mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-11-16 19:31:50 +00:00
commit
29d47c4de2
@ -256,6 +256,7 @@ You don't have do anything manually!
|
|||||||
(DigitalOcean, DNSimple, DnsMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.)
|
(DigitalOcean, DNSimple, DnsMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.)
|
||||||
9. LuaDNS.com API
|
9. LuaDNS.com API
|
||||||
10. DNSMadeEasy.com API
|
10. DNSMadeEasy.com API
|
||||||
|
11. nsupdate
|
||||||
|
|
||||||
##### More APIs are coming soon...
|
##### More APIs are coming soon...
|
||||||
|
|
||||||
|
5
acme.sh
5
acme.sh
@ -3592,6 +3592,11 @@ _initconf() {
|
|||||||
#
|
#
|
||||||
#GD_Secret=\"sADDsdasdfsdfdssdgdsf\"
|
#GD_Secret=\"sADDsdasdfsdfdssdgdsf\"
|
||||||
|
|
||||||
|
#######################
|
||||||
|
#nsupdate:
|
||||||
|
#NSUPDATE_KEY=\"/path/to/update.key\"
|
||||||
|
#NSUPDATE_SERVER=\"192.168.0.1\"
|
||||||
|
|
||||||
#######################
|
#######################
|
||||||
#PowerDNS:
|
#PowerDNS:
|
||||||
#PDNS_Url=\"http://ns.example.com:8081\"
|
#PDNS_Url=\"http://ns.example.com:8081\"
|
||||||
|
@ -112,10 +112,60 @@ acme.sh --issue --dns dns_pdns -d example.com -d www.example.com
|
|||||||
|
|
||||||
The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf`.
|
The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf`.
|
||||||
|
|
||||||
|
|
||||||
## Use OVH/kimsufi/soyoustart/runabove API
|
## Use OVH/kimsufi/soyoustart/runabove API
|
||||||
|
|
||||||
https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
|
https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
|
||||||
|
|
||||||
|
## Use nsupdate to automatically issue cert
|
||||||
|
|
||||||
|
First, generate a key for updating the zone
|
||||||
|
```
|
||||||
|
b=$(dnssec-keygen -a hmac-sha512 -b 512 -n USER -K /tmp foo)
|
||||||
|
cat > /etc/named/keys/update.key <<EOF
|
||||||
|
key "update" {
|
||||||
|
algorithm hmac-sha512;
|
||||||
|
secret "$(awk '/^Key/{print $2}' /tmp/$b.private)";
|
||||||
|
};
|
||||||
|
EOF
|
||||||
|
rm -f /tmp/$b.{private,key}
|
||||||
|
```
|
||||||
|
|
||||||
|
Include this key in your named configuration
|
||||||
|
```
|
||||||
|
include "/etc/named/keys/update.key";
|
||||||
|
```
|
||||||
|
|
||||||
|
Next, configure your zone to allow dynamic updates.
|
||||||
|
Depending on your named version, use either
|
||||||
|
```
|
||||||
|
zone "example.com" {
|
||||||
|
type master;
|
||||||
|
allow-update { key "update"; };
|
||||||
|
};
|
||||||
|
```
|
||||||
|
or
|
||||||
|
```
|
||||||
|
zone "example.com" {
|
||||||
|
type master;
|
||||||
|
update-policy {
|
||||||
|
grant update subdomain example.com.;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
Finally, make the dns server and update key available to `acme.sh`
|
||||||
|
```
|
||||||
|
export NSUPDATE_SERVER=dns.example.com
|
||||||
|
export NSUPDATE_KEY=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa==
|
||||||
|
```
|
||||||
|
|
||||||
|
Ok, let's issue cert now:
|
||||||
|
```
|
||||||
|
acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
The `NSUPDATE_SERVER` and `NSUPDATE_KEY` settings will be saved in `~/.acme.sh/account.conf`.
|
||||||
|
|
||||||
# Use custom api
|
# Use custom api
|
||||||
|
|
||||||
If your api is not supported yet, you can write your own dns api.
|
If your api is not supported yet, you can write your own dns api.
|
||||||
|
60
dnsapi/dns_nsupdate.sh
Executable file
60
dnsapi/dns_nsupdate.sh
Executable file
@ -0,0 +1,60 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
|
||||||
|
######## Public functions #####################
|
||||||
|
|
||||||
|
#Usage: dns_nsupdate_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||||
|
dns_nsupdate_add() {
|
||||||
|
fulldomain=$1
|
||||||
|
txtvalue=$2
|
||||||
|
_checkKeyFile || return 1
|
||||||
|
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
|
||||||
|
# save the dns server and key to the account conf file.
|
||||||
|
_saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}"
|
||||||
|
_saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}"
|
||||||
|
_info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
|
||||||
|
nsupdate -k "${NSUPDATE_KEY}" <<EOF
|
||||||
|
server ${NSUPDATE_SERVER}
|
||||||
|
update add ${fulldomain}. 60 in txt "${txtvalue}"
|
||||||
|
send
|
||||||
|
EOF
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
_err "error updating domain"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
#Usage: dns_nsupdate_rm _acme-challenge.www.domain.com
|
||||||
|
dns_nsupdate_rm() {
|
||||||
|
fulldomain=$1
|
||||||
|
_checkKeyFile || return 1
|
||||||
|
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
|
||||||
|
_info "removing ${fulldomain}. txt"
|
||||||
|
nsupdate -k "${NSUPDATE_KEY}" <<EOF
|
||||||
|
server ${NSUPDATE_SERVER}
|
||||||
|
update delete ${fulldomain}. txt
|
||||||
|
send
|
||||||
|
EOF
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
_err "error updating domain"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#################### Private functions bellow ##################################
|
||||||
|
|
||||||
|
_checkKeyFile() {
|
||||||
|
if [ -z "${NSUPDATE_KEY}" ]; then
|
||||||
|
_err "you must specify a path to the nsupdate key file"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
if [ ! -r "${NSUPDATE_KEY}" ]; then
|
||||||
|
_err "key ${NSUPDATE_KEY} is unreadable"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user