commit
a6d583cb5e
@ -1,4 +1,4 @@
|
||||
# An ACME Shell script: acme.sh
|
||||
# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh)
|
||||
- An ACME protocol client written purely in Shell (Unix shell) language.
|
||||
- Fully ACME protocol implementation.
|
||||
- Simple, powerful and very easy to use. You only need 3 minutes to learn.
|
||||
@ -256,6 +256,7 @@ You don't have do anything manually!
|
||||
(DigitalOcean, DNSimple, DnsMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.)
|
||||
9. LuaDNS.com API
|
||||
10. DNSMadeEasy.com API
|
||||
11. nsupdate
|
||||
|
||||
##### More APIs are coming soon...
|
||||
|
||||
|
5
acme.sh
5
acme.sh
@ -3592,6 +3592,11 @@ _initconf() {
|
||||
#
|
||||
#GD_Secret=\"sADDsdasdfsdfdssdgdsf\"
|
||||
|
||||
#######################
|
||||
#nsupdate:
|
||||
#NSUPDATE_KEY=\"/path/to/update.key\"
|
||||
#NSUPDATE_SERVER=\"192.168.0.1\"
|
||||
|
||||
#######################
|
||||
#PowerDNS:
|
||||
#PDNS_Url=\"http://ns.example.com:8081\"
|
||||
|
@ -1,6 +1,6 @@
|
||||
# How to use dns api
|
||||
|
||||
## Use CloudFlare domain api to automatically issue cert
|
||||
## 1. Use CloudFlare domain api to automatically issue cert
|
||||
|
||||
For now, we support clourflare integeration.
|
||||
|
||||
@ -22,7 +22,7 @@ The `CF_Key` and `CF_Email` will be saved in `~/.acme.sh/account.conf`, when ne
|
||||
|
||||
|
||||
|
||||
## Use Dnspod.cn domain api to automatically issue cert
|
||||
## 2. Use Dnspod.cn domain api to automatically issue cert
|
||||
|
||||
For now, we support dnspod.cn integeration.
|
||||
|
||||
@ -43,7 +43,7 @@ acme.sh --issue --dns dns_dp -d example.com -d www.example.com
|
||||
The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf`, when next time you use dnspod.cn api, it will reuse this key.
|
||||
|
||||
|
||||
## Use Cloudxns.com domain api to automatically issue cert
|
||||
## 3. Use Cloudxns.com domain api to automatically issue cert
|
||||
|
||||
For now, we support Cloudxns.com integeration.
|
||||
|
||||
@ -64,7 +64,7 @@ acme.sh --issue --dns dns_cx -d example.com -d www.example.com
|
||||
The `CX_Key` and `CX_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use Cloudxns.com api, it will reuse this key.
|
||||
|
||||
|
||||
## Use Godaddy.com domain api to automatically issue cert
|
||||
## 4. Use Godaddy.com domain api to automatically issue cert
|
||||
|
||||
We support Godaddy integration.
|
||||
|
||||
@ -89,7 +89,7 @@ acme.sh --issue --dns dns_gd -d example.com -d www.example.com
|
||||
|
||||
The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use cloudflare api, it will reuse this key.
|
||||
|
||||
## Use PowerDNS embedded api to automatically issue cert
|
||||
## 5. Use PowerDNS embedded api to automatically issue cert
|
||||
|
||||
We support PowerDNS embedded API integration.
|
||||
|
||||
@ -112,31 +112,61 @@ acme.sh --issue --dns dns_pdns -d example.com -d www.example.com
|
||||
|
||||
The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf`.
|
||||
|
||||
## Use OVH/kimsufi/soyoustart/runabove API
|
||||
|
||||
## 6. Use OVH/kimsufi/soyoustart/runabove API
|
||||
|
||||
https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api
|
||||
|
||||
# Use custom api
|
||||
|
||||
If your api is not supported yet, you can write your own dns api.
|
||||
|
||||
Let's assume you want to name it 'myapi',
|
||||
|
||||
1. Create a bash script named `~/.acme.sh/dns_myapi.sh`,
|
||||
2. In the script, you must have a function named `dns_myapi_add()`. Which will be called by acme.sh to add dns records.
|
||||
3. Then you can use your api to issue cert like:
|
||||
## 7. Use nsupdate to automatically issue cert
|
||||
|
||||
First, generate a key for updating the zone
|
||||
```
|
||||
acme.sh --issue --dns dns_myapi -d example.com -d www.example.com
|
||||
b=$(dnssec-keygen -a hmac-sha512 -b 512 -n USER -K /tmp foo)
|
||||
cat > /etc/named/keys/update.key <<EOF
|
||||
key "update" {
|
||||
algorithm hmac-sha512;
|
||||
secret "$(awk '/^Key/{print $2}' /tmp/$b.private)";
|
||||
};
|
||||
EOF
|
||||
rm -f /tmp/$b.{private,key}
|
||||
```
|
||||
|
||||
For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh)
|
||||
Include this key in your named configuration
|
||||
```
|
||||
include "/etc/named/keys/update.key";
|
||||
```
|
||||
|
||||
# Use lexicon dns api
|
||||
Next, configure your zone to allow dynamic updates.
|
||||
Depending on your named version, use either
|
||||
```
|
||||
zone "example.com" {
|
||||
type master;
|
||||
allow-update { key "update"; };
|
||||
};
|
||||
```
|
||||
or
|
||||
```
|
||||
zone "example.com" {
|
||||
type master;
|
||||
update-policy {
|
||||
grant update subdomain example.com.;
|
||||
};
|
||||
}
|
||||
```
|
||||
Finally, make the dns server and update key available to `acme.sh`
|
||||
```
|
||||
export NSUPDATE_SERVER=dns.example.com
|
||||
export NSUPDATE_KEY=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa==
|
||||
```
|
||||
|
||||
https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
|
||||
Ok, let's issue cert now:
|
||||
```
|
||||
acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
## Use LuaDNS domain API
|
||||
The `NSUPDATE_SERVER` and `NSUPDATE_KEY` settings will be saved in `~/.acme.sh/account.conf`.
|
||||
|
||||
## 8. Use LuaDNS domain API
|
||||
|
||||
Get your API token at https://api.luadns.com/settings
|
||||
|
||||
@ -154,7 +184,7 @@ acme.sh --issue --dns dns_lua --dnssleep 3 -d example.com -d www.example.c
|
||||
|
||||
The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf`, and will be reused when needed.
|
||||
|
||||
## Use DNSMadeEasy domain API
|
||||
## 9. Use DNSMadeEasy domain API
|
||||
|
||||
Get your API credentials at https://cp.dnsmadeeasy.com/account/info
|
||||
|
||||
@ -172,5 +202,27 @@ acme.sh --issue --dns dns_me --dnssleep 3 -d example.com -d www.example.co
|
||||
|
||||
The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf`, and will be reused when needed.
|
||||
|
||||
# 10. Use custom api
|
||||
|
||||
If your api is not supported yet, you can write your own dns api.
|
||||
|
||||
Let's assume you want to name it 'myapi',
|
||||
|
||||
1. Create a bash script named `~/.acme.sh/dns_myapi.sh`,
|
||||
2. In the script, you must have a function named `dns_myapi_add()`. Which will be called by acme.sh to add dns records.
|
||||
3. Then you can use your api to issue cert like:
|
||||
|
||||
```
|
||||
acme.sh --issue --dns dns_myapi -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh)
|
||||
|
||||
# 11. Use lexicon dns api
|
||||
|
||||
https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
60
dnsapi/dns_nsupdate.sh
Executable file
60
dnsapi/dns_nsupdate.sh
Executable file
@ -0,0 +1,60 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
#Usage: dns_nsupdate_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
dns_nsupdate_add() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
_checkKeyFile || return 1
|
||||
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
|
||||
# save the dns server and key to the account conf file.
|
||||
_saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}"
|
||||
_saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}"
|
||||
_info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
|
||||
nsupdate -k "${NSUPDATE_KEY}" <<EOF
|
||||
server ${NSUPDATE_SERVER}
|
||||
update add ${fulldomain}. 60 in txt "${txtvalue}"
|
||||
send
|
||||
EOF
|
||||
if [ $? -ne 0 ]; then
|
||||
_err "error updating domain"
|
||||
return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
#Usage: dns_nsupdate_rm _acme-challenge.www.domain.com
|
||||
dns_nsupdate_rm() {
|
||||
fulldomain=$1
|
||||
_checkKeyFile || return 1
|
||||
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
|
||||
_info "removing ${fulldomain}. txt"
|
||||
nsupdate -k "${NSUPDATE_KEY}" <<EOF
|
||||
server ${NSUPDATE_SERVER}
|
||||
update delete ${fulldomain}. txt
|
||||
send
|
||||
EOF
|
||||
if [ $? -ne 0 ]; then
|
||||
_err "error updating domain"
|
||||
return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
#################### Private functions bellow ##################################
|
||||
|
||||
_checkKeyFile() {
|
||||
if [ -z "${NSUPDATE_KEY}" ]; then
|
||||
_err "you must specify a path to the nsupdate key file"
|
||||
return 1
|
||||
fi
|
||||
if [ ! -r "${NSUPDATE_KEY}" ]; then
|
||||
_err "key ${NSUPDATE_KEY} is unreadable"
|
||||
return 1
|
||||
fi
|
||||
}
|
Loading…
Reference in New Issue
Block a user