From 6d5743c506b13edc35cb0b2b2bee35b1d3b783e0 Mon Sep 17 00:00:00 2001 From: Paul Lettington Date: Thu, 12 May 2022 18:57:32 +0100 Subject: [PATCH 01/12] Squash new lines in API response --- dnsapi/dns_aws.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 14a4594d..37ac5156 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -179,7 +179,7 @@ _get_root() { fi if _contains "$response" "$h."; then - hostedzone="$(echo "$response" | sed 's//#&/g' | tr '#' '\n' | _egrep_o "[^<]*<.Id>$h.<.Name>.*false<.PrivateZone>.*<.HostedZone>")" + hostedzone="$(echo "$response" | tr -d '\n' | sed 's//#&/g' | tr '#' '\n' | _egrep_o "[^<]*<.Id>$h.<.Name>.*false<.PrivateZone>.*<.HostedZone>")" _debug hostedzone "$hostedzone" if [ "$hostedzone" ]; then _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o ".*<.Id>" | head -n 1 | _egrep_o ">.*<" | tr -d "<>") From 444a0282d7ac7e2fba871011823c00dd374f215e Mon Sep 17 00:00:00 2001 From: Bob Belnap Date: Tue, 31 May 2022 11:41:22 -0400 Subject: [PATCH 02/12] rename _error _err When there are errors with namecheap hosts, acme.sh fails with: dns_namecheap.sh: line 262: _error: command not found Based on usage elsewhere in the file, I believe this should be _err --- dnsapi/dns_namecheap.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh index d15d6b0e..dcd87723 100755 --- a/dnsapi/dns_namecheap.sh +++ b/dnsapi/dns_namecheap.sh @@ -259,7 +259,7 @@ _set_namecheap_TXT() { _debug hosts "$hosts" if [ -z "$hosts" ]; then - _error "Hosts not found" + _err "Hosts not found" return 1 fi @@ -313,7 +313,7 @@ _del_namecheap_TXT() { _debug hosts "$hosts" if [ -z "$hosts" ]; then - _error "Hosts not found" + _err "Hosts not found" return 1 fi From 5440fcdf54e3402c6089c79a3e5c5c79758280c3 Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 1 Jun 2022 18:05:51 +0800 Subject: [PATCH 03/12] check the file path before copying --- acme.sh | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/acme.sh b/acme.sh index 260733a2..bc667359 100755 --- a/acme.sh +++ b/acme.sh @@ -5752,7 +5752,9 @@ _installcert() { if [ -f "$_real_cert" ] && [ ! "$_ACME_IS_RENEW" ]; then cp "$_real_cert" "$_backup_path/cert.bak" fi - cat "$CERT_PATH" >"$_real_cert" || return 1 + if [ "$CERT_PATH" != "$_real_cert" ]; then + cat "$CERT_PATH" >"$_real_cert" || return 1 + fi fi if [ "$_real_ca" ]; then @@ -5764,7 +5766,9 @@ _installcert() { if [ -f "$_real_ca" ] && [ ! "$_ACME_IS_RENEW" ]; then cp "$_real_ca" "$_backup_path/ca.bak" fi - cat "$CA_CERT_PATH" >"$_real_ca" || return 1 + if [ "$CA_CERT_PATH" != "$_real_ca" ]; then + cat "$CA_CERT_PATH" >"$_real_ca" || return 1 + fi fi fi @@ -5773,12 +5777,14 @@ _installcert() { if [ -f "$_real_key" ] && [ ! "$_ACME_IS_RENEW" ]; then cp "$_real_key" "$_backup_path/key.bak" fi - if [ -f "$_real_key" ]; then - cat "$CERT_KEY_PATH" >"$_real_key" || return 1 - else - touch "$_real_key" || return 1 - chmod 600 "$_real_key" - cat "$CERT_KEY_PATH" >"$_real_key" || return 1 + if [ "$CERT_KEY_PATH" != "$_real_key" ]; then + if [ -f "$_real_key" ]; then + cat "$CERT_KEY_PATH" >"$_real_key" || return 1 + else + touch "$_real_key" || return 1 + chmod 600 "$_real_key" + cat "$CERT_KEY_PATH" >"$_real_key" || return 1 + fi fi fi @@ -5787,7 +5793,9 @@ _installcert() { if [ -f "$_real_fullchain" ] && [ ! "$_ACME_IS_RENEW" ]; then cp "$_real_fullchain" "$_backup_path/fullchain.bak" fi - cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1 + if [ "$_real_fullchain" != "$CERT_FULLCHAIN_PATH" ]; then + cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1 + fi fi if [ "$_reload_cmd" ]; then From 8a144ebfee0b0ffba5a7712cb97086ae1da79fde Mon Sep 17 00:00:00 2001 From: neilpang Date: Wed, 1 Jun 2022 18:06:14 +0800 Subject: [PATCH 04/12] fix https://github.com/acmesh-official/acme.sh/issues/4117 --- dnsapi/dns_cyon.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_cyon.sh b/dnsapi/dns_cyon.sh index 2c08812b..830e8831 100644 --- a/dnsapi/dns_cyon.sh +++ b/dnsapi/dns_cyon.sh @@ -44,7 +44,7 @@ dns_cyon_rm() { _cyon_load_credentials() { # Convert loaded password to/from base64 as needed. if [ "${CY_Password_B64}" ]; then - CY_Password="$(printf "%s" "${CY_Password_B64}" | _dbase64 "multiline")" + CY_Password="$(printf "%s" "${CY_Password_B64}" | _dbase64)" elif [ "${CY_Password}" ]; then CY_Password_B64="$(printf "%s" "${CY_Password}" | _base64)" fi From c2b14d307587f46cf305a8c73cebb8315673b2d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reto=20Sch=C3=BCttel?= Date: Wed, 1 Jun 2022 16:51:01 +0200 Subject: [PATCH 05/12] dns_gcloud: disable argument parsing for challenges fixes #3596 --- dnsapi/dns_gcloud.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_gcloud.sh b/dnsapi/dns_gcloud.sh index d560996c..bda5cbd7 100755 --- a/dnsapi/dns_gcloud.sh +++ b/dnsapi/dns_gcloud.sh @@ -98,7 +98,7 @@ _dns_gcloud_remove_rrs() { --ttl="$ttl" \ --type=TXT \ --zone="$managedZone" \ - --transaction-file="$tr"; then + --transaction-file="$tr" --; then _debug tr "$(cat "$tr")" rm -r "$trd" _err "_dns_gcloud_remove_rrs: failed to remove RRs" @@ -113,7 +113,7 @@ _dns_gcloud_add_rrs() { --ttl="$ttl" \ --type=TXT \ --zone="$managedZone" \ - --transaction-file="$tr"; then + --transaction-file="$tr" --; then _debug tr "$(cat "$tr")" rm -r "$trd" _err "_dns_gcloud_add_rrs: failed to add RRs" From f426940bd2723647c03d936f6e166c3c51f1c57f Mon Sep 17 00:00:00 2001 From: rm Date: Sat, 4 Jun 2022 20:24:33 +0200 Subject: [PATCH 06/12] check all pages first, the go up --- dnsapi/dns_aws.sh | 46 +++++++++++++++++++++------------------------- 1 file changed, 21 insertions(+), 25 deletions(-) diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 376936f5..c5241258 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -155,29 +155,16 @@ _get_root() { i=1 p=1 - if aws_rest GET "2013-04-01/hostedzone"; then - while true; do - h=$(printf "%s" "$domain" | cut -d . -f $i-100) - _debug2 "Checking domain: $h" - if [ -z "$h" ]; then - if _contains "$response" "true" && _contains "$response" ""; then - _debug "IsTruncated" - _nextMarker="$(echo "$response" | _egrep_o ".*" | cut -d '>' -f 2 | cut -d '<' -f 1)" - _debug "NextMarker" "$_nextMarker" - if aws_rest GET "2013-04-01/hostedzone" "marker=$_nextMarker"; then - _debug "Truncated request OK" - i=2 - p=1 - continue - else - _err "Truncated request error." - fi - fi - #not valid - _err "Invalid domain" - return 1 - fi + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug "Checking domain: $h" + if [ -z "$h" ]; then + _error "invalid domain" + return 1 + fi + aws_rest GET "2013-04-01/hostedzone" + while true; do if _contains "$response" "$h."; then hostedzone="$(echo "$response" | sed 's//#&/g' | tr '#' '\n' | _egrep_o "[^<]*<.Id>$h.<.Name>.*false<.PrivateZone>.*<.HostedZone>")" _debug hostedzone "$hostedzone" @@ -192,10 +179,19 @@ _get_root() { return 1 fi fi - p=$i - i=$(_math "$i" + 1) + if _contains "$response" "true" && _contains "$response" ""; then + _debug "IsTruncated" + _nextMarker="$(echo "$response" | _egrep_o ".*" | cut -d '>' -f 2 | cut -d '<' -f 1)" + _debug "NextMarker" "$_nextMarker" + else + break + fi + _debug "Checking domain: $h - Next Page " + aws_rest GET "2013-04-01/hostedzone" "marker=$_nextMarker" done - fi + p=$i + i=$(_math "$i" + 1) + done return 1 } From e48d7de7636e10f7ab667766a703babd5eb74643 Mon Sep 17 00:00:00 2001 From: rm Date: Sun, 5 Jun 2022 15:46:42 +0200 Subject: [PATCH 07/12] push to run actions --- dnsapi/dns_aws.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index c5241258..1fcdb149 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -155,6 +155,7 @@ _get_root() { i=1 p=1 + # iterate over names (a.b.c.d -> b.c.d -> c.d -> d) while true; do h=$(printf "%s" "$domain" | cut -d . -f $i-100) _debug "Checking domain: $h" @@ -163,6 +164,7 @@ _get_root() { return 1 fi + # iterate over paginated result for list_hosted_zones aws_rest GET "2013-04-01/hostedzone" while true; do if _contains "$response" "$h."; then From b5f49d9563e3daab9fdc24af3e2e27edcc42d956 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guilherme=20Capil=C3=A9?= Date: Mon, 6 Jun 2022 19:57:35 -0300 Subject: [PATCH 08/12] fixed compatibility for UltraDNS API v3: https://docs.ultradns.neustar/Content/REST%20API/Content/REST%20API/Zone%20API/Zone%20API.htm; also a minor bugfix for fecthing the domain_id using egrep --- dnsapi/dns_ultra.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/dnsapi/dns_ultra.sh b/dnsapi/dns_ultra.sh index 0100b3b7..9337ad4a 100644 --- a/dnsapi/dns_ultra.sh +++ b/dnsapi/dns_ultra.sh @@ -5,7 +5,8 @@ # # ULTRA_PWD="some_password_goes_here" -ULTRA_API="https://restapi.ultradns.com/v2/" +ULTRA_API="https://api.ultradns.com/v3/" +ULTRA_AUTH_API="https://api.ultradns.com/v2/" #Usage: add _acme-challenge.www.domain.com "some_long_string_of_characters_go_here_from_lets_encrypt" dns_ultra_add() { @@ -121,7 +122,7 @@ _get_root() { return 1 fi if _contains "${response}" "${h}." >/dev/null; then - _domain_id=$(echo "$response" | _egrep_o "${h}") + _domain_id=$(echo "$response" | _egrep_o "${h}" | head -1) if [ "$_domain_id" ]; then _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _domain="${h}" @@ -142,23 +143,25 @@ _ultra_rest() { ep="$2" data="$3" _debug "$ep" + if [ -z "$AUTH_TOKEN" ]; then + _ultra_login + fi _debug TOKEN "${AUTH_TOKEN}" - _ultra_login export _H1="Content-Type: application/json" export _H2="Authorization: Bearer ${AUTH_TOKEN}" if [ "$m" != "GET" ]; then _debug data "${data}" - response="$(_post "${data}" "${ULTRA_API}"/"${ep}" "" "${m}")" + response="$(_post "${data}" "${ULTRA_API}${ep}" "" "${m}")" else - response="$(_get "$ULTRA_API/$ep")" + response="$(_get "$ULTRA_API$ep")" fi } _ultra_login() { export _H1="" export _H2="" - AUTH_TOKEN=$(_post "grant_type=password&username=${ULTRA_USR}&password=${ULTRA_PWD}" "${ULTRA_API}authorization/token" | cut -d, -f3 | cut -d\" -f4) + AUTH_TOKEN=$(_post "grant_type=password&username=${ULTRA_USR}&password=${ULTRA_PWD}" "${ULTRA_AUTH_API}authorization/token" | cut -d, -f3 | cut -d\" -f4) export AUTH_TOKEN } From 4f816c06b01950559916eb0ad2f7205749c8729f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Guilherme=20Capil=C3=A9?= Date: Tue, 7 Jun 2022 11:59:34 -0300 Subject: [PATCH 09/12] variable expansion consistency & actions push --- dnsapi/dns_ultra.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_ultra.sh b/dnsapi/dns_ultra.sh index 9337ad4a..0f26bd97 100644 --- a/dnsapi/dns_ultra.sh +++ b/dnsapi/dns_ultra.sh @@ -146,14 +146,14 @@ _ultra_rest() { if [ -z "$AUTH_TOKEN" ]; then _ultra_login fi - _debug TOKEN "${AUTH_TOKEN}" + _debug TOKEN "$AUTH_TOKEN" export _H1="Content-Type: application/json" - export _H2="Authorization: Bearer ${AUTH_TOKEN}" + export _H2="Authorization: Bearer $AUTH_TOKEN" if [ "$m" != "GET" ]; then - _debug data "${data}" - response="$(_post "${data}" "${ULTRA_API}${ep}" "" "${m}")" + _debug data "$data" + response="$(_post "$data" "$ULTRA_API$ep" "" "$m")" else response="$(_get "$ULTRA_API$ep")" fi From b169a5c707786b50ef9a71a8e1e13e3ee9a20ee3 Mon Sep 17 00:00:00 2001 From: Debian Bear Date: Wed, 8 Jun 2022 22:44:10 +0800 Subject: [PATCH 10/12] change _dbase64 to single line --- deploy/qiniu.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/qiniu.sh b/deploy/qiniu.sh index 70669917..02250ed3 100644 --- a/deploy/qiniu.sh +++ b/deploy/qiniu.sh @@ -53,7 +53,7 @@ qiniu_deploy() { sslcert_access_token="$(_make_access_token "$sslcert_path")" _debug sslcert_access_token "$sslcert_access_token" export _H1="Authorization: QBox $sslcert_access_token" - sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64 "multiline") + sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64) if ! _contains "$sslcert_response" "certID"; then _err "Error in creating certificate:" @@ -75,7 +75,7 @@ qiniu_deploy() { update_access_token="$(_make_access_token "$update_path")" _debug update_access_token "$update_access_token" export _H1="Authorization: QBox $update_access_token" - update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64 "multiline") + update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64) if _contains "$update_response" "error"; then _err "Error in updating domain $domain httpsconf:" From 6ccf617d62f1d73dc9fa2afbea8ca080be294194 Mon Sep 17 00:00:00 2001 From: neilpang Date: Tue, 21 Jun 2022 10:12:06 +0800 Subject: [PATCH 11/12] clear CF_Zone_ID --- dnsapi/dns_cf.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns_cf.sh b/dnsapi/dns_cf.sh index c2430086..cd8d9a8d 100755 --- a/dnsapi/dns_cf.sh +++ b/dnsapi/dns_cf.sh @@ -32,7 +32,8 @@ dns_cf_add() { else _saveaccountconf_mutable CF_Token "$CF_Token" _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID" - _saveaccountconf_mutable CF_Zone_ID "$CF_Zone_ID" + _clearaccountconf_mutable CF_Zone_ID + _clearaccountconf CF_Zone_ID fi else if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then @@ -51,6 +52,14 @@ dns_cf_add() { #save the api key and email to the account conf file. _saveaccountconf_mutable CF_Key "$CF_Key" _saveaccountconf_mutable CF_Email "$CF_Email" + + _clearaccountconf_mutable CF_Token + _clearaccountconf_mutable CF_Account_ID + _clearaccountconf_mutable CF_Zone_ID + _clearaccountconf CF_Token + _clearaccountconf CF_Account_ID + _clearaccountconf CF_Zone_ID + fi _debug "First detect the root zone" From 7746042adc3879abf3fe14c69c60b83173f7b94a Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 30 Jun 2022 23:07:18 +0800 Subject: [PATCH 12/12] fix https://github.com/acmesh-official/acme.sh/issues/4160 fix https://github.com/acmesh-official/acme.sh/issues/4160 --- acme.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/acme.sh b/acme.sh index bc667359..86e4ccf1 100755 --- a/acme.sh +++ b/acme.sh @@ -435,8 +435,10 @@ _secure_debug3() { fi } +__USE_TR_RAW="$([ "$(echo "abc" | tr a-z A-Z 2>/dev/null)" = "ABC" ] && echo 1 || echo 0)" + _upper_case() { - if _is_solaris; then + if [ "$__USE_TR_RAW" = "0" ]; then tr '[:lower:]' '[:upper:]' else # shellcheck disable=SC2018,SC2019 @@ -445,7 +447,7 @@ _upper_case() { } _lower_case() { - if _is_solaris; then + if [ "$__USE_TR_RAW" = "0" ]; then tr '[:upper:]' '[:lower:]' else # shellcheck disable=SC2018,SC2019