2016-04-17 13:47:22 +02:00
|
|
|
#!/usr/bin/env sh
|
2016-01-30 14:00:36 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
|
|
|
#
|
|
|
|
#CF_Email="xxxx@sss.com"
|
|
|
|
|
2019-07-27 05:48:29 +02:00
|
|
|
#CF_Token="xxxx"
|
|
|
|
#CF_Account_ID="xxxx"
|
2020-02-10 16:22:55 +01:00
|
|
|
#CF_Zone_ID="xxxx"
|
2019-07-27 05:48:29 +02:00
|
|
|
|
2016-05-07 17:33:42 +02:00
|
|
|
CF_Api="https://api.cloudflare.com/client/v4"
|
2016-01-30 14:00:36 +01:00
|
|
|
|
2016-01-30 15:34:35 +01:00
|
|
|
######## Public functions #####################
|
|
|
|
|
|
|
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
2016-11-09 12:30:39 +01:00
|
|
|
dns_cf_add() {
|
2016-01-30 14:00:36 +01:00
|
|
|
fulldomain=$1
|
|
|
|
txtvalue=$2
|
2016-11-09 12:30:39 +01:00
|
|
|
|
2019-07-27 05:48:29 +02:00
|
|
|
CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
|
|
|
|
CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
|
2020-02-10 16:22:55 +01:00
|
|
|
CF_Zone_ID="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
|
2017-04-11 16:29:49 +02:00
|
|
|
CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
|
|
|
|
CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
|
2016-11-09 12:30:39 +01:00
|
|
|
|
2019-07-27 05:48:29 +02:00
|
|
|
if [ "$CF_Token" ]; then
|
2022-02-09 11:08:55 +01:00
|
|
|
if [ "$CF_Zone_ID" ]; then
|
|
|
|
_savedomainconf CF_Token "$CF_Token"
|
|
|
|
_savedomainconf CF_Account_ID "$CF_Account_ID"
|
|
|
|
_savedomainconf CF_Zone_ID "$CF_Zone_ID"
|
|
|
|
else
|
|
|
|
_saveaccountconf_mutable CF_Token "$CF_Token"
|
|
|
|
_saveaccountconf_mutable CF_Account_ID "$CF_Account_ID"
|
|
|
|
_saveaccountconf_mutable CF_Zone_ID "$CF_Zone_ID"
|
|
|
|
fi
|
2019-07-27 05:48:29 +02:00
|
|
|
else
|
|
|
|
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
|
|
|
|
CF_Key=""
|
|
|
|
CF_Email=""
|
|
|
|
_err "You didn't specify a Cloudflare api key and email yet."
|
|
|
|
_err "You can get yours from here https://dash.cloudflare.com/profile."
|
|
|
|
return 1
|
|
|
|
fi
|
2016-11-16 17:25:40 +01:00
|
|
|
|
2019-07-27 05:48:29 +02:00
|
|
|
if ! _contains "$CF_Email" "@"; then
|
|
|
|
_err "It seems that the CF_Email=$CF_Email is not a valid email address."
|
|
|
|
_err "Please check and retry."
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
#save the api key and email to the account conf file.
|
|
|
|
_saveaccountconf_mutable CF_Key "$CF_Key"
|
|
|
|
_saveaccountconf_mutable CF_Email "$CF_Email"
|
|
|
|
fi
|
2016-11-09 12:30:39 +01:00
|
|
|
|
2016-01-30 15:11:09 +01:00
|
|
|
_debug "First detect the root zone"
|
2016-11-11 16:30:14 +01:00
|
|
|
if ! _get_root "$fulldomain"; then
|
2016-01-30 14:00:36 +01:00
|
|
|
_err "invalid domain"
|
|
|
|
return 1
|
|
|
|
fi
|
2016-02-29 06:38:40 +01:00
|
|
|
_debug _domain_id "$_domain_id"
|
|
|
|
_debug _sub_domain "$_sub_domain"
|
|
|
|
_debug _domain "$_domain"
|
2016-11-09 12:30:39 +01:00
|
|
|
|
2016-01-30 15:11:09 +01:00
|
|
|
_debug "Getting txt records"
|
2016-05-07 17:33:42 +02:00
|
|
|
_cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"
|
2016-11-09 12:30:39 +01:00
|
|
|
|
2020-04-29 04:12:29 +02:00
|
|
|
if ! echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
|
2016-01-30 14:00:36 +01:00
|
|
|
_err "Error"
|
|
|
|
return 1
|
|
|
|
fi
|
2016-11-09 12:30:39 +01:00
|
|
|
|
2018-01-06 12:42:29 +01:00
|
|
|
# For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
|
|
|
|
# we can not use updating anymore.
|
|
|
|
# count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
|
|
|
|
# _debug count "$count"
|
|
|
|
# if [ "$count" = "0" ]; then
|
2018-01-06 10:39:15 +01:00
|
|
|
_info "Adding record"
|
|
|
|
if _cf_rest POST "zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
|
2019-04-26 17:57:40 +02:00
|
|
|
if _contains "$response" "$txtvalue"; then
|
2018-01-06 10:39:15 +01:00
|
|
|
_info "Added, OK"
|
2016-11-09 12:30:39 +01:00
|
|
|
return 0
|
2018-12-02 12:37:35 +01:00
|
|
|
elif _contains "$response" "The record already exists"; then
|
|
|
|
_info "Already exists, OK"
|
|
|
|
return 0
|
2018-01-06 10:39:15 +01:00
|
|
|
else
|
|
|
|
_err "Add txt record error."
|
|
|
|
return 1
|
2016-01-30 14:00:36 +01:00
|
|
|
fi
|
|
|
|
fi
|
2018-01-06 10:39:15 +01:00
|
|
|
_err "Add txt record error."
|
|
|
|
return 1
|
2016-01-30 14:00:36 +01:00
|
|
|
|
2016-11-09 12:30:39 +01:00
|
|
|
}
|
2016-01-30 14:00:36 +01:00
|
|
|
|
2016-12-06 07:58:36 +01:00
|
|
|
#fulldomain txtvalue
|
2016-10-25 17:08:02 +02:00
|
|
|
dns_cf_rm() {
|
|
|
|
fulldomain=$1
|
2016-12-06 07:58:36 +01:00
|
|
|
txtvalue=$2
|
2017-04-16 03:36:59 +02:00
|
|
|
|
2019-07-27 05:48:29 +02:00
|
|
|
CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
|
|
|
|
CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
|
2020-03-29 23:45:52 +02:00
|
|
|
CF_Zone_ID="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
|
2017-04-16 03:36:59 +02:00
|
|
|
CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
|
|
|
|
CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
|
|
|
|
|
2016-12-06 07:58:36 +01:00
|
|
|
_debug "First detect the root zone"
|
|
|
|
if ! _get_root "$fulldomain"; then
|
|
|
|
_err "invalid domain"
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
_debug _domain_id "$_domain_id"
|
|
|
|
_debug _sub_domain "$_sub_domain"
|
|
|
|
_debug _domain "$_domain"
|
|
|
|
|
|
|
|
_debug "Getting txt records"
|
|
|
|
_cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue"
|
|
|
|
|
2020-04-29 04:15:13 +02:00
|
|
|
if ! echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
|
2020-04-11 19:24:30 +02:00
|
|
|
_err "Error: $response"
|
2016-12-06 07:58:36 +01:00
|
|
|
return 1
|
|
|
|
fi
|
2016-12-06 08:18:02 +01:00
|
|
|
|
2020-04-29 04:38:21 +02:00
|
|
|
count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ")
|
2016-12-06 07:58:36 +01:00
|
|
|
_debug count "$count"
|
|
|
|
if [ "$count" = "0" ]; then
|
|
|
|
_info "Don't need to remove."
|
|
|
|
else
|
2020-04-29 04:38:21 +02:00
|
|
|
record_id=$(echo "$response" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ")
|
2016-12-06 07:58:36 +01:00
|
|
|
_debug "record_id" "$record_id"
|
|
|
|
if [ -z "$record_id" ]; then
|
|
|
|
_err "Can not get record id to remove."
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
if ! _cf_rest DELETE "zones/$_domain_id/dns_records/$record_id"; then
|
|
|
|
_err "Delete record error."
|
|
|
|
return 1
|
|
|
|
fi
|
2020-04-29 04:42:17 +02:00
|
|
|
echo "$response" | tr -d " " | grep \"success\":true >/dev/null
|
2016-12-06 07:58:36 +01:00
|
|
|
fi
|
2016-01-30 15:34:35 +01:00
|
|
|
|
2016-10-25 17:08:02 +02:00
|
|
|
}
|
2016-01-30 15:34:35 +01:00
|
|
|
|
2016-12-14 21:32:24 +01:00
|
|
|
#################### Private functions below ##################################
|
2016-01-30 14:00:36 +01:00
|
|
|
#_acme-challenge.www.domain.com
|
2016-01-30 15:11:09 +01:00
|
|
|
#returns
|
2016-01-30 14:00:36 +01:00
|
|
|
# _sub_domain=_acme-challenge.www
|
|
|
|
# _domain=domain.com
|
|
|
|
# _domain_id=sdjkglgdfewsdfg
|
|
|
|
_get_root() {
|
|
|
|
domain=$1
|
2019-03-31 15:46:14 +02:00
|
|
|
i=1
|
2016-01-30 14:00:36 +01:00
|
|
|
p=1
|
2020-02-10 16:22:55 +01:00
|
|
|
|
|
|
|
# Use Zone ID directly if provided
|
|
|
|
if [ "$CF_Zone_ID" ]; then
|
|
|
|
if ! _cf_rest GET "zones/$CF_Zone_ID"; then
|
|
|
|
return 1
|
|
|
|
else
|
2020-04-29 04:42:17 +02:00
|
|
|
if echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
|
2020-04-29 04:38:21 +02:00
|
|
|
_domain=$(echo "$response" | _egrep_o "\"name\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ")
|
2020-02-10 16:22:55 +01:00
|
|
|
if [ "$_domain" ]; then
|
2020-02-11 19:07:10 +01:00
|
|
|
_cutlength=$((${#domain} - ${#_domain} - 1))
|
|
|
|
_sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cutlength")
|
2020-02-10 16:22:55 +01:00
|
|
|
_domain_id=$CF_Zone_ID
|
|
|
|
return 0
|
|
|
|
else
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2016-11-11 16:30:14 +01:00
|
|
|
while true; do
|
|
|
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
2016-12-27 13:40:52 +01:00
|
|
|
_debug h "$h"
|
2016-11-09 12:30:39 +01:00
|
|
|
if [ -z "$h" ]; then
|
2016-01-30 14:00:36 +01:00
|
|
|
#not valid
|
2016-11-09 12:30:39 +01:00
|
|
|
return 1
|
2016-01-30 14:00:36 +01:00
|
|
|
fi
|
2016-11-09 12:30:39 +01:00
|
|
|
|
2019-07-27 05:48:29 +02:00
|
|
|
if [ "$CF_Account_ID" ]; then
|
|
|
|
if ! _cf_rest GET "zones?name=$h&account.id=$CF_Account_ID"; then
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
if ! _cf_rest GET "zones?name=$h"; then
|
|
|
|
return 1
|
|
|
|
fi
|
2018-12-28 15:45:40 +01:00
|
|
|
fi
|
|
|
|
|
2019-05-08 16:07:27 +02:00
|
|
|
if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_count":1'; then
|
2020-04-29 04:38:21 +02:00
|
|
|
_domain_id=$(echo "$response" | _egrep_o "\[.\"id\": *\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ")
|
2016-11-09 12:30:39 +01:00
|
|
|
if [ "$_domain_id" ]; then
|
2016-11-11 16:30:14 +01:00
|
|
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
2016-01-30 14:00:36 +01:00
|
|
|
_domain=$h
|
|
|
|
return 0
|
|
|
|
fi
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
p=$i
|
2016-11-11 16:30:14 +01:00
|
|
|
i=$(_math "$i" + 1)
|
2016-01-30 14:00:36 +01:00
|
|
|
done
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
_cf_rest() {
|
|
|
|
m=$1
|
|
|
|
ep="$2"
|
2016-05-07 17:33:42 +02:00
|
|
|
data="$3"
|
2016-11-11 16:30:14 +01:00
|
|
|
_debug "$ep"
|
2016-11-09 12:30:39 +01:00
|
|
|
|
2019-07-27 05:48:29 +02:00
|
|
|
email_trimmed=$(echo "$CF_Email" | tr -d '"')
|
|
|
|
key_trimmed=$(echo "$CF_Key" | tr -d '"')
|
|
|
|
token_trimmed=$(echo "$CF_Token" | tr -d '"')
|
2019-04-02 17:05:52 +02:00
|
|
|
|
2019-07-27 05:48:29 +02:00
|
|
|
export _H1="Content-Type: application/json"
|
|
|
|
if [ "$token_trimmed" ]; then
|
|
|
|
export _H2="Authorization: Bearer $token_trimmed"
|
|
|
|
else
|
|
|
|
export _H2="X-Auth-Email: $email_trimmed"
|
|
|
|
export _H3="X-Auth-Key: $key_trimmed"
|
|
|
|
fi
|
2016-11-09 12:30:39 +01:00
|
|
|
|
2016-12-06 07:58:36 +01:00
|
|
|
if [ "$m" != "GET" ]; then
|
2016-01-30 15:11:09 +01:00
|
|
|
_debug data "$data"
|
2016-11-11 16:30:14 +01:00
|
|
|
response="$(_post "$data" "$CF_Api/$ep" "" "$m")"
|
2016-01-30 15:34:35 +01:00
|
|
|
else
|
2016-05-07 17:33:42 +02:00
|
|
|
response="$(_get "$CF_Api/$ep")"
|
2016-01-30 14:00:36 +01:00
|
|
|
fi
|
2016-11-09 12:30:39 +01:00
|
|
|
|
|
|
|
if [ "$?" != "0" ]; then
|
2016-01-30 15:34:35 +01:00
|
|
|
_err "error $ep"
|
2016-01-30 14:00:36 +01:00
|
|
|
return 1
|
|
|
|
fi
|
2016-04-09 17:40:59 +02:00
|
|
|
_debug2 response "$response"
|
2016-01-30 14:00:36 +01:00
|
|
|
return 0
|
|
|
|
}
|