minor check update hash for branch name --- acme.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 786d929a..b4974fe3 100755 --- a/acme.sh +++ b/acme.sh @@ -6315,7 +6315,11 @@ _installOnline() { } _getMasterHash() { - _hash_url="https://api.github.com/repos/Neilpang/acme.sh/git/refs/heads/master" + _b="$BRANCH" + if [ -z "$_b" ]; then + _b="master" + fi + _hash_url="https://api.github.com/repos/Neilpang/acme.sh/git/refs/heads/$_b" _get $_hash_url | tr -d "\r\n" | tr '{},' '\n' | grep '"sha":' | cut -d '"' -f 4 } From 9541ea6a9fee42567a194fbec82b6c80bd2a04bb Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 27 Jan 2020 22:12:21 +0800 Subject: [PATCH 35/40] fix bug https://github.com/Neilpang/acme.sh/issues/2695 If a domain was already verified by http-01 method, when we try to issue a cert for them same domain with dns-01 method, we just get only one challenge object of type http-01 with "valid" status, from the authz-v3 url. So, we report error that we are not able the validate the domain, because of that we don't find dns-01 challenge. This behavior is not the same as before. I believe it was changed by the letsencrypt CA. --- acme.sh | 80 +++++++++++++++++++++++++++++++++------------------------ 1 file changed, 47 insertions(+), 33 deletions(-) diff --git a/acme.sh b/acme.sh index b4974fe3..3c21c75b 100755 --- a/acme.sh +++ b/acme.sh @@ -4119,45 +4119,59 @@ $_authorizations_map" entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')" _debug entry "$entry" + keyauthorization="" if [ -z "$entry" ]; then - _err "Error, can not get domain token entry $d" - _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')" - if [ "$_supported_vtypes" ]; then - _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype" + _err "Error, can not get domain token entry $d for $vtype" + if ! _startswith "$d" '*.'; then + _debug "Not a wildcard domain, lets check whether the validation is already valid." + if echo "$response" | grep '"status":"valid"' >/dev/null 2>&1; then + _debug "$d is already valid." + keyauthorization="$STATE_VERIFIED" + _debug keyauthorization "$keyauthorization" + fi + fi + if [ -z "$keyauthorization" ]; then + _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')" + if [ "$_supported_vtypes" ]; then + _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype" + fi + _clearup + _on_issue_err "$_post_hook" + return 1 fi - _clearup - _on_issue_err "$_post_hook" - return 1 - fi - token="$(echo "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')" - _debug token "$token" - - if [ -z "$token" ]; then - _err "Error, can not get domain token $entry" - _clearup - _on_issue_err "$_post_hook" - return 1 - fi - if [ "$ACME_VERSION" = "2" ]; then - uri="$(echo "$entry" | _egrep_o '"url":"[^"]*' | cut -d '"' -f 4 | _head_n 1)" - else - uri="$(echo "$entry" | _egrep_o '"uri":"[^"]*' | cut -d '"' -f 4)" fi - _debug uri "$uri" + + if [ -z "$keyauthorization" ]; then + token="$(echo "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')" + _debug token "$token" - if [ -z "$uri" ]; then - _err "Error, can not get domain uri. $entry" - _clearup - _on_issue_err "$_post_hook" - return 1 - fi - keyauthorization="$token.$thumbprint" - _debug keyauthorization "$keyauthorization" + if [ -z "$token" ]; then + _err "Error, can not get domain token $entry" + _clearup + _on_issue_err "$_post_hook" + return 1 + fi + if [ "$ACME_VERSION" = "2" ]; then + uri="$(echo "$entry" | _egrep_o '"url":"[^"]*' | cut -d '"' -f 4 | _head_n 1)" + else + uri="$(echo "$entry" | _egrep_o '"uri":"[^"]*' | cut -d '"' -f 4)" + fi + _debug uri "$uri" - if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then - _debug "$d is already verified." - keyauthorization="$STATE_VERIFIED" + if [ -z "$uri" ]; then + _err "Error, can not get domain uri. $entry" + _clearup + _on_issue_err "$_post_hook" + return 1 + fi + keyauthorization="$token.$thumbprint" _debug keyauthorization "$keyauthorization" + + if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then + _debug "$d is already verified." + keyauthorization="$STATE_VERIFIED" + _debug keyauthorization "$keyauthorization" + fi fi dvlist="$d$sep$keyauthorization$sep$uri$sep$vtype$sep$_currentRoot" From fc3a181779e8c4dbc3dd65a727df656619a100df Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 27 Jan 2020 22:22:25 +0800 Subject: [PATCH 36/40] move the error message --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 3c21c75b..5ae2e312 100755 --- a/acme.sh +++ b/acme.sh @@ -4121,7 +4121,6 @@ $_authorizations_map" _debug entry "$entry" keyauthorization="" if [ -z "$entry" ]; then - _err "Error, can not get domain token entry $d for $vtype" if ! _startswith "$d" '*.'; then _debug "Not a wildcard domain, lets check whether the validation is already valid." if echo "$response" | grep '"status":"valid"' >/dev/null 2>&1; then @@ -4131,6 +4130,7 @@ $_authorizations_map" fi fi if [ -z "$keyauthorization" ]; then + _err "Error, can not get domain token entry $d for $vtype" _supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')" if [ "$_supported_vtypes" ]; then _err "The supported validation types are: $_supported_vtypes, but you specified: $vtype" From f8b225e70e2286622e01134d4e5ba5e69d1ab00e Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 27 Jan 2020 23:30:36 +0800 Subject: [PATCH 37/40] fix format --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 5ae2e312..200c95c0 100755 --- a/acme.sh +++ b/acme.sh @@ -4140,7 +4140,7 @@ $_authorizations_map" return 1 fi fi - + if [ -z "$keyauthorization" ]; then token="$(echo "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')" _debug token "$token" From 09f74a9af8f1de082f605e1f4338fb5ca7cb148e Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 30 Jan 2020 10:50:39 +0800 Subject: [PATCH 38/40] start v2.8.6, change the repo name --- acme.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/acme.sh b/acme.sh index 200c95c0..b05c341b 100755 --- a/acme.sh +++ b/acme.sh @@ -1,12 +1,12 @@ #!/usr/bin/env sh -VER=2.8.5 +VER=2.8.6 PROJECT_NAME="acme.sh" PROJECT_ENTRY="acme.sh" -PROJECT="https://github.com/Neilpang/$PROJECT_NAME" +PROJECT="https://github.com/acmesh-official/$PROJECT_NAME" DEFAULT_INSTALL_HOME="$HOME/.$PROJECT_NAME" @@ -126,19 +126,19 @@ NOTIFY_MODE_CERT=1 NOTIFY_MODE_DEFAULT=$NOTIFY_MODE_BULK -_DEBUG_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh" +_DEBUG_WIKI="https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh" -_PREPARE_LINK="https://github.com/Neilpang/acme.sh/wiki/Install-preparations" +_PREPARE_LINK="https://github.com/acmesh-official/acme.sh/wiki/Install-preparations" -_STATELESS_WIKI="https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode" +_STATELESS_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mode" -_DNS_ALIAS_WIKI="https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode" +_DNS_ALIAS_WIKI="https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode" -_DNS_MANUAL_WIKI="https://github.com/Neilpang/acme.sh/wiki/dns-manual-mode" +_DNS_MANUAL_WIKI="https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode" -_NOTIFY_WIKI="https://github.com/Neilpang/acme.sh/wiki/notify" +_NOTIFY_WIKI="https://github.com/acmesh-official/acme.sh/wiki/notify" -_SUDO_WIKI="https://github.com/Neilpang/acme.sh/wiki/sudo" +_SUDO_WIKI="https://github.com/acmesh-official/acme.sh/wiki/sudo" _DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead." @@ -6333,7 +6333,7 @@ _getMasterHash() { if [ -z "$_b" ]; then _b="master" fi - _hash_url="https://api.github.com/repos/Neilpang/acme.sh/git/refs/heads/$_b" + _hash_url="https://api.github.com/repos/acmesh-official/$PROJECT_NAME/git/refs/heads/$_b" _get $_hash_url | tr -d "\r\n" | tr '{},' '\n' | grep '"sha":' | cut -d '"' -f 4 } From d795fac37a3ea23b3e3fa1babf685f1e2c079ad3 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 30 Jan 2020 12:06:39 +0800 Subject: [PATCH 39/40] update repo name --- .github/ISSUE_TEMPLATE.md | 4 +- .github/PULL_REQUEST_TEMPLATE.md | 2 +- .travis.yml | 2 +- README.md | 86 ++++++++++++++++---------------- deploy/README.md | 2 +- deploy/docker.sh | 2 +- dnsapi/README.md | 2 +- dnsapi/dns_aws.sh | 2 +- dnsapi/dns_azure.sh | 2 +- dnsapi/dns_cyon.sh | 2 +- dnsapi/dns_easydns.sh | 2 +- dnsapi/dns_freedns.sh | 2 +- dnsapi/dns_lexicon.sh | 2 +- dnsapi/dns_miab.sh | 2 +- dnsapi/dns_myapi.sh | 4 +- dnsapi/dns_openprovider.sh | 2 +- dnsapi/dns_ovh.sh | 4 +- dnsapi/dns_pleskxml.sh | 2 +- dnsapi/dns_rackspace.sh | 2 +- dnsapi/dns_servercow.sh | 2 +- 20 files changed, 65 insertions(+), 65 deletions(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 53112c6f..c9c1b555 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -2,7 +2,7 @@ 我很忙, 每天可能只有 几秒钟 时间看你的 issue, 如果不按照我的要求写 issue, 你可能不会得到任何回复, 石沉大海. 请确保已经更新到最新的代码, 然后贴上来 `--debug 2` 的调试输出. 没有调试信息. 我做不了什么. -如何调试 https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh +如何调试 https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh If it is a bug report: - make sure you are able to repro it on the latest released version. @@ -10,7 +10,7 @@ You can install the latest version by: `acme.sh --upgrade` - Search the existing issues. - Refer to the [WIKI](https://wiki.acme.sh). -- Debug info [Debug](https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh). +- Debug info [Debug](https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh). --> diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 3bd170b7..4f7ceb47 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -3,7 +3,7 @@ Please send to `dev` branch instead. Any PR to `master` branch will NOT be merged. -2. For dns api support, read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide +2. For dns api support, read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide You will NOT get any review without passing this guide. You also need to fix the CI errors. --> \ No newline at end of file diff --git a/.travis.yml b/.travis.yml index 1264803e..155ec64b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,7 +28,7 @@ script: - if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -V ; fi - if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" ; fi - cd .. - - git clone --depth 1 https://github.com/Neilpang/acmetest.git && cp -r acme.sh acmetest/ && cd acmetest + - git clone --depth 1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ && cd acmetest - if [ "$TRAVIS_OS_NAME" = "linux" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./rundocker.sh testplat ubuntu:latest ; fi - if [ "$TRAVIS_OS_NAME" = "osx" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ACME_OPENSSL_BIN="$ACME_OPENSSL_BIN" ./letest.sh ; fi diff --git a/README.md b/README.md index d5012d68..d71c3c57 100644 --- a/README.md +++ b/README.md @@ -17,14 +17,14 @@ It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt. -Wiki: https://github.com/Neilpang/acme.sh/wiki +Wiki: https://github.com/acmesh-official/acme.sh/wiki -For Docker Fans: [acme.sh :two_hearts: Docker ](https://github.com/Neilpang/acme.sh/wiki/Run-acme.sh-in-docker) +For Docker Fans: [acme.sh :two_hearts: Docker ](https://github.com/acmesh-official/acme.sh/wiki/Run-acme.sh-in-docker) Twitter: [@neilpangxa](https://twitter.com/neilpangxa) -# [中文说明](https://github.com/Neilpang/acme.sh/wiki/%E8%AF%B4%E6%98%8E) +# [中文说明](https://github.com/acmesh-official/acme.sh/wiki/%E8%AF%B4%E6%98%8E) # Who: - [FreeBSD.org](https://blog.crashed.org/letsencrypt-in-freebsd-org/) @@ -40,41 +40,41 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) - [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient) - [CentOS Web Panel](http://centos-webpanel.com/) - [lnmp.org](https://lnmp.org/) -- [more...](https://github.com/Neilpang/acme.sh/wiki/Blogs-and-tutorials) +- [more...](https://github.com/acmesh-official/acme.sh/wiki/Blogs-and-tutorials) # Tested OS | NO | Status| Platform| |----|-------|---------| -|1|[![](https://neilpang.github.io/acmetest/status/ubuntu-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)| Ubuntu -|2|[![](https://neilpang.github.io/acmetest/status/debian-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)| Debian -|3|[![](https://neilpang.github.io/acmetest/status/centos-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|CentOS -|4|[![](https://neilpang.github.io/acmetest/status/windows-cygwin.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Windows (cygwin with curl, openssl and crontab included) -|5|[![](https://neilpang.github.io/acmetest/status/freebsd.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|FreeBSD -|6|[![](https://neilpang.github.io/acmetest/status/pfsense.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|pfsense -|7|[![](https://neilpang.github.io/acmetest/status/opensuse-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|openSUSE -|8|[![](https://neilpang.github.io/acmetest/status/alpine-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Alpine Linux (with curl) -|9|[![](https://neilpang.github.io/acmetest/status/base-archlinux.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Archlinux -|10|[![](https://neilpang.github.io/acmetest/status/fedora-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|fedora -|11|[![](https://neilpang.github.io/acmetest/status/kalilinux-kali-linux-docker.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Kali Linux -|12|[![](https://neilpang.github.io/acmetest/status/oraclelinux-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Oracle Linux -|13|[![](https://neilpang.github.io/acmetest/status/proxmox.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)| Proxmox https://pve.proxmox.com/wiki/HTTPSCertificateConfiguration#Let.27s_Encrypt_using_acme.sh -|14|-----| Cloud Linux https://github.com/Neilpang/le/issues/111 -|15|[![](https://neilpang.github.io/acmetest/status/openbsd.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|OpenBSD -|16|[![](https://neilpang.github.io/acmetest/status/mageia.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Mageia -|17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/Neilpang/acme.sh/wiki/How-to-run-on-OpenWRT) -|18|[![](https://neilpang.github.io/acmetest/status/solaris.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|SunOS/Solaris -|19|[![](https://neilpang.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Gentoo Linux +|1|[![](https://acmesh-official.github.io/acmetest/status/ubuntu-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Ubuntu +|2|[![](https://acmesh-official.github.io/acmetest/status/debian-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Debian +|3|[![](https://acmesh-official.github.io/acmetest/status/centos-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|CentOS +|4|[![](https://acmesh-official.github.io/acmetest/status/windows-cygwin.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Windows (cygwin with curl, openssl and crontab included) +|5|[![](https://acmesh-official.github.io/acmetest/status/freebsd.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|FreeBSD +|6|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|pfsense +|7|[![](https://acmesh-official.github.io/acmetest/status/opensuse-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|openSUSE +|8|[![](https://acmesh-official.github.io/acmetest/status/alpine-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Alpine Linux (with curl) +|9|[![](https://acmesh-official.github.io/acmetest/status/base-archlinux.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Archlinux +|10|[![](https://acmesh-official.github.io/acmetest/status/fedora-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|fedora +|11|[![](https://acmesh-official.github.io/acmetest/status/kalilinux-kali-linux-docker.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Kali Linux +|12|[![](https://acmesh-official.github.io/acmetest/status/oraclelinux-latest.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Oracle Linux +|13|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox https://pve.proxmox.com/wiki/HTTPSCertificateConfiguration#Let.27s_Encrypt_using_acme.sh +|14|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111 +|15|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|OpenBSD +|16|[![](https://acmesh-official.github.io/acmetest/status/mageia.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Mageia +|17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) +|18|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|SunOS/Solaris +|19|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Gentoo Linux |20|[![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh)|Mac OSX -For all build statuses, check our [weekly build project](https://github.com/Neilpang/acmetest): +For all build statuses, check our [weekly build project](https://github.com/acmesh-official/acmetest): -https://github.com/Neilpang/acmetest +https://github.com/acmesh-official/acmetest # Supported CA - Letsencrypt.org CA(default) -- [BuyPass.com CA](https://github.com/Neilpang/acme.sh/wiki/BuyPass.com-CA) +- [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA) - [Pebble strict Mode](https://github.com/letsencrypt/pebble) # Supported modes @@ -85,15 +85,15 @@ https://github.com/Neilpang/acmetest - Apache mode - Nginx mode - DNS mode -- [DNS alias mode](https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode) -- [Stateless mode](https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode) +- [DNS alias mode](https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode) +- [Stateless mode](https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mode) # 1. How to install ### 1. Install online -Check this project: https://github.com/Neilpang/get.acme.sh +Check this project: https://github.com/acmesh-official/get.acme.sh ```bash curl https://get.acme.sh | sh @@ -111,14 +111,14 @@ wget -O - https://get.acme.sh | sh Clone this project and launch installation: ```bash -git clone https://github.com/Neilpang/acme.sh.git +git clone https://github.com/acmesh-official/acme.sh.git cd ./acme.sh ./acme.sh --install ``` You `don't have to be root` then, although `it is recommended`. -Advanced Installation: https://github.com/Neilpang/acme.sh/wiki/How-to-install +Advanced Installation: https://github.com/acmesh-official/acme.sh/wiki/How-to-install The installer will perform 3 actions: @@ -180,7 +180,7 @@ The certs will be placed in `~/.acme.sh/example.com/` The certs will be renewed automatically every **60** days. -More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert +More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert # 3. Install the cert to Apache/Nginx etc. @@ -226,7 +226,7 @@ Port `80` (TCP) **MUST** be free to listen on, otherwise you will be prompted to acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com ``` -More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert +More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert # 5. Use Standalone ssl server to issue cert @@ -238,7 +238,7 @@ Port `443` (TCP) **MUST** be free to listen on, otherwise you will be prompted t acme.sh --issue --alpn -d example.com -d www.example.com -d cp.example.com ``` -More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert +More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert # 6. Use Apache mode @@ -259,7 +259,7 @@ acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com You will need to configure your website config files to use the cert by yourself. We don't want to mess your apache server, don't worry.** -More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert +More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert # 7. Use Nginx mode @@ -283,7 +283,7 @@ acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com You will need to configure your website config files to use the cert by yourself. We don't want to mess your nginx server, don't worry.** -More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert +More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert # 8. Automatic DNS API integration @@ -293,11 +293,11 @@ You don't have to do anything manually! ### Currently acme.sh supports most of the dns providers: -https://github.com/Neilpang/acme.sh/wiki/dnsapi +https://github.com/acmesh-official/acme.sh/wiki/dnsapi # 9. Use DNS manual mode: -See: https://github.com/Neilpang/acme.sh/wiki/dns-manual-mode first. +See: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode first. If your dns provider doesn't support any api access, you can add the txt record by your hand. @@ -430,12 +430,12 @@ acme.sh --upgrade --auto-upgrade 0 # 15. Issue a cert from an existing CSR -https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR +https://github.com/acmesh-official/acme.sh/wiki/Issue-a-cert-from-existing-CSR # 16. Send notifications in cronjob -https://github.com/Neilpang/acme.sh/wiki/notify +https://github.com/acmesh-official/acme.sh/wiki/notify # 17. Under the Hood @@ -456,7 +456,7 @@ TODO: ### Code Contributors This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)]. - + ### Financial Contributors @@ -487,7 +487,7 @@ License is GPLv3 Please Star and Fork me. -[Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcome. +[Issues](https://github.com/acmesh-official/acme.sh/issues) and [pull requests](https://github.com/acmesh-official/acme.sh/pulls) are welcome. # 20. Donate @@ -495,4 +495,4 @@ Your donation makes **acme.sh** better: 1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/) -[Donate List](https://github.com/Neilpang/acme.sh/wiki/Donate-list) +[Donate List](https://github.com/acmesh-official/acme.sh/wiki/Donate-list) diff --git a/deploy/README.md b/deploy/README.md index fc633ad7..e3f239fa 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -2,5 +2,5 @@ deploy hook usage: -https://github.com/Neilpang/acme.sh/wiki/deployhooks +https://github.com/acmesh-official/acme.sh/wiki/deployhooks diff --git a/deploy/docker.sh b/deploy/docker.sh index 05333b3f..06d79855 100755 --- a/deploy/docker.sh +++ b/deploy/docker.sh @@ -8,7 +8,7 @@ #DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="/path/to/fullchain.pem" #DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="service nginx force-reload" -_DEPLOY_DOCKER_WIKI="https://github.com/Neilpang/acme.sh/wiki/deploy-to-docker-containers" +_DEPLOY_DOCKER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/deploy-to-docker-containers" _DOCKER_HOST_DEFAULT="/var/run/docker.sock" diff --git a/dnsapi/README.md b/dnsapi/README.md index 4fa59cf2..e81f7916 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -2,5 +2,5 @@ DNS api usage: -https://github.com/Neilpang/acme.sh/wiki/dnsapi +https://github.com/acmesh-official/acme.sh/wiki/dnsapi diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 6db87666..0503d0f2 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -12,7 +12,7 @@ AWS_HOST="route53.amazonaws.com" AWS_URL="https://$AWS_HOST" -AWS_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API" +AWS_WIKI="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Amazon-Route53-API" ######## Public functions ##################### diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 8b52dee7..bf7cf2bf 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -1,6 +1,6 @@ #!/usr/bin/env sh -WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-use-Azure-DNS" +WIKI="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Azure-DNS" ######## Public functions ##################### diff --git a/dnsapi/dns_cyon.sh b/dnsapi/dns_cyon.sh index d7ad712c..8db3011d 100644 --- a/dnsapi/dns_cyon.sh +++ b/dnsapi/dns_cyon.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh ######## -# Custom cyon.ch DNS API for use with [acme.sh](https://github.com/Neilpang/acme.sh) +# Custom cyon.ch DNS API for use with [acme.sh](https://github.com/acmesh-official/acme.sh) # # Usage: acme.sh --issue --dns dns_cyon -d www.domain.com # diff --git a/dnsapi/dns_easydns.sh b/dnsapi/dns_easydns.sh index 1d905841..ca8faab2 100644 --- a/dnsapi/dns_easydns.sh +++ b/dnsapi/dns_easydns.sh @@ -8,7 +8,7 @@ # http://sandbox.rest.easydns.net:3000/ # # Author: wurzelpanzer [wurzelpanzer@maximolider.net] -# Report Bugs here: https://github.com/Neilpang/acme.sh/issues/2647 +# Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/2647 # #################### Public functions ################# diff --git a/dnsapi/dns_freedns.sh b/dnsapi/dns_freedns.sh index 6a0b58ac..4a58931f 100755 --- a/dnsapi/dns_freedns.sh +++ b/dnsapi/dns_freedns.sh @@ -7,7 +7,7 @@ # #Author: David Kerr #Report Bugs here: https://github.com/dkerr64/acme.sh -#or here... https://github.com/Neilpang/acme.sh/issues/2305 +#or here... https://github.com/acmesh-official/acme.sh/issues/2305 # ######## Public functions ##################### diff --git a/dnsapi/dns_lexicon.sh b/dnsapi/dns_lexicon.sh index bb9f7efc..516b6eff 100755 --- a/dnsapi/dns_lexicon.sh +++ b/dnsapi/dns_lexicon.sh @@ -5,7 +5,7 @@ # https://github.com/AnalogJ/lexicon lexicon_cmd="lexicon" -wiki="https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api" +wiki="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-lexicon-dns-api" _lexicon_init() { if ! _exists "$lexicon_cmd"; then diff --git a/dnsapi/dns_miab.sh b/dnsapi/dns_miab.sh index 23ff6cee..7e697704 100644 --- a/dnsapi/dns_miab.sh +++ b/dnsapi/dns_miab.sh @@ -10,7 +10,7 @@ # used to communicate with the MailinaBox Custom DNS API # Report Bugs here: # https://github.com/billgertz/MIAB_dns_api (for dns_miab.sh) -# https://github.com/Neilpang/acme.sh (for acme.sh) +# https://github.com/acmesh-official/acme.sh (for acme.sh) # ######## Public functions ##################### diff --git a/dnsapi/dns_myapi.sh b/dnsapi/dns_myapi.sh index 2451d193..7f3c5a86 100755 --- a/dnsapi/dns_myapi.sh +++ b/dnsapi/dns_myapi.sh @@ -7,11 +7,11 @@ #returns 0 means success, otherwise error. # #Author: Neilpang -#Report Bugs here: https://github.com/Neilpang/acme.sh +#Report Bugs here: https://github.com/acmesh-official/acme.sh # ######## Public functions ##################### -# Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide +# Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide #Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns_myapi_add() { diff --git a/dnsapi/dns_openprovider.sh b/dnsapi/dns_openprovider.sh index 1b1b760e..ad1e5838 100755 --- a/dnsapi/dns_openprovider.sh +++ b/dnsapi/dns_openprovider.sh @@ -3,7 +3,7 @@ # This is the OpenProvider API wrapper for acme.sh # # Author: Sylvia van Os -# Report Bugs here: https://github.com/Neilpang/acme.sh/issues/2104 +# Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/2104 # # export OPENPROVIDER_USER="username" # export OPENPROVIDER_PASSWORDHASH="hashed_password" diff --git a/dnsapi/dns_ovh.sh b/dnsapi/dns_ovh.sh index 65567efd..7c18d009 100755 --- a/dnsapi/dns_ovh.sh +++ b/dnsapi/dns_ovh.sh @@ -32,9 +32,9 @@ SYS_CA='https://ca.api.soyoustart.com/1.0' #'runabove-ca' RAV_CA='https://api.runabove.com/1.0' -wiki="https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api" +wiki="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-OVH-domain-api" -ovh_success="https://github.com/Neilpang/acme.sh/wiki/OVH-Success" +ovh_success="https://github.com/acmesh-official/acme.sh/wiki/OVH-Success" _ovh_get_api() { _ogaep="$1" diff --git a/dnsapi/dns_pleskxml.sh b/dnsapi/dns_pleskxml.sh index c5d9e544..fe18bef4 100644 --- a/dnsapi/dns_pleskxml.sh +++ b/dnsapi/dns_pleskxml.sh @@ -2,7 +2,7 @@ ## Name: dns_pleskxml.sh ## Created by Stilez. -## Also uses some code from PR#1832 by @romanlum (https://github.com/Neilpang/acme.sh/pull/1832/files) +## Also uses some code from PR#1832 by @romanlum (https://github.com/acmesh-official/acme.sh/pull/1832/files) ## This DNS-01 method uses the Plesk XML API described at: ## https://docs.plesk.com/en-US/12.5/api-rpc/about-xml-api.28709 diff --git a/dnsapi/dns_rackspace.sh b/dnsapi/dns_rackspace.sh index 3939fd81..159671f9 100644 --- a/dnsapi/dns_rackspace.sh +++ b/dnsapi/dns_rackspace.sh @@ -9,7 +9,7 @@ RACKSPACE_Endpoint="https://dns.api.rackspacecloud.com/v1.0" # 20190213 - The name & id fields swapped in the API response; fix sed # 20190101 - Duplicating file for new pull request to dev branch -# Original - tcocca:rackspace_dnsapi https://github.com/Neilpang/acme.sh/pull/1297 +# Original - tcocca:rackspace_dnsapi https://github.com/acmesh-official/acme.sh/pull/1297 ######## Public functions ##################### #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" diff --git a/dnsapi/dns_servercow.sh b/dnsapi/dns_servercow.sh index be4e59da..e73d85b0 100755 --- a/dnsapi/dns_servercow.sh +++ b/dnsapi/dns_servercow.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh ########## -# Custom servercow.de DNS API v1 for use with [acme.sh](https://github.com/Neilpang/acme.sh) +# Custom servercow.de DNS API v1 for use with [acme.sh](https://github.com/acmesh-official/acme.sh) # # Usage: # export SERVERCOW_API_Username=username From d610eb15d8b8f7ea4f9a407ee230d4822e510b65 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 30 Jan 2020 12:44:02 +0800 Subject: [PATCH 40/40] update repo name --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d71c3c57..d1c793d4 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh) +# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh) [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) - An ACME protocol client written purely in Shell (Unix shell) language. @@ -65,7 +65,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa) |17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) |18|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|SunOS/Solaris |19|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)|Gentoo Linux -|20|[![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh)|Mac OSX +|20|[![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh)|Mac OSX For all build statuses, check our [weekly build project](https://github.com/acmesh-official/acmetest):