Merge pull request #3349 from acmesh-official/dev

sync
This commit is contained in:
neil 2021-01-10 10:48:51 +08:00 committed by GitHub
commit b7a3fe05a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 496 additions and 25 deletions

View File

@ -12,6 +12,7 @@ RUN apk update -f \
tzdata \
oath-toolkit-oathtool \
tar \
libidn \
&& rm -rf /var/cache/apk/*
ENV LE_CONFIG_HOME /acme.sh

View File

@ -1,6 +1,6 @@
#!/usr/bin/env sh
VER=2.8.8
VER=2.8.9
PROJECT_NAME="acme.sh"
@ -160,6 +160,8 @@ _SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server"
_PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain"
_DNSCHECK_WIKI="https://github.com/acmesh-official/acme.sh/wiki/dnscheck"
_DNS_MANUAL_ERR="The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead."
_DNS_MANUAL_WARN="It seems that you are using dns manual mode. please take care: $_DNS_MANUAL_ERR"
@ -3958,6 +3960,8 @@ _check_dns_entries() {
_end_time="$(_math "$_end_time" + 1200)" #let's check no more than 20 minutes.
while [ "$(_time)" -le "$_end_time" ]; do
_info "You can use '--dnssleep' to disable public dns checks."
_info "See: $_DNSCHECK_WIKI"
_left=""
for entry in $dns_entries; do
d=$(_getfield "$entry" 1)

View File

@ -275,6 +275,7 @@ _check_curl_version() {
if [ "$_major$_minor" -lt "740" ]; then
_err "curl v$_cversion doesn't support unit socket"
_err "Please upgrade to curl 7.40 or later."
return 1
fi
if [ "$_major$_minor" -lt "750" ]; then

View File

@ -27,26 +27,43 @@ mailcow_deploy() {
return 1
fi
#Tests if _ssl_path is the mailcow root directory.
if [ -f "${_mailcow_path}/generate_config.sh" ]; then
_ssl_path="${_mailcow_path}/data/assets/ssl/"
else
_ssl_path="${_mailcow_path}"
fi
if [ ! -d "$_ssl_path" ]; then
_err "Cannot find mailcow ssl path: $_ssl_path"
return 1
fi
# ECC or RSA
if [ -z "${Le_Keylength}" ]; then
Le_Keylength=""
fi
if _isEccKey "${Le_Keylength}"; then
_info "ECC key type detected"
_cert_name_prefix="ecdsa-"
else
_info "RSA key type detected"
_cert_name_prefix=""
fi
_info "Copying key and cert"
_real_key="$_ssl_path/key.pem"
_real_key="$_ssl_path/${_cert_name_prefix}key.pem"
if ! cat "$_ckey" >"$_real_key"; then
_err "Error: write key file to: $_real_key"
return 1
fi
_real_fullchain="$_ssl_path/cert.pem"
_real_fullchain="$_ssl_path/${_cert_name_prefix}cert.pem"
if ! cat "$_cfullchain" >"$_real_fullchain"; then
_err "Error: write cert file to: $_real_fullchain"
return 1
fi
DEFAULT_MAILCOW_RELOAD="cd ${_mailcow_path} && docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow"
DEFAULT_MAILCOW_RELOAD="docker restart $(docker ps -qaf name=postfix-mailcow); docker restart $(docker ps -qaf name=nginx-mailcow); docker restart $(docker ps -qaf name=dovecot-mailcow)"
_reload="${DEPLOY_MAILCOW_RELOAD:-$DEFAULT_MAILCOW_RELOAD}"
_info "Run reload: $_reload"

View File

@ -21,10 +21,6 @@
######## Public functions #####################
_syno_get_cookie_data() {
grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
}
#domain keyfile certfile cafile fullchain
synology_dsm_deploy() {
@ -73,13 +69,25 @@ synology_dsm_deploy() {
_base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port"
_debug _base_url "$_base_url"
_debug "Getting API version"
response=$(_get "$_base_url/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth")
api_version=$(echo "$response" | grep "SYNO.API.Auth" | sed -n 's/.*"maxVersion" *: *\([0-9]*\).*/\1/p')
_debug3 response "$response"
_debug3 api_version "$api_version"
# Login, get the token from JSON and session id from cookie
_info "Logging into $SYNO_Hostname:$SYNO_Port"
encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)"
encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)"
encoded_did="$(printf "%s" "$SYNO_DID" | _url_encode)"
response=$(_get "$_base_url/webman/login.cgi?username=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&device_id=$encoded_did" 1)
token=$(echo "$response" | grep -i "X-SYNO-TOKEN:" | sed -n 's/^X-SYNO-TOKEN: \(.*\)$/\1/pI' | tr -d "\r\n")
if [ -n "$SYNO_DID" ]; then
_H1="Cookie: did=$SYNO_DID"
export _H1
_debug3 H1 "${_H1}"
fi
response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
_debug3 response "$response"
_debug token "$token"
@ -88,13 +96,11 @@ synology_dsm_deploy() {
_err "Check your username and password."
return 1
fi
sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')
_H1="Cookie: $(echo "$response" | _syno_get_cookie_data "id"); $(echo "$response" | _syno_get_cookie_data "smid")"
_H2="X-SYNO-TOKEN: $token"
_H1="X-SYNO-TOKEN: $token"
export _H1
export _H2
_debug2 H1 "${_H1}"
_debug2 H2 "${_H2}"
# Now that we know the username and password are good, save them
_savedeployconf SYNO_Username "$SYNO_Username"
@ -102,7 +108,7 @@ synology_dsm_deploy() {
_savedeployconf SYNO_DID "$SYNO_DID"
_info "Getting certificates in Synology DSM"
response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1" "$_base_url/webapi/entry.cgi")
response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
_debug3 response "$response"
id=$(echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\"id\":\"\([^\"]*\).*/\1/p")
_debug2 id "$id"
@ -135,7 +141,7 @@ synology_dsm_deploy() {
content="${content%_}" # protect trailing \n
_info "Upload certificate to the Synology DSM"
response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token" "" "POST" "multipart/form-data; boundary=${delim}")
response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token&_sid=$sid" "" "POST" "multipart/form-data; boundary=${delim}")
_debug3 response "$response"
if ! echo "$response" | grep '"error":' >/dev/null; then

View File

@ -96,7 +96,7 @@ dns_duckdns_rm() {
_duckdns_get_domain() {
# We'll extract the domain/username from full domain
_duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '^(_acme-challenge\.)?[a-z0-9-]*\.duckdns\.org' | sed 's/^\(_acme-challenge\.\)\?\([a-z0-9-]*\)\.duckdns\.org/\2/')"
_duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '^(_acme-challenge\.)?([a-z0-9-]+\.)+duckdns\.org' | sed -n 's/^\([^.]\{1,\}\.\)*\([a-z0-9-]\{1,\}\)\.duckdns\.org$/\2/p;')"
if [ -z "$_duckdns_domain" ]; then
_err "Error extracting the domain."

176
dnsapi/dns_scaleway.sh Executable file
View File

@ -0,0 +1,176 @@
#!/usr/bin/env sh
# Scaleway API
# https://developers.scaleway.com/en/products/domain/dns/api/
#
# Requires Scaleway API token set in SCALEWAY_API_TOKEN
######## Public functions #####################
SCALEWAY_API="https://api.scaleway.com/domain/v2beta1"
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_scaleway_add() {
fulldomain=$1
txtvalue=$2
if ! _scaleway_check_config; then
return 1
fi
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_info "Adding record"
_scaleway_create_TXT_record "$_domain" "$_sub_domain" "$txtvalue"
if _contains "$response" "records"; then
return 0
else
_err error "$response"
return 1
fi
_info "Record added."
return 0
}
dns_scaleway_rm() {
fulldomain=$1
txtvalue=$2
if ! _scaleway_check_config; then
return 1
fi
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_info "Deleting record"
_scaleway_delete_TXT_record "$_domain" "$_sub_domain" "$txtvalue"
if _contains "$response" "records"; then
return 0
else
_err error "$response"
return 1
fi
_info "Record deleted."
return 0
}
#################### Private functions below ##################################
_scaleway_check_config() {
SCALEWAY_API_TOKEN="${SCALEWAY_API_TOKEN:-$(_readaccountconf_mutable SCALEWAY_API_TOKEN)}"
if [ -z "$SCALEWAY_API_TOKEN" ]; then
_err "No API key specified for Scaleway API."
_err "Create your key and export it as SCALEWAY_API_TOKEN"
return 1
fi
if ! _scaleway_rest GET "dns-zones"; then
_err "Invalid API key specified for Scaleway API."
return 1
fi
_saveaccountconf_mutable SCALEWAY_API_TOKEN "$SCALEWAY_API_TOKEN"
return 0
}
#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
_get_root() {
domain=$1
i=1
p=1
while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
if [ -z "$h" ]; then
#not valid
return 1
fi
_scaleway_rest GET "dns-zones/$h/records"
if ! _contains "$response" "subdomain not found" >/dev/null; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain="$h"
return 0
fi
p=$i
i=$(_math "$i" + 1)
done
_err "Unable to retrive DNS zone matching this domain"
return 1
}
# this function add a TXT record
_scaleway_create_TXT_record() {
txt_zone=$1
txt_name=$2
txt_value=$3
_scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"add\":{\"records\":[{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\",\"ttl\":60}]}}]}"
if _contains "$response" "records"; then
return 0
else
_err "error1 $response"
return 1
fi
}
# this function delete a TXT record based on name and content
_scaleway_delete_TXT_record() {
txt_zone=$1
txt_name=$2
txt_value=$3
_scaleway_rest PATCH "dns-zones/$txt_zone/records" "{\"return_all_records\":false,\"changes\":[{\"delete\":{\"id_fields\":{\"name\":\"$txt_name\",\"data\":\"$txt_value\",\"type\":\"TXT\"}}}]}"
if _contains "$response" "records"; then
return 0
else
_err "error2 $response"
return 1
fi
}
_scaleway_rest() {
m=$1
ep="$2"
data="$3"
_debug "$ep"
_scaleway_url="$SCALEWAY_API/$ep"
_debug2 _scaleway_url "$_scaleway_url"
export _H1="x-auth-token: $SCALEWAY_API_TOKEN"
export _H2="Accept: application/json"
export _H3="Content-Type: application/json"
if [ "$data" ] || [ "$m" != "GET" ]; then
_debug data "$data"
response="$(_post "$data" "$_scaleway_url" "" "$m")"
else
response="$(_get "$_scaleway_url")"
fi
if [ "$?" != "0" ] || _contains "$response" "denied_authentication" || _contains "$response" "Method not allowed" || _contains "$response" "json parse error: unexpected EOF"; then
_err "error $response"
return 1
fi
_debug2 response "$response"
return 0
}

247
dnsapi/dns_simply.sh Normal file
View File

@ -0,0 +1,247 @@
#!/usr/bin/env sh
#
#SIMPLY_AccountName="accountname"
#
#SIMPLY_ApiKey="apikey"
#
#SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]"
SIMPLY_Api_Default="https://api.simply.com/1"
######## Public functions #####################
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_simply_add() {
fulldomain=$1
txtvalue=$2
if ! _simply_load_config; then
return 1
fi
_simply_save_config
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_info "Adding record"
if ! _simply_add_record "$_domain" "$_sub_domain" "$txtvalue"; then
_err "Could not add DNS record"
return 1
fi
return 0
}
dns_simply_rm() {
fulldomain=$1
txtvalue=$2
if ! _simply_load_config; then
return 1
fi
_simply_save_config
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug txtvalue "$txtvalue"
_info "Getting all existing records"
if ! _simply_get_all_records "$_domain"; then
_err "invalid domain"
return 1
fi
records=$(echo "$response" | tr '{' "\n" | grep 'record_id\|type\|data\|\name' | sed 's/\"record_id/;\"record_id/' | tr "\n" ' ' | tr -d ' ' | tr ';' ' ')
nr_of_deleted_records=0
_info "Fetching txt record"
for record in $records; do
_debug record "$record"
record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2)
record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2)
_debug2 record_data "$record_data"
_debug2 record_type "$record_type"
if [ "$record_data" = "$txtvalue" ] && [ "$record_type" = "TXT" ]; then
record_id=$(echo "$record" | cut -d "," -f 1 | grep "record_id" | cut -d ":" -f 2)
_info "Deleting record $record"
_debug2 record_id "$record_id"
if [ "$record_id" -gt 0 ]; then
if ! _simply_delete_record "$_domain" "$_sub_domain" "$record_id"; then
_err "Record with id $record_id could not be deleted"
return 1
fi
nr_of_deleted_records=1
break
else
_err "Fetching record_id could not be done, this should not happen, exiting function. Failing record is $record"
break
fi
fi
done
if [ "$nr_of_deleted_records" -eq 0 ]; then
_err "No record deleted, the DNS record needs to be removed manually."
else
_info "Deleted $nr_of_deleted_records record"
fi
return 0
}
#################### Private functions below ##################################
_simply_load_config() {
SIMPLY_Api="${SIMPLY_Api:-$(_readaccountconf_mutable SIMPLY_Api)}"
SIMPLY_AccountName="${SIMPLY_AccountName:-$(_readaccountconf_mutable SIMPLY_AccountName)}"
SIMPLY_ApiKey="${SIMPLY_ApiKey:-$(_readaccountconf_mutable SIMPLY_ApiKey)}"
if [ -z "$SIMPLY_Api" ]; then
SIMPLY_Api="$SIMPLY_Api_Default"
fi
if [ -z "$SIMPLY_AccountName" ] || [ -z "$SIMPLY_ApiKey" ]; then
SIMPLY_AccountName=""
SIMPLY_ApiKey=""
_err "A valid Simply API account and apikey not provided."
_err "Please provide a valid API user and try again."
return 1
fi
return 0
}
_simply_save_config() {
if [ "$SIMPLY_Api" != "$SIMPLY_Api_Default" ]; then
_saveaccountconf_mutable SIMPLY_Api "$SIMPLY_Api"
fi
_saveaccountconf_mutable SIMPLY_AccountName "$SIMPLY_AccountName"
_saveaccountconf_mutable SIMPLY_ApiKey "$SIMPLY_ApiKey"
}
_simply_get_all_records() {
domain=$1
if ! _simply_rest GET "my/products/$domain/dns/records"; then
return 1
fi
return 0
}
_get_root() {
domain=$1
i=2
p=1
while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
if [ -z "$h" ]; then
#not valid
return 1
fi
if ! _simply_rest GET "my/products/$h/dns"; then
return 1
fi
if _contains "$response" '"code":"NOT_FOUND"'; then
_debug "$h not found"
else
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain="$h"
return 0
fi
p="$i"
i=$(_math "$i" + 1)
done
return 1
}
_simply_add_record() {
domain=$1
sub_domain=$2
txtval=$3
data="{\"name\": \"$sub_domain\", \"type\":\"TXT\", \"data\": \"$txtval\", \"priority\":0, \"ttl\": 3600}"
if ! _simply_rest POST "my/products/$domain/dns/records" "$data"; then
_err "Adding record not successfull!"
return 1
fi
return 0
}
_simply_delete_record() {
domain=$1
sub_domain=$2
record_id=$3
_debug record_id "Delete record with id $record_id"
if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id"; then
_err "Deleting record not successfull!"
return 1
fi
return 0
}
_simply_rest() {
m=$1
ep="$2"
data="$3"
_debug2 data "$data"
_debug2 ep "$ep"
_debug2 m "$m"
export _H1="Content-Type: application/json"
if [ "$m" != "GET" ]; then
response="$(_post "$data" "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep" "" "$m")"
else
response="$(_get "$SIMPLY_Api/$SIMPLY_AccountName/$SIMPLY_ApiKey/$ep")"
fi
if [ "$?" != "0" ]; then
_err "error $ep"
return 1
fi
_debug2 response "$response"
if _contains "$response" "Invalid account authorization"; then
_err "It seems that your api key or accountnumber is not correct."
return 1
fi
return 0
}

View File

@ -52,17 +52,26 @@ AddDnsRecordForm[uniqueFormIdTTL]=$formidttl&AddDnsRecordForm[_token]=$form_toke
ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/dns" '' POST 'application/x-www-form-urlencoded')
_resethttp
if grep '302' >/dev/null <"$HTTP_HEADER"; then
if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then
res=$(_get "$WORLD4YOU_API/$paketnr/dns")
if _contains "$res" "successfully"; then
return 0
else
msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*<h3 class="mb-5">[^\t]*\t *\([^\t]*\)\t.*/\1/')
if _contains "$msg" '^<\!DOCTYPE html>'; then
msg='Unknown error'
fi
_err "Unable to add record: $msg"
if _contains "$msg" '^<\!DOCTYPE html>'; then
echo "$ret" >'error-01.html'
echo "$res" >'error-02.html'
_err "View error-01.html and error-02.html for debugging"
fi
return 1
fi
else
_err "$(_head_n 1 <"$HTTP_HEADER")"
_err "$(_head_n 3 <"$HTTP_HEADER")"
_err "View $HTTP_HEADER for debugging"
return 1
fi
}
@ -111,17 +120,26 @@ DeleteDnsRecordForm[_token]=$form_token"
ret=$(_post "$body" "$WORLD4YOU_API/$paketnr/deleteRecord" '' POST 'application/x-www-form-urlencoded')
_resethttp
if grep '302' >/dev/null <"$HTTP_HEADER"; then
if _contains "$(_head_n 3 <"$HTTP_HEADER")" '302'; then
res=$(_get "$WORLD4YOU_API/$paketnr/dns")
if _contains "$res" "successfully"; then
return 0
else
msg=$(echo "$res" | tr '\n' '\t' | sed 's/.*<h3 class="mb-5">[^\t]*\t *\([^\t]*\)\t.*/\1/')
if _contains "$msg" '^<\!DOCTYPE html>'; then
msg='Unknown error'
fi
_err "Unable to remove record: $msg"
if _contains "$msg" '^<\!DOCTYPE html>'; then
echo "$ret" >'error-01.html'
echo "$res" >'error-02.html'
_err "View error-01.html and error-02.html for debugging"
fi
return 1
fi
else
_err "$(_head_n 1 <"$HTTP_HEADER")"
_err "$(_head_n 3 <"$HTTP_HEADER")"
_err "View $HTTP_HEADER for debugging"
return 1
fi
}
@ -175,7 +193,7 @@ _get_paketnr() {
domains=$(echo "$form" | grep '^ *[A-Za-z0-9_\.-]*\.[A-Za-z0-9_-]*$' | sed 's/^\s*\(\S*\)$/\1/')
domain=''
for domain in $domains; do
if echo "$fqdn" | grep "$domain\$" >/dev/null; then
if _contains "$fqdn" "$domain\$"; then
break
fi
domain=''
@ -185,7 +203,8 @@ _get_paketnr() {
fi
TLD="$domain"
_debug domain "$domain"
RECORD=$(echo "$fqdn" | cut -c"1-$((${#fqdn} - ${#TLD} - 1))")
PAKETNR=$(echo "$form" | grep "data-textfilter=\" $domain " | _head_n 1 | sed 's/^.* \([0-9]*\) .*$/\1/')
PAKETNR=$(echo "$form" | grep "data-textfilter=\".* $domain " | _head_n 1 | sed 's/^.* \([0-9]*\) .*$/\1/')
return 0
}