@ -7,7 +7,7 @@
#OPNs_Port="443"
#OPNs_Key="qocfU9RSbt8vTIBcnW8bPqCrpfAHMDvj5OzadE7Str+rbjyCyk7u6yMrSCHtBXabgDDXx/dY0POUp7ZA"
#OPNs_Token="pZEQ+3ce8dDlfBBdg3N8EpqpF5I1MhFqdxX06le6Gl8YzyQvYCfCzNaFX9O9+IOSyAs7X71fwdRiZ+Lv"
#OPNs_Api_Insecure=1 # Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1)
#OPNs_Api_Insecure=0 # Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1)
######## Public functions #####################
#Usage: add _acme-challenge.www.domain.com "123456789ABCDEF0000000000000000000000000000000000000"
@ -74,8 +74,7 @@ set_record() {
fi
fi
if echo " $_return_str " | _egrep_o "\"result\":\"saved\"" >/dev/null
then
if echo " $_return_str " | _egrep_o "\"result\":\"saved\"" >/dev/null; then
_opns_rest "POST" "/service/reconfigure" "{}"
_debug "Record created"
else
@ -103,8 +102,8 @@ rm_record() {
_uuid = ""
if _existingchallenge " $_domain " " $_host " " $new_challenge " ; then
# Delete
if _opns_rest "POST" " /record/delRecord/ ${ _uuid } " "\{\}" ; then
if echo " $_return_str " | _egrep_o "result" :"deleted " >/dev/null; then
if _opns_rest "POST" " /record/delRecord/ ${ _uuid } " "\{\}" ; then
if echo " $_return_str " | _egrep_o "\"result\":\"deleted\" " >/dev/null; then
_opns_rest "POST" "/service/reconfigure" "{}"
_debug "Record deleted"
else
@ -112,8 +111,8 @@ rm_record() {
return 1
fi
else
_err " Error delteting record $fulldomain "
return 1
_err " Error delteting record $fulldomain "
return 1
fi
else
_info "Record not found, nothing to remove"
@ -126,7 +125,7 @@ rm_record() {
#_acme-challenge.www.domain.com
#returns
# _domainid=domid
#_domain=domain.com
#_domain=domain.com
_get_root( ) {
domain = $1
i = 2
@ -144,9 +143,9 @@ _get_root() {
return 1
fi
_debug h " $h "
id = $( echo $_domain_response | _egrep_o " \"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":\"[^\"]*\",\"domainname\":\" ${ h } \" " | cut -d ':' -f 1 | cut -d '"' -f 2 )
id = $( echo " $_domain_response " | _egrep_o " \"[^\"]*\":{\"enabled\":\"1\",\"type\":{\"master\":{\"value\":\"master\",\"selected\":1},\"slave\":{\"value\":\"slave\",\"selected\":0}},\"masterip\":\"[^\"]*\",\"domainname\":\" ${ h } \" " | cut -d ':' -f 1 | cut -d '"' -f 2)
if [ -n " $id " ] ; then
if [ -n " $id " ] ; then
_debug id " $id "
_host = $( printf "%s" " $domain " | cut -d . -f 1-$p )
_domain = " ${ h } "
@ -166,8 +165,8 @@ _opns_rest() {
ep = $2
data = $3
#Percent encode user and token
key = $( echo $OPNs_Key | tr -d "\n\r" | _url_encode )
token = $( echo $OPNs_Token | tr -d "\n\r" | _url_encode )
key = $( echo " $OPNs_Key " | tr -d "\n\r" | _url_encode)
token = $( echo " $OPNs_Token " | tr -d "\n\r" | _url_encode)
opnsense_url = " https:// ${ key } : ${ token } @ ${ OPNs_Host } : ${ OPNs_Port } /api/bind ${ ep } "
export _H1 = "Content-Type: application/json"
@ -200,9 +199,9 @@ _existingchallenge() {
return 1
fi
_uuid = ""
_uuid = $( echo $_record_response | _egrep_o " \"uuid\":\"[^\"]*\",\"enabled\":\"[01]\",\"domain\":\" $1 \",\"name\":\" $2 \",\"type\":\"TXT\",\"value\":\" $3 \" " | cut -d ':' -f 2 | cut -d '"' -f 2 )
_uuid = $( echo " $_record_response " | _egrep_o " \"uuid\":\"[^\"]*\",\"enabled\":\"[01]\",\"domain\":\" $1 \",\"name\":\" $2 \",\"type\":\"TXT\",\"value\":\" $3 \" " | cut -d ':' -f 2 | cut -d '"' -f 2)
if [ -n " $_uuid " ] ; then
if [ -n " $_uuid " ] ; then
_debug uuid " $_uuid "
return 0
fi
@ -254,7 +253,7 @@ _opns_check_auth() {
_saveaccountconf_mutable OPNs_Api_Insecure " $OPNs_Api_Insecure "
export HTTPS_INSECURE = " ${ OPNs_Api_Insecure } "
if ! _opns_rest "GET" "/general/get" ; then
if ! _opns_rest "GET" "/general/get" ; then
_err "Can't Access OPNsense"
return 1
fi
Jesai Langenbach
5 years ago