Merge pull request #4532 from acmesh-official/dev

sync

acme.sh

@@ -2229,6 +2229,16 @@ _send_signed_request() {
         _debug3 _body "$_body"
       fi
 
+      _retryafter=$(echo "$responseHeaders" | grep -i "^Retry-After *:" | cut -d : -f 2 | tr -d ' ' | tr -d '\r')
+      if [ "$code" = '503' ] || [ "$_retryafter" ]; then
+        _sleep_overload_retry_sec=$_retryafter
+        if [ -z "$_sleep_overload_retry_sec" ]; then
+          _sleep_overload_retry_sec=5
+        fi
+        _info "It seems the CA server is currently overloaded, let's wait and retry. Sleeping $_sleep_overload_retry_sec seconds."
+        _sleep $_sleep_overload_retry_sec
+        continue
+      fi
       if _contains "$_body" "JWS has invalid anti-replay nonce" || _contains "$_body" "JWS has an invalid anti-replay nonce"; then
         _info "It seems the CA server is busy now, let's wait and retry. Sleeping $_sleep_retry_sec seconds."
         _CACHED_NONCE=""

dnsapi/dns_ipv64.sh

@@ -0,0 +1,157 @@
+#!/usr/bin/env sh
+
+#Created by Roman Lumetsberger, to use ipv64.net's API to add/remove text records
+#2022/11/29
+
+# Pass credentials before "acme.sh --issue --dns dns_ipv64 ..."
+# --
+# export IPv64_Token="aaaaaaaaaaaaaaaaaaaaaaaaaa"
+# --
+#
+
+IPv64_API="https://ipv64.net/api"
+
+########  Public functions ######################
+
+#Usage: dns_ipv64_add _acme-challenge.domain.ipv64.net "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_ipv64_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  IPv64_Token="${IPv64_Token:-$(_readaccountconf_mutable IPv64_Token)}"
+  if [ -z "$IPv64_Token" ]; then
+    _err "You must export variable: IPv64_Token"
+    _err "The API Key for your IPv64 account is necessary."
+    _err "You can look it up in your IPv64 account."
+    return 1
+  fi
+
+  # Now save the credentials.
+  _saveaccountconf_mutable IPv64_Token "$IPv64_Token"
+
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain" "$fulldomain"
+    return 1
+  fi
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  # convert to lower case
+  _domain="$(echo "$_domain" | _lower_case)"
+  _sub_domain="$(echo "$_sub_domain" | _lower_case)"
+  # Now add the TXT record
+  _info "Trying to add TXT record"
+  if _ipv64_rest "POST" "add_record=$_domain&praefix=$_sub_domain&type=TXT&content=$txtvalue"; then
+    _info "TXT record has been successfully added."
+    return 0
+  else
+    _err "Errors happened during adding the TXT record, response=$_response"
+    return 1
+  fi
+
+}
+
+#Usage: fulldomain txtvalue
+#Usage: dns_ipv64_rm _acme-challenge.domain.ipv64.net "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+#Remove the txt record after validation.
+dns_ipv64_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  IPv64_Token="${IPv64_Token:-$(_readaccountconf_mutable IPv64_Token)}"
+  if [ -z "$IPv64_Token" ]; then
+    _err "You must export variable: IPv64_Token"
+    _err "The API Key for your IPv64 account is necessary."
+    _err "You can look it up in your IPv64 account."
+    return 1
+  fi
+
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain" "$fulldomain"
+    return 1
+  fi
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  # convert to lower case
+  _domain="$(echo "$_domain" | _lower_case)"
+  _sub_domain="$(echo "$_sub_domain" | _lower_case)"
+  # Now delete the TXT record
+  _info "Trying to delete TXT record"
+  if _ipv64_rest "DELETE" "del_record=$_domain&praefix=$_sub_domain&type=TXT&content=$txtvalue"; then
+    _info "TXT record has been successfully deleted."
+    return 0
+  else
+    _err "Errors happened during deleting the TXT record, response=$_response"
+    return 1
+  fi
+
+}
+
+####################  Private functions below ##################################
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+_get_root() {
+  domain="$1"
+  i=1
+  p=1
+
+  _ipv64_get "get_domains"
+  domain_data=$_response
+
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+
+    #if _contains "$domain_data" "\""$h"\"\:"; then
+    if _contains "$domain_data" "\"""$h""\"\:"; then
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
+      _domain="$h"
+      return 0
+    fi
+    p=$i
+    i=$(_math "$i" + 1)
+  done
+  return 1
+}
+
+#send get request to api
+# $1 has to set the api-function
+_ipv64_get() {
+  url="$IPv64_API?$1"
+  export _H1="Authorization: Bearer $IPv64_Token"
+
+  _response=$(_get "$url")
+  _response="$(echo "$_response" | _normalizeJson)"
+
+  if _contains "$_response" "429 Too Many Requests"; then
+    _info "API throttled, sleeping to reset the limit"
+    _sleep 10
+    _response=$(_get "$url")
+    _response="$(echo "$_response" | _normalizeJson)"
+  fi
+}
+
+_ipv64_rest() {
+  url="$IPv64_API"
+  export _H1="Authorization: Bearer $IPv64_Token"
+  export _H2="Content-Type: application/x-www-form-urlencoded"
+  _response=$(_post "$2" "$url" "" "$1")
+
+  if _contains "$_response" "429 Too Many Requests"; then
+    _info "API throttled, sleeping to reset the limit"
+    _sleep 10
+    _response=$(_post "$2" "$url" "" "$1")
+  fi
+
+  if ! _contains "$_response" "\"info\":\"success\""; then
+    return 1
+  fi
+  _debug2 response "$_response"
+  return 0
+}

dnsapi/dns_nanelo.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env sh
+
+# Official DNS API for Nanelo.com
+
+# Provide the required API Key like this:
+# NANELO_TOKEN="FmD408PdqT1E269gUK57"
+
+NANELO_API="https://api.nanelo.com/v1/"
+
+########  Public functions #####################
+
+# Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_nanelo_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  NANELO_TOKEN="${NANELO_TOKEN:-$(_readaccountconf_mutable NANELO_TOKEN)}"
+  if [ -z "$NANELO_TOKEN" ]; then
+    NANELO_TOKEN=""
+    _err "You didn't configure a Nanelo API Key yet."
+    _err "Please set NANELO_TOKEN and try again."
+    _err "Login to Nanelo.com and go to Settings > API Keys to get a Key"
+    return 1
+  fi
+  _saveaccountconf_mutable NANELO_TOKEN "$NANELO_TOKEN"
+
+  _info "Adding TXT record to ${fulldomain}"
+  response="$(_get "$NANELO_API$NANELO_TOKEN/dns/addrecord?type=TXT&ttl=60&name=${fulldomain}&value=${txtvalue}")"
+  if _contains "${response}" 'success'; then
+    return 0
+  fi
+  _err "Could not create resource record, please check the logs"
+  _err "${response}"
+  return 1
+}
+
+dns_nanelo_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  NANELO_TOKEN="${NANELO_TOKEN:-$(_readaccountconf_mutable NANELO_TOKEN)}"
+  if [ -z "$NANELO_TOKEN" ]; then
+    NANELO_TOKEN=""
+    _err "You didn't configure a Nanelo API Key yet."
+    _err "Please set NANELO_TOKEN and try again."
+    _err "Login to Nanelo.com and go to Settings > API Keys to get a Key"
+    return 1
+  fi
+  _saveaccountconf_mutable NANELO_TOKEN "$NANELO_TOKEN"
+
+  _info "Deleting resource record $fulldomain"
+  response="$(_get "$NANELO_API$NANELO_TOKEN/dns/deleterecord?type=TXT&ttl=60&name=${fulldomain}&value=${txtvalue}")"
+  if _contains "${response}" 'success'; then
+    return 0
+  fi
+  _err "Could not delete resource record, please check the logs"
+  _err "${response}"
+  return 1
+}

notify/smtp.sh

@@ -169,7 +169,7 @@ _clean_email_header() {
 # email
 _email_has_display_name() {
   _email="$1"
-  expr "$_email" : '^.*[<>"]' >/dev/null
+  echo "$_email" | grep -q -E '^.*[<>"]'
 }
 
 ##
@@ -249,7 +249,7 @@ _mime_encoded_word() {
   _text="$1"
   # (regex character ranges like [a-z] can be locale-dependent; enumerate ASCII chars to avoid that)
   _ascii='] $`"'"[!#%&'()*+,./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ~^_abcdefghijklmnopqrstuvwxyz{|}~-"
-  if expr "$_text" : "^.*[^$_ascii]" >/dev/null; then
+  if echo "$_text" | grep -q -E "^.*[^$_ascii]"; then
     # At least one non-ASCII char; convert entire thing to encoded word
     printf "%s" "=?UTF-8?B?$(printf "%s" "$_text" | _base64)?="
   else