The function '_get_root' tries to retrieve the
hostedzone iterating the domains, eg:
1. srv.prod.example.com
2. prod.example.com
3. example.com
This doesn't work if '_acme-challenge' is in it's
own hostedzone for security reasons.
Starting that iteration with '_acme-challenge.srv.prod.example.com'
fixes this issue.
+ShellCheck
+ACME v2 compatible
Example:
- Fist create 2 new TXT records on _acme-challenge.example.com
- Now note the ID in (...) from the edit page behind "_acme-challenge.example.com"
export SELFHOSTDNS_USERNAME=myname
export SELFHOSTDNS_PASSWORD=mypass
export SELFHOSTDNS_RID=id_of_txt_record
export SELFHOSTDNS_RID2=id_of_second_txt_record
acme.sh --issue -d example.com --dns dns_selfhost
service/get_list returns domains in utf. But if utf, then error Error parsing certificate request: x509: SAN dNSName is malformed
early using my patch by IDN_ITEM="$(echo "${ITEM}" | idn)"
Now replacing by IDN_ITEM="$(_idn "${ITEM}")"
1. Match zone name in response in case multiple items return.
2. Use string '"id"' (single quotation marks added) to check if zone/record exist in _get_zoneid() & _get_recordset_id(). Fix domain can't contain string "id".
(Sensitive _debug Access Token Commented out, For CICD Run)
PR #3673 Fix simply.com API seems abandoned by maintainer and I need this fixed asap
Changes implemented
* Normalize JSON and fix not handling return code correctly
* Add some information to comments
* Fix trailing slash on URIs
* Add 60 second sleep for zone to be written
* Fix parsing record_data and record_type
the value for uniqueFormIdTTL is not available or needed anymore.
values for 'aktivPaket' are not needed by the api.
changed endpoint for deletion from `/deleteRecord` to `/dns/record/delete`
URL is now constructed after possible fallback value for Infoblox_View is being set
Infoblox_View is URLencoded to deal with e.g. spaces
Some cleanup, clearer log messages etc.
The plugin will use the following order of precedence:
environment value > file value > default value
See the wiki for details on environment variable names.
Signed-off-by: Avi Miller <avi.miller@oracle.com>
The individual parameters can still be overridden via the
corresponding OCI_CLI environment variable.
Signed-off-by: Avi Miller <avi.miller@oracle.com>
Also reduced the number of environment variables which simplifies
the documentation and requirements. The variable names now match
those used by the OCI CLI.
Signed-off-by: Avi Miller <avi.miller@oracle.com>
This plugin is has noticeably more required fields than most
other plugins due to the requirement that all requests to
the OCI REST API must be cryptographically signed by the client
using the draft standard proposed in draft-cavage-http-signatures-08[1].
The OCI specific implementation details of the draft standard are
documented in the Developer Guide[2].
NOTE: there is maximum allowed clock skew of five minutes between the
client and the API endpoint. Requests will be denied if the skew is
greater.
This PR also includes a minor tweak to the Solaris job in the DNS
workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1.
Without these changes, the signature generation function does not
work on Solaris.
[1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08
[2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five
Signed-off-by: Avi Miller <avi.miller@oracle.com>
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
The API now supports a POST route for adding records. Therefore
checking for already existing records and including them in a PATCH
request is no longer necessary.
* change arvan api script
* change Author name
* change name actor
* Updated --preferred-chain to issue ISRG properly
To support different openssl crl2pkcs7 help cli format
* dnsapi/pdns: also normalize json response in detecting root zone
* Chain (#3408)
* fix https://github.com/acmesh-official/acme.sh/issues/3384
match the issuer to the root CA cert subject
* fix format
* fix https://github.com/acmesh-official/acme.sh/issues/3384
* remove the alt files. https://github.com/acmesh-official/acme.sh/issues/3384
* upgrade freebsd and solaris
* duckdns - fix "integer expression expected" errors (#3397)
* fix "integer expression expected" errors
* duckdns fix
* Update dns_duckdns.sh
* Update dns_duckdns.sh
* Implement smtp notify hook
Support notifications via direct SMTP server connection.
Uses Python (2.7.x or 3.4+) to communicate with SMTP server.
* Make shfmt happy
(I'm open to better ways of formatting the heredoc
that embeds the Python script.)
* Only save config if send is successful
* Add instructions for reporting bugs
* Prep for curl or Python; clean up SMTP_* variable usage
* Implement curl version of smtp notify-hook
* More than one blank line is an abomination, apparently
I will not try to use whitespace to group code visually
* Fix: Unifi deploy hook support Unifi Cloud Key (#3327)
* fix: unifi deploy hook also update Cloud Key nginx certs
When running on a Unifi Cloud Key device, also deploy to
/etc/ssl/private/cloudkey.{crt,key} and reload nginx. This
makes the new cert available for the Cloud Key management
app running via nginx on port 443 (as well as the port 8443
Unifi Controller app the deploy hook already supported).
Fixes#3326
* Improve settings documentation comments
* Improve Cloud Key pre-flight error messaging
* Fix typo
* Add support for UnifiOS (Cloud Key Gen2)
Since UnifiOS does not use the Java keystore (like a Unifi
Controller or Cloud Key Gen1 deploy), this also reworks
the settings validation and error messaging somewhat.
* PR review fixes
* Detect unsupported Cloud Key java keystore location
* Don't try to restart inactive services
(and remove extra spaces from reload command)
* Clean up error messages and internal variables
* Change to _getdeployconf/_savedeployconf
* Switch from cp to cat to preserve file permissions
* feat: add huaweicloud error handling
* fix: fix freebsd and solaris
* support openssl 3.0
fix https://github.com/acmesh-official/acme.sh/issues/3399
* make the fix for rsa key only
* Use PROJECT_NAME and VER for X-Mailer header
Also add X-Mailer header to Python version
* Add _clearaccountconf_mutable()
* Rework read/save config to not save default values
Add and use _readaccountconf_mutable_default and
_saveaccountconf_mutable_default helpers to capture
common default value handling.
New approach also eliminates need for separate
underscore-prefixed version of each conf var.
* Implement _rfc2822_date helper
* Clean email headers and warn on unsupported address format
Just in case, make sure CR or NL don't end up in
an email header.
* Clarify _readaccountconf_mutable_default
* Add Date email header in Python implementation
* Use email.policy.default in Python 3 implementation
Improves standards compatibility and utf-8 handling
in Python 3.3-3.8. (email.policy.default becomes the
default in Python 3.9.)
* Prefer Python to curl when both available
* Change default SMTP_SECURE to "tls"
Secure by default. Also try to minimize configuration errors.
(Many ESPs/ISPs require STARTTLS, and most support it.)
* Update dns_dp.sh
没有encode中文字符会导致提交失败
* No need to include EC parameters explicitly with the private key.
(they are embedded)
* Fixes response handling and thereby allow issuing of subdomain certs
* Adds comment
* fix https://github.com/acmesh-official/acme.sh/issues/3402
* dnsapi/ionos: Use POST instead of PATCH for adding TXT record
The API now supports a POST route for adding records. Therefore
checking for already existing records and including them in a PATCH
request is no longer necessary.
* fix https://github.com/acmesh-official/acme.sh/issues/3433
* fix https://github.com/acmesh-official/acme.sh/issues/3019
* fix format
* Update dns_servercow.sh to support wildcard certs
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
* Update dns_servercow.sh to support wildcard certs
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
* fix https://github.com/acmesh-official/acme.sh/issues/3312
* fix format
* feat: add dns_porkbun
* fix: prevent rate limit
Co-authored-by: Vahid Fardi <vahid.fardi@snapp.cab>
Co-authored-by: neil <github@neilpang.com>
Co-authored-by: Gnought <1684105+gnought@users.noreply.github.com>
Co-authored-by: manuel <manuel@mausz.at>
Co-authored-by: jerrm <jerrm@users.noreply.github.com>
Co-authored-by: medmunds <medmunds@gmail.com>
Co-authored-by: Mike Edmunds <github@to.mikeedmunds.com>
Co-authored-by: Easton Man <manyang.me@outlook.com>
Co-authored-by: czeming <loser_wind@163.com>
Co-authored-by: Geert Hendrickx <geert@hendrickx.be>
Co-authored-by: Kristian Johansson <kristian.johansson86@gmail.com>
Co-authored-by: Lukas Brocke <lukas@brocke.net>
Co-authored-by: anom-human <80478363+anom-human@users.noreply.github.com>
Co-authored-by: neil <win10@neilpang.com>
Co-authored-by: Quentin Dreyer <quentin.dreyer@rgsystem.com>
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
The API now supports a POST route for adding records. Therefore
checking for already existing records and including them in a PATCH
request is no longer necessary.