mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-25 14:41:40 +00:00
Merge branch 'dev' of https://github.com/Neilpang/acme.sh into dev
This commit is contained in:
commit
f1c0f3d45f
@ -27,8 +27,8 @@ gcore_cdn_deploy() {
|
||||
_debug _cca "$_cca"
|
||||
_debug _cfullchain "$_cfullchain"
|
||||
|
||||
_fullchain=$(tr '\n\r' '@#' <"$_cfullchain" | sed 's/@/\\n/g;s/#/\\r/g')
|
||||
_key=$(tr '\n\r' '@#' <"$_ckey" | sed 's/@/\\n/g;s/#/\\r/g')
|
||||
_fullchain=$(tr '\r\n' '*#' <"$_cfullchain" | sed 's/*#/#/g;s/##/#/g;s/#/\\n/g')
|
||||
_key=$(tr '\r\n' '*#' <"$_ckey" | sed 's/*#/#/g;s/#/\\n/g')
|
||||
|
||||
_debug _fullchain "$_fullchain"
|
||||
_debug _key "$_key"
|
||||
|
@ -1,8 +1,41 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
#Here is a script to deploy cert to haproxy server.
|
||||
|
||||
#returns 0 means success, otherwise error.
|
||||
# Script for acme.sh to deploy certificates to haproxy
|
||||
#
|
||||
# The following variables can be exported:
|
||||
#
|
||||
# export DEPLOY_HAPROXY_PEM_NAME="${domain}.pem"
|
||||
#
|
||||
# Defines the name of the PEM file.
|
||||
# Defaults to "<domain>.pem"
|
||||
#
|
||||
# export DEPLOY_HAPROXY_PEM_PATH="/etc/haproxy"
|
||||
#
|
||||
# Defines location of PEM file for HAProxy.
|
||||
# Defaults to /etc/haproxy
|
||||
#
|
||||
# export DEPLOY_HAPROXY_RELOAD="systemctl reload haproxy"
|
||||
#
|
||||
# OPTIONAL: Reload command used post deploy
|
||||
# This defaults to be a no-op (ie "true").
|
||||
# It is strongly recommended to set this something that makes sense
|
||||
# for your distro.
|
||||
#
|
||||
# export DEPLOY_HAPROXY_ISSUER="no"
|
||||
#
|
||||
# OPTIONAL: Places CA file as "${DEPLOY_HAPROXY_PEM}.issuer"
|
||||
# Note: Required for OCSP stapling to work
|
||||
#
|
||||
# export DEPLOY_HAPROXY_BUNDLE="no"
|
||||
#
|
||||
# OPTIONAL: Deploy this certificate as part of a multi-cert bundle
|
||||
# This adds a suffix to the certificate based on the certificate type
|
||||
# eg RSA certificates will have .rsa as a suffix to the file name
|
||||
# HAProxy will load all certificates and provide one or the other
|
||||
# depending on client capabilities
|
||||
# Note: This functionality requires HAProxy was compiled against
|
||||
# a version of OpenSSL that supports this.
|
||||
#
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
@ -14,45 +47,226 @@ haproxy_deploy() {
|
||||
_cca="$4"
|
||||
_cfullchain="$5"
|
||||
|
||||
_debug _cdomain "$_cdomain"
|
||||
_debug _ckey "$_ckey"
|
||||
_debug _ccert "$_ccert"
|
||||
_debug _cca "$_cca"
|
||||
_debug _cfullchain "$_cfullchain"
|
||||
# Some defaults
|
||||
DEPLOY_HAPROXY_PEM_PATH_DEFAULT="/etc/haproxy"
|
||||
DEPLOY_HAPROXY_PEM_NAME_DEFAULT="${_cdomain}.pem"
|
||||
DEPLOY_HAPROXY_BUNDLE_DEFAULT="no"
|
||||
DEPLOY_HAPROXY_ISSUER_DEFAULT="no"
|
||||
DEPLOY_HAPROXY_RELOAD_DEFAULT="true"
|
||||
|
||||
# handle reload preference
|
||||
DEFAULT_HAPROXY_RELOAD="/usr/sbin/service haproxy restart"
|
||||
if [ -z "${DEPLOY_HAPROXY_RELOAD}" ]; then
|
||||
_reload="${DEFAULT_HAPROXY_RELOAD}"
|
||||
_cleardomainconf DEPLOY_HAPROXY_RELOAD
|
||||
else
|
||||
_reload="${DEPLOY_HAPROXY_RELOAD}"
|
||||
_savedomainconf DEPLOY_HAPROXY_RELOAD "$DEPLOY_HAPROXY_RELOAD"
|
||||
if [ -f "${DOMAIN_CONF}" ]; then
|
||||
# shellcheck disable=SC1090
|
||||
. "${DOMAIN_CONF}"
|
||||
fi
|
||||
_savedomainconf DEPLOY_HAPROXY_PEM_PATH "$DEPLOY_HAPROXY_PEM_PATH"
|
||||
|
||||
# work out the path where the PEM file should go
|
||||
_pem_path="${DEPLOY_HAPROXY_PEM_PATH}"
|
||||
if [ -z "$_pem_path" ]; then
|
||||
_err "Path to save PEM file not found. Please define DEPLOY_HAPROXY_PEM_PATH."
|
||||
return 1
|
||||
_debug _cdomain "${_cdomain}"
|
||||
_debug _ckey "${_ckey}"
|
||||
_debug _ccert "${_ccert}"
|
||||
_debug _cca "${_cca}"
|
||||
_debug _cfullchain "${_cfullchain}"
|
||||
|
||||
# PEM_PATH is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_PATH_DEFAULT}"
|
||||
if [ -n "${DEPLOY_HAPROXY_PEM_PATH}" ]; then
|
||||
Le_Deploy_haproxy_pem_path="${DEPLOY_HAPROXY_PEM_PATH}"
|
||||
_savedomainconf Le_Deploy_haproxy_pem_path "${Le_Deploy_haproxy_pem_path}"
|
||||
elif [ -z "${Le_Deploy_haproxy_pem_path}" ]; then
|
||||
Le_Deploy_haproxy_pem_path="${DEPLOY_HAPROXY_PEM_PATH_DEFAULT}"
|
||||
fi
|
||||
_pem_full_path="$_pem_path/$_cdomain.pem"
|
||||
_info "Full path to PEM $_pem_full_path"
|
||||
|
||||
# combine the key and fullchain into a single pem and install
|
||||
cat "$_cfullchain" "$_ckey" >"$_pem_full_path"
|
||||
chmod 600 "$_pem_full_path"
|
||||
_info "Certificate successfully deployed"
|
||||
|
||||
# restart HAProxy
|
||||
_info "Run reload: $_reload"
|
||||
if eval "$_reload"; then
|
||||
_info "Reload success!"
|
||||
return 0
|
||||
# Ensure PEM_PATH exists
|
||||
if [ -d "${Le_Deploy_haproxy_pem_path}" ]; then
|
||||
_debug "PEM_PATH ${Le_Deploy_haproxy_pem_path} exists"
|
||||
else
|
||||
_err "Reload error"
|
||||
_err "PEM_PATH ${Le_Deploy_haproxy_pem_path} does not exist"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# PEM_NAME is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_NAME_DEFAULT}"
|
||||
if [ -n "${DEPLOY_HAPROXY_PEM_NAME}" ]; then
|
||||
Le_Deploy_haproxy_pem_name="${DEPLOY_HAPROXY_PEM_NAME}"
|
||||
_savedomainconf Le_Deploy_haproxy_pem_name "${Le_Deploy_haproxy_pem_name}"
|
||||
elif [ -z "${Le_Deploy_haproxy_pem_name}" ]; then
|
||||
Le_Deploy_haproxy_pem_name="${DEPLOY_HAPROXY_PEM_NAME_DEFAULT}"
|
||||
fi
|
||||
|
||||
# BUNDLE is optional. If not provided then assume "${DEPLOY_HAPROXY_BUNDLE_DEFAULT}"
|
||||
if [ -n "${DEPLOY_HAPROXY_BUNDLE}" ]; then
|
||||
Le_Deploy_haproxy_bundle="${DEPLOY_HAPROXY_BUNDLE}"
|
||||
_savedomainconf Le_Deploy_haproxy_bundle "${Le_Deploy_haproxy_bundle}"
|
||||
elif [ -z "${Le_Deploy_haproxy_bundle}" ]; then
|
||||
Le_Deploy_haproxy_bundle="${DEPLOY_HAPROXY_BUNDLE_DEFAULT}"
|
||||
fi
|
||||
|
||||
# ISSUER is optional. If not provided then assume "${DEPLOY_HAPROXY_ISSUER_DEFAULT}"
|
||||
if [ -n "${DEPLOY_HAPROXY_ISSUER}" ]; then
|
||||
Le_Deploy_haproxy_issuer="${DEPLOY_HAPROXY_ISSUER}"
|
||||
_savedomainconf Le_Deploy_haproxy_issuer "${Le_Deploy_haproxy_issuer}"
|
||||
elif [ -z "${Le_Deploy_haproxy_issuer}" ]; then
|
||||
Le_Deploy_haproxy_issuer="${DEPLOY_HAPROXY_ISSUER_DEFAULT}"
|
||||
fi
|
||||
|
||||
# RELOAD is optional. If not provided then assume "${DEPLOY_HAPROXY_RELOAD_DEFAULT}"
|
||||
if [ -n "${DEPLOY_HAPROXY_RELOAD}" ]; then
|
||||
Le_Deploy_haproxy_reload="${DEPLOY_HAPROXY_RELOAD}"
|
||||
_savedomainconf Le_Deploy_haproxy_reload "${Le_Deploy_haproxy_reload}"
|
||||
elif [ -z "${Le_Deploy_haproxy_reload}" ]; then
|
||||
Le_Deploy_haproxy_reload="${DEPLOY_HAPROXY_RELOAD_DEFAULT}"
|
||||
fi
|
||||
|
||||
# Set the suffix depending if we are creating a bundle or not
|
||||
if [ "${Le_Deploy_haproxy_bundle}" = "yes" ]; then
|
||||
_info "Bundle creation requested"
|
||||
# Initialise $Le_Keylength if its not already set
|
||||
if [ -z "${Le_Keylength}" ]; then
|
||||
Le_Keylength=""
|
||||
fi
|
||||
if _isEccKey "${Le_Keylength}"; then
|
||||
_info "ECC key type detected"
|
||||
_suffix=".ecdsa"
|
||||
else
|
||||
_info "RSA key type detected"
|
||||
_suffix=".rsa"
|
||||
fi
|
||||
else
|
||||
_suffix=""
|
||||
fi
|
||||
_debug _suffix "${_suffix}"
|
||||
|
||||
# Set variables for later
|
||||
_pem="${Le_Deploy_haproxy_pem_path}/${Le_Deploy_haproxy_pem_name}${_suffix}"
|
||||
_issuer="${_pem}.issuer"
|
||||
_ocsp="${_pem}.ocsp"
|
||||
_reload="${Le_Deploy_haproxy_reload}"
|
||||
|
||||
_info "Deploying PEM file"
|
||||
# Create a temporary PEM file
|
||||
_temppem="$(_mktemp)"
|
||||
_debug _temppem "${_temppem}"
|
||||
cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}"
|
||||
_ret="$?"
|
||||
|
||||
# Check that we could create the temporary file
|
||||
if [ "${_ret}" != "0" ]; then
|
||||
_err "Error code ${_ret} returned during PEM file creation"
|
||||
[ -f "${_temppem}" ] && rm -f "${_temppem}"
|
||||
return ${_ret}
|
||||
fi
|
||||
|
||||
# Move PEM file into place
|
||||
_info "Moving new certificate into place"
|
||||
_debug _pem "${_pem}"
|
||||
cat "${_temppem}" >"${_pem}"
|
||||
_ret=$?
|
||||
|
||||
# Clean up temp file
|
||||
[ -f "${_temppem}" ] && rm -f "${_temppem}"
|
||||
|
||||
# Deal with any failure of moving PEM file into place
|
||||
if [ "${_ret}" != "0" ]; then
|
||||
_err "Error code ${_ret} returned while moving new certificate into place"
|
||||
return ${_ret}
|
||||
fi
|
||||
|
||||
# Update .issuer file if requested
|
||||
if [ "${Le_Deploy_haproxy_issuer}" = "yes" ]; then
|
||||
_info "Updating .issuer file"
|
||||
_debug _issuer "${_issuer}"
|
||||
cat "${_cca}" >"${_issuer}"
|
||||
_ret="$?"
|
||||
|
||||
if [ "${_ret}" != "0" ]; then
|
||||
_err "Error code ${_ret} returned while copying issuer/CA certificate into place"
|
||||
return ${_ret}
|
||||
fi
|
||||
else
|
||||
[ -f "${_issuer}" ] _err "Issuer file update not requested but .issuer file exists"
|
||||
fi
|
||||
|
||||
# Update .ocsp file if certificate was requested with --ocsp/--ocsp-must-staple option
|
||||
if [ -z "${Le_OCSP_Staple}" ]; then
|
||||
Le_OCSP_Staple="0"
|
||||
fi
|
||||
if [ "${Le_OCSP_Staple}" = "1" ]; then
|
||||
_info "Updating OCSP stapling info"
|
||||
_debug _ocsp "${_ocsp}"
|
||||
_info "Extracting OCSP URL"
|
||||
_ocsp_url=$(openssl x509 -noout -ocsp_uri -in "${_pem}")
|
||||
_debug _ocsp_url "${_ocsp_url}"
|
||||
|
||||
# Only process OCSP if URL was present
|
||||
if [ "${_ocsp_url}" != "" ]; then
|
||||
# Extract the hostname from the OCSP URL
|
||||
_info "Extracting OCSP URL"
|
||||
_ocsp_host=$(echo "${_ocsp_url}" | cut -d/ -f3)
|
||||
_debug _ocsp_host "${_ocsp_host}"
|
||||
|
||||
# Only process the certificate if we have a .issuer file
|
||||
if [ -r "${_issuer}" ]; then
|
||||
# Check if issuer cert is also a root CA cert
|
||||
_subjectdn=$(openssl x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
|
||||
_debug _subjectdn "${_subjectdn}"
|
||||
_issuerdn=$(openssl x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
|
||||
_debug _issuerdn "${_issuerdn}"
|
||||
_info "Requesting OCSP response"
|
||||
# Request the OCSP response from the issuer and store it
|
||||
if [ "${_subjectdn}" = "${_issuerdn}" ]; then
|
||||
# If the issuer is a CA cert then our command line has "-CAfile" added
|
||||
openssl ocsp \
|
||||
-issuer "${_issuer}" \
|
||||
-cert "${_pem}" \
|
||||
-url "${_ocsp_url}" \
|
||||
-header Host "${_ocsp_host}" \
|
||||
-respout "${_ocsp}" \
|
||||
-verify_other "${_issuer}" \
|
||||
-no_nonce \
|
||||
-CAfile "${_issuer}" \
|
||||
| grep -q "${_pem}: good"
|
||||
_ret=$?
|
||||
else
|
||||
# Issuer is not a root CA so no "-CAfile" option
|
||||
openssl ocsp \
|
||||
-issuer "${_issuer}" \
|
||||
-cert "${_pem}" \
|
||||
-url "${_ocsp_url}" \
|
||||
-header Host "${_ocsp_host}" \
|
||||
-respout "${_ocsp}" \
|
||||
-verify_other "${_issuer}" \
|
||||
-no_nonce \
|
||||
| grep -q "${_pem}: good"
|
||||
_ret=$?
|
||||
fi
|
||||
else
|
||||
# Non fatal: No issuer file was present so no OCSP stapling file created
|
||||
_err "OCSP stapling in use but no .issuer file was present"
|
||||
fi
|
||||
else
|
||||
# Non fatal: No OCSP url was found int the certificate
|
||||
_err "OCSP update requested but no OCSP URL was found in certificate"
|
||||
fi
|
||||
|
||||
# Non fatal: Check return code of openssl command
|
||||
if [ "${_ret}" != "0" ]; then
|
||||
_err "Updating OCSP stapling failed with return code ${_ret}"
|
||||
fi
|
||||
else
|
||||
# An OCSP file was already present but certificate did not have OCSP extension
|
||||
if [ -f "${_ocsp}" ]; then
|
||||
_err "OCSP was not requested but .ocsp file exists."
|
||||
# Could remove the file at this step, although HAProxy just ignores it in this case
|
||||
# rm -f "${_ocsp}" || _err "Problem removing stale .ocsp file"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Reload HAProxy
|
||||
_debug _reload "${_reload}"
|
||||
eval "${_reload}"
|
||||
_ret=$?
|
||||
if [ "${_ret}" != "0" ]; then
|
||||
_err "Error code ${_ret} during reload"
|
||||
return ${_ret}
|
||||
else
|
||||
_info "Reload successful"
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
@ -1,4 +1,6 @@
|
||||
# How to use DNS API
|
||||
DNS api usage:
|
||||
|
||||
https://github.com/Neilpang/acme.sh/wiki/dnsapi
|
||||
|
||||
https://github.com/Neilpang/acme.sh/wiki/dnsapi
|
||||
|
||||
|
@ -119,7 +119,7 @@ _ddnss_rest() {
|
||||
|
||||
# DDNSS uses GET to update domain info
|
||||
if [ "$method" = "GET" ]; then
|
||||
response="$(_get "$url" | sed 's/<[^>]*>//g;/</N;//ba' | _tail_n 1)"
|
||||
response="$(_get "$url" | sed 's/<[a-zA-Z\/][^>]*>//g' | _tail_n 1)"
|
||||
else
|
||||
_err "Unsupported method"
|
||||
return 1
|
||||
|
64
dnsapi/dns_nsd.sh
Normal file
64
dnsapi/dns_nsd.sh
Normal file
@ -0,0 +1,64 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
#Nsd_ZoneFile="/etc/nsd/zones/example.com.zone"
|
||||
#Nsd_Command="sudo nsd-control reload"
|
||||
|
||||
# args: fulldomain txtvalue
|
||||
dns_nsd_add() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
ttlvalue=300
|
||||
|
||||
Nsd_ZoneFile="${Nsd_ZoneFile:-$(_readdomainconf Nsd_ZoneFile)}"
|
||||
Nsd_Command="${Nsd_Command:-$(_readdomainconf Nsd_Command)}"
|
||||
|
||||
# Arg checks
|
||||
if [ -z "$Nsd_ZoneFile" ] || [ -z "$Nsd_Command" ]; then
|
||||
Nsd_ZoneFile=""
|
||||
Nsd_Command=""
|
||||
_err "Specify ENV vars Nsd_ZoneFile and Nsd_Command"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ ! -f "$Nsd_ZoneFile" ]; then
|
||||
Nsd_ZoneFile=""
|
||||
Nsd_Command=""
|
||||
_err "No such file: $Nsd_ZoneFile"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_savedomainconf Nsd_ZoneFile "$Nsd_ZoneFile"
|
||||
_savedomainconf Nsd_Command "$Nsd_Command"
|
||||
|
||||
echo "$fulldomain. $ttlvalue IN TXT \"$txtvalue\"" >>"$Nsd_ZoneFile"
|
||||
_info "Added TXT record for $fulldomain"
|
||||
_debug "Running $Nsd_Command"
|
||||
if eval "$Nsd_Command"; then
|
||||
_info "Successfully updated the zone"
|
||||
return 0
|
||||
else
|
||||
_err "Problem updating the zone"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# args: fulldomain txtvalue
|
||||
dns_nsd_rm() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
ttlvalue=300
|
||||
|
||||
Nsd_ZoneFile="${Nsd_ZoneFile:-$(_readdomainconf Nsd_ZoneFile)}"
|
||||
Nsd_Command="${Nsd_Command:-$(_readdomainconf Nsd_Command)}"
|
||||
|
||||
sed -i "/$fulldomain. $ttlvalue IN TXT \"$txtvalue\"/d" "$Nsd_ZoneFile"
|
||||
_info "Removed TXT record for $fulldomain"
|
||||
_debug "Running $Nsd_Command"
|
||||
if eval "$Nsd_Command"; then
|
||||
_info "Successfully reloaded NSD "
|
||||
return 0
|
||||
else
|
||||
_err "Problem reloading NSD"
|
||||
return 1
|
||||
fi
|
||||
}
|
139
dnsapi/dns_one.sh
Normal file
139
dnsapi/dns_one.sh
Normal file
@ -0,0 +1,139 @@
|
||||
#!/usr/bin/env sh
|
||||
# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*-
|
||||
|
||||
# one.com ui wrapper for acme.sh
|
||||
# Author: github: @diseq
|
||||
# Created: 2019-02-17
|
||||
#
|
||||
# export ONECOM_USER="username"
|
||||
# export ONECOM_PASSWORD="password"
|
||||
#
|
||||
# Usage:
|
||||
# acme.sh --issue --dns dns_one -d example.com
|
||||
#
|
||||
# only single domain supported atm
|
||||
|
||||
dns_one_add() {
|
||||
mysubdomain=$(printf -- "%s" "$1" | rev | cut -d"." -f3- | rev)
|
||||
mydomain=$(printf -- "%s" "$1" | rev | cut -d"." -f1-2 | rev)
|
||||
txtvalue=$2
|
||||
|
||||
# get credentials
|
||||
ONECOM_USER="${ONECOM_USER:-$(_readaccountconf_mutable ONECOM_USER)}"
|
||||
ONECOM_PASSWORD="${ONECOM_PASSWORD:-$(_readaccountconf_mutable ONECOM_PASSWORD)}"
|
||||
if [ -z "$ONECOM_USER" ] || [ -z "$ONECOM_PASSWORD" ]; then
|
||||
ONECOM_USER=""
|
||||
ONECOM_PASSWORD=""
|
||||
_err "You didn't specify a one.com username and password yet."
|
||||
_err "Please create the key and try again."
|
||||
return 1
|
||||
fi
|
||||
|
||||
#save the api key and email to the account conf file.
|
||||
_saveaccountconf_mutable ONECOM_USER "$ONECOM_USER"
|
||||
_saveaccountconf_mutable ONECOM_PASSWORD "$ONECOM_PASSWORD"
|
||||
|
||||
# Login with user and password
|
||||
postdata="loginDomain=true"
|
||||
postdata="$postdata&displayUsername=$ONECOM_USER"
|
||||
postdata="$postdata&username=$ONECOM_USER"
|
||||
postdata="$postdata&targetDomain=$mydomain"
|
||||
postdata="$postdata&password1=$ONECOM_PASSWORD"
|
||||
postdata="$postdata&loginTarget="
|
||||
#_debug postdata "$postdata"
|
||||
|
||||
response="$(_post "$postdata" "https://www.one.com/admin/login.do" "" "POST" "application/x-www-form-urlencoded")"
|
||||
#_debug response "$response"
|
||||
|
||||
JSESSIONID="$(grep "JSESSIONID" "$HTTP_HEADER" | grep "^[Ss]et-[Cc]ookie:" | _tail_n 1 | _egrep_o 'JSESSIONID=[^;]*;' | tr -d ';')"
|
||||
_debug jsessionid "$JSESSIONID"
|
||||
|
||||
export _H1="Cookie: ${JSESSIONID}"
|
||||
|
||||
# get entries
|
||||
response="$(_get "https://www.one.com/admin/api/domains/$mydomain/dns/custom_records")"
|
||||
_debug response "$response"
|
||||
|
||||
CSRF_G_TOKEN="$(grep "CSRF_G_TOKEN=" "$HTTP_HEADER" | grep "^Set-Cookie:" | _tail_n 1 | _egrep_o 'CSRF_G_TOKEN=[^;]*;' | tr -d ';')"
|
||||
export _H2="Cookie: ${CSRF_G_TOKEN}"
|
||||
|
||||
# Update the IP address for domain entry
|
||||
postdata="{\"type\":\"dns_custom_records\",\"attributes\":{\"priority\":0,\"ttl\":600,\"type\":\"TXT\",\"prefix\":\"$mysubdomain\",\"content\":\"$txtvalue\"}}"
|
||||
_debug postdata "$postdata"
|
||||
response="$(_post "$postdata" "https://www.one.com/admin/api/domains/$mydomain/dns/custom_records" "" "POST" "application/json")"
|
||||
response="$(echo "$response" | _normalizeJson)"
|
||||
_debug response "$response"
|
||||
|
||||
id=$(printf -- "%s" "$response" | sed -n "s/{\"result\":{\"data\":{\"type\":\"dns_custom_records\",\"id\":\"\([^\"]*\)\",\"attributes\":{\"prefix\":\"$mysubdomain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"priority\":0,\"ttl\":600}}},\"metadata\":null}/\1/p")
|
||||
|
||||
if [ -z "$id" ]; then
|
||||
_err "Add txt record error."
|
||||
return 1
|
||||
else
|
||||
_info "Added, OK ($id)"
|
||||
return 0
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
dns_one_rm() {
|
||||
mysubdomain=$(printf -- "%s" "$1" | rev | cut -d"." -f3- | rev)
|
||||
mydomain=$(printf -- "%s" "$1" | rev | cut -d"." -f1-2 | rev)
|
||||
txtvalue=$2
|
||||
|
||||
# get credentials
|
||||
ONECOM_USER="${ONECOM_USER:-$(_readaccountconf_mutable ONECOM_USER)}"
|
||||
ONECOM_PASSWORD="${ONECOM_PASSWORD:-$(_readaccountconf_mutable ONECOM_PASSWORD)}"
|
||||
if [ -z "$ONECOM_USER" ] || [ -z "$ONECOM_PASSWORD" ]; then
|
||||
ONECOM_USER=""
|
||||
ONECOM_PASSWORD=""
|
||||
_err "You didn't specify a one.com username and password yet."
|
||||
_err "Please create the key and try again."
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Login with user and password
|
||||
postdata="loginDomain=true"
|
||||
postdata="$postdata&displayUsername=$ONECOM_USER"
|
||||
postdata="$postdata&username=$ONECOM_USER"
|
||||
postdata="$postdata&targetDomain=$mydomain"
|
||||
postdata="$postdata&password1=$ONECOM_PASSWORD"
|
||||
postdata="$postdata&loginTarget="
|
||||
|
||||
response="$(_post "$postdata" "https://www.one.com/admin/login.do" "" "POST" "application/x-www-form-urlencoded")"
|
||||
#_debug response "$response"
|
||||
|
||||
JSESSIONID="$(grep "JSESSIONID" "$HTTP_HEADER" | grep "^[Ss]et-[Cc]ookie:" | _tail_n 1 | _egrep_o 'JSESSIONID=[^;]*;' | tr -d ';')"
|
||||
_debug jsessionid "$JSESSIONID"
|
||||
|
||||
export _H1="Cookie: ${JSESSIONID}"
|
||||
|
||||
# get entries
|
||||
response="$(_get "https://www.one.com/admin/api/domains/$mydomain/dns/custom_records")"
|
||||
response="$(echo "$response" | _normalizeJson)"
|
||||
_debug response "$response"
|
||||
|
||||
CSRF_G_TOKEN="$(grep "CSRF_G_TOKEN=" "$HTTP_HEADER" | grep "^Set-Cookie:" | _tail_n 1 | _egrep_o 'CSRF_G_TOKEN=[^;]*;' | tr -d ';')"
|
||||
export _H2="Cookie: ${CSRF_G_TOKEN}"
|
||||
|
||||
id=$(printf -- "%s" "$response" | sed -n "s/.*{\"type\":\"dns_custom_records\",\"id\":\"\([^\"]*\)\",\"attributes\":{\"prefix\":\"$mysubdomain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"priority\":0,\"ttl\":600}.*/\1/p")
|
||||
|
||||
if [ -z "$id" ]; then
|
||||
_err "Txt record not found."
|
||||
return 1
|
||||
fi
|
||||
|
||||
# delete entry
|
||||
response="$(_post "$postdata" "https://www.one.com/admin/api/domains/$mydomain/dns/custom_records/$id" "" "DELETE" "application/json")"
|
||||
response="$(echo "$response" | _normalizeJson)"
|
||||
_debug response "$response"
|
||||
|
||||
if [ "$response" = '{"result":null,"metadata":null}' ]; then
|
||||
_info "Removed, OK"
|
||||
return 0
|
||||
else
|
||||
_err "Removing txt record error."
|
||||
return 1
|
||||
fi
|
||||
|
||||
}
|
261
dnsapi/dns_schlundtech.sh
Normal file
261
dnsapi/dns_schlundtech.sh
Normal file
@ -0,0 +1,261 @@
|
||||
#!/usr/bin/env sh
|
||||
# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*-
|
||||
|
||||
# Schlundtech DNS API
|
||||
# Author: mod242
|
||||
# Created: 2019-40-29
|
||||
# Completly based on the autoDNS xml api wrapper by auerswald@gmail.com
|
||||
#
|
||||
# export SCHLUNDTECH_USER="username"
|
||||
# export SCHLUNDTECH_PASSWORD="password"
|
||||
#
|
||||
# Usage:
|
||||
# acme.sh --issue --dns dns_schlundtech -d example.com
|
||||
|
||||
SCHLUNDTECH_API="https://gateway.schlundtech.de"
|
||||
|
||||
# Arguments:
|
||||
# txtdomain
|
||||
# txt
|
||||
dns_schlundtech_add() {
|
||||
fulldomain="$1"
|
||||
txtvalue="$2"
|
||||
|
||||
SCHLUNDTECH_USER="${SCHLUNDTECH_USER:-$(_readaccountconf_mutable SCHLUNDTECH_USER)}"
|
||||
SCHLUNDTECH_PASSWORD="${SCHLUNDTECH_PASSWORD:-$(_readaccountconf_mutable SCHLUNDTECH_PASSWORD)}"
|
||||
|
||||
if [ -z "$SCHLUNDTECH_USER" ] || [ -z "$SCHLUNDTECH_PASSWORD" ]; then
|
||||
_err "You didn't specify schlundtech user and password."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_saveaccountconf_mutable SCHLUNDTECH_USER "$SCHLUNDTECH_USER"
|
||||
_saveaccountconf_mutable SCHLUNDTECH_PASSWORD "$SCHLUNDTECH_PASSWORD"
|
||||
|
||||
_debug "First detect the root zone"
|
||||
|
||||
if ! _get_autodns_zone "$fulldomain"; then
|
||||
_err "invalid domain"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug _sub_domain "$_sub_domain"
|
||||
_debug _zone "$_zone"
|
||||
_debug _system_ns "$_system_ns"
|
||||
|
||||
_info "Adding TXT record"
|
||||
|
||||
autodns_response="$(_autodns_zone_update "$_zone" "$_sub_domain" "$txtvalue" "$_system_ns")"
|
||||
|
||||
if [ "$?" -eq "0" ]; then
|
||||
_info "Added, OK"
|
||||
return 0
|
||||
fi
|
||||
|
||||
return 1
|
||||
}
|
||||
|
||||
# Arguments:
|
||||
# txtdomain
|
||||
# txt
|
||||
dns_schlundtech_rm() {
|
||||
fulldomain="$1"
|
||||
txtvalue="$2"
|
||||
|
||||
SCHLUNDTECH_USER="${SCHLUNDTECH_USER:-$(_readaccountconf_mutable SCHLUNDTECH_USER)}"
|
||||
SCHLUNDTECH_PASSWORD="${SCHLUNDTECH_PASSWORD:-$(_readaccountconf_mutable SCHLUNDTECH_PASSWORD)}"
|
||||
|
||||
if [ -z "$SCHLUNDTECH_USER" ] || [ -z "$SCHLUNDTECH_PASSWORD" ]; then
|
||||
_err "You didn't specify schlundtech user and password."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug "First detect the root zone"
|
||||
|
||||
if ! _get_autodns_zone "$fulldomain"; then
|
||||
_err "zone not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug _sub_domain "$_sub_domain"
|
||||
_debug _zone "$_zone"
|
||||
_debug _system_ns "$_system_ns"
|
||||
|
||||
_info "Delete TXT record"
|
||||
|
||||
autodns_response="$(_autodns_zone_cleanup "$_zone" "$_sub_domain" "$txtvalue" "$_system_ns")"
|
||||
|
||||
if [ "$?" -eq "0" ]; then
|
||||
_info "Deleted, OK"
|
||||
return 0
|
||||
fi
|
||||
|
||||
return 1
|
||||
}
|
||||
|
||||
#################### Private functions below ##################################
|
||||
|
||||
# Arguments:
|
||||
# fulldomain
|
||||
# Returns:
|
||||
# _sub_domain=_acme-challenge.www
|
||||
# _zone=domain.com
|
||||
# _system_ns
|
||||
_get_autodns_zone() {
|
||||
domain="$1"
|
||||
|
||||
i=2
|
||||
p=1
|
||||
|
||||
while true; do
|
||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||
_debug h "$h"
|
||||
|
||||
if [ -z "$h" ]; then
|
||||
# not valid
|
||||
return 1
|
||||
fi
|
||||
|
||||
autodns_response="$(_autodns_zone_inquire "$h")"
|
||||
|
||||
if [ "$?" -ne "0" ]; then
|
||||
_err "invalid domain"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if _contains "$autodns_response" "<summary>1</summary>" >/dev/null; then
|
||||
_zone="$(echo "$autodns_response" | _egrep_o '<name>[^<]*</name>' | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
||||
_system_ns="$(echo "$autodns_response" | _egrep_o '<system_ns>[^<]*</system_ns>' | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||
return 0
|
||||
fi
|
||||
|
||||
p=$i
|
||||
i=$(_math "$i" + 1)
|
||||
done
|
||||
|
||||
return 1
|
||||
}
|
||||
|
||||
_build_request_auth_xml() {
|
||||
printf "<auth>
|
||||
<user>%s</user>
|
||||
<password>%s</password>
|
||||
<context>10</context>
|
||||
</auth>" "$SCHLUNDTECH_USER" "$SCHLUNDTECH_PASSWORD"
|
||||
}
|
||||
|
||||
# Arguments:
|
||||
# zone
|
||||
_build_zone_inquire_xml() {
|
||||
printf "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
|
||||
<request>
|
||||
%s
|
||||
<task>
|
||||
<code>0205</code>
|
||||
<view>
|
||||
<children>1</children>
|
||||
<limit>1</limit>
|
||||
</view>
|
||||
<where>
|
||||
<key>name</key>
|
||||
<operator>eq</operator>
|
||||
<value>%s</value>
|
||||
</where>
|
||||
</task>
|
||||
</request>" "$(_build_request_auth_xml)" "$1"
|
||||
}
|
||||
|
||||
# Arguments:
|
||||
# zone
|
||||
# subdomain
|
||||
# txtvalue
|
||||
# system_ns
|
||||
_build_zone_update_xml() {
|
||||
printf "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
|
||||
<request>
|
||||
%s
|
||||
<task>
|
||||
<code>0202001</code>
|
||||
<default>
|
||||
<rr_add>
|
||||
<name>%s</name>
|
||||
<ttl>600</ttl>
|
||||
<type>TXT</type>
|
||||
<value>%s</value>
|
||||
</rr_add>
|
||||
</default>
|
||||
<zone>
|
||||
<name>%s</name>
|
||||
<system_ns>%s</system_ns>
|
||||
</zone>
|
||||
</task>
|
||||
</request>" "$(_build_request_auth_xml)" "$2" "$3" "$1" "$4"
|
||||
}
|
||||
|
||||
# Arguments:
|
||||
# zone
|
||||
_autodns_zone_inquire() {
|
||||
request_data="$(_build_zone_inquire_xml "$1")"
|
||||
autodns_response="$(_autodns_api_call "$request_data")"
|
||||
ret="$?"
|
||||
|
||||
printf "%s" "$autodns_response"
|
||||
return "$ret"
|
||||
}
|
||||
|
||||
# Arguments:
|
||||
# zone
|
||||
# subdomain
|
||||
# txtvalue
|
||||
# system_ns
|
||||
_autodns_zone_update() {
|
||||
request_data="$(_build_zone_update_xml "$1" "$2" "$3" "$4")"
|
||||
autodns_response="$(_autodns_api_call "$request_data")"
|
||||
ret="$?"
|
||||
|
||||
printf "%s" "$autodns_response"
|
||||
return "$ret"
|
||||
}
|
||||
|
||||
# Arguments:
|
||||
# zone
|
||||
# subdomain
|
||||
# txtvalue
|
||||
# system_ns
|
||||
_autodns_zone_cleanup() {
|
||||
request_data="$(_build_zone_update_xml "$1" "$2" "$3" "$4")"
|
||||
# replace 'rr_add>' with 'rr_rem>' in request_data
|
||||
request_data="$(printf -- "%s" "$request_data" | sed 's/rr_add>/rr_rem>/g')"
|
||||
autodns_response="$(_autodns_api_call "$request_data")"
|
||||
ret="$?"
|
||||
|
||||
printf "%s" "$autodns_response"
|
||||
return "$ret"
|
||||
}
|
||||
|
||||
# Arguments:
|
||||
# request_data
|
||||
_autodns_api_call() {
|
||||
request_data="$1"
|
||||
|
||||
_debug request_data "$request_data"
|
||||
|
||||
autodns_response="$(_post "$request_data" "$SCHLUNDTECH_API")"
|
||||
ret="$?"
|
||||
|
||||
_debug autodns_response "$autodns_response"
|
||||
|
||||
if [ "$ret" -ne "0" ]; then
|
||||
_err "error"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if _contains "$autodns_response" "<type>success</type>" >/dev/null; then
|
||||
_info "success"
|
||||
printf "%s" "$autodns_response"
|
||||
return 0
|
||||
fi
|
||||
|
||||
return 1
|
||||
}
|
Loading…
Reference in New Issue
Block a user