Compare commits

...

2745 Commits
json ... master

Author SHA1 Message Date
neil
35632f2109
Merge pull request #6093 from acmesh-official/dev
sync
2024-11-11 22:43:23 +01:00
neil
821adcf178
Merge pull request #6087 from stokito/dnsapi-info
Dns API: fix structural info
2024-11-09 19:24:18 +01:00
Sergey Ponomarev
8bf9482bc0 dnsapi ionos_cloud: Use structured info
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
2024-11-09 18:31:52 +02:00
Sergey Ponomarev
fe8ad3548b dnsapi alviy: Use structured info
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
2024-11-09 18:22:01 +02:00
Sergey Ponomarev
4f17bc0d86 dnsapi timeweb: Use structured info
Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
2024-11-09 18:20:58 +02:00
Sergey Ponomarev
1a43c81840 dnsapi omg.lol: fix info
Description "Based on the omg.lol API" is useless for users so removed.
The link to api moved to comment bellow.
Domains: omg.lol is unnecessary because the DNS provider name is anyway omg.lol.
Site: changed to point to the https://omg.lol site.
Issues: put a link to the support issue.

Remove the useless "Please Read this guide first" comment.
Fix typos.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
2024-11-09 18:10:25 +02:00
neil
d058ac6174
Merge pull request #5328 from sahsanu/dev
Fix dns_pdns.sh to use saved account conf
2024-11-03 13:22:29 +01:00
neil
a4e7806d21 fix https://github.com/acmesh-official/acme.sh/issues/5208 2024-11-03 13:09:52 +01:00
neil
a00323412b
Merge pull request #5374 from ryoon/posix-shell-portability
Fix POSIX shell portability
2024-10-25 08:55:38 +02:00
Ryo ONODERA
838a20ea95 Fix POSIX shell portability
POSIX standard says test command has '=" as for checking identical.
'==' is bash dialect.
Replace '==' with '='.

See:
https://pubs.opengroup.org/onlinepubs/009604399/utilities/test.html
2024-10-24 22:52:28 +09:00
neil
5c78a5e4fe
Merge pull request #5331 from lifeboy/revert-TXT-add-update
Revert txt add update
2024-10-16 17:29:14 +02:00
Roland Giesler
30ed4af38d
Revert TXT add update
The change was needed for Power-Mailinabox and broke Mail-in-a-box, so a new API for Power-Mailinabox has been added
2024-10-16 11:49:29 +02:00
sahsanu
6a9304dd1c
Change _saveaccountconf to _saveaccountconf_mutable 2024-10-16 09:03:18 +02:00
sahsanu
1782eeb785
Fix dns_pdns.sh to use saved account conf 2024-10-14 16:18:44 +02:00
sahsanu
1aabb7d6de
Fix dns_pdns.sh to use saved account conf 2024-10-14 15:59:54 +02:00
neil
d4b8f9700b
Merge pull request #5326 from acmesh-official/dev
sync
2024-10-13 18:02:13 +02:00
neil
2ebecf1aa0 fix format 2024-10-13 17:59:25 +02:00
neil
7031df4948 fix format 2024-10-13 17:58:19 +02:00
neil
e0381dd757 fix format 2024-10-13 17:55:22 +02:00
neil
9b2eae24d2 fix format 2024-10-13 17:49:29 +02:00
neil
7362e8de4d fix format 2024-10-13 17:41:22 +02:00
neil
87beb0a5f2 fix name 2024-10-13 17:26:14 +02:00
neil
fc69cea4f7
Merge pull request #5323 from allddd/update_porkbun_url
Update Porkbun API URL
2024-10-12 20:46:07 +02:00
allddd
ad4780a1ac update api url 2024-10-12 01:07:35 +02:00
neil
138ab6dbbd
Merge pull request #5315 from fazelukario/patch-1
Fix markdown issue in telegram notify hook
2024-10-07 08:48:02 +02:00
fazelukario
26c2fc21c8
Moving to MarkdownV2 as the old Markdown is obsolete
- Implemented MarkdownV2 with escape of all necessary characters.
- Ref: https://core.telegram.org/bots/api#markdownv2-style
2024-10-07 05:16:11 +03:00
fazelukario
fef74c3bca
feat Cross-Platform Compatibility Guide 2024-10-07 03:46:35 +03:00
fazelukario
c390f1bfee
Escape markdown for subject 2024-10-07 03:34:49 +03:00
neil
f6698d4a84
Merge pull request #5301 from as-kholin/dns_omglol
Adding omg.lol DNS API
2024-10-06 11:52:33 +02:00
Gary McGregor
4193196c8b
Merge remote-tracking branch 'upstream/dev' into dns_omglol 2024-10-04 23:39:55 -05:00
neil
da06dc3728
Merge pull request #5313 from abulgatz/patch-1
Updated MS links, added wiki link, updated error messages, updated API limit comment
2024-10-03 09:33:19 +02:00
Adam Bulgatz
a0b8be5941
Updated MS links, added wiki link, updated error messages, updated API limit comment
Updated all Microsoft links from old `docs` subdomain to new `learn` subdomain, and fixed a couple that weren't working.

Added missing $wiki variable to print the wiki link in error messages.

Updated spelling and formatting in error messages

Updated a comment and added a TODO as Microsoft has increased the number of allowed Public DNS zones per subscription from 100 to 250, while the function in this script can only handle the old limit of 100.
2024-10-03 01:24:07 -05:00
Gary McGregor
fe971680ea
With variable name updates, correct missed update for the name for saved variables 2024-09-30 07:42:09 -05:00
Gary McGregor
254eb8f304
Updated variable names per @NeilPang 2024-09-30 06:47:26 -05:00
Gary McGregor
c9d15901d1
Merge remote-tracking branch 'upstream/master' into dns_omglol 2024-09-30 06:46:30 -05:00
Gary McGregor
59b3f5fb19
Merge remote-tracking branch 'upstream/dev' into dns_omglol 2024-09-29 23:09:22 -05:00
Gary McGregor
dbe9dd47ce
Correcting over-correct on debugging levels 2024-09-29 23:08:39 -05:00
neil
8e35f8c3aa
Merge pull request #5309 from jschauma/master
on OpenBSD, add libiconv
2024-09-29 21:34:28 +02:00
Gary McGregor
80970a0ac6
Merge remote-tracking branch 'upstream/dev' into dns_omglol 2024-09-29 13:35:23 -05:00
Gary McGregor
432f6ac4d7
Updated input parameters per feedback from @Neilpang. Also updated debugging statements to be consistently applied. 2024-09-29 13:34:34 -05:00
neil
eaf11009d1
Merge pull request #5310 from acmesh-official/dev
sync
2024-09-29 12:46:32 +02:00
neil
df93fb773f
Merge pull request #5297 from PMExtra/feature/ali_dcdn
Add ali_dcdn deploy hook (Alibaba Cloud DCDN)
2024-09-29 12:23:31 +02:00
Gary McGregor
f6887a4dac
Merge remote-tracking branch 'upstream/dev' into dns_omglol 2024-09-28 22:50:47 -05:00
Jan Schaumann
1c58c4c409 on OpenBSD, add libiconv
acme.sh dnsapi/dns_edgedns.sh invokes iconv(1) which is not provided by
OpenBSD in the base system. Adding the libiconv package provides this tool.

This should also help address acmesh-official/acme.sh#4350, albeit indirectly:
it looks like that PR cannot be merged because the OpenBSD test fails despite
the PR not actually changing anything having to do with iconv. That is, I
suspect that the test for OpenBSD failed (or would have failed, had it been
run?) prior to that PR being issued.

(This was previously submitted as
https://github.com/acmesh-official/acmetest/pull/28 )
2024-09-28 14:18:22 -04:00
neil
a972901438
Merge pull request #5305 from mpgirro/oci-image-source
Add OpenContainers Annotations as Labels to Docker Image
2024-09-27 08:45:10 +02:00
Maximilian Irro
25703296a6
Add OpenContainer Image Format Annotations as Labels to Docker Image 2024-09-26 21:50:06 +02:00
PM Extra
7ebe97b931
Merge pull request #1 from ShirasawaSama/patch-1
fix: fix ali_dcdn function naming typo
2024-09-25 14:30:10 +08:00
Shirasawa
76719d1bf5
fix: fix ali_dcdn function naming typo 2024-09-25 00:27:04 +08:00
Gary McGregor
cb113437f6
Updating per comment re: Exit vs Return on initial validation 2024-09-24 07:23:39 -05:00
Gary McGregor
e6b3e42d61
Adding omg.lol DNS API 2024-09-23 22:21:37 -05:00
neil
c20b0169a9 upgrade version 2024-09-23 18:15:10 +02:00
PMExtra
89342bcb75 add ali_dcdn deploy hook 2024-09-23 15:11:52 +08:00
neil
e036eea362
Merge pull request #5158 from henrikalves/dode
update dns_doapi
2024-09-21 17:29:26 +02:00
neil
2044d633e9
Merge pull request #5183 from WinSCaP/patch-1
Update dns_openprovider.sh for OpenProvider
2024-09-21 17:24:53 +02:00
neil
8cb684e6bd fix https://github.com/acmesh-official/acme.sh/issues/5067 2024-09-21 17:11:17 +02:00
neil
997bd3392f fix https://github.com/acmesh-official/acme.sh/issues/5293 2024-09-21 13:21:32 +02:00
neil
ad44c87746
Merge pull request #5296 from nikolaypronchev/master
Fix Timeweb Cloud DNS API pagination
2024-09-21 13:03:21 +02:00
Nikolay Pronchev
45ea2f82ba
explicitly reset *_return variables 2024-09-20 15:14:30 +00:00
Nikolay Pronchev
df6aa99ec2
fix Timeweb Cloud DNS API pagination 2024-09-20 14:00:44 +00:00
neil
114eb6288d
Merge pull request #5294 from PMExtra/refactor/ali_api
refactor: Alibaba Cloud API
2024-09-20 09:33:44 +02:00
PMExtra
2ea37e6a0d refactor(ali): check the result of prepare_ali_credentials 2024-09-20 14:55:33 +08:00
PMExtra
ea2330b49f refactor(ali): move the loading script into ali_cdn_deploy 2024-09-20 14:54:07 +08:00
PMExtra
610bb2b85c refactor(ali): set API endpoint for each action 2024-09-19 16:30:04 +08:00
PMExtra
fca6e9b932 refactor: Alibaba Cloud API 2024-09-19 15:49:42 +08:00
neil
fc7f86104e
Merge pull request #5290 from acmesh-official/dev
sync
2024-09-18 08:58:43 +02:00
neil
d057a9bb6d update version 2024-09-18 08:57:32 +02:00
neil
167aba6f26
Merge pull request #5285 from markt-de/fix_nsupdate
URGENT: fix dns_nsupdate when NSUPDATE_OPT is empty
2024-09-17 17:52:09 +02:00
Frank Wall
9ecd84080b resolve shellcheck offenses
With nsupdate the rule seems to be: filenames need to be wrapped
in double quotes, while all other options must not use double quotes.
Hence there is no way to resolve the shellcheck offense, because
the key requires quotes, but the other options must not use quotes.
2024-09-17 15:27:46 +02:00
Frank Wall
22d260f4e6 fix dns_nsupdate when NSUPDATE_OPT is empty, refs #5224 2024-09-16 16:49:28 +02:00
neil
ea94477cd4
Merge pull request #5229 from tomo2403/master
Update bark.sh
2024-09-15 17:51:52 +02:00
tomo
522c953860
Update dockerhub.yml 2024-09-15 17:08:09 +02:00
neil
f86ee84457 fix format 2024-09-15 14:31:15 +02:00
neil
2d282597ca fix format 2024-09-15 14:30:12 +02:00
neil
8635d89cc8
Merge pull request #5029 from scruel/patch-2
Prevent leaving blank lines in config file after cleared keys.
2024-09-15 13:58:09 +02:00
neil
dc341ef9c1
Merge pull request #5149 from Weishaupt/patch-1
Fix missing XML Escape in Password of INWX DNS API
2024-09-15 13:46:38 +02:00
neil
beb31ab2fa
Merge pull request #5246 from 3VAbdAVE/dev
Updating unifi deploy hook - remove keytool requirement
2024-09-15 13:43:18 +02:00
neil
e0214a2c2a
Merge pull request #5218 from IIIPr0t0typ3III/dev
2 Bugfixes of `dns_dynv6.sh`: 1. domains containing 'id' are now working as intended and 2. hostnames are now cast to lowercase on the fly
2024-09-15 13:39:27 +02:00
neil
5275daa66c
Merge pull request #5231 from mickaelmonsieur/master
Update dns_ispconfig.sh
2024-09-15 13:35:38 +02:00
neil
fb27261568
Merge pull request #5284 from acmesh-official/dev
sync
2024-09-15 11:09:49 +02:00
neil
5a20ce81e3
Merge pull request #5117 from alviy/master
New Alviy provider
2024-09-13 14:29:48 +02:00
neil
1454b85671
Merge pull request #5223 from Linkje/update-teams-notification-workflow
Update teams notification workflow
2024-09-13 14:25:16 +02:00
neil
fc4dba4468
Merge pull request #5187 from rwese/improve-dns_anx-performance
improve performance and memory usage for dns_anx
2024-09-13 14:22:01 +02:00
neil
adff28dade
Merge pull request #5224 from gmanic/master
Add optional cmd line parameter NSUPDATE_OPT to dns_nsupdate api
2024-09-13 14:13:40 +02:00
neil
c345ecae63
Merge pull request #5141 from nikolaypronchev/master
Add Timeweb Cloud DNS API
2024-09-13 14:03:46 +02:00
neil
e6461380c6
Merge pull request #5205 from PMExtra/feature/ali_cdn
feat(deploy_ali_cdn): support Alibaba Cloud CDN deployment
2024-09-13 13:58:52 +02:00
neil
deb2a3e415
Merge pull request #5263 from i18nsite/patch-1
Update dns_huaweicloud.sh
2024-09-13 13:57:07 +02:00
neil
c71dcd7611
Merge pull request #5214 from WhiteAls/yandex360
Support for the Yandex 360 for Business DNS API
2024-09-13 13:55:01 +02:00
neil
c1e05664ed
Merge pull request #5268 from lifeboy/patch-1
Fix MIAB dns create TXT record format
2024-09-09 15:15:23 +02:00
Nikolay Pronchev
0f1e5f4fa4
Merge branch 'acmesh-official:master' into master 2024-09-06 19:28:44 +03:00
WhiteAls
0fa20da990 Little optimisations and fixes.
- Removed or moved `_normalizeJson` processing to occur only when needed.
- Corrected usage of `_red` to `__red`.
- Simplified JSON parsing by using more concise `cut` commands.
- Simplify token refresh logic.
2024-09-03 17:11:43 +00:00
Lifeboy
02fb40c507 Syntax corrections, previous change broke script 2024-09-02 14:56:00 +02:00
Lifeboy
dc6ea97877 Syntax corrections, previous change broke script 2024-09-02 14:54:22 +02:00
Lifeboy
031d53b04f Syntax corrections suggested by testing script 2024-09-02 12:14:22 +02:00
Lifeboy
3006c90fb8 Syntax corrections suggested by testing script 2024-09-02 12:04:56 +02:00
Lifeboy
9cec2688ed Syntax corrections suggested by testing script 2024-09-02 11:58:27 +02:00
Lifeboy
65c3dc21f4 Added comments 2024-09-02 11:50:33 +02:00
i18n.site
cefa7d940a
Update DNS.yml
DNS.yml can be triggered manually
2024-08-28 11:31:29 +08:00
Lifeboy
fab292d2de correct a typo 2024-08-27 17:06:36 +02:00
i18n.site
00bbe68f78
Update dns_huaweicloud.sh
fix https://github.com/acmesh-official/acme.sh/issues/5261
2024-08-23 16:00:08 +08:00
Lifeboy
fa3591f4f2 TXT record ADD test successfully 2024-08-22 14:39:09 +02:00
Nikolay Pronchev
10cfc6838d
add Timeweb Cloud DNS API 2024-08-22 09:12:21 +03:00
Lifeboy
42e78f9a3e changes not yet tested 2024-08-21 15:42:49 +02:00
Roland Giesler
0122eabd44
Update dns_miab.sh
Corrected typo
2024-08-21 15:10:37 +02:00
Roland Giesler
435bb3f1d3
Update dns_miab.sh
The MIAB API requires that the txtvlaue to a TXT record includes the "value=" and "ttl=" components as part of the TXT record when adding a new record.
2024-08-21 12:13:04 +02:00
neil
1d59d43286
Merge pull request #5255 from acmesh-official/dev
sync
2024-08-20 11:59:56 +08:00
neil
fe30bf7d09
Merge pull request #5252 from williamdes/patch-1
Add ACCOUNT_THUMBPRINT to update account
2024-08-19 22:16:44 +08:00
neil
5f68ad4e19 fix 2024-08-19 22:15:50 +08:00
William Desportes
3fc39aad33
Add ACCOUNT_THUMBPRINT to update account
Ref: #590
2024-08-19 13:30:11 +00:00
3VAbdAVE
a94653ba77 Merge branch 'dev' of https://github.com/3VAbdAVE/acme.sh into dev 2024-08-15 11:25:36 -04:00
3VAbdAVE
d8637b2c0f fixes #3359
Ubiquiti removed keytool (and java) from recent releases of Unifi OS. This moves from keytool to openssl's native pkcs12.

Tested on Unifi Dream Machine which runs Unifi OS and a built-in Unifi controller.

Also added backup of existing files prior to change in case anything goes wrong, and update system configuration with compatible ciphers.
2024-08-15 11:25:23 -04:00
3VAbdAVE
f1b6016157
Merge branch 'acmesh-official:dev' into dev 2024-08-15 11:18:31 -04:00
3VAbdAVE
de99d6d9fc fixed shfmt 2024-08-15 11:09:40 -04:00
neil
bb8386ab85
Merge pull request #5245 from nathanejohnson/master
RouterOS - make deploy more resilient
2024-08-15 19:57:44 +08:00
3VAbdAVE
ca6226359b removed old comment 2024-08-11 22:49:20 -04:00
3VAbdAVE
adfafe5c54 reverted bad merge 2024-08-11 22:48:44 -04:00
3VAbdAVE
a8d8fefceb
Merge branch 'acmesh-official:dev' into dev 2024-08-11 22:47:00 -04:00
3VAbdAVE
3bb5943b20 Merge branch 'dev' of https://github.com/3VAbdAVE/acme.sh into dev 2024-08-11 22:44:13 -04:00
3VAbdAVE
57da04b5ec Updated Unifi deploy hook to use openssl's pkcs12 instead of Java Keytool after Ubiquiti removed it, update system configuration for stronger ciphers, and back up existing certificates prior to change. 2024-08-11 22:39:47 -04:00
Nathan Johnson
e711d168df RouterOS - make deploy more resilient
In the case where importing the cert and key removes the files from disk
the existing deploy will fail when it tries to remove those files.  This
still attempts to remove the files but catches the error and moves on instead
of bombing like before.

Similarly, if the deploy had failed before, subsequent deploys would fail
because the script already existed, so it would not be able to create
the script.  This first attempts to remove the script if it exists, and then
creates the script.
2024-08-09 16:38:09 -05:00
WhiteAls
1700f064b3 Fix: Support for IDN 2024-08-03 18:59:29 +00:00
3VAbdAVE
de902166a8 Replaced keytool with openssl pkcs12. Added backup of original certificates. 2024-08-01 08:15:16 -07:00
WhiteAls
2f08bd1965 Refactor: Improve Yandex360 DNS API integration:
- Make YANDEX360_ORG_ID optional and auto-retrieve if not provided.
- Refactor _get_root function to search across multiple organizations.
2024-08-01 03:28:32 +00:00
WhiteAls
13c68cd799 Refactor: Rename _check_yandex360_variables to _check_variables and improve error handling 2024-08-01 03:04:23 +00:00
WhiteAls
c7d78f4594 Fix: Corrected the entry point for Yandex 360 API 2024-08-01 02:44:22 +00:00
WhiteAls
2f1ca949f0 Fix: Make record_id extraction independent of JSON key order 2024-08-01 02:33:09 +00:00
WhiteAls
a6488ff9ac Optimizing debug output 2024-08-01 02:18:48 +00:00
Mickael
cb5eae888d
Update dns_ispconfig.sh
Add permissions to:
- Client functions
- DNS zone functions
2024-07-31 16:22:12 +02:00
tomo
b6f7710621
Update bark.sh
Bark API v2 is now fully implemented. BARK_SOUND is now also optional, as intended by the API.
2024-07-27 14:28:07 +02:00
tomo
3e36f05a8c
Update dockerhub.yml 2024-07-27 14:23:07 +02:00
gmanic
bcb7e5f2c8
Update dns_nsupdate.sh
Corrected required variable double quote
2024-07-24 20:28:39 +00:00
Joris van den Dries
3cefcd8204 change reference to static value 2024-07-24 15:02:48 +02:00
Joris van den Dries
4cd1871816 Removed obsolete documentation 2024-07-24 12:23:17 +02:00
Joris van den Dries
7aaa9583fa Update teams notify script to support new notification setup using workflows instead of connectors being fased out.
Color support has been dropped since this has no support inside adaptive-card
2024-07-24 12:05:57 +02:00
Felix Schmidt
dd582c0306 Changed the direct call of tr to cast to lower case to the function
`_lower_case` which is already provided.
2024-07-23 12:59:42 +02:00
neil
5cded5b53e
Merge pull request #5217 from oittaa/patch-2
_checkSudo: [ -z "__INTERACTIVE" ] should be [ -z "$__INTERACTIVE" ]
2024-07-23 09:05:37 +08:00
IIIPr0t0typ3III
0a64567822
Merge branch 'acmesh-official:dev' into dev 2024-07-22 15:47:54 +02:00
WhiteAls
7ca861805d Fixed incorrect links in informational messages 2024-07-20 19:03:38 +03:00
oittaa
6b6faa8129
_checkSudo: [ -z "__INTERACTIVE" ] should be [ -z "$__INTERACTIVE" ]
Fixes #5216
2024-07-20 13:31:53 +02:00
WhiteAls
f84577bcda Support for the Yandex 360 for Business DNS API 2024-07-20 05:41:54 +03:00
WhiteAls
37f9fd3498 The old Yandex DNS API was discontinued #4555 2024-07-20 05:38:51 +03:00
neil
11aef82993
Merge pull request #5139 from scruel/scruel-patch-1
feat: guide user to run script as root to create temp admin user
2024-07-19 11:16:44 +08:00
neil
9861e2d724
Merge pull request #5212 from allddd/dns_porkbun_grep_fix
dns_porkbun: remove stray backslashes
2024-07-19 10:33:49 +08:00
allddd
7ae0d0caa3 dns_porkbun: remove stray backslashes 2024-07-18 21:57:22 +02:00
neil
93d2c9a3f0
Merge pull request #5207 from scruel/patch-5
fix(deploy): respect api path with synology Auth API
2024-07-14 17:33:26 +08:00
Scruel Tao
60569fdd83
fix(deploy): respect api path with synology Auth API
fix #5184
2024-07-14 15:04:43 +08:00
neil
0f61e9c15e
Merge pull request #5206 from acmesh-official/dev
sync
2024-07-14 14:06:00 +08:00
neil
d81fc155cb add timeout for _getRepoHash
https://github.com/acmesh-official/acme.sh/issues/5200
2024-07-14 13:50:35 +08:00
neil
60f7750d77
Merge pull request #4896 from vladh/master
Improve grammar
2024-07-14 13:23:32 +08:00
Vlad-Stefan Harbuz
9bdfd8f4fe Improve grammar 2024-07-12 13:04:42 +01:00
PMExtra
945b7de76f feat(deploy_ali_cdn): improve upper-case 2024-07-11 18:41:39 +08:00
PMExtra
3c35eadbc4 feat(deploy_ali_cdn): support Alibaba Cloud CDN deployment 2024-07-11 18:29:20 +08:00
Felix Schmidt
ab86e056a2 Changed A-Z and a-z to [:upper:] and [:lower:] from last commit to comply with requested standards.
This does not change any functionality in this special case but the
request for [:upper:] and [:lower:] makes a lot of sense in general.
2024-07-07 13:02:47 +02:00
Felix Schmidt
a2bc79ddd5 Fixed a bug where trying to add entries where the fulldomain contains upper case characters would not be accepted (dynv6 API rejects those).
Now the fulldomain will be cast to lowercase first which should not make
any difference since DNS is case insensitive.
2024-07-07 12:34:44 +02:00
IIIPr0t0typ3III
5789e80d74
Fixed a bug where the zone_id was corrupted for domains containing the string 'id' dns_dynv6.sh
This will now search for `"id:"` instead of `id` and therefore will only find the id field and not any other field containing the sub-string 'id'
2024-07-05 18:43:11 +02:00
neil
65868ab8a7 remove centos 2024-07-03 18:27:47 +08:00
René Weselowski
89586530a5 improve performance and memory usage for dns_anx
when fetching all zones the memory usage can exceede limits and also
cause timeouts.

with this change the zone will be searched via the longest to shortest
match using the get endpoint.
2024-06-26 15:06:19 +02:00
neil
0d93145834
Merge pull request #5133 from mdmower/ext-key-usage
feat: Support manually defining extended key usage in CSR
2024-06-25 05:13:46 +02:00
WinSCaP
617f4acfd6
Update dns_openprovider.sh for OpenProvider
Removed the NS type, as settings nameservers via API is no longer supported.  The API implementation is not changed to the new REST API.
2024-06-22 11:37:10 +02:00
neil
fe4113d623 add PROJECT_API for
https://github.com/acmesh-official/acme.sh/issues/5170
2024-06-17 15:30:10 +02:00
neil
9a0e15cced
Merge pull request #5159 from themarek/dev
improve compatibility with FreeBSD
2024-06-17 14:57:28 +02:00
Marek Wester
e0c63d58b2 improve compatibility with FreeBSD
it is related to this bug report: opnsense/plugins#3525

FreeBSD's sed doesn't have the -z option, so empty certificates are delivered to vault when running the script on FreeBSD.
2024-06-15 23:19:04 +02:00
neil
f7f8ea9b97
Merge pull request #5110 from ionos-cloud/add_ionos_cloud_script
Feature: DNS API for IONOS cloud
2024-06-15 14:50:32 +02:00
neil
58cad98cd8
Merge pull request #5041 from j-c-m/ksh_openbsd_porkbun_fix
Quote echo $data in _porkbun_rest (dns_porkbun)
2024-06-15 14:45:19 +02:00
zak905
74ffbb2172
fix forgotten parenthensis 2024-06-10 19:53:05 +02:00
zak905
cc9c85cc1a
use lower_case util function instead of raw bash command 2024-06-09 21:02:54 +02:00
neil
a8f252e45d
Merge pull request #5057 from phedoreanu/dev
dns_1984.hosting - update _get_root check
2024-05-28 09:27:30 +02:00
Henrik Alves
b821836dc4
update dns_doapi 2024-05-27 12:45:01 +02:00
neil
f7e09af5c9
Merge pull request #4738 from stokito/dns_api_info
Structured DNS provider API info
2024-05-19 09:12:14 +02:00
neil
304cb56337
Merge pull request #4929 from jeromecst/master
Add notification support for ntfy.sh
2024-05-19 09:05:51 +02:00
Sergey Ponomarev
6b7b5caf54 DNS provider API: structured description
Instead of using comments declare info in a special variable.
Then the variable can be used to print the DNS API provider usage.
The usage can be parsed on UI and show all needed inputs for options.

The info is stored in plain string that it's both human-readable and easy to parse:

    dns_example_info='API name
     An extended description.
     Multiline.
    Domains: list of alternative domains to find
    Site: the dns provider website e.g. example.com
    Docs: Link to ACME.sh wiki for the provider
    Options:
     VARIABLE1 Title for the option1.
     VARIABLE2 Title for the option2. Default "default value".
     VARIABLE3 Title for the option3. Description to show on UI. Optional.
    Issues: Link to a support ticket on https://github.com/acmesh-official/acme.sh
    Author: First Lastname <authoremail@example.com>, Another Author <https://github.com/example>;
    '

Here:
VARIABLE1 will be required.
VARIABLE2 will be required too but will be populated with a "default value".
VARIABLE3 is optional and can be empty.

A DNS provider may have alternative options like CloudFlare may use API KEY or API Token.
You can use a second section OptionsAlt: section.

Some providers may have alternative names or domains e.g. Aliyun and AlibabaCloud.
Add them to Domains: section.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
2024-05-18 12:06:41 +03:00
Marvin Dickhaus
fd461fe015
Fix missing XML Escaping in Password String
Fixes #5060
2024-05-16 22:44:47 +02:00
zak905
2797d2c535
fix add and rm method names 2024-05-14 19:50:44 +02:00
zak905
f440656572
create new script for ionos cloud and rollback changes to dns_ionos.sh 2024-05-14 18:35:25 +02:00
3VAbdAVE
b1d019146a UBNT removed keytool from UnifiOS, modify to use openssl PKCS12. Also backup certificates before overwrite, and force unifi to start with unifi-core if both are installed. 2024-05-13 07:50:46 -04:00
Scruel Tao
1dbc58d4e0
chore: optimize more msgs 2024-05-08 14:01:43 +08:00
Scruel Tao
47ccb28482
chore: typo 2024-05-08 04:46:51 +08:00
Scruel Tao
744dea00ca
feat: guide user to run script as root to create temp admin user
Message text and comment optimized
2024-05-08 02:56:21 +08:00
zak905
373c2b379c
remove debug print statements and usage of custom fork of acmetest 2024-05-06 14:53:51 +02:00
Matt Mower
957bbab440 feat: Support manually defining extended key usage in CSR
- New CLI param: --extended-key-usage <string>
- When --extended-key-usage is defined:
  1. Set [v3_req]extendedKeyUsage to the provided value.
  2. Store the value in domain conf Le_ExtKeyUse for reuse.
2024-05-04 11:58:29 -07:00
neil
bd48c99383 fix ca names 2024-05-04 16:27:31 +02:00
zak905
52d1d421a3
escape brackets in regexp and format using shfmt 2024-05-03 17:04:49 +02:00
zak905
c3cc13595d
use posix compliant lower case shell command 2024-05-02 18:48:39 +02:00
zak905
adc8031e34
fix shell linter and formating 2024-04-30 17:04:24 +02:00
zak905
0974c74a89 transform record name to lower case when searching for TXT record 2024-04-30 16:59:02 +02:00
zak905
c64aae6f39 more debugging - add function argument printing 2024-04-30 16:59:02 +02:00
zak905
b7b1714637 add some debug statements 2024-04-30 16:59:02 +02:00
zak905
d8525493a1 attempt to use custom fork of acmetest 2024-04-30 16:59:02 +02:00
zak905
30d0945855 fix regexp for findind acme challenge record from API response 2024-04-30 16:59:02 +02:00
zak905
ffde1f8343 linting based on ShellCheck results 2024-04-30 16:59:02 +02:00
zak905
96c35b41ed fix TXT record lookup and removal 2024-04-30 16:59:02 +02:00
zak905
dc2979926f fix zone search 2024-04-30 16:59:02 +02:00
zak905
ff357dd3fb fix syntax error 2024-04-30 16:59:02 +02:00
zak905
f35e15204d implement dns_ionos_rm function 2024-04-30 16:59:02 +02:00
zak905
3ae4ba3300 dns_ionos.sh: implement dns_ionos_add for ionos cloud 2024-04-30 16:59:02 +02:00
neil
0d8a314bcf
Merge pull request #5123 from acmesh-official/dev
sync
2024-04-29 20:15:14 +02:00
neil
e7cfde1904
Merge pull request #5049 from hknet/patch-2
fixed handling of key and secret
2024-04-29 20:14:01 +02:00
alviy
aa41df4e7d
run test 2024-04-27 13:49:37 +03:00
alviy
d73953af3d
spellcheck 2024-04-27 12:28:06 +03:00
alviy
54eec82311
spellcheck 2024-04-27 11:45:14 +03:00
alviy
dab244ad25
shfmt 2024-04-27 11:29:30 +03:00
alviy
dbe7cb8dbb
remove rev command 2024-04-27 09:55:38 +03:00
alviy
e814cccc44
Update dns_alviy.sh 2024-04-27 00:06:22 +03:00
alviy
1078fdc157
fix Shellcheck 2024-04-26 23:25:38 +03:00
alviy
4bf4259dda
Update _get_root logic 2024-04-26 23:05:42 +03:00
alviy
03b53cbb60
run DNS test 2024-04-26 20:38:01 +03:00
alviy
7ef1340e2a
Update dns_alviy.sh 2024-04-25 23:16:11 +03:00
alviy
c0b87adee5
shfmt 2024-04-25 22:51:32 +03:00
alviy
4a8c2251e0
4th+ level domain 2024-04-25 22:47:53 +03:00
alviy
d1df5f3021
test DNS 2024-04-25 22:36:11 +03:00
alviy
e1acea52f8
run DNS test 2024-04-25 22:27:04 +03:00
alviy
2e9f159225
shfmt 2024-04-25 22:15:16 +03:00
alviy
2fcda9a73a
Quotes recomendations 2024-04-25 22:07:29 +03:00
alviy
78ba205f4d
DNS test init 2024-04-25 19:37:49 +03:00
alviy
f44dec2c8d
add new provider - Alviy.com 2024-04-25 18:43:35 +03:00
neil
8c07af6fc7
Merge pull request #5113 from scruel/dev
fix(deploy_dsm): ensure grep get the error code
2024-04-25 09:19:08 +02:00
Scruel Tao
cd01104de9
fix(deploy_dsm): ensure grep get the error code
Added grep -o option to ensure the script won't get other digits as the error code result
2024-04-25 13:39:05 +08:00
neil
28f438a6bd
Merge pull request #5111 from scruel/scruel-patch-1 2024-04-24 23:16:49 +02:00
Scruel Tao
9ff89b570f
fix(deploy_dsm): missing gerp -P option on busybox
Fixes:  #5105
2024-04-25 04:02:49 +08:00
neil
bc90376489
Merge pull request #5102 from acmesh-official/dev
sync
2024-04-21 12:11:04 +02:00
neil
43b5ea801f convert to pkcs12 when renewal
fix https://github.com/acmesh-official/acme.sh/issues/3474#issuecomment-2058126129
2024-04-21 11:21:45 +02:00
neil
9863e7ea6e
Merge pull request #5023 from scruel/patch-dsm-deploy
Patch Synology DSM deploy: support DSM 6.x & user-friendly refactor.
2024-04-21 09:45:41 +02:00
neil
ebaa39b03f
Merge pull request #5075 from acmesh-official/dev
sync
2024-04-01 11:46:18 +02:00
neil
fa3d7ad14b
Merge pull request #5069 from annieoxe/decode-eab_hmac_key
Fix: Decode eab_hmac_key as single-line
2024-03-31 23:02:42 +02:00
neil
c51104f956 fix format 2024-03-31 20:33:57 +02:00
neil
84795ff4d9
Merge pull request #4757 from laraveluser/master
Add support for Lima-City
2024-03-31 20:20:29 +02:00
neil
cc5c722e29
Merge pull request #5072 from aSauerwein/master
feature: add template option for panos deploy hook
2024-03-31 20:15:18 +02:00
asauerwein
4fcddd1893 add template option 2024-03-31 09:16:21 +02:00
laraveluser
c8604255e4
Merge branch 'acmesh-official:master' into master 2024-03-27 21:47:09 +01:00
annieoxi
492826a7f2 Fix: Decode eab_hmac_key as single-line
This commit resolves the issue #5068.
2024-03-26 12:35:54 +01:00
Adrian Fedoreanu
5e64781d65
update _get_root check 2024-03-19 19:41:33 +01:00
neil
2d4b900e33
Merge pull request #5032 from scruel/patch-3
fix(config_migrate): always remove domain old key & replace old value by new value
2024-03-18 21:43:03 +01:00
neil
d2481f5790
Merge pull request #5048 from hknet/patch-1
dns-record TTL set to 300
2024-03-18 21:25:35 +01:00
neil
49f6104f03
Merge pull request #4979 from derytim/aws_dns_imdsv2
Aws dns imdsv2
2024-03-18 21:16:16 +01:00
neil
2728d2aa6e fix format 2024-03-18 21:09:49 +01:00
neil
0588fc6b7c
Merge pull request #4581 from wlallemand/haproxy-hot-update
haproxy deploy hook updates existing certificate over stats socket
2024-03-18 21:07:12 +01:00
Tim Dery
e3cd52cab4 Merge branch 'dev' into aws_dns_imdsv2 2024-03-13 11:06:52 -07:00
Tim Dery
b2c6b9a320 attempt _use_metadata fix from j-c-m 2024-03-11 10:33:14 -07:00
Harald Kapper
39fa40ab12
fixed secret+key storage-usage
fixed the key and secret handling via acme account.conf
2024-03-11 03:27:17 +01:00
Harald Kapper
0bf87bf4af
dns-record TTL set to 300
reduce TTL for the TXT record from 3600 to 300 to have an easier way to replicate changes for the dns-verification in case multiple submissions for a specific record/domain are done within an hour.
2024-03-11 00:44:53 +01:00
Jesse Miller
92d37f6eaf Quote echo $data in _porkbun_rest
Quote echo $data in _porkbun_rest to avoid
brace expansion under ksh (OpenBSD).
2024-03-06 15:56:42 -07:00
laraveluser
d3b022fe17
Update dns_limacity.sh 2024-03-03 10:32:21 +01:00
Scruel Tao
79640f6b7d replace wired space symbol 2024-02-28 20:02:24 +08:00
Scruel Tao
2cbdf274b1
feat(config_migrate): always remove domain old key & replace old value by new value 2024-02-28 18:30:06 +08:00
Scruel Tao
6af5293315 doc: adjust 2024-02-28 02:00:07 +08:00
Scruel Tao
bd3a2b1bb5
Prevent leaving blank lines in config file after cleared keys. 2024-02-27 12:40:52 +08:00
Scruel Tao
ff090d2f74 fix lint 2024-02-26 23:45:19 +08:00
Scruel Tao
68e3a12a91 feat: improve robustness of the usage of DSM tool synogroup 2024-02-26 23:38:44 +08:00
Scruel Tao
50eda6b678 fix: lint 2024-02-26 21:07:15 +08:00
Scruel Tao
192ec598a3 feat: add SYNO_LOCAL_HOSTNAME to prevent remote deploy via temp admin method 2024-02-26 21:03:26 +08:00
Scruel Tao
5b449999a5 refactor: unify variable naming convention again (revert some changes) 2024-02-26 20:55:49 +08:00
Scruel Tao
afed62f6de fix: should save SYNO_UseTempAdmin only after login success. 2024-02-26 07:05:00 +08:00
Scruel Tao
59d1e16f9c feat: bypass enforce temp admin 2FA 2024-02-26 06:23:47 +08:00
Scruel Tao
dbe0d477d6 feat: more user-friendly logic & error messages. 2024-02-26 06:23:46 +08:00
Scruel Tao
7248560169 feat: support DSM 6.x 2024-02-26 06:23:45 +08:00
Scruel Tao
f840f7d75b refactor: unify variable naming convention 2024-02-26 06:23:42 +08:00
neil
6e14a073ff
Merge pull request #5021 from acmesh-official/dev
sync
2024-02-25 19:25:26 +01:00
Scruel Tao
cf3839ecec
doc(deploy): update usage doc 2024-02-22 12:38:51 +08:00
neil
aa8cf76fb1
Merge pull request #4706 from scruel/syno-patch
Add SYNO_USE_TEMP_ADMIN variable & Fix broken logic
2024-02-13 09:57:51 +08:00
neil
10b4bb598a fix https://github.com/acmesh-official/acme.sh/issues/4995#issuecomment-1937486243 2024-02-12 13:16:08 +08:00
neil
de14d59bb3
Merge pull request #4987 from acmesh-official/dev
sync
2024-02-04 12:39:06 +08:00
neil
d76272f0ea fix message 2024-02-04 12:35:07 +08:00
neil
e04093efe2 remove socket err temp file 2024-02-04 12:31:34 +08:00
neil
bd6bbba948 remove socaterr temp file 2024-02-04 12:27:06 +08:00
neil
37e4f35c93 fix format 2024-02-04 12:21:50 +08:00
neil
0084cb7403 fix format 2024-02-04 12:18:58 +08:00
neil
99e5c159a7 check socat "Permission denied" 2024-02-04 12:17:03 +08:00
neil
802121d54a show dns message on any branch 2024-02-04 11:42:28 +08:00
neil
160b2e95c9
Merge pull request #4986 from acmesh-official/dev
sync
2024-02-04 00:11:26 +08:00
neil
7ec692cdef fix socat for netbsd:
listens to ipv4 by default.
2024-02-03 23:59:48 +08:00
neil
3dca67112d fix netbsd 2024-02-03 18:39:58 +08:00
neil
f8dac5905c check the status of Order object and the Authorization object. 2024-02-03 18:07:50 +08:00
Tim Dery
48e4e41e05 add cr to force a new gh actions run 2024-01-31 17:32:56 -08:00
Tim Dery
22374b81de delete a cr to force a workflow run 2024-01-31 16:02:45 -08:00
Tim Dery
b9157e29cb spacing cleanup 2024-01-31 15:52:59 -08:00
Tim Dery
bd247c35f2 remove comments 2024-01-31 15:48:44 -08:00
Tim Dery
7da9a45c61 combined functions for cleaner code 2024-01-31 15:39:08 -08:00
Tim Dery
122dfa12ac add imdsv2 support to dns_aws 2024-01-30 15:51:55 -08:00
neil
1905830b20
Merge pull request #4948 from rparenton/gandi-livedns-new-api
Fix #4836 (Switch to new Gandi LiveDNS API)
2024-01-14 13:04:51 +01:00
Robert
bfb41ce123 Fix acmesh-official#4836 (Switch to new Gandi LiveDNS API)
1. Updated LiveDNS API URL for the new API to allow Personal Access Tokens to work
2. Updated authorization header syntax to allow deprecated API Keys to work with the new API
3. Removed white space in JSON response parsing to match responses returned by the server
2024-01-13 13:39:09 -06:00
neil
85e3ecfe0b fix omnios 2024-01-13 20:28:21 +01:00
laraveluser
9e073c954d
Update dns_limacity.sh 2024-01-12 20:39:44 +01:00
neil
b79c3f5cc4 fix pkg_add 2024-01-12 20:36:49 +01:00
laraveluser
ad5acb80fe
Update dns_limacity.sh 2024-01-12 20:33:01 +01:00
laraveluser
7b7c834b08
Update dns_limacity.sh 2024-01-12 19:48:14 +01:00
laraveluser
42827be7c3
Update dns_limacity.sh 2024-01-12 18:39:28 +01:00
laraveluser
7022d27b8e
Update dns_limacity.sh 2024-01-12 17:58:54 +01:00
laraveluser
ab911f1ce9
Update dns_limacity.sh 2024-01-12 17:54:23 +01:00
laraveluser
a6a1de50c8
Merge branch 'acmesh-official:master' into master 2024-01-12 01:07:07 +01:00
laraveluser
97723fbbc9
Update dns_limacity.sh 2024-01-08 01:45:34 +01:00
neil
2e58cf1168
Merge pull request #4940 from dario-pilori/fix-routeros-7
Fix RouterOS deploy hook for 7
2024-01-04 23:15:36 +01:00
Dario Pilori
3ca97d7258
Remove whitespace in script name in routeros.sh deploy hook 2024-01-04 18:28:05 +01:00
neil
9786dccdee
Merge pull request #4161 from seidler2547/seidler2547-remove-do
remove dns_do as it does not work anymore
2024-01-02 20:34:15 +01:00
Jérôme
a3612f53dd change shebang to sh 2023-12-26 01:52:16 +01:00
Jérôme
112257c49e Add notification support for ntfy.sh 2023-12-26 01:45:38 +01:00
neil
d8e2b96bce
Merge pull request #4925 from LordDarkneo/patch-1
Logout update for DSM Deploy script (2727 issue)
2023-12-24 16:01:25 +01:00
LordDarkneo
6992659ba9
Update synology_dsm.sh 2023-12-22 14:36:52 -05:00
LordDarkneo
05696d443a
Update synology_dsm.sh
#2727 issue when logging out on older version - using variables to unlog only for CERT user
2023-12-22 14:34:35 -05:00
LordDarkneo
f59a925897
Update synology_dsm.sh
Issue for lougout
2023-12-22 09:09:29 -05:00
neil
afacdfcb95
Merge pull request #4918 from acmesh-official/dev
sync
2023-12-17 22:26:04 +01:00
neil
8cb1b6b5d5 update 2023-12-05 20:19:40 +01:00
neil
f7d9d53ad2
Merge pull request #4899 from acmesh-official/dev
sync
2023-12-05 20:16:27 +01:00
neil
f4315e2c6f fix _date2time 2023-12-05 19:33:10 +01:00
neil
f0ac566c93 add Omnios 2023-12-04 23:51:06 +01:00
neil
50f6a459cf update solaris 2023-12-04 09:41:39 +01:00
neil
179c80ae6d
Merge pull request #4861 from mrbaiwei/master
support West.cn Domain
2023-12-04 09:35:18 +01:00
neil
6e72f161a6
Merge pull request #4872 from sandercox/patch-1
Update dns_gcloud.sh rm logs record added
2023-12-03 14:52:58 +01:00
neil
f71d8d7348 minor 2023-12-03 14:44:23 +01:00
neil
a12a3640a7 update 2023-12-03 14:40:32 +01:00
neil
3b7bc5a56a update dragonflybsd-vm@v1 2023-12-02 22:50:59 +01:00
William Lallemand
e09d45c844 haproxy; don't use '*' in the filename for wildcard domain
By default acme.sh uses the '*' character in the filename for wildcard.
That can be confusing within HAProxy since the * character in front of a
filename in the stat socket is used to specified an uncommitted
transaction.

This patch replace the '*' by a '_' in the filename.
This is only done when using the default filename, the name can still be
forced with an asterisk.
2023-12-01 15:35:31 +01:00
William Lallemand
36fc321096 haproxy: use the master CLI for hot update
DEPLOY_HAPROXY_MASTER_CLI allows to use the HAProxy master CLI instead
of a stats socket for DEPLOY_HAPROXY_HOT_UPDATE="yes"

The syntax of the master CLI is slightly different, a prefix with the
process number need to be added before any command.

This patch uses ${_cmdpfx} in front of every socat commands which is
filled when the master CLI is used.
2023-11-30 15:22:51 +01:00
William Lallemand
98a7a01dbb haproxy: deploy script can add a new certificate over the stats socket
DEPLOY_HAPROXY_HOT_UPDATE="yes" now allows to add a new certificate
within HAProxy instead of updating an existing one.

In order to work, the ${DEPLOY_HAPROXY_PEM_PATH} value must be used as a
parameter to the "crt" keyword in the haproxy configuration.

The patch uses the following commands over HAProxy stats socket:
- show ssl cert
- new ssl cert
- set ssl cert
- commit ssl cert
- add ssl crt-list
2023-11-30 14:00:44 +01:00
William Lallemand
0f7be90500 haproxy: deploy script can update existing certificate over stats socket
Since version 2.2, HAProxy is able to update dynamically certificates,
without a reload.

This patch uses socat to push the certificate into HAProxy in order to
achieve hot update. With this method, reloading is not required.
This should be used only to update an existing certificate in haproxy.

2 new variables are available:

- DEPLOY_HAPROXY_HOT_UPDATE="yes" update over the stats socket instead
  of reloading

- DEPLOY_HAPROXY_STATS_SOCKET="UNIX:/run/haproxy/admin.sock" set the path on
  the stats socket.
2023-11-30 14:00:44 +01:00
William Lallemand
7aaf4432d4 haproxy: sanitize the PEM in the deploy script
Sanitize the PEM of the haproxy deploy script by removing the '\n', this
way it could be injected directly over the CLI.
2023-11-30 14:00:41 +01:00
neil
884a8995b4
Merge pull request #4853 from Max13/deploy/proxmoxve
Fix typo in proxmoxve deploy hook
2023-11-22 09:19:51 +01:00
neil
bb42595275
Merge pull request #4866 from phedoreanu/dev
dns_1984.hosting.sh: update login and account status URLs
2023-11-21 22:23:06 +01:00
neil
a4bd89c938 fix 2023-11-21 09:00:22 +01:00
neil
f364d4fbef fix 2023-11-21 08:45:54 +01:00
neil
f899d0d8ed update 2023-11-20 23:39:25 +01:00
Sander Cox
074cf00a7c
Update dns_gcloud.sh rm logs record added
The logs show record was added twice but the second time was actual the rm command thus the removal of the record!
2023-11-14 11:28:24 +01:00
Adrian Fedoreanu
15d10eeebc
dns_1984.hosting.sh: update login and account status URLs 2023-11-10 08:22:28 +01:00
mrbaiwei
bea71f3411 Update dns_west_cn.sh
Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>
2023-11-07 07:20:25 +08:00
mrbaiwei
eb99803b53 Update west.cn domain api
Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>
2023-11-06 13:18:36 +08:00
mrbaiwei
a60d0c4108 Update dns_west_cn.sh
Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>
2023-11-06 11:25:09 +08:00
neil
1cc3a13c49 fix comments 2023-11-04 10:04:26 +01:00
mrbaiwei
feffbba6de Update dns_west.sh
Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>
2023-11-04 14:16:11 +08:00
mrbaiwei
6ea09444ec Update dns_west.sh
Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>
2023-11-04 00:04:05 +08:00
neil
f1f486dacf
Merge pull request #4843 from trulyliu/dev
Fix https://github.com/acmesh-official/acme.sh/issues/4460
2023-11-03 15:57:49 +01:00
neil
fec4af3194
Merge pull request #4855 from studycom-mrobinson/aws-similar-names
Acme2 similar names
2023-11-03 15:56:37 +01:00
mrbaiwei
5342c7c82b support West.cn Domain
Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>
2023-11-03 18:14:26 +08:00
Matthew Robinson
8454ffa331 Fix issue with similar domain names causing an error in selecting the proper root domain to add challenge records in 2023-11-02 08:30:44 -07:00
Gavin Leo
199977be6a Fix https://github.com/acmesh-official/acme.sh/issues/4460
Update gcore API url.
2023-11-02 09:27:14 +08:00
Adnan RIHAN
00dbc3881f
Fixed variables 2023-11-01 20:02:16 +01:00
neil
d93a5b2d20
Merge pull request #4841 from podguzovvasily/patch-1
Update haproxy.sh
2023-10-29 18:11:51 +01:00
podguzovvasily
8ca5ca6594
Update haproxy.sh
resolved issue with HAProxy https://github.com/acmesh-official/acme.sh/issues/4788
according https://serversforhackers.com/c/letsencrypt-with-haproxy
2023-10-24 16:58:47 +03:00
neil
fe890c62f4 fix https://github.com/acmesh-official/acme.sh/issues/4835 2023-10-22 23:07:00 +08:00
neil
e15513bfdd fix format 2023-10-06 20:05:39 +08:00
neil
dbe569c0d9
Merge pull request #4622 from defragatwork/mattermost
Add support for Mattermost notifications (Bot account)
2023-10-06 20:01:50 +08:00
neil
f2e1b589b5 start 3.0.8 2023-10-06 20:01:28 +08:00
neil
377a37e4c9
Merge pull request #4820 from acmesh-official/dev
sync
2023-10-05 13:25:27 +08:00
neil
6e163208b4
Merge pull request #4809 from winromulus/dev
fix: Synology DSM API path regex
2023-09-26 09:23:43 +08:00
Romeo Dumitrescu
87a7bde618 fix: Synology DSM API path regex
Fix the regex for looking up the API path value from the Synology API query.
2023-09-25 18:43:01 +03:00
neil
37b0498699
Merge pull request #4805 from acmesh-official/dev
sync
2023-09-24 17:03:38 +08:00
neil
59f976dc48 fix https://github.com/acmesh-official/acme.sh/issues/4798 2023-09-20 18:07:16 +08:00
neil
8565a853a8
Merge pull request #4787 from TobiasGrave/fix_variomedia_api
Fix Variomedia API
2023-09-15 09:07:24 +08:00
Tobias Grave
dfd49e46ad Fix root zone determination for Variomedia API 2023-09-14 09:25:45 +02:00
neil
73bbaced62
Merge pull request #4782 from KincaidYang/KincaidYang-patch-4
Add TencentCloud API
2023-09-13 21:13:33 +08:00
neil
0c8870cb7f
Merge pull request #944 from MarcelWaldvogel/random-cron
Random cron
2023-09-13 21:07:51 +08:00
neil
1a90f66f73
Merge pull request #4794 from zbbfufu/feature/gandi-replace-apikey-by-personal-token
dns_gandi: implements token in addition to the (deprecated) API key
2023-09-13 18:02:12 +08:00
Julien Furgerot
558e706bde fix ci errors (shellcheck & shfmt) 2023-09-12 15:54:44 +02:00
Julien Furgerot
1a08be0a3f dns_gandi: implements personal access token in addition to the (deprecated) API key 2023-09-12 09:48:09 +02:00
Scruel Tao
29b2960805
Optimze comment & remove tail space 2023-09-07 15:01:37 +08:00
Scruel Tao
f7f3a0bf0d
Merge branch 'dev' into syno-patch 2023-09-07 14:57:53 +08:00
Tobias Grave
ae4c186f55 Fix Variomedia API 2023-09-07 08:40:46 +02:00
KincaidYang
af534a73fc
移除部分敏感debug信息 2023-09-06 13:09:52 +08:00
KincaidYang
772bbdc862
Replace some functions 2023-09-06 12:57:19 +08:00
neil
86521ec443
Merge pull request #4754 from LJea/master
Improved api compatibility with devices
2023-09-04 15:55:04 +08:00
KincaidYang
e3c4c9265d
Replace some functions. 2023-09-03 21:21:05 +08:00
KincaidYang
b3f8612e61
Following Neilpang's suggestions and project standards, replace some functions. 2023-09-03 01:31:57 +08:00
LJea
27b1dd04c4
improve the compatibility
Fixed an issue where some embedded devices could not obtain nanoseconds resulting in abnormal parameter coding
2023-09-03 01:02:16 +09:00
neil
46a876445f
Merge pull request #3959 from Eagle3386/master
Add ArtFiles.de DNS API plugin
2023-09-02 22:39:00 +08:00
neil
9bb58e47a7
Merge pull request #4728 from Eagle3386/dev-1
Fix Auth API access for DSM 6
2023-09-02 22:06:22 +08:00
neil
b8447fcab8
Merge pull request #4780 from acmesh-official/dev
sync
2023-09-02 19:08:54 +08:00
KincaidYang
3abcfd8fa9
Add dns_tencent.sh
Adapt to Tencent Cloud (DNSPod) API 3.0
2023-09-02 18:47:59 +08:00
neil
f4ff2d5d2e
Merge pull request #4779 from KincaidYang/master 2023-09-02 18:43:53 +08:00
KincaidYang
09b41aa667
fix for nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation
In #4776, I mistakenly added libnghttp2 to NetBSD, now for correction.
2023-09-02 18:38:51 +08:00
KincaidYang
87dc4fe388
fix for curl bugs nghttp2_option_set_no_rfc9113_leading_and_trailing_…
In #4776, I mistakenly added libnghttp2 to NetBsd, and now it has been corrected and added to OpenBsd
2023-09-02 18:23:14 +08:00
neil
eed8a7f078 add more debug code https://github.com/acmesh-official/acme.sh/issues/4768 2023-09-02 17:27:21 +08:00
neil
c18364c755 change default log level to 2 2023-09-02 17:18:12 +08:00
neil
04946e992e change the default debug level to 2. 2023-09-02 17:15:17 +08:00
neil
5533782152
Merge pull request #4777 from acmesh-official/dev
sync
2023-09-02 17:09:45 +08:00
neil
3f42487f0a
Merge pull request #4749 from Nirzak/Nirzak-patch-1
Fixed grep pattern regex for nginx conf path
2023-09-02 15:45:30 +08:00
neil
8bdcd22486 fix https://github.com/acmesh-official/acme.sh/issues/4746 2023-09-02 15:45:07 +08:00
neil
b32d22731b remove 2023-09-02 15:45:06 +08:00
neil
b788cc24d1
Merge pull request #4764 from sebastianas/inwx
inwx: Be case insensitive while searching for the cookie.
2023-09-02 15:36:43 +08:00
neil
94948f6d34
Merge pull request #4776 from KincaidYang/master
fix for curl bugs nghttp2_option_set_no_rfc9113_leading_and_trailing_…
2023-09-02 15:27:15 +08:00
KincaidYang
e5b76ed4c4
Delete dnsapi/dns_tencent.sh 2023-09-02 15:13:37 +08:00
KincaidYang
29a2920a2c
Add dns_tencent.sh
Adapt to Tencent Cloud (DNSPod) API 3.0
2023-09-02 14:49:43 +08:00
KincaidYang
089d35708b
fix for curl bugs nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation
see
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2018342
b6f62ac446
https://github.com/acmesh-official/acme.sh/issues/4775
2023-09-02 14:31:17 +08:00
Sebastian Andrzej Siewior
9b0b5bce9f inwx: Be case insensitive while searching for the cookie.
At least since 2023-08-25 the cookie is set via `set-cookie' instead the
expecting `Set-Cookie' string. A month earlier it was working.

Ignore the case while matching the cookie.

Fixes: #4763
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
2023-08-28 21:33:54 +02:00
laraveluser
ef20a0128f
Add support for Lima-City 2023-08-25 17:22:20 +02:00
neil
3039e4eb6d
Merge pull request #4755 from glocknerc/master-1
Master 1
2023-08-24 09:19:57 +08:00
glocknerc
9143cd1485
Change grep to be case-insensitive when looking for Set-Cookie header since INWX change casing to lowercase 2023-08-23 14:07:07 +02:00
Nirjas Jakilim
13d31ecb7f
fixed regex for nginx conf path
Fixed the regex for nginx path configuration to fix grep: unrecognized option error
2023-08-21 12:28:50 +06:00
neil
a936b2f1f6
Merge pull request #4745 from vitoyucepi/help_punctuation
Remove punctuation symbol
2023-08-21 09:08:48 +08:00
Vito
8d00f489cd Remove excessive full stop from help 2023-08-20 17:11:14 +00:00
Martin Arndt
b793dbf977
Fix device ID property name for DSM 6 2023-08-11 17:55:45 +02:00
Martin Arndt
d52b38777a
Fix Auth API access for DSM 6 2023-08-09 19:52:37 +02:00
neil
56cf93dff2
Merge pull request #4575 from sg1888/panos-ecc-fix
Added functionality for Palo Alto Firewall deployments (PANOS)
2023-07-30 21:45:50 +08:00
neil
67d84cadad
Merge pull request #4708 from sg1888/verbiage
Fixed help verbiage to reflect capabilities of --ecc flag
2023-07-30 21:30:49 +08:00
neil
b384a24c0e
Merge pull request #4710 from zearan/patch-1
Fix the API calls that get the list of domains that PLESK can manage
2023-07-30 21:19:23 +08:00
Martin Arndt
66a68edbe6
Merge branch 'acmesh-official:master' into master 2023-07-30 14:56:31 +02:00
neil
dcf3d7234e
Merge pull request #4712 from samuel-jimenez/dev
Add DNSExit.com API support
2023-07-30 11:32:03 +08:00
neil
0da839cce3
Merge pull request #4720 from acmesh-official/dev
sync
2023-07-30 11:22:51 +08:00
neil
b6f62ac446 fix for curl bugs nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation
see https://bugs.launchpad.net/ubuntu/+source/curl/+bug/2018342
2023-07-30 10:58:22 +08:00
neil
15ee036db1 fix for solaris 2023-07-29 23:30:44 +08:00
neil
6db8ae451a fix for solaris 2023-07-29 23:17:20 +08:00
neil
a7f3d413ef fix for solaris 2023-07-29 22:32:30 +08:00
Malte Rabenseifner
3b7be478aa
Fix stuff from tests
ShellCheck tests have brought up a couple of issues, that I was not aware of needed to be taken care. This should fix the tests.
2023-07-29 11:27:33 +02:00
neil
7f39cdc856 fix format 2023-07-29 16:45:49 +08:00
Martin Arndt
80006f4730
Added bug report url 2023-07-29 10:26:59 +02:00
neil
a51025fe8f fix https://github.com/acmesh-official/acme.sh/issues/3645 2023-07-29 15:32:50 +08:00
neil
c42ed9c693
Merge pull request #4714 from hknet/master
Update dns_kappernet.sh
2023-07-28 10:41:56 +08:00
Harald Kapper
c48c8d07de
Update dns_kappernet.sh
dns update waiting time is reduced now (new backend at kapper.net)
2023-07-27 21:49:23 +02:00
samuel
4d4b6edbc2 Add DNSExit.com API support 2023-07-26 10:40:44 -05:00
Malte Rabenseifner
2014ca9feb
Fix the API calls that get the list of domains that PLESK can manage 2023-07-26 15:36:11 +02:00
sg1888
a9f631f404 Added help verbiage for --ecc flag 2023-07-21 16:49:20 +00:00
Scruel Tao
ba468bb5e4
Fix for shfmt check 2023-07-20 13:38:36 +08:00
Scruel Tao
cf86d57a9f
Fix for shfmt check 2023-07-20 13:34:57 +08:00
Scruel Tao
9e958f4e32
Fix shellcheck 2023-07-20 13:09:21 +08:00
Scruel Tao
c7f6f20c9d
Add SYNO_USE_TEMP_ADMIN variable & Fix broken logic
1. Fix the broken logic in (Sorry for including fix commit in same PR, I'm feeling quite tired and would like to go to sleep right away...)
2. Provides new method to obtain credential info for authentication, it will create a temp admin user if SYNO_USE_TEMP_ADMIN is set, instead of requiring the user's own credentials which will be saved in disk.

I do really don't like to have plaintext credentials be saved in disk, and I noticed that you've spent a lot of time fighting with 2FA related stuffs, so why not just get rid of the whole old way. :)
2023-07-20 02:48:29 +08:00
sg1888
1984f44ffe Shell formatting 2023-07-18 20:18:12 +00:00
sg1888
02de281e40 Removed unused variable 2023-07-18 20:15:46 +00:00
sg1888
ae035deb92 Fixed shell check errors 2023-07-18 20:10:31 +00:00
sg1888
edd1b60c3d Removed ability to specify API key to facilitate future multiple host functionality. 2023-07-18 19:43:47 +00:00
neil
55a3709bd1
Merge pull request #4700 from szhu25/patch-1
Fix SES region variable
2023-07-17 09:56:58 +08:00
Martin Arndt
d1fc01a407
RI 2023-07-15 19:31:12 +02:00
Martin Arndt
65293f81d9
Merge branch 'master' into dev 2023-07-15 19:29:50 +02:00
Martin Arndt
0afb0f7958
Merge branch 'acmesh-official:dev' into dev 2023-07-15 19:19:31 +02:00
Steven Zhu
dd958872a8
Fix SES region variable
The last version do not save the SES region into the config file, breaking the notification hook.
2023-07-14 12:47:44 -04:00
sg1888
62a2ce1d35 Merge remote-tracking branch 'upstream/dev' into panos-ecc-fix 2023-07-12 00:22:03 +00:00
sg1888
b556908cab Modified ECC file test 2023-07-12 00:03:21 +00:00
sg1888
e69a19db5c Incorporated partial commit to address issue #4198 2023-07-11 23:56:41 +00:00
sg1888
d86414febb Excluded scopes for api key test 2023-07-11 23:41:24 +00:00
sg1888
832318fab1 Merge remote-tracking branch 'upstream/master' into panos-ecc-fix 2023-07-11 20:25:43 +00:00
neil
80ad62ff56
Merge pull request #3208 from cusae/dev
Add BookMyName API support
2023-07-10 09:21:50 +08:00
Arnaud Launay
ee50f254df Add BookMyName API support 2023-07-09 20:08:10 +02:00
Arnaud Launay
cc0be6cd90
Merge branch 'acmesh-official:dev' into dev 2023-07-09 20:00:52 +02:00
neil
a7455d7edd fix https://github.com/acmesh-official/acme.sh/issues/4562#issuecomment-1598731384 2023-07-08 14:11:51 +08:00
neil
b7c370fff7
Merge pull request #4691 from acmesh-official/4442
4442
2023-07-08 13:49:18 +08:00
neil
8fd3a64e35 fix https://github.com/acmesh-official/acme.sh/issues/4442 2023-07-08 12:51:56 +08:00
neil
3761fb4377 fix bug https://github.com/acmesh-official/acme.sh/issues/4442 2023-07-08 12:37:01 +08:00
neil
0472f5da6a Revert "fix format"
This reverts commit 09041fb81d.

Revert "fix https://github.com/acmesh-official/acme.sh/issues/4680"

This reverts commit 299a157409.
2023-07-08 11:43:44 +08:00
neil
09041fb81d fix format 2023-07-08 11:19:09 +08:00
neil
299a157409 fix https://github.com/acmesh-official/acme.sh/issues/4680
zerossl returns retry-after header within "200 OK" code.
so we don't check the "503" code anymore.
2023-07-08 11:17:19 +08:00
neil
53ede7b0d8
Merge pull request #4646 from Eagle3386/patch-1
Remove external OTP dependency from deploy hook Synology_DSM.sh
2023-07-08 10:54:56 +08:00
neil
cd13aee3e7
Merge pull request #4687 from szhu25/ses-notifyhook
Notify hook: AWS SES
2023-07-08 10:33:27 +08:00
Martin Arndt
8b3acb719e
Fix TXT record removal 2023-07-05 13:04:08 +02:00
Martin Arndt
2961a90e7f
Make ShellCheck & ShellFormat happy 2023-07-05 11:14:49 +02:00
Martin Arndt
db8a2d0c65
Fix & improve DNS API for ArtFiles.de 2023-07-05 11:05:06 +02:00
Steven Zhu
a6b5f0c9d4
Fix variable naming to make the access key and secret key consistent with Route53. 2023-07-04 22:31:30 -04:00
Steven Zhu
8d136c6a25
Add newline at end of file to satisfy shfmt's "extra line" error 2023-07-04 22:15:53 -04:00
Steven Zhu
4d94270cde
Add newline at end of file to satisfy shfmt's "No newline at end of file" error 2023-07-04 22:14:17 -04:00
Steven Zhu
e0d96bcb39
Add initial AWS SES support
Copied most of the v4 api stuff from DNS_AWS hook (Thanks!)

New tokens added:
AWS_SES_ACCESS_KEY_ID
AWS_SES_SECRET_ACCESS_KEY
AWS_SES_REGION
AWS_SES_TO
AWS_SES_FROM
AWS_SES_FROM_NAME (Optional)
2023-07-04 21:54:49 -04:00
Martin Arndt
0d7b831661
Fix variable initialization 2023-07-04 16:58:14 +02:00
Martin Arndt
0c9e4f67a8
Update synology_dsm.sh
Split "[ && ]" into "[ ] && [ ]" to make ShellCheck happy
2023-07-04 15:55:44 +02:00
Martin Arndt
da2c386b60
Merge branch 'acmesh-official:dev' into dev 2023-07-04 15:51:15 +02:00
Martin Arndt
4770364d42
Merge branch 'acmesh-official:master' into master 2023-07-04 15:50:01 +02:00
Martin Arndt
db3f131dfc
Re-add deprecated SYNO_TOTP_SECRET part for legacy compatibility
As requested in acmesh-official/acme.sh/pull/4646 by Neil Pang
2023-07-04 15:47:19 +02:00
Martin Arndt
d7f58c64f8
Merge branch 'acmesh-official:master' into patch-1 2023-07-04 14:57:19 +02:00
neil
41b6aebe7c
Merge pull request #4574 from systemcrash/patch-1
Spelling / grammar
2023-06-30 11:10:23 +08:00
neil
7d50332246
Merge pull request #4412 from phedoreanu/bugfix/1984_hosting_csrftoken
dns_1984.hosting.sh: fix login with valid csrftoken
2023-06-11 21:26:17 +08:00
Adrian Fedoreanu
0d0478245f
dns_1984hosting.sh: fix login with valid csrftoken and sessionid 2023-06-11 15:22:45 +02:00
neil
f680ede980 start 3.0.7 2023-06-10 01:16:57 +08:00
neil
b7caf7a016
Merge pull request #4663 from acmesh-official/dev
sync
2023-06-09 21:09:23 +08:00
neil
891198e4f3
Merge pull request #4653 from stokito/dns_ovh_runabove
dns_ovh.sh Add ovh-us endpoint
2023-06-09 20:41:24 +08:00
neil
38c5910be4
Merge pull request #4658 from Justman10000/master
Update
2023-06-09 20:26:25 +08:00
neil
327e2fb0a4 remove all exec.
https://github.com/acmesh-official/acme.sh/issues/4659
2023-06-09 20:18:38 +08:00
neil
c20c219990
Merge pull request #4661 from acmesh-official/dev
sync
2023-06-09 20:04:51 +08:00
neil
4c30250782 fix https://github.com/acmesh-official/acme.sh/issues/4659 2023-06-09 19:59:29 +08:00
Justin Nogossek
caf23f9a04 Remove not anymore exists tutorials and websites 2023-06-07 23:36:18 +02:00
Justin Nogossek
beab808b76 Update URL 2023-06-07 23:35:47 +02:00
Sergey Ponomarev
6c8920f63e dns_ovh.sh Add ovh-us endpoint
Remove discontinued runabove.com
If any new env will be added then a user may spe

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
2023-06-05 12:54:54 +03:00
Martin Arndt
d108072bfb
Add ArtFiles.de DNS API plugin 2023-05-30 09:24:17 +02:00
Martin Arndt
8cc7c5349a
Merge branch 'acmesh-official:master' into master 2023-05-29 20:23:38 +02:00
Martin Arndt
fb33ea2a0b
Fix single quote escaping 2023-05-29 20:21:16 +02:00
Martin Arndt
63fca33b04
Fix retrieval of domain zone 2023-05-29 20:12:52 +02:00
Martin Arndt
0548ad2fc6
Fix debug output of session ID 2023-05-28 22:33:15 +02:00
Martin Arndt
623d615cd7
Remove external OTP dependency from synology_dsm.sh
Also adapt to DSM 7's API improvements.
2023-05-28 21:42:53 +02:00
sg1888
126df9647b Modified keytest to perform a partial empty commit 2023-05-24 18:51:57 +00:00
sg1888
2e2e7cd054 Added ability to force commit to firewall. Username is now also mandatory 2023-05-17 20:06:06 +00:00
sg1888
0ebc9f7a44 Fixed typo 2023-05-15 01:46:21 +00:00
sg1888
a8fba65cbd Cleaned up verbiage. Added ability to store / update user variable. Added ability to use user/pass OR key 2023-05-15 01:43:54 +00:00
gmanic
0b0476e196
Update dns_nsupdate.sh 2023-05-14 21:01:51 +00:00
gmanic
f99d6dac08
Push for actions 2023-05-14 20:58:48 +00:00
gmanic
cd2b7cd943
Correct Typo, add -n test
Added a test for non-zero-string, corrected type ZONE instead of OPT
2023-05-14 20:20:22 +00:00
gmanic
af759f2330
Enable additional command line parameters for nsupdate
For being able to use e.g. "-v" to use TCP communication with the NSUPDATE_SERVER -> NSUPDATE_OPT has been added.
NSUPDATE_OPT will be plainly added to the command line of nsupdate.
NSUPDATE_OPT will also be saved to conf respectively read from conf
2023-05-14 20:02:43 +00:00
neil
51be15f66d
Merge pull request #4150 from defnull/patch-sectigo-wildcard
fix: Challenge not skipped for pre-validated wildcard domain orders
2023-05-12 09:42:52 +08:00
neil
110e25e784
Merge pull request #4158 from lufi42/dev
Plesk XMLAPI Compatibility with all Plesk editions
2023-05-12 09:26:58 +08:00
neil
8414100d0b
Merge pull request #4629 from fichtner/dns_opnsense
dnsapi: fix OPNsense script to be compatible with upcoming 23.1.8
2023-05-12 09:26:01 +08:00
lufi42
a3f4cb154e
Merge branch 'acmesh-official:dev' into dev 2023-05-09 21:59:18 +02:00
Franco Fichtner
e6e22a1ca1 dnsapi: fix OPNsense script to be compatible with upcoming 23.1.8
The current script is already broken due to Bind 9.16 -> 9.18 changes
due to their renaming scheme for primary/secondary so do not rely on the
compat layer (which was also broken for other reasons).
2023-05-09 08:47:24 +02:00
Alexander Pushkarev
bb5f3cc326 Add support for Mattermost notifications. 2023-05-01 23:00:01 +03:00
sg1888
7623025b90 Fixes for POSIX sh shell 2023-04-24 18:45:50 +00:00
sg1888
56c98e9295 Merge remote-tracking branch 'upstream/master' into panos-ecc-fix 2023-04-24 17:02:48 +00:00
neilpang
b937665b90 minor 2023-04-23 13:18:17 +08:00
neilpang
a7bc2293c0 fix https://github.com/acmesh-official/acme.sh/issues/4612#issuecomment-1518929996 2023-04-23 13:16:12 +08:00
neil
0d25f7612b
Merge pull request #4609 from acmesh-official/dev
sync
2023-04-21 20:21:30 +08:00
neilpang
84e4181ed7 fix https://github.com/acmesh-official/acme.sh/issues/4604 2023-04-20 18:11:55 +08:00
neilpang
f66a29d1c3 fix https://github.com/acmesh-official/acme.sh/issues/4606 2023-04-20 18:07:59 +08:00
neil
dbd3881cea
Merge pull request #4515 from HRHDaniel/domain_conf_debug
Domain conf debug
2023-04-14 13:48:52 +08:00
sg1888
df753e2619 Added functionality to save and reuse API key 2023-04-12 22:00:53 +00:00
neil
7eb6bbe65f
Merge pull request #4579 from daschr/dev
Prevent whitespace splitting
2023-04-03 11:06:22 +08:00
David Schramm
a570fda1cb prevent whitespace splitting 2023-04-02 17:30:47 +02:00
David Schramm
3b06fa6523 merge upstream 2023-04-02 17:28:47 +02:00
neil
dcdbe2fbb8 fix https://github.com/acmesh-official/acme.sh/pull/4577 2023-04-02 12:04:58 +08:00
David Schramm
dc1f36da43 prevent whitespace splitting 2023-04-01 09:25:19 +02:00
sg1888
cbb7082afd Fixed bug with wildcard certs and ecc keys 2023-03-31 00:33:44 +00:00
Paul Dee
6ee72e119c
Spelling / grammar 2023-03-31 01:13:41 +02:00
neil
05dbd395e6
Merge pull request #4540 from Hobby-Student/dev
[KAS] improve deletion of records
2023-03-30 16:48:37 +08:00
neil
69e7360cc3
Merge pull request #4568 from imlonghao/patch-1
fix(cloudns): fix grep when TXT record start with hyphen symbol
2023-03-29 14:39:32 +08:00
imlonghao
7ef2533b98
fix(cloudns): fix grep when record start with hyphen symbol 2023-03-28 22:49:39 +08:00
neil
97f87c4229
Merge pull request #4542 from alexleigh/master
Add support for Google Domains DNS API.
2023-03-27 09:16:00 +08:00
neilpang
42a5cd961d fix https://github.com/acmesh-official/acme.sh/issues/4530#issuecomment-1473395845 2023-03-17 17:21:10 +08:00
neil
bf00d3157f
Merge pull request #4544 from NCDGHA/bugfix/issue_4543_fix_retry-after
Fix Retry-After handling
2023-03-17 17:16:55 +08:00
neil
cf3ff4c136
Merge pull request #4551 from acmesh-official/dev
sync
2023-03-13 09:15:53 +08:00
neil
7fe06adcfd
Merge pull request #4550 from eastonman/master
dnsapi(huaweicloud): fix DomainName not retreived properly
2023-03-13 09:14:32 +08:00
Easton Man
ae3e5dbf2c
fix: fix DomainName not retreived properly
Co-Authored-By: idawnlight <idawn@live.com>
2023-03-12 12:41:29 +08:00
neil
20304590b4
Merge pull request #4547 from eastonman/master
dnsapi(huaweicloud): Add retry count to avoid infinite loop when things go wrong
2023-03-10 13:52:37 +08:00
Alex Leigh
2d8c0c0131 Add support for Google Domains DNS API.
https://domains.google/learn/gts-acme/

This is an ACME API for Google Domains customers, which is
different from the Google Cloud Domains API for Google Cloud
customers.
2023-03-08 11:13:25 -08:00
Markus Hoffrogge
70f4cad2ca Fix Retry-After handling
- closes #4543
2023-03-07 18:45:07 +01:00
Easton Man
1f777a94a7
fix: change some debug comments 2023-03-07 17:50:44 +08:00
Easton Man
7560c64f46 fix: fix typo 2023-03-07 11:30:32 +08:00
Easton Man
bddde60522 fix: use update instead of remove then add 2023-03-07 11:27:08 +08:00
Easton Man
e9366f8c76 fix: fix huaweicloud existing record 400 2023-03-07 10:56:10 +08:00
Easton Man
4dba84d09e
fix: fix shfmt 2023-03-07 10:01:20 +08:00
Easton Man
0cce2d6098
fix: fix shellcheck 2023-03-07 09:57:39 +08:00
Easton Man
acbd8bce21
feat: add retry count for removing record set
This avoids infinite loop when something went wrong and throws a error
2023-03-07 09:48:13 +08:00
Hobby-Student
dea8a08b64
added missing new line at EOF 2023-03-06 20:36:53 +01:00
Hobby-Student
dde1bab1a8
improve deletion of records 2023-03-06 20:18:15 +01:00
neil
799e402077
Merge pull request #4536 from acmesh-official/dev
sync
2023-03-04 21:26:18 +08:00
neil
ce629e8e70 fix typo 2023-03-04 21:23:31 +08:00
neil
20cfc4ac66 fix https://github.com/acmesh-official/acme.sh/issues/4535 2023-03-04 21:22:17 +08:00
neil
132d5e8253
Merge pull request #4532 from acmesh-official/dev
sync
2023-03-02 22:07:16 +08:00
neilpang
cb8b341fb4 fix https://github.com/acmesh-official/acme.sh/issues/4530 2023-03-02 18:10:38 +08:00
neilpang
982c54b605 fix https://github.com/acmesh-official/acme.sh/issues/4530 2023-03-02 18:06:09 +08:00
neil
67f543332a
Merge pull request #4531 from NCDGHA/bugfix/issue_4530_fix_http_status_503
Fix to handle LE overload status 503 appropriately
2023-03-02 18:00:36 +08:00
neil
88ac4086c2
Merge pull request #4518 from AnTheMaker/nanelo_dns
Add Nanelo DNS support
2023-03-02 09:40:47 +08:00
Markus Hoffrogge
15f96b7239 Fix to handle LE overload status 503 appropriately
- LE HTTP response status 503 is not an error, it must be handled via sleep and retry
- s. https://community.letsencrypt.org/t/new-service-busy-responses-beginning-during-high-load/184174

fixes #4530
2023-03-02 00:46:52 +01:00
neil
0ea84ad799
Merge pull request #4528 from chris03/bugfix/replace-expr
SMTP notify: Use grep -E instead of expr
2023-03-01 10:28:18 +08:00
Chris
1522b713da Use grep -E instead of expr
expr was printing  `expr: warning: '^.*[<>"]': using '^' as the first character of a basic regular expression is not portable;`
2023-02-28 21:08:33 -05:00
neil
fe6b27bb59
Merge pull request #4420 from romanlum/dev
Added dns provider for ipv64.net
2023-02-28 17:38:16 +08:00
Roman Lumetsberger
df14b15397 fix quote 2023-02-25 11:22:27 +00:00
Roman Lumetsberger
7dd12044de use _lower_case function 2023-02-25 11:18:33 +00:00
An | Anton Röhm
06e12a30e7
reduce nanelo dns ttl 2023-02-24 00:13:21 +01:00
An | Anton Röhm
d3fefd223d
improve output 2023-02-24 00:01:39 +01:00
An | Anton Röhm
c0639c6608
Create first version of Nanelo DNS API integration
[create dnsapi/dns_nanelo.sh]
2023-02-23 23:29:46 +01:00
dharp
05a2eb3df4 add additional debug statement for DOMAIN_CONF 2023-02-21 10:19:07 -06:00
neil
d4befeb536
Merge pull request #4489 from acmesh-official/dev
sync
2023-02-04 20:08:11 +08:00
neil
f7f1168aad
Merge pull request #4266 from skyksandr/master
Vultr DNS: fix "grep: repetition-operator operand invalid" on FreeBSD
2023-02-03 16:49:26 +08:00
Aleksandr Kunin
d6cf15368a Vultr DNS: fix "grep: repetition-operator operand invalid" on FreeBSD 2023-02-03 12:44:33 +07:00
neilpang
a5fbf3fb80 fix format 2023-02-03 09:59:42 +08:00
neilpang
3cf8f78745 fix format 2023-02-03 09:57:56 +08:00
neilpang
59dab6eac7 fix https://github.com/acmesh-official/acme.sh/issues/4485#issuecomment-1414022376
https://github.com/acmesh-official/acme.sh/issues/4483#issuecomment-1414460122
2023-02-03 09:55:51 +08:00
Roman Lumetsberger
553d861b8a
fix shell check and formatting 2023-01-31 11:17:33 +01:00
Roman Lumetsberger
7b5d94d062
convert domain and subdomain to lower case 2023-01-31 11:10:42 +01:00
Roman Lumetsberger
cb021efaee
Merge branch 'acmesh-official:dev' into dev 2023-01-31 10:34:29 +01:00
neilpang
c2344f3717 add log for doh
https://github.com/acmesh-official/acme.sh/issues/4481
2023-01-30 14:39:03 +08:00
neilpang
f537c606f7 fix warnings 2023-01-29 11:13:23 +08:00
neil
c8f48a4a90
Merge pull request #4478 from acmesh-official/dev
sync
2023-01-29 11:06:37 +08:00
neil
c2ad1b4e46
Merge pull request #4448 from PMExtra/feature/curl_fail
curl return fail if HTTP errors
2023-01-28 20:37:20 +08:00
neilpang
ba9d146d6c fix https://github.com/acmesh-official/acme.sh/issues/992 2023-01-28 17:29:03 +08:00
PMExtra
a5b04a0328 ensure curl --help backward compatible 2023-01-28 17:19:04 +08:00
neilpang
01249d0cb9 fix warning 2023-01-28 16:24:27 +08:00
neil
71c273fbcb
Merge pull request #4476 from acmesh-official/dev
sync
2023-01-28 16:19:53 +08:00
neilpang
aa9cbf7c55 fix https://github.com/acmesh-official/acme.sh/issues/992 2023-01-28 16:18:27 +08:00
neil
429b18ed48
Merge pull request #4475 from acmesh-official/dev
sync
2023-01-28 15:31:55 +08:00
neilpang
2690c05781 fix format 2023-01-28 15:28:06 +08:00
neilpang
e3b688c9d8 fix format 2023-01-28 15:26:54 +08:00
neilpang
41b6f18a5d fix format 2023-01-28 15:25:50 +08:00
neilpang
5a59c39036 fix format 2023-01-28 15:24:21 +08:00
neil
a02dd18ad7
Merge pull request #4414 from beartom/master
Update truenas.sh to deploy certificate for TrueCharts
2023-01-28 15:20:10 +08:00
neil
16bdc7d0a3 fix from OpenAI https://github.com/acmesh-official/acme.sh/issues/992
https://github.com/acmesh-official/acme.sh/pull/2609
2023-01-27 11:44:20 +08:00
neil
40002e8040
Merge pull request #4447 from PMExtra/feature/vault
improve vault and vault_cli deployhooks
2023-01-24 18:49:18 +08:00
neil
6748c55c04 fix stepca 2023-01-24 18:00:09 +08:00
neil
deb63b4adf fix stepca 2023-01-24 17:58:46 +08:00
neil
015a9b9271 fix notify 2023-01-24 16:45:12 +08:00
neil
ab2305e259 fix stepca 2023-01-24 16:42:10 +08:00
neil
b99c998057 fix https://github.com/acmesh-official/acme.sh/issues/4463 2023-01-24 16:13:42 +08:00
neil
6c0a7144f6 fix https://github.com/acmesh-official/acme.sh/issues/4445 2023-01-24 15:45:25 +08:00
neil
bf50fce5bd fix https://github.com/acmesh-official/acme.sh/issues/4470 2023-01-24 15:17:48 +08:00
neil
8718b156c4
Merge pull request #4471 from vladislav-sharapov/patch-1
fix(dns_openstack): fix argparse error
2023-01-22 14:10:32 +08:00
Vladislav Sharapov
7bbdd1f839 fix(dns_openstack): fix argparse error
Add equal sign to '--record' option to fix argparse error
occurring when ACME token starts with '-'.
2023-01-20 23:56:14 +04:00
neil
ffed1a4afa
Merge pull request #4468 from DreamOfIce/master
Update deploy script for gcore
2023-01-20 09:11:23 +08:00
冰雪殇璃陌梦
1bfd3642e8
Update gcore_cdn.sh 2023-01-19 10:19:05 +08:00
neil
577f4e0cc3
Merge pull request #4430 from zpeschke/gd_grammar
Minor grammar fixes for gd
2023-01-11 20:50:59 +08:00
neil
e2f05f3fc9
Merge pull request #4413 from trulyliu/dev
Add gcore dns support.
2023-01-11 20:46:07 +08:00
Gavin Leo
27f30631ed Add gcore dns support.
https://apidocs.gcore.com/dns
2023-01-05 14:30:02 +08:00
PMExtra
1ccfa96c2e improve logging 2022-12-28 02:47:49 +08:00
neil
a2c64e79ff fix for openbsd 2022-12-26 22:28:08 +08:00
neil
7b623f85cd minor 2022-12-26 21:43:02 +08:00
PMExtra
ed63eb6833 migrate FABIO to VAULT_FABIO_MODE and persist it 2022-12-23 19:34:31 +08:00
PMExtra
b8d0d3c242 improve chain.pem exists evaluating 2022-12-23 19:17:37 +08:00
PMExtra
fe1bfe9ae1 improve vault and vault_api deployhooks 2022-12-23 18:59:01 +08:00
PMExtra
7154c9ee5d improve curl --help predication 2022-12-23 17:42:27 +08:00
PMExtra
057c95bd1c improve wget --content-on-error condition 2022-12-23 17:39:51 +08:00
PMExtra
0cafc00c4f append --fail-with-body argument to curl if supported 2022-12-23 17:22:12 +08:00
neil
75d2898efd
Merge pull request #4441 from plummer86/bugfix/_wget_out_fix
Fix assignment: _wget_out
2022-12-19 10:23:00 +08:00
plummer86
764a4c99fa Fix assignment to _wget_out 2022-12-18 22:32:49 +00:00
Zachary Peschke
160513c671 Minor grammar fixes for gd 2022-12-09 09:55:47 -07:00
neil
a2af26635f use ecc cert 2022-12-04 15:05:30 +08:00
neil
63869deeb2
Merge pull request #4091 from PMExtra/feature/ssh_scp
Refact ssh hook to use deploy config, support scp and support specifying port
2022-12-03 13:58:31 +08:00
Roman Lumetsberger
91e387e8b9 added doc for dns_ipv64_rm 2022-11-30 08:55:27 +01:00
Roman Lumetsberger
7d13146859 Added dns provider for ipv64.net 2022-11-30 08:35:03 +01:00
neil
699d2b7e7e
Merge pull request #4409 from hatamiarash7/patch-1
Update ArvanCloud API URL - Security & CI problem
2022-11-29 21:12:47 +08:00
Arash Hatami
257de15c73
Fix export problems 2022-11-29 13:45:04 +03:30
Arash Hatami
5a0225d033
Fix export problem for special values 2022-11-29 12:21:49 +03:30
beartom
bd2d0e6ad3
Format
Format
2022-11-28 20:59:10 +08:00
Arash Hatami
0c0d1d4e52
Update duplicate message 2022-11-28 16:22:25 +03:30
Arash Hatami
eab9603921
Fix SH format 2022-11-28 16:11:17 +03:30
Arash Hatami
c07db3aa14
add 'Accept' header 2022-11-28 16:09:17 +03:30
neil
a19f7481b2
Merge pull request #4410 from kirisakow/patch-1
Trim trailing slash in `--home` argument's value from the get-go to avoid that subsequently created paths contain two adjacent slashes in the middle
2022-11-28 09:58:46 +08:00
lufi42
2905edce35
Merge branch 'acmesh-official:dev' into dev 2022-11-27 19:55:58 +01:00
beartom
04a5d794ac
Update truenas.sh for certificate in chart release
Update certificate in chart release of TrueCharts if any chart release Apps is using the same certificate as TrueNAS web UI.
2022-11-27 21:55:01 +08:00
Kiril Isakov
264b9819ff
Replace the BASH parameter substitution mechanism (unsupported by sh) with standard commands (supported by sh) 2022-11-27 09:22:06 +01:00
Arash Hatami
4610204c83
Test CI 2022-11-27 10:21:24 +03:30
neil
ecf1f17cf4 update key type 2022-11-27 11:10:14 +08:00
Kiril Isakov
9f942a6b65
Trim trailing slash in --home argument's value
# What's expected

Since in `acme.sh` path strings are concatenated with a hardcoded slash in between, the left operand must never end with a trailing slash for the resulting path to be valid. Otherwise, obviously, the resulting path will have two adjacent slashes in the middle and will not be valid.

# What actually happens

Even though I cannot tell for each of the input params, I know this for sure for the the `--home` argument's value.

If I run `acme.sh` with `--home` argument's value being a path ending in a trailing slash,

```sh
acme.sh ... --debug ... --home /some/path/ ... -d somedomainna.me ...
```

I get the following (distinct) occurrencies of resulting invalid paths containing two adjacent slashes:

```
[...] Using config home:/some/path/

[...] DOMAIN_PATH='/some/path//somedomainna.me'

[...] _CURL='curl --silent --dump-header /some/path//http.header  -L  -g '

[...] The domain key is here: /some/path//somedomainna.me/somedomainna.me.key

[...] _CURL='curl --silent --dump-header /some/path//http.header  -L  -g  -I  '

[...] Your cert is in: /some/path//somedomainna.me/somedomainna.me.cer

[...] Your cert key is in: /some/path//somedomainna.me/somedomainna.me.key

[...] The intermediate CA cert is in: /some/path//somedomainna.me/ca.cer

[...] And the full chain certs is there: /some/path//somedomainna.me/fullchain.cer

```

# Suggested fix

Trim trailing slash in `--home` argument's value from the get-go.
2022-11-26 16:00:03 +01:00
Arash Hatami
f4ed1b32b8
Update dns_arvan.sh
Update API URL
2022-11-26 18:12:11 +03:30
neil
ec0e871592 Use ec-256 as default key length
fix https://github.com/acmesh-official/acme.sh/issues/2350#issuecomment-1324029469
2022-11-23 21:57:38 +08:00
neil
7a756ebc4d start v3.0.6 2022-11-23 21:55:19 +08:00
neil
16dc21afff
Merge pull request #4406 from acmesh-official/dev
sync
2022-11-23 21:44:53 +08:00
neil
3a1c6d84f0 fix shellcheck warnings 2022-11-23 21:40:34 +08:00
neil
e684abdacd fix checkout 2022-11-23 21:34:58 +08:00
neil
e275cb1efd fix shellcheck warnings 2022-11-23 21:33:29 +08:00
neil
60315e5b91 fix shellcheck warnings 2022-11-23 21:28:17 +08:00
neil
43b1a4bf5a
Merge pull request #4405 from acmesh-official/dev
sync
2022-11-23 21:16:44 +08:00
neil
cdb238e41c fix cf-tunnel 2022-11-23 21:12:52 +08:00
neil
3871e44d9c
Merge pull request #4400 from waja/docker_alpine_update
Docker alpine update
2022-11-20 19:47:44 +08:00
Jan Wagner
5a51454d13 Update Alpine to 1.16.3
With #4399 applied we can pick minor versions safely.
2022-11-17 15:20:11 +01:00
neil
d102943a32 upgrade actions/checkout@v3 2022-11-07 22:36:40 +08:00
neil
a0b27ddbd8
Merge pull request #4372 from PeterDaveHello/speedup-ci
Reduce `acmetest` `git clone` depth to speed up CI pipeline
2022-10-29 13:59:32 +08:00
neil
b950b04e89
Merge pull request #4371 from PeterDaveHello/use-https
Use encrypted https instead of plain-text http when we can
2022-10-29 13:58:20 +08:00
neil
c9a55f395b fix doh
https://github.com/acmesh-official/acme.sh/issues/4369
2022-10-29 10:08:42 +08:00
Peter Dave Hello
424da01878 Reduce acmetest git clone depth to speed up CI pipeline 2022-10-27 19:49:10 +08:00
Peter Dave Hello
3c933158c8 Use encrypted https instead of plain-text http when we can 2022-10-27 19:45:48 +08:00
neil
7221d488e5
Merge pull request #4365 from acmesh-official/dev
sync
2022-10-24 17:44:22 +08:00
neil
1c16931e26 add Le_Next_Domain_Key for tlsa
fix https://github.com/acmesh-official/acme.sh/issues/3096
Usage: https://github.com/acmesh-official/acme.sh/wiki/tlsa-next-key
2022-10-16 16:06:01 +08:00
neil
0a4b70dbd2
Merge pull request #4349 from tcx4c70/fix/save-conf
Fix error during saving conf
2022-10-12 08:17:08 +08:00
Adam Tao
666c716bda Fix error during saving conf
There might be '|' in __val (e.g., SYNO_Password), which will cause that
all content of the conf file is cleared. Fix it by escaping '|'
manually.

Signed-off-by: Adam Tao <tcx4c70@gmail.com>
2022-10-11 20:45:31 +08:00
neil
be477d7ae3
Merge pull request #4259 from Mon-ius/master
fix a issue, when profile not end with newline
2022-10-05 14:20:01 +08:00
neil
6c8a623b88
Merge pull request #4329 from lippertmarkus/patch-1
[Deploy: synology_dsm] Make usage of DID with 2FA working for DSM 7
2022-10-05 14:18:37 +08:00
neil
ff8de34415
Merge pull request #4335 from acmesh-official/dev
sync
2022-10-05 14:17:03 +08:00
neil
f8ca6d9833 fix https://github.com/acmesh-official/acme.sh/issues/1335 2022-10-05 13:14:25 +08:00
neil
dbab519004
Merge pull request #4252 from agowa338/agowa338-patch-1
Fix missing HTTP_HEADER for _get with wget
2022-10-04 11:20:12 +08:00
neil
e888c96591
Merge pull request #4331 from arnebjarne/dns_cpanel_newserial_fix
Dns cpanel newserial fix
2022-10-02 20:40:50 +08:00
neil
59519f0493
Merge pull request #4334 from sasburg/patch-1
Added parked_domans
2022-10-02 20:39:52 +08:00
sasburg
e02f07d356
add parked_domans 2022-10-01 18:11:46 -07:00
sasburg
2c90d220b8
Updated comment to reflect the change to function 2022-10-01 17:47:13 -07:00
Bjarne Saltbaek
9feeba8d4b Forgot to apply the changed default return value 2022-10-01 15:19:02 +02:00
Bjarne Saltbaek
45090fc897 Better way to catch success or failure 2022-10-01 14:58:12 +02:00
neilpang
d761bdc1b1 minor, just indent usage 2022-09-30 18:03:47 +08:00
neil
287a8c76b5
Merge pull request #4328 from srirams/srirams-patch-1
Add addon domains to cpanel_uapi
2022-09-30 17:15:22 +08:00
Markus Lippert
a7dd86de71
fix(deploy-synology_dsm): support DID with DSM 7 2022-09-29 12:22:45 +02:00
srirams
c541a2e5de
add addon_domans 2022-09-28 18:22:13 -05:00
Klaus Frank
41dbf1ddac
use _contains instead of grep 2022-09-27 22:47:35 +02:00
neil
70ed6b96d1
Merge pull request #4317 from acmesh-official/dev
sync
2022-09-25 00:02:58 +08:00
neil
ef26075a1c export TokenName 2022-09-24 23:58:56 +08:00
neil
91c87446be
Merge pull request #4115 from koter84/dev
make ip-whitelisting configurable for DNS TransIP
2022-09-24 23:31:29 +08:00
neil
dd207e1f02 fix https://github.com/acmesh-official/acme.sh/issues/4285 2022-09-24 22:00:39 +08:00
neil
e947870da9 minor 2022-09-23 22:39:53 +08:00
neil
f0b5f592dc
Merge pull request #4310 from mystix/patch-1
Prevent erasure of saved access token on DNS removal
2022-09-20 21:46:19 +08:00
Marc
773a2a6cfe Merge branch 'master' into patch-1 2022-09-19 13:08:07 +08:00
Klaus Frank
c2a7e384ba
Fix linting issue 2022-09-18 22:03:52 +02:00
Klaus Frank
4a8b35ef5f
Merge branch 'acmesh-official:master' into agowa338-patch-1 2022-09-18 22:00:49 +02:00
neil
5cd0db32df
Merge pull request #4256 from dannytix/cpanel_auto
Cpanel auto
2022-09-18 20:52:11 +08:00
neil
ef01de6149
Merge pull request #4313 from acmesh-official/dev
sync
2022-09-18 20:25:26 +08:00
Marc
4e9749f655
Prevent erasure of saved access token 2022-09-16 14:10:10 +08:00
neil
abb7a1fd47
Merge pull request #4304 from SahAssar/rage4-dns
Add rage4 dns api
2022-09-13 17:14:23 +08:00
Svante Richter
60bcee8c1d Add rage4 dns api 2022-09-12 18:17:20 +02:00
neil
8ded524236
Merge pull request #4302 from acmesh-official/dev
sync
2022-09-08 22:12:10 +08:00
neil
0a47f48191 fix https://github.com/acmesh-official/acme.sh/issues/4301 2022-09-08 22:09:39 +08:00
neil
8601267b90 fix https://github.com/acmesh-official/acme.sh/issues/4301 2022-09-08 21:56:49 +08:00
neil
6767e0c52d
Merge pull request #4267 from nixys/feature/dns_yc
Add Yandex Cloud DNS API
2022-09-08 13:54:58 +08:00
neil
5141d1775d
Merge pull request #3873 from Marvo2011/dev
Added Selfhost DNS API
2022-09-08 13:47:13 +08:00
neil
374af996d9
Merge pull request #4297 from nosilver4u/dgon_found
add domain alias support for Digital Ocean API
2022-09-08 09:12:33 +08:00
Shane Bishop
dcc9624c15 Update dns_dgon.sh
Make sure to initialize 'found' so that it isn't contaminated from previous commands/requests.
2022-09-07 15:37:49 -06:00
Shane Bishop
b3df1a2bf8 'i' should start with 1
Since domain alias mode won't have the '_acme-challenge' prefix.
2022-09-07 13:42:30 -06:00
neil
3fc3c02a4f
Merge pull request #4295 from NerLOR/master
Update dns_world4you
2022-09-07 23:22:46 +08:00
neil
874ddf9a32
Merge pull request #4294 from koelle25/dev
Fix OPNsense DNS plugin (again)
2022-09-07 22:58:29 +08:00
Kevin Köllmann
69aeb70cc3
Slightly modify regex to conform to new API response format 2022-09-07 13:07:29 +02:00
Kevin Köllmann
47e60cefe3
Use new searchMasterDomain API endpoint 2022-09-07 13:07:04 +02:00
neilpang
4ea7f3cda5 ignore https error for solaris 2022-09-07 18:20:09 +08:00
neil
03288b521a
Merge pull request #4292 from nosilver4u/bunny
Add Bunny DNS API verification method
2022-09-07 18:18:15 +08:00
neil
4b0a7a6e1f
Update dns_bunny.sh
`i` should start with `1`.
In dns alias mode, the fulldomain doesn't have a `_acme-challenge` prefix.
2022-09-07 18:15:21 +08:00
neil
383287adcd
Merge pull request #4293 from bbruun/fix-multiple-tld
Fix for multiple TLDs in DNS API
2022-09-07 16:47:25 +08:00
Bjarke Bruun
5c00afc6fe Fix for multiple TLDs in DNS API 2022-09-07 03:46:28 +02:00
Shane Bishop
025e0e8093 fix the shebang 2022-09-06 11:38:15 -06:00
Shane Bishop
35fb1f8585 Create dns_bunny.sh 2022-09-06 07:35:06 -06:00
neil
9fb14eef0e support "secrets.HTTPS_INSECURE" for solaris 2022-09-06 20:33:51 +08:00
Lorenz Stechauner
5d6d0c6176 World4You: fix paketnr parsing
Signed-off-by: Lorenz Stechauner <lorenz.stechauner@necronda.net>
2022-09-06 13:25:14 +02:00
neil
dd707242ef the envs are moved to acmetest 2022-09-03 21:11:26 +08:00
neil
4f32f1285a
Merge pull request #4190 from arnebjarne/dns_cpanel_multidomain
Dns cpanel multidomain
2022-08-31 15:07:37 +08:00
Marvo2011
a6ecdbae29
Merge pull request #7 from AlvinSchiller/dev
Dev - SELFHOSTDNS_MAP_LAST_USED_INTERNAL changes for readability
2022-08-31 06:55:30 +02:00
neil
4904d100ff
Merge pull request #4279 from acmesh-official/dev
sync
2022-08-29 20:17:47 +08:00
AlvinSchiller
7a1f94bc20 set newLastUsedRidForDomainEntry after request was successfull 2022-08-28 20:44:17 +02:00
AlvinSchiller
f9320fff8f Changed lastUsedRidForDomainEntry seperator to space 2022-08-27 01:24:16 +02:00
neil
3dde83d8a0 fix https://github.com/acmesh-official/acme.sh/issues/4268 2022-08-26 19:47:45 +08:00
Marvo2011
f3e77a989c
Merge branch 'acmesh-official:dev' into dev 2022-08-25 14:28:51 +02:00
Marvo2011
f3539b0354
Merge pull request #6 from AlvinSchiller/dev
Removed RID RID2 only allow Mapping
2022-08-25 14:16:12 +02:00
Viktor Sokhan
4e5d4b9695 Fix shellcheck and shfmt 2022-08-25 13:43:06 +07:00
Klaus Frank
864315f6d1 Use literal space
Replace [[:space:]] with " "
2022-08-24 19:34:37 +02:00
Klaus Frank
713b7338ea demultiplex wget debug output 2022-08-24 19:34:37 +02:00
Klaus Frank
53117b2f4c Fix missing HTTP_HEADER for _get with wget
Save http header to file for _get with wget.
2022-08-24 19:34:36 +02:00
Viktor Sokhan
90623142e1 Fix 2022-08-24 16:40:27 +07:00
Viktor Sokhan
43503a20e5 Fix 2022-08-24 14:12:57 +07:00
Viktor Sokhan
ec53b27dfe Add dns_yc.sh 2022-08-24 13:48:10 +07:00
neil
238ecfc539 fix issue message 2022-08-23 22:19:10 +08:00
neil
b888792940 fix concurrency 2022-08-23 22:15:50 +08:00
neil
e3d1ab52f8
Merge pull request #4264 from Hobby-Student/dev
Update KAS API - better error handling
2022-08-23 21:25:14 +08:00
Hobby-Student
f9c2874c35
removed unnecessary white space in empty line 2022-08-23 13:30:04 +02:00
Hobby-Student
2304f005e3
better error handling 2022-08-23 12:41:42 +02:00
Monius
b95f836256 final try 2022-08-23 06:30:09 +08:00
AlvinSchiller
c94f9f21af fixed shfmt 2022-08-23 00:28:52 +02:00
AlvinSchiller
fc336e3733 fixed RID usage for wildcard domains 2022-08-23 00:04:41 +02:00
neil
fc1df9f9a5
Merge pull request #4262 from acmesh-official/dev
sync
2022-08-22 21:17:19 +08:00
Monius
5a604bfdee shfmt check? 2022-08-22 15:16:30 +08:00
AlvinSchiller
281951a86b ShellCheck fixed 2022-08-22 06:51:17 +02:00
AlvinSchiller
35ec3adadc only use SELFHOSTDNS_MAP for configuration of RIDs. detect wildcard domain for use of additional RID 2022-08-22 00:55:05 +02:00
AlvinSchiller
b9256a1ba7 changed from *deployconf to *domainconf 2022-08-22 00:55:05 +02:00
AlvinSchiller
734c9a1aa5 Dns Challenge prefix removed. SELFHOSTDNS_MAP entries must be fullpath incl. prefix 2022-08-22 00:55:05 +02:00
Monius
6502a71083 fix, but remove debug info 2022-08-22 05:26:12 +08:00
Monius
f2634b44cd add EOF, if $__conf not end with one 2022-08-21 12:26:37 +08:00
Monius
dcf9c467c3 fix issue, when profile not end with newline 2022-08-20 19:37:51 +08:00
neil
3dcacc1f8d add pr_notify.yml 2022-08-20 12:32:53 +08:00
neil
7cb81b0f35
Merge pull request #4244 from awalon/master
dns_gd (GoDaddy) Remove complete TXT record instead of value only
2022-08-20 11:12:37 +08:00
neil
8155ba5224 fix issue.yml 2022-08-20 10:59:50 +08:00
neil
7169060425 fix https://github.com/acmesh-official/acme.sh/issues/4248#issuecomment-1217378906 2022-08-20 10:54:17 +08:00
neil
ddb9dd4e45
Merge pull request #4243 from sinostephen/master
dns.la official acme script
2022-08-19 21:44:37 +08:00
stephen
2a05f24cb6
Add dns.la api support
Add dns.la api support
2022-08-19 11:12:16 +08:00
neil
039e4c662d rename the csr/key file if the cert is revoked. 2022-08-18 21:10:38 +08:00
neil
70351677a1 add concurrency 2022-08-18 20:30:11 +08:00
neil
33cadfb97d
Merge pull request #4254 from Hobby-Student/dev
Upgrade KAS API
2022-08-18 20:08:28 +08:00
neil
5fbaeda217
Update dns_la.sh 2022-08-18 19:48:09 +08:00
Danny Tix
b44ba0d21a Add wildcard deployment to cpanel_uapi 2022-08-17 23:51:23 -08:00
Hobby-Student
b42532afe9
forgot enabling github actions. forced commit 2022-08-17 19:58:34 +02:00
Hobby-Student
da6a335b87
new line EOF 2022-08-17 19:50:47 +02:00
Hobby-Student
0e8fef73bb
error handling, minor changes to params, ... 2022-08-17 19:43:30 +02:00
Dennis Koot
7122a960fa make ip-whitelisting configurable for DNS TransIP and download keyfile if it is an url 2022-08-17 17:53:35 +02:00
neil
d5b649a1a4 add tests for wget 2022-08-17 23:49:30 +08:00
stephen
233c724b2d
dns.la official acme script
dns.la official acme script
2022-08-17 18:18:42 +08:00
stephen
e1eb001872
dns.la official acme script
dns.la official acme script
2022-08-17 17:23:12 +08:00
stephen
5899d7034f
dns.la official acme script
dns.la official acme script
2022-08-16 15:35:46 +08:00
stephen
23c3e9482f
Delete dns_la.sh 2022-08-16 15:35:22 +08:00
stephen
dd980d9dca
dns.la official acme script
dns.la official acme script
2022-08-16 15:30:10 +08:00
stephen
d4ed50a915
Delete dns_la.sh 2022-08-16 15:29:35 +08:00
stephen
d986c7d126
dns.la official acme script
dns.la official acme script
2022-08-16 15:26:13 +08:00
stephen
67a2a4f249
dns.la dns acme script
dns.la dns acme script
2022-08-16 15:14:27 +08:00
stephen
a6e87e7e08
Delete dns_la.sh 2022-08-16 15:11:55 +08:00
stephen
33da8a7f62
dns.la official acme script, error fixed
fixed shcheck error
2022-08-16 09:51:59 +08:00
Awalon
68c533f777
Merge branch 'acmesh-official:master' into master 2022-08-15 23:52:39 +02:00
stephen
671eecf203
www.dns.la official acme script
www.dns.la official acme script
2022-08-15 18:10:18 +08:00
neil
2454ac8ef1 don't upload log 2022-08-14 17:44:16 +08:00
neil
20f097faa4 typo 2022-08-14 16:33:48 +08:00
neil
5dba8b493d fix log pattern 2022-08-14 16:25:28 +08:00
neil
eb27013fba
Merge pull request #4242 from acmesh-official/dev
fix ip test
2022-08-14 15:34:54 +08:00
neilpang
4f8d1c5c9d fix ip test 2022-08-14 15:29:28 +08:00
neilpang
74168c3e05 fix ip test for pebble 2022-08-14 15:25:48 +08:00
neil
cece848801
Merge pull request #4241 from acmesh-official/dev
sync
2022-08-13 19:21:23 +08:00
neil
7ddbeaa078
Merge pull request #4222 from Marco4223/master
Fix and Upgrade KAS API Call.
2022-08-13 17:57:48 +08:00
Awalon
2d4aa7ff8b
Added example and URL for API key 2022-08-13 05:34:05 +02:00
neil
79e044ac31 fix format 2022-08-13 11:16:40 +08:00
neil
15ae5a5135 fix format 2022-08-13 11:14:22 +08:00
Awalon
5684b7c329
dns_gd (GoDaddy): Delete TXT record instead of just setting them to an empty value. Replaced "#todo: check if the record takes effect" by some error handling and validation. 2022-08-13 05:02:12 +02:00
neil
7e96120353 fix message 2022-08-13 09:33:43 +08:00
neil
cc36421fe5 fix typo 2022-08-13 09:31:36 +08:00
neil
683aa727d5 fix log path 2022-08-13 09:14:06 +08:00
neil
ea07b495ac change message 2022-08-13 09:09:08 +08:00
neil
8d211c3524 fix log name 2022-08-13 09:01:57 +08:00
neil
ab8df82563 fix log name 2022-08-11 22:15:38 +08:00
neil
8ba9c4ab97 support https_proxy for https://github.com/acmesh-official/acme.sh/pull/1838 2022-08-10 22:00:46 +08:00
neil
2f70b8682e add logs 2022-08-10 21:44:22 +08:00
neil
86dd4ea480 fix https://github.com/acmesh-official/acme.sh/issues/4231 2022-08-08 21:11:16 +08:00
neilpang
204e5f4418 fix https://github.com/acmesh-official/acme.sh/issues/4232 2022-08-08 18:22:07 +08:00
neilpang
044a9bb6d3 fix https://github.com/acmesh-official/acme.sh/issues/4231 2022-08-08 13:19:38 +08:00
neil
a31143328e
Merge pull request #4187 from Spider84/fix/dns_regru
Unable to add TXT record to IDN domain on reg.ru
2022-08-07 12:20:10 +08:00
neil
2bb29a105c fix pr_dns.yml 2022-08-07 12:17:43 +08:00
neil
0013d98d04
Merge pull request #4229 from acmesh-official/dev
sync
2022-08-07 11:23:49 +08:00
neil
916743f44b fix pr_dns.yml 2022-08-07 11:07:04 +08:00
neil
edebe65d95 add pr_dns.yml 2022-08-07 10:54:38 +08:00
neil
c43fcd0af6
Merge pull request #4225 from acmesh-official/dev
sync
2022-08-06 23:41:13 +08:00
neil
9a5c2b88dc
Update README.md 2022-08-06 23:40:12 +08:00
Marco
aaee0414c8 Fix and Upgrade
Switching from formula.php to SOAP
Now session-based login 
Only record entries with corresponding values will now be deleted
2022-08-04 09:44:35 +02:00
neil
d0c2fb9761 fix https://github.com/acmesh-official/acme.sh/issues/3833#issuecomment-1203652970 2022-08-03 23:07:13 +08:00
neil
4f076c6924
Merge pull request #4218 from billgertz/patch-1
Update dns_miab.sh
2022-08-03 21:16:20 +08:00
neil
51d4d1451a use ${{ secrets.DEBUG }}
https://github.com/acmesh-official/acme.sh/issues/4215
2022-08-03 20:55:25 +08:00
Bill Gertz
7b9d76dc65
Merge branch 'acmesh-official:master' into patch-1 2022-08-02 19:07:48 +02:00
Bill Gertz
f91aeea91c
Update dns_miab.sh
Added an explicit no error (0) return on the internal _retrieve_miab_env() function. This was causing errors when acme.sh was not run with a debug level.
2022-08-02 19:01:16 +02:00
neil
4cabf84be9
Merge pull request #4214 from acmesh-official/dev
sync
2022-07-31 11:51:35 +08:00
neil
8a1f038a80 add issue.yml 2022-07-30 21:45:58 +08:00
neil
c9cab9ab74
Merge pull request #4212 from msys0843/master
Update dns_mydnsjp.sh
2022-07-30 21:19:11 +08:00
neil
bd78120bd5 Use major version of https://github.com/vmactions/freebsd-vm 2022-07-30 08:53:44 +08:00
msys0843
0de3bf0ac7
Update dns_mydnsjp.sh
To fit current mydns.jp web site.
2022-07-29 18:09:57 +09:00
neil
2d144a8b43 Add DragonFlyBSD test by https://github.com/vmactions/dragonflybsd-vm 2022-07-27 22:22:34 +08:00
neil
1a140a5515 upgrade OpenBSD by https://github.com/vmactions/openbsd-vm 2022-07-27 22:17:35 +08:00
neil
1ea8cfbfb0 Add DragonFlyBSD test by https://github.com/vmactions/dragonflybsd-vm 2022-07-27 22:15:38 +08:00
neil
64fda95186 Upgrade solaris by https://github.com/vmactions/solaris-vm 2022-07-27 22:09:22 +08:00
neil
7843c0c1b0 Upgrade VM versions from https://github.com/vmactions 2022-07-27 21:19:47 +08:00
neilpang
a3784854a7 fix https://github.com/acmesh-official/acme.sh/issues/3975 2022-07-26 13:20:00 +08:00
neil
8b7c000f47
Merge pull request #4189 from blablup/dev
Fix for issue #3735
2022-07-25 15:36:51 +08:00
neil
5b8d7a3f29
Merge pull request #4203 from acmesh-official/dev
sync
2022-07-24 23:33:46 +08:00
neil
328dbd57d4 fix for solaris 2022-07-24 16:20:44 +08:00
neil
a8c448f4cb
Merge pull request #4194 from GameAnalytics/add-slack-app
Add Slack App notification hook
2022-07-19 10:54:49 +08:00
neil
de0419228f
Merge pull request #4192 from skyksandr/master
Vultr Api: Update to v2
2022-07-19 10:51:04 +08:00
Grigory Starinkin
d8a4e47a13
disable "$response is referenced but not assigned" warning
the variable is assigned by the `_post` call
2022-07-18 17:20:25 +01:00
Grigory Starinkin
bc920949cb
Add Slack App notification hook
Slack Incoming webhooks is a legacy custom integration - an outdated
way for teams to integrate with Slack. These integrations lack newer
features and they will be deprecated and possibly removed in the
future. Slack team do not recommend their use. Instead, it's suggested
to use Slack apps.
2022-07-18 10:50:50 +01:00
Aleksandr Kunin
0717f8591c Update to Vultr Api v2
- change endpoints
- change Api-Key header to Authorization: Bearer
2022-07-18 11:26:15 +07:00
lufi42
affb65219e
Merge branch 'acmesh-official:dev' into dev 2022-07-17 13:30:37 +02:00
neil
3e628f2678 Upgrade NetBSD https://github.com/vmactions/netbsd-vm 2022-07-17 11:53:23 +08:00
neil
ddabc38e3f upgrade OpenBSD https://github.com/vmactions/openbsd-vm 2022-07-17 11:49:58 +08:00
neil
c0097497be Upgrade FreeBSD version https://github.com/vmactions/freebsd-vm 2022-07-17 11:48:58 +08:00
lufi42
78198bfdaf
Merge branch 'acmesh-official:dev' into dev 2022-07-16 23:17:18 +02:00
Bjarne Saltbaek
2fb9c923f4 push for re-test 2022-07-16 14:35:49 +02:00
Bjarne Saltbaek
c485011ed1 Multidomain patch suggestion from Sandeep Mittal 2022-07-16 14:16:03 +02:00
Jesai Langenbach
0b8ae68213 Fix: cut for domain uuid with searchDOmain response 2022-07-15 16:50:38 +02:00
Jesai Langenbach
0e73128f40 Finaly found a regex wich works for sed and egrep -o and use searchDomain api for easier to parse response 2022-07-15 16:42:20 +02:00
Jesai Langenbach
927c003d22 More robust and shortend egrep 2022-07-15 14:17:32 +02:00
spider
bd73823828 reg.ru list unicode domains NOT in IDN code 2022-07-15 13:31:19 +06:00
neil
11582bc7d3
Merge pull request #4184 from Maxime-J/dnsapi-ovh
dns_ovh: save OVH_CK in all cases
2022-07-15 09:44:02 +08:00
neil
20ed4f96ba
Merge pull request #4182 from NerLOR/master
Update dns_world4you
2022-07-15 09:38:31 +08:00
Maxime-J
19790e9011 dns_ovh: save OVH_CK in all cases 2022-07-14 10:54:37 +00:00
Lorenz Stechauner
3a29e03458 dns_world4you: Use _lower_case instead of tr
Signed-off-by: Lorenz Stechauner <lorenz.stechauner@necronda.net>
2022-07-14 11:25:59 +02:00
neil
e2eb685d76 upgrade FreeBSD 13.1 2022-07-13 21:06:57 +08:00
neil
86cb28fe34
Merge pull request #4151 from bbruun/new-dns-provider-dns_dnsservices
Added new 'dns' provider script for https://dns.services
2022-07-13 09:28:42 +08:00
Bjarke Bruun
bcc9679339 Removed spaces (shfmt) (missed one) 2022-07-12 22:21:38 +02:00
Bjarke Bruun
e5aeff50dc Removed spaces (shfmt) 2022-07-12 22:20:24 +02:00
Bjarke Bruun
5f44c195e9 Removed unused variable 2022-07-12 22:10:20 +02:00
Bjarke Bruun
e4387e4aad Updated delete function 2022-07-12 22:04:28 +02:00
Bjarke Bruun
b1b336804d Fixed a missed 'grep -o' to _egrep_o() 2022-07-12 16:26:45 +02:00
neil
9985c43817
Merge pull request #4165 from weidonggg/dev
Fix dns_huaweicloud provider
2022-07-12 16:32:18 +08:00
lufi42
190cac394c
Merge branch 'acmesh-official:dev' into dev 2022-07-11 21:26:37 +02:00
Bjarke Bruun
ae71a5abf6 Added debug for API result 2022-07-11 18:16:03 +02:00
Bjarke Bruun
df199c5788 Updated API call for OpenBSD sed and tr as newlines does not work there 2022-07-11 18:11:55 +02:00
Bjarke Bruun
c1ba4f1b55 Added forced _log to debug deletion of records in GH Actions 2022-07-11 16:43:34 +02:00
neil
afc0097b12
Merge pull request #4139 from wsellitti/proxmoxve
deploy api script to upload certs to proxmox using proxmox api
2022-07-11 22:23:02 +08:00
neil
4e9f971c91
Merge pull request #4170 from SecT0uch/patch-1
Fix ecc certificates
2022-07-11 22:13:24 +08:00
Bjarke Bruun
b1cc28bbda Merge remote-tracking branch 'origin/master' into new-dns-provider-dns_dnsservices 2022-07-11 14:13:05 +02:00
Bjarke Bruun
80d30bdd30 Removed empty new line to trigger workflow 2022-07-11 14:08:37 +02:00
neil
f27566669b
Merge pull request #4174 from Ry3nlNaToR/patch-1
Also restart Postfix container for Mailcow
2022-07-11 14:40:46 +08:00
Lorenz Stechauner
29f12ddaf4 dns_world4you: Improve error message handling
Signed-off-by: Lorenz Stechauner <lorenz.stechauner@necronda.net>
2022-07-10 22:22:12 +02:00
Lorenz Stechauner
ed15ff0515 dns_world4you: Fix upper case fqdn issues
Signed-off-by: Lorenz Stechauner <lorenz.stechauner@necronda.net>
2022-07-10 20:30:41 +02:00
Lorenz Stechauner
a8f71f79fe dns_world4you: Update error handling
Signed-off-by: Lorenz Stechauner <lorenz.stechauner@necronda.net>
2022-07-10 20:03:30 +02:00
Lorenz Stechauner
68c2478e0e dns_world4you: Handle already logged in sessions
Signed-off-by: Lorenz Stechauner <lorenz.stechauner@necronda.net>
2022-07-10 18:55:36 +02:00
lufi42
be07fe9e9f
Merge branch 'acmesh-official:dev' into dev 2022-07-10 18:23:12 +02:00
Lorenz Stechauner
4d8b661d51 dns_world4you: Fix cookie parsing issue
Signed-off-by: Lorenz Stechauner <lorenz.stechauner@necronda.net>
2022-07-10 17:51:40 +02:00
lufi42
ca0981645f Fixed shfmt error 2022-07-10 17:34:30 +02:00
lufi42
bc7e02b47a Fixed removal of TXT record when subdomain is case-sensitive and improved debug logging
Plesk SPI return domain names always lower-case. Therefore the search for domain names in the API response must be case-insensitve. Set debug logging to the values that are reallys used for the spi calls.

added comment
2022-07-10 17:22:59 +02:00
lufi42
55a55e9f74 Fixed debug log to prevent globbing and word splitting. 2022-07-10 17:22:59 +02:00
lufi42
b41d40da40 Extended debug logging in dns_pleskxml_rm() 2022-07-10 17:22:59 +02:00
lufi42
ba3e088b23 Improved error handling
Improved error handling when result contains data-structure which might contain another status-flag that is related to the status of the related object and not the api call

Revert "Improved error handling"

This reverts commit fa6df1cfab134d38baad19fc1caa0842f00416d5.

Revert "Revert "Improved error handling""

This reverts commit 5a4b78392f063863ee9f56686f5c429e9376af1b.
2022-07-10 17:22:59 +02:00
neil
1b59b0b739
Merge pull request #4176 from acmesh-official/dev
sync
2022-07-10 18:19:02 +08:00
neil
093cfcdf42 Add NetBSD Test by: https://github.com/vmactions/netbsd-vm 2022-07-10 18:01:49 +08:00
Ry3nlNaToR
41801a60ad
Also restart postfix 2022-07-09 14:30:18 +01:00
Bjarke Bruun
5ff0957861 Added empty new line to trigger workflow 2022-07-08 07:49:20 +02:00
Bjarke Bruun
6913b8beb5
Merge branch 'acmesh-official:master' into new-dns-provider-dns_dnsservices 2022-07-07 20:33:32 +02:00
Bjarke Bruun
c8d17bc363 Re-commit (removed non-needed #'tag) 2022-07-07 20:30:48 +02:00
Jordan ERNST
2cbf1259a8
Fix for ECC certificates 2022-07-07 17:20:23 +02:00
neil
59dc513ac3 add OpenBSD test 2022-07-07 22:30:35 +08:00
neil
87b110bb86 add OpenBSD CI test: https://vmactions.org 2022-07-07 22:27:18 +08:00
Bjarke Bruun
1b3e1a7abe Changed 'grep -E' to '_egrep_o' 'removed ()' 2022-07-07 15:05:12 +02:00
Bjarke Bruun
0afabc60ae Changed 'grep -E' to '_egrep_o' 2022-07-07 15:00:12 +02:00
neil
2d4ea720eb
Merge pull request #2606 from ianw/no-exit-manual-dns
Don't exit with issue failure if in DNS manual mode
2022-07-07 20:02:55 +08:00
neil
9c757bbe6e
Update acme.sh 2022-07-07 20:01:43 +08:00
lufi42
40e0d72105
Merge branch 'acmesh-official:dev' into dev 2022-07-07 13:27:40 +02:00
Bjarke Bruun
eba788e8c9 Removed check for _acme-challenge and acmetestXyzRandomName.github-test sub-domain 2022-07-07 10:59:25 +02:00
Bjarke Bruun
444b111a62 Fixed acmetest for domain acmetestXyzRandomName.github-test.<domain> that was explicitly disallowed as it is not _acme-challenge 2022-07-07 09:40:18 +02:00
Bjarke Bruun
a364ab4ea7 Added '.' to 'DNS Services' as that is the correct provider name 2022-07-06 12:10:19 +02:00
Ian Wienand
be7840c827 Exit with separate failure if in DNS manual mode
In our environment we use DNS manual mode and take the TXT record
output of acme.sh and process it with Ansible to install the records
(then we call renew later when the records have been pushed to the DNS
servers by a whole bunch of other bits).

One problem is that after getting/showing the TXT records, acme.sh
always returns 1.  This makes it difficult to tell if there is
actually an error condition.

Since we have set the manual-mode flag, not installing the DNS records
is an expected correct result.  This returns a separate error code for
this situation (3), which can be distinguished in automation.
2022-07-06 06:20:28 +10:00
nil
a46e51e8db Update format code. 2022-07-02 01:22:46 +00:00
nil
789ebb8990 Fix dns_huaweicloud provider
1. Fix huaweicloud api use iam account get token fail.
2. Default use ap-southeast-1 project name, don't need query project id.
2022-07-01 09:12:06 +00:00
neil
e3cd96bf19
Merge pull request #4164 from acmesh-official/dev
sync
2022-06-30 23:18:53 +08:00
neilpang
7746042adc fix https://github.com/acmesh-official/acme.sh/issues/4160
fix https://github.com/acmesh-official/acme.sh/issues/4160
2022-06-30 23:07:18 +08:00
lufi42
dfe80556d3
Merge branch 'acmesh-official:dev' into dev 2022-06-28 23:47:36 +02:00
seidler2547
b3529dc748
remove dns_do as it does not work anymore
The API that it uses was shut down in May 2022
2022-06-27 19:42:16 +00:00
Bjarke Bruun
543c4423a2 Added bug report link to dns_dnsservices.sh 2022-06-24 07:42:00 +02:00
Bjarke Bruun
3bd4d32b8d Updated bug report URL 2022-06-23 11:48:39 +02:00
Bjarke Bruun
56a686d3e0 Code formatting (shfmt) 2022-06-23 09:21:20 +02:00
Bjarke Bruun
2f97c789dd Code formatting (shellcheck/shfmt) 2022-06-23 09:14:17 +02:00
Bjarke Bruun
04ca808e80 Code formatting (shfmt) 2022-06-23 08:31:40 +02:00
neil
9b79743c5d
Update proxmoxve.sh 2022-06-23 14:12:53 +08:00
neil
a386826808
Update proxmoxve.sh 2022-06-23 14:11:36 +08:00
neil
668894fc4d
Update proxmoxve.sh 2022-06-23 14:08:24 +08:00
Bjarke Bruun
dc882e6279 Removed empty space 2022-06-23 08:06:28 +02:00
Bjarke Bruun
d6eebf82be Removed a few empty lines 2022-06-23 07:57:05 +02:00
William Sellitti
799f509ba9 typo 2022-06-22 23:19:12 -04:00
Bjarke Bruun
688a234127 Added new 'dns' provider script for https://dns.services 2022-06-22 18:56:25 +02:00
Marcel Hellkamp
095697900b fix: Challenge not skipped for pre-validated wildcard domain orders
Some CAs auto-validate orders based on account-level rules and do not
require a challenge at all. Sectigo introduced a non-standard challenges
named 'sectigo-dns-01', presumably to work around this issue in certbot.
This also works for non-wildcard domains in acme.sh, but wildcard domains
are rejected because acme.sh hard-codes 'dns-01' as the only allowed
challenge for wildcard domains, which is not offered by Sectigo.

This change simply moves the '"status":"valid"' check up a bit and ignores
challenge type mismatches or missing tokens if no challenge is needed anyway.
2022-06-22 18:18:20 +02:00
neilpang
6ccf617d62 clear CF_Zone_ID 2022-06-21 10:12:06 +08:00
William Sellitti
b3b4811b2c added savedeployconf to preserve environment variables usedi in initial deployments 2022-06-19 22:01:56 -04:00
William Sellitti
966e4246e5 Merge branch 'proxmoxve' of gitlab.lan.home.wesitcllc.com:software/upstream/acme.sh into proxmoxve 2022-06-19 01:49:51 -04:00
William Sellitti
9377c4f3ad Merge branch 'proxmoxve' of github.com:wsellitti/acme.sh into proxmoxve 2022-06-19 01:46:45 -04:00
William Sellitti
b876128635 forced content-type to json 2022-06-19 01:46:10 -04:00
William Sellitti
c0da801580 Revert "'+' are being converted to ' ' at some point"
This reverts commit 149310e1ec.
2022-06-18 17:00:36 -04:00
William Sellitti
149310e1ec '+' are being converted to ' ' at some point 2022-06-18 16:58:15 -04:00
William Sellitti
4e625c18dc Revert "seems like the escaped new lines aren't remaining escaped new lines with the new version of curl"
This reverts commit a5d5113be3.
2022-06-18 16:56:46 -04:00
William Sellitti
a5d5113be3 seems like the escaped new lines aren't remaining escaped new lines with the new version of curl 2022-06-18 16:55:12 -04:00
William Sellitti
7900c493af debugging for the payload 2022-06-18 16:43:25 -04:00
William Sellitti
76fe5d8831 those where flipped by mistake 2022-06-18 16:39:32 -04:00
William Sellitti
37031721dd typo 2022-06-18 15:52:18 -04:00
William Sellitti
3cc283cbee not generating files any more 2022-06-18 15:44:25 -04:00
William Sellitti
35cf98fff2 sensititive things debugged at a higher level 2022-06-18 15:41:38 -04:00
William Sellitti
ca41ea2d5c added _getdeployconf to set all of the environment variables 2022-06-18 15:40:05 -04:00
William Sellitti
daffc4e6a4 typo, using _H1 to provide header keys. 2022-06-18 12:21:14 -04:00
William Sellitti
5f3cb9019b fixed to use _post function instead of curl 2022-06-18 12:18:33 -04:00
Martin Arndt
13c7182948
Fix usage docs in file's header comment 2022-06-18 17:32:56 +02:00
neil
4951b58b21
Merge pull request #4086 from plett/aws-multiline-comments
Squash multiline responses. Fixes issue #4085
2022-06-18 15:55:10 +08:00
neil
7be7586971
Update proxmoxve.sh 2022-06-18 15:01:38 +08:00
Martin Arndt
edc76795d4
Merge branch 'acmesh-official:master' into master 2022-06-16 09:51:19 +02:00
William Sellitti
6d64098288 shell check war warning against unnecessary use of cat 2022-06-14 23:46:09 -04:00
William Sellitti
4351110082 properly quoted variable names 2022-06-14 22:38:06 -04:00
William Sellitti
6652138d3e fixed per shellcheck's preference for -n instead of ! -z 2022-06-14 22:33:38 -04:00
William Sellitti
c8d0d475e4 deploy api script to upload certs to proxmox using proxmox api 2022-06-11 13:49:31 -04:00
neil
39b25029fc
Merge pull request #4128 from capile/dev
fixed compatibility for UltraDNS API v3
2022-06-09 13:13:43 +08:00
neil
b5cabd6d8e
Merge pull request #4131 from ffy/master
change _dbase64 in deploy/qiniu.sh to single line
2022-06-09 13:12:56 +08:00
Debian Bear
b169a5c707
change _dbase64 to single line 2022-06-08 22:44:10 +08:00
Guilherme Capilé
4f816c06b0 variable expansion consistency & actions push 2022-06-07 11:59:34 -03:00
Guilherme Capilé
b5f49d9563 fixed compatibility for UltraDNS API v3: https://docs.ultradns.neustar/Content/REST%20API/Content/REST%20API/Zone%20API/Zone%20API.htm; also a minor bugfix for fecthing the domain_id using egrep 2022-06-06 20:10:05 -03:00
neil
274fd5ab8b
Merge pull request #4124 from rmalchow/dev
check all pages first, then go up
2022-06-06 15:45:13 +08:00
rm
e48d7de763 push to run actions 2022-06-05 15:46:42 +02:00
rm
f426940bd2 check all pages first, the go up 2022-06-04 20:24:33 +02:00
neil
6c11dd12d7
Merge pull request #4118 from retoo/bugfix/google-dns-escape-arguments
dns_gcloud: disable argument parsing for challenges
2022-06-02 09:03:29 +08:00
Reto Schüttel
c2b14d3075 dns_gcloud: disable argument parsing for challenges
fixes #3596
2022-06-01 16:51:01 +02:00
neilpang
8a144ebfee fix https://github.com/acmesh-official/acme.sh/issues/4117 2022-06-01 18:06:14 +08:00
neilpang
5440fcdf54 check the file path before copying 2022-06-01 18:05:51 +08:00
neil
66b2d496af
Merge pull request #4116 from rbelnap/dns_namecheap_error_fix
Dns namecheap error fix
2022-06-01 09:10:52 +08:00
Bob Belnap
444a0282d7 rename _error _err
When there are errors with namecheap hosts, acme.sh fails with:

dns_namecheap.sh: line 262: _error: command not found

Based on usage elsewhere in the file, I believe this should be _err
2022-05-31 11:41:22 -04:00
neil
f897ab4eb8
Merge pull request #4114 from acmesh-official/dev
sync
2022-05-31 09:29:20 +08:00
neilpang
993c187e37 fix https://github.com/acmesh-official/acme.sh/issues/4105
fix https://github.com/acmesh-official/acme.sh/issues/4105
2022-05-29 15:08:15 +08:00
neilpang
3ce67b282f merge https://github.com/acmesh-official/acme.sh/pull/4108
merge https://github.com/acmesh-official/acme.sh/pull/4108
2022-05-29 15:03:09 +08:00
neilpang
606e59a5d0 fix https://github.com/acmesh-official/acme.sh/issues/4110
fix https://github.com/acmesh-official/acme.sh/issues/4110
2022-05-29 14:56:30 +08:00
neil
0f26b1eafb
Merge pull request #4096 from nederhost/dev
Fix dns_nederhost to work correctly with wget instead of curl.
2022-05-24 22:35:14 +08:00
neil
d2a9d731ed
Update ssh.sh 2022-05-24 22:25:44 +08:00
neil
80e6b1fc01
Merge pull request #4102 from lbrocke/dns-api-ionos-v1.0.1
dnsapi/ionos: Update to API version 1.0.1
2022-05-23 11:44:50 +08:00
Lukas Brocke
58a89edad7 dnsapi/ionos: Update to API version 1.0.1
The REST API now sends back response bodies for UPDATE and CREATE
operations.
2022-05-22 13:24:18 +02:00
neil
bfe47eb152
Merge pull request #4101 from Djelibeybi/fix-dns-oci
Fix _dbase64 decode of OCI_CLI_KEY
2022-05-21 14:41:44 +08:00
Avi Miller
32adc38e94
Fix _dbase64 decode of OCI_CLI_KEY
The change made in #4057 broke the decoding of OCI_CLI_KEY from
the encoded OCI_CLI_KEY_FILE content so this removes the multiline
parameter to fix it.

Signed-off-by: Avi Miller <avi.miller@oracle.com>
2022-05-21 14:36:10 +10:00
Marvo2011
1584971908
Merge branch 'acmesh-official:dev' into dev 2022-05-20 08:52:05 +02:00
Marvo2011
025bebb3e2
Merge pull request #5 from AlvinSchiller/dev
domain lookup for DNS_MAP changed.
2022-05-20 08:51:06 +02:00
Sebastiaan Hoogeveen
4047adcc35 Force a commit. 2022-05-18 16:12:37 +02:00
AlvinSchiller
d4cf03c9fd changes due to inkompabilities of some distros 2022-05-18 11:48:48 +02:00
Sebastiaan Hoogeveen
5ba2068fc2 Fix dns_nederhost to work correctly with wget instead of curl.
The dns_nederhost DNS API relies on the exact HTTP status code to be
returned (e.g.  204); however, the _get function always returns 200 for a
succesful call when using wget instead of curl.  This patch fixes this by
using the _post function for all requests done by dns_nederhost.
2022-05-16 14:27:24 +02:00
PM Extra
3ce7d410c8 improve doc comments 2022-05-14 22:59:02 +08:00
PM Extra
74f28021e7 fix format again 2022-05-14 22:49:40 +08:00
PM Extra
f90cbb636a fix format 2022-05-14 22:41:59 +08:00
PM Extra
c8929ca0cb support specifying port for each host 2022-05-14 22:29:48 +08:00
PM Extra
9fb5bb620d refact ssh hook to use deploy config 2022-05-14 22:28:02 +08:00
PM Extra
ed58f32052 Merge branch 'dev' into feature/ssh_scp 2022-05-14 15:43:26 +08:00
Paul Lettington
6d5743c506
Squash new lines in API response 2022-05-12 18:57:32 +01:00
neil
a551619de6
Merge pull request #4080 from aorith/dev
dns_aws: Fix when _acme-challenge is a hostedzone
2022-05-12 21:34:37 +08:00
neil
873b113cb3
Update dns_aws.sh 2022-05-12 17:36:19 +08:00
Manuel Sanchez Pinar
2280e66d73 dns_aws: Fix when _acme-challenge is a hostedzone
The function '_get_root' tries to retrieve the
    hostedzone iterating the domains, eg:
      1. srv.prod.example.com
      2. prod.example.com
      3. example.com
    This doesn't work if '_acme-challenge' is in it's
    own hostedzone for security reasons.
    Starting that iteration with '_acme-challenge.srv.prod.example.com'
    fixes this issue.
2022-05-12 10:51:15 +02:00
neil
2133897bbe
Merge pull request #4079 from acmesh-official/dev
sync
2022-05-11 13:36:35 +08:00
neilpang
bee5cb55a1 fix test 2022-05-11 10:20:49 +08:00
neil
0a0838b616
Merge pull request #4078 from cboylan/fix-key-length-check
Fix Le_Keylength checks during renewals
2022-05-11 09:09:28 +08:00
Clark Boylan
b376dfa1e6 Fix Le_Keylength checks during renewals
When performing renewals acme.sh checks key length values to determine
if a new key should be created with createDomainKey(). However, older
acme.sh stored key length as an empty value if the default of 2048 was
desired. Now it is explicit and the explict check of 2048 against "" is
causing createDomainKey() to always be called with fails without
--force.

Fix this by converting the keylength value to 2048 if an empty string is
returned from the config file. acme.sh will then write out 2048 updating
old keys and configs to the explicit version.

Issue: 4077
2022-05-10 10:42:19 -07:00
neil
7ac0577b34
Merge pull request #4076 from acmesh-official/dev
sync
2022-05-10 22:25:12 +08:00
denkristoffer
f16e060e87 Create dns_vercel.sh 2022-05-10 22:22:14 +08:00
Sandeep Mittal
9aaae24583 Update callmebotWhatsApp.sh
unused variable removed and cleaned.
2022-05-10 22:22:14 +08:00
neil
915ced7b92 Update callmebotWhatsApp.sh 2022-05-10 22:22:14 +08:00
neil
5a36b9075f Update callmebotWhatsApp.sh 2022-05-10 22:22:14 +08:00
Sandeep Mittal
b5a7f46ecc Update callmebotWhatsApp.sh
variable updated to caps
2022-05-10 22:22:13 +08:00
neil
4381657c5e Update callmebotWhatsApp.sh 2022-05-10 22:22:13 +08:00
Sandeep Mittal
d440b2f2b2 Update callmebotWhatsApp.sh
Added CallMeBot API for WhatsApp Notifications.
2022-05-10 22:22:13 +08:00
Sandeep Mittal
5b42aea9e7 Create callmebotWhatsApp.sh 2022-05-10 22:22:13 +08:00
neil
e1d7a6b9ac fix renew server 2022-05-10 22:22:13 +08:00
neil
38778f8adc fix renew server 2022-05-10 22:22:12 +08:00
neil
8b7a86bd17 support "server" for renew and renewall 2022-05-10 22:22:12 +08:00
neilpang
619bae745b start 3.0.5 2022-05-10 22:22:12 +08:00
AlvinSchiller
2cf72bad30 domain lookup for DNS_MAP changed. 2022-05-10 07:09:31 +02:00
neil
e6959f093c
Merge pull request #4070 from acmesh-official/dev
sync
2022-05-06 18:06:37 +08:00
neilpang
8d783e8e1f fix https://github.com/acmesh-official/acme.sh/issues/4069 2022-05-06 18:04:29 +08:00
neilpang
f03098551e start 3.0.4 2022-05-04 18:44:37 +08:00
neil
6887805402
Merge pull request #4067 from acmesh-official/dev
sync
2022-05-04 18:36:45 +08:00
neil
7f9074adbf fix format 2022-05-03 21:35:26 +08:00
neil
64847afc3f save the default key length 2022-05-03 21:19:29 +08:00
Marvo2011
c4df8090e2 Merge branch 'acmesh-official-dev' into dev 2022-05-03 13:06:16 +02:00
AlvinSchiller
fe3523f47a Fix shfmt 2022-05-03 13:04:48 +02:00
AlvinSchiller
199d846acb Pseudo commit tp trigger Github Actions 2022-05-03 13:04:48 +02:00
AlvinSchiller
b07e479840 Save domain dependent values in domain.conf after successfull use 2022-05-03 13:04:48 +02:00
AlvinSchiller
9bf37fde02 Added variable checks 2022-05-03 13:04:48 +02:00
Marvo2011
1054325b2d Rename delete function, add info 2022-05-03 13:04:48 +02:00
Marvo2011
ef8cb11707 Fix shfmt 2022-05-03 13:04:48 +02:00
Marvo2011
c23c40df8a Fix shellcheck, use double quote 2022-05-03 13:04:48 +02:00
Marvo2011
77d606df34 Add custom option to map multidomain RIDs 2022-05-03 13:04:48 +02:00
Marvo2011
e717c9dba2 Start ShellCheck and CI Test 2022-05-03 13:04:48 +02:00
Marvo2011
3d312e2140 Added Selfhost DNS API
+ShellCheck 
+ACME v2 compatible

Example:
- Fist create 2 new TXT records on _acme-challenge.example.com
- Now note the ID in (...) from the edit page behind "_acme-challenge.example.com"

export SELFHOSTDNS_USERNAME=myname
export SELFHOSTDNS_PASSWORD=mypass
export SELFHOSTDNS_RID=id_of_txt_record
export SELFHOSTDNS_RID2=id_of_second_txt_record
acme.sh --issue -d example.com  --dns  dns_selfhost
2022-05-03 13:04:48 +02:00
neilpang
18de21f723 fix tunnel version 2022-05-03 12:54:49 +02:00
neilpang
6aebaf6f47 upgrade Solaris 2022-05-03 12:54:19 +02:00
neil
641f6977a9
Merge pull request #4065 from acmesh-official/dev
sync
2022-05-03 18:38:45 +08:00
Marvo2011
a092a2fa43
Merge pull request #3 from AlvinSchiller/dev
Save domain dependent values in domain.conf
2022-05-03 09:17:22 +02:00
neil
84c2b0c3d7
Merge pull request #4063 from nicolaspn/OVH_DNS_refresh_after_delete_txt_record
Ovh dns refresh after delete txt record
2022-05-02 23:34:14 +08:00
nicolaspn
24ce7c1991 Add call dns OVH API for refresh domain after delete TXT record 2022-05-02 16:16:56 +02:00
neil
8be3465f94
Merge pull request #4061 from acmesh-official/dev
Dev
2022-04-30 22:47:57 +08:00
AlvinSchiller
227eac10f1 Fix shfmt 2022-04-29 23:05:46 +02:00
AlvinSchiller
1cbd5485e7 Pseudo commit tp trigger Github Actions 2022-04-29 22:53:36 +02:00
AlvinSchiller
610c3cf681 Save domain dependent values in domain.conf after successfull use 2022-04-29 22:26:36 +02:00
AlvinSchiller
96d45cc341 Added variable checks 2022-04-29 22:23:39 +02:00
neil
8ba7d02fdb
Merge pull request #4059 from NerLOR/master
dns_world4you: fix _parse_paket_nr
2022-04-29 14:48:31 +08:00
neil
ef8a199a5a
Merge pull request #4057 from mrakopes/master
issue 3007 - fix base64 decoding logic for single- and multi-line encoded string
2022-04-29 09:25:39 +08:00
Lorenz Stechauner
db83643c1e dns_world4you: fix _parse_paket_nr
Signed-off-by: Lorenz Stechauner <lorenz.stechauner@necronda.net>
2022-04-28 20:49:55 +02:00
mrakopes
9b6f775276 fix base64 decoding logic for single- ane multi-line encoded string 2022-04-28 13:25:22 +02:00
neilpang
69040dd668 fix format 2022-04-28 18:09:26 +08:00
neilpang
14b5914233 fix renew bug 2022-04-28 18:06:07 +08:00
neil
a0eabd2298
Merge pull request #4049 from Aarup/dev
Removed GratisDNS api
2022-04-25 16:10:39 +08:00
Jakob Aarup Skov
9b27298d54 Removed GratisDNS api 2022-04-25 09:43:38 +02:00
neil
3075b4515a
Merge pull request #4045 from axelhahn/4044-use-challenge-alias-false
handle challenge-alias "false"
2022-04-21 16:35:29 +08:00
neil
39bc417706
Update acme.sh 2022-04-21 07:02:53 +08:00
neil
e11e32cd52
Merge pull request #4035 from ccope-netgate/master
LoopiaAPI error handling isn't compatible with FreeBSD
2022-04-21 06:58:44 +08:00
Hahn Axel (hahn)
019a7bd66b handle challenge-alias "false" 2022-04-20 16:03:36 +02:00
neil
4d89ce5d50 read csr with empty subject
https://github.com/acmesh-official/acme.sh/issues/4024
2022-04-20 09:14:53 +08:00
Sing Yu Chan
c31027b284 use sleep infinity instead sleep 1 2022-04-20 09:04:13 +08:00
neil
f17ec7a4f5
Merge pull request #4037 from ahwayakchih/master
Update dns_mydevil.sh
2022-04-20 09:01:29 +08:00
neil
deec6aab1a
Merge pull request #4039 from DerVerruckteFuchs/1984-update-URL
1984 update url
2022-04-20 09:00:14 +08:00
Bruce Lam
3e8d9a1987 added: ipv6 identifier support 2022-04-20 08:23:22 +08:00
DerVerruckteFuchs
5e465a298f Update 1984 Hosting's URL 2022-04-15 23:04:10 -04:00
Marcin Konicki
515c9e7811
Fix DNS handling for MyDevil.net
MyDevil updated their tool to require y|n confirmation when deleting record.
2022-04-15 10:38:45 +02:00
Christopher Cope
03c8309703 Fix dns_loopia on FreeBSD 2022-04-13 15:41:44 -04:00
neilpang
2c28d6b10c fix for renew server 2022-04-13 20:20:28 +08:00
neil
df79443ed8
Merge pull request #3997 from tumarov/fornex_com_support
fornex.com API support
2022-04-12 11:01:53 +08:00
neil
2b891f7f1d
Update dns_fornex.sh 2022-04-12 10:11:05 +08:00
neil
e4ed0b1884
Merge pull request #4029 from quthla/patch-1
Store Mailcow deploy parameters
2022-04-12 10:06:35 +08:00
neil
c8c1c09189
Merge pull request #4032 from acmesh-official/dev
sync
2022-04-12 10:05:22 +08:00
quthla
08ae8cc3cb
Fix 2022-04-11 11:39:21 +02:00
quthla
201673ca8a
Store Mailcow deploy parameters 2022-04-11 00:29:55 +02:00
Bruce Lam
29e23ac9ce Due to down of cloudxns.net, remove dns_cx.sh 2022-04-10 19:57:25 +08:00
neilpang
00483e8cdd exclude zerossl tests in the CI
It's not stable
2022-04-10 19:42:49 +08:00
neil
83da01a2e1
Merge pull request #4027 from acmesh-official/dev
sync
2022-04-10 14:49:09 +08:00
neil
7cd6ff054b add 2022-04-10 14:48:10 +08:00
neilpang
6be2bb2289 Update acme.sh
revert only when there is no `--server` specified.
2022-04-08 22:28:21 +08:00
neilpang
439defca42 switch from staging api to production api
https://github.com/acmesh-official/acme.sh/issues/2401
2022-04-08 22:15:26 +08:00
neil
8a85bb2989
Merge pull request #4017 from exogee-technology/dev
Fix / Netlify API should only match exact domain matches.
2022-04-08 21:03:54 +08:00
neil
5e7519183d
Merge pull request #4020 from sjau/dns_ispconfig_typo
dns_ispconfig: add missing brackets
2022-04-07 17:29:25 +08:00
hyper_ch
40e7eca1ee dns_ispconfig: adding missing brackets 2022-04-07 11:07:06 +02:00
Kevin Brown
481f02de88 Also check for the closing quote so that only exact domain matches are found. 2022-04-06 14:29:25 +10:00
neilpang
6a90856f0e don't renew cert if valid-to is set to an absolute date
don't renew cert if valid-to is set to an absolute date
2022-04-05 17:05:33 +08:00
neil
dcbbee8adb
Merge pull request #4012 from acmesh-official/dev
Support "NotBefore" and NotAfter
2022-04-03 22:01:00 +08:00
neilpang
225adcc836 fix renewal for validto
fix renewal for validto
2022-04-03 21:58:41 +08:00
neilpang
0f607413d0 fix for solaris time format 2022-04-03 20:05:30 +08:00
neilpang
922553032b typo 2022-04-02 09:35:17 +08:00
neilpang
b49999721c Update acme.sh 2022-04-01 21:58:29 +08:00
neilpang
de4c4eedd8 Support NotBefore and NotAfter
Add `--valid-from` and `--valid-to`:
https://github.com/acmesh-official/acme.sh/wiki/Validity
2022-04-01 21:22:42 +08:00
neilpang
bcc984fc09 minor 2022-03-31 09:46:42 +08:00
neilpang
d53262fab6 fix update account
fix https://github.com/acmesh-official/acme.sh/issues/4009
2022-03-31 09:35:32 +08:00
neilpang
532e44bcea normalize domains
fix https://github.com/acmesh-official/acme.sh/issues/4005
2022-03-30 23:37:38 +08:00
neilpang
3fb67629c1 Update README.md 2022-03-30 23:06:07 +08:00
neil
6145465823
Merge pull request #4006 from acmesh-official/dev
sync
2022-03-30 23:03:44 +08:00
neilpang
fb5091a388 support Google ACME server
see: https://github.com/acmesh-official/acme.sh/wiki/Server
2022-03-30 22:47:12 +08:00
Marvo2011
d6c68f1a84
Rename delete function, add info 2022-03-28 13:03:02 +02:00
neilpang
0d05f9ba80 Update acme.sh
fix https://github.com/acmesh-official/acme.sh/issues/4001
2022-03-27 12:08:24 +08:00
neil
a300df0020
Update dns_fornex.sh 2022-03-25 15:48:17 +08:00
neil
a50158cbeb
Merge pull request #3982 from waldner/master
Geoscaling: read credentials when removing records too
2022-03-24 15:15:58 +08:00
Timur Umarov
7278fd25e5 Added fornex.com api 2022-03-23 17:46:38 +03:00
neil
6fb8c0ec4c
Merge pull request #3989 from abiessmann/deploy_routeros_handle_remote_errors
deploy/routeros: handle errors
2022-03-20 13:30:58 +08:00
neil
07cedc55e2
Merge pull request #3978 from nikolajbrinch/dev
Fixes Simply.com to use REST API version 2 with Basic Auth
2022-03-20 13:19:13 +08:00
neil
ae3cc81f03
Merge pull request #2924 from ianepperson/master
Add Discord notification
2022-03-20 12:43:43 +08:00
neil
97a45e3b02
Update discord.sh 2022-03-20 12:43:23 +08:00
neil
451b290b79
Update discord.sh 2022-03-20 12:42:35 +08:00
neil
499ea07934
Merge pull request #3993 from imgrant/deploy-truenas-s3-feature
feat: Configure TrueNAS S3 certificate
2022-03-20 12:34:58 +08:00
Ian Grant
afa06267a2 style: Neaten up some of the info & error messages, fix some typos 2022-03-19 20:39:48 +00:00
Ian Grant
d4a6d9c076 fix: Adjust the sed extraction of certificate ID from JSON response
Prior to this, an error in the regex didn't match. Resolves #3992 (TrueNAS deploy hook fails to set certificate for FTP or WebDAV)
2022-03-19 20:38:47 +00:00
Ian Grant
c3f6112443 feat: Configure certificate for TrueNAS S3 service (MinIO) 2022-03-19 20:36:11 +00:00
Andreas Bießmann
3411b736dd deploy/routeros: add error handling for scp
In order to stop processing on failure to copy certificate
to remote side, fail on error of scp command.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-03-18 09:10:12 +01:00
Andreas Bießmann
c603b9c40b deploy/routeros: add error handling for ssh
In order to detect errorneous scripts on remote side, catch return code
and handle it respectively.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
Reviewed-by: Ross Shen @sjtuross
2022-03-18 09:07:59 +01:00
neil
1e2c5d038f
Merge pull request #3986 from abiessmann/fix_depoly_routeros
deploy/routeros.sh: fix routeros script
2022-03-17 21:25:59 +08:00
Andreas Bießmann
9d6d96adf3 deploy/routeros.sh: fix routeros script
Commit c46ceb06b4 introduced an error in
routeros script.

Fix it!

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-03-17 12:24:42 +01:00
waldner
8d574ecb34 Geoscaling: get creds for removal too 2022-03-15 18:56:54 +01:00
neil
9ebb2ac2e4
Merge pull request #3980 from acmesh-official/dev
sync
2022-03-14 23:02:08 +08:00
neil
7b935eec5d
Merge pull request #3979 from dislazy/dev
fix(notify):remove nofity,move weixin_work.sh to notify
2022-03-11 13:56:53 +08:00
bosong
b209f66654 fix(notify):remove nofity,move weixin_work.sh to notify 2022-03-11 13:41:12 +08:00
neil
b98b4951b4
Merge pull request #3669 from youuy/master
Add Weixin Work notify hook
2022-03-11 12:21:55 +08:00
Nikolaj Brinch Jørgensen
227d62a5dc Fixes Simply.com to use REST API version 2 with Basic Auth 2022-03-10 11:13:38 +01:00
neil
7fae5553a8
Merge pull request #3977 from gabbe/Encode_password
Accept some special characters in password and some error handling
2022-03-10 09:10:17 +08:00
Gabriel Thörnblad
6ead019873 Accept some special characters in password and added a little bit better error handling 2022-03-09 17:12:09 +01:00
lufi42
6d2ab4d270 Merge branch 'dev' of https://github.com/lufi42/acme.sh into dev 2022-03-09 01:47:51 +01:00
lufi42
a6b58bc88d Corrected use of Plesk API calls to fetch all domain for all Plesk editions
This implementation of the Plesk API will add support for Plesk web admin edition and will now discover all domains ( of customers & administrative users) managed by the specific plesk instance.

The previous implementation of the Plesk API uses the customer API. This brings two problems:
1. The current API call only fetches the domains of resellers/customers and not the domains that are managed by administrative users.
compare:
https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-customer-accounts/retrieving-the-list-of-customer%E2%80%99s-domains.75309/
https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-plesk-server/getting-server-information/response-packet-structure-and-samples/list-of-domains.75294/

2. The customer API is only available in the web pro/host editions. The most common license on VPS/Dedicated Servers is nowadays the web admin edition. See: https://www.plesk.com/editions/

The correct way to get all domains in all Plesk editions is to use the Sites (Domains) API:
https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-sites-domains/getting-information-about-sites.66583/
This way is working for all plesk editions the same way.
2022-03-09 01:42:26 +01:00
lufi42
ea3c37d754 Corrected use of Plesk API calls to fetch all domain for all Plesk editions
This implementation of the Plesk API will add support for Plesk web admin edition and will now discover all domains managed by the specific plesk instance.

The existing implementation of the Plesk API uses the customer API. This brings two problems:
1. The current API call only fetches the domains of resellers/customers and not the domains that are managed by  administrative users.
compare:
https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-customer-accounts/retrieving-the-list-of-customer%E2%80%99s-domains.75309/
https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-plesk-server/getting-server-information/response-packet-structure-and-samples/list-of-domains.75294/

2. The customer API is only available in the pro/admin editions. The most common license on VPS/Dedicated Servers is the web host edition. See: https://www.plesk.com/editions/

The correct way to get all domains in all Plesk editions is to use the Sites (Domains) API:
https://docs.plesk.com/en-US/obsidian/api-rpc/about-xml-api/reference/managing-sites-domains/getting-information-about-sites.66583/
2022-03-09 01:36:06 +01:00
neil
e58b00d9a2
Merge pull request #3964 from gabbe/Loopia_API_is_updated
Update dns_loopia.sh
2022-03-07 21:52:03 +08:00
Gabriel Thörnblad
b75e90f8c9 Double quote variables (shellcheck suggestions) 2022-03-07 10:28:09 +01:00
Gabriel Thörnblad
e82f3439c3 Trigger CI 2022-03-07 10:13:45 +01:00
neil
0bc8e3bee5
Merge pull request #3965 from waldner/master
geoscaling DNS API
2022-03-07 09:08:01 +08:00
waldner
13f80acb2d geoscaling DNS API 2022-03-05 19:34:36 +01:00
neil
8fe813acff
Merge pull request #3932 from peterlh/master
Added curanet dns support
2022-03-05 18:58:14 +08:00
Gabriel Thörnblad
0ed4fc6a12 Update dns_loopia.sh
Loopia API is now less tolerant so we need another <value> tag surrounding the <struct>
2022-03-04 13:38:05 +01:00
fradev
b37bf06de8 Update ssh.sh 2022-03-01 17:57:59 +01:00
fradev
27bbf0ccaf
Merge branch 'acmesh-official:master' into master 2022-03-01 17:44:46 +01:00
Martin Arndt
ed56d52af3
Changed GitHub issues URL 2022-02-27 15:12:05 +01:00
Martin Arndt
fb457968ec
Fix formatting according to Shellcheck 3/3 2022-02-27 14:38:24 +01:00
Martin Arndt
0bea2e2b94
Fix formatting according to Shellcheck 2/2 2022-02-27 14:37:22 +01:00
Martin Arndt
72d02f442e
Fix formatting according to Shellcheck 2022-02-27 14:35:21 +01:00
Martin Arndt
bcf63b5d27
Add ArtFiles.de DNS API plugin 2022-02-27 14:17:34 +01:00
neil
e88442cb46
Merge pull request #3947 from abiessmann/deploy_routeros_fixes
deploy/routeros.sh fixes
2022-02-22 21:52:36 +08:00
neil
930609e875
Merge pull request #3948 from richard-9000/richard-9000-patch-1
dns_opnsense.sh - Fixed the domain parse regex
2022-02-22 21:41:22 +08:00
richard-9000
8752d08ce9
dns_opnsense.sh - Fixed the domain parse regex
Extended the regex to skip the new transferkey and hmac sections of opnsense bind.
2022-02-19 10:52:24 -08:00
Andreas Bießmann
c46ceb06b4 deploy/routeros.sh: change DEPLOY_SCRIPT_CMD
This set the owner of script to ssh user, have the comment line in script
as real comment and removes policy since this is set from current user,
at least for RouterOS 7.x.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-02-19 14:13:01 +01:00
Andreas Bießmann
92e4ecce3b deploy/routeros.sh: remove all certificates
As the script is applying the fullchain which includes three certificates,
delete all of them before applying updated certificate.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-02-19 14:13:01 +01:00
Andreas Bießmann
8a2f673903 deploy/routeros.sh: make ssh/scp configurable
In order to modify ssh/scp commands make them configurable via
environment variables.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-02-19 14:12:59 +01:00
Marvo2011
ac0dd90c37 Fix shfmt 2022-02-17 19:30:56 +01:00
Marvo2011
9470850258 Fix shellcheck, use double quote 2022-02-17 19:08:58 +01:00
Marvo2011
2982e9943e Add custom option to map multidomain RIDs 2022-02-17 19:02:35 +01:00
Marvo2011
80e13bc24a Merge remote-tracking branch 'origin/dev' into dev 2022-02-17 18:17:19 +01:00
peter
9a677534a7 added more debug info when rm recordid is empty 2022-02-13 14:00:14 +01:00
peter
af08d67fad rem. ; 2022-02-12 23:41:26 +01:00
peter
a2901d61ea check for return values 2022-02-12 23:39:33 +01:00
peter
aaae83efec check for return values 2022-02-12 20:18:08 +01:00
neil
7369298638
Merge pull request #3921 from andischerer/master
Added united-domains Reselling DNS API
2022-02-11 21:24:40 +08:00
neil
a761bd20fa
Merge pull request #3934 from mac-zhou/dev
Add environment variables ROUTER_OS_PORT
2022-02-11 21:13:27 +08:00
neilpang
01ace11293 Update dns_ispconfig.sh
fix https://github.com/acmesh-official/acme.sh/issues/3895#issuecomment-1035409954
2022-02-11 21:11:04 +08:00
Mac_Zhou
205e95a246 Add environment variables ROUTER_OS_PORT 2022-02-10 11:29:09 +08:00
neil
2c2a43e1ec Update dns_cf.sh
if CF_Zone_ID is used,  save it to domain conf instead.
2022-02-09 18:08:55 +08:00
peter
0c9a6da623 more specific delete of records 2022-02-08 17:18:48 +01:00
Andreas Scherer
888d91d14a FIX dns_udr api: loop variable 2022-02-08 15:57:19 +01:00
peter
2c0cc87b4c final commit 2022-02-08 13:49:04 +01:00
peter
ee0fadf247 shfmt 2022-02-08 13:34:42 +01:00
peter
9fb89d7fd2 shfmt 2022-02-08 13:33:43 +01:00
peter
af5c36e4ad shfmt' 2022-02-08 13:32:15 +01:00
peter
a5f943e227 removed unused variable 2022-02-08 13:24:31 +01:00
peter
f8532ba812 removed unused variable 2022-02-08 13:21:02 +01:00
peter
fac4e151cc description 2022-02-08 13:19:22 +01:00
Andreas Scherer
f3a0a25380 FIX dns_udr api: ttl, xargs, cleanup 2022-02-08 08:05:48 +01:00
neil
5a237795ea
Merge pull request #3928 from johnelliott/missing-oathtool-dep-error
Add err log for missing oathtool in Synology
2022-02-08 14:26:06 +08:00
John Elliott
3a99a77104 Update return statement 2022-02-07 21:55:12 -08:00
John Elliott
5ce8050e46 Update missing oathtool check 2022-02-07 11:58:14 -08:00
John Elliott
5ae3a020bd Add err log for missing oathtool in Synology
Alerts the user that the oathtool is missing and the TOTP can't be
generated.
2022-02-07 11:53:24 -08:00
neilpang
af193291fa Update acme.sh
fix https://github.com/acmesh-official/acme.sh/issues/3127#issuecomment-1030742187
2022-02-06 16:17:04 +08:00
neil
b39df5cef0
Merge pull request #3906 from NerLOR/master
Adapt dns_world4you to new world4you website behaviour
2022-02-06 09:52:45 +08:00
peter
dc61c9e277 description 2022-02-05 22:21:18 +01:00
peter
10a15e1188 nothing 2022-02-05 21:12:36 +01:00
peterlh
a2bb6a4f1f
changed gettoken to use _post
changed gettoken to use _post instead of curl+jq
2022-02-05 21:07:04 +01:00
peterlh
38a19fa574
created dns_curanet.sh 2022-02-05 20:54:30 +01:00
neilpang
9ec4b59afb start v3.0.3
start v3.0.3
2022-02-05 21:28:07 +08:00
Lorenz Stechauner
20877146df
Merge branch 'acmesh-official:master' into master 2022-02-04 20:36:31 +01:00
neil
2a2d556551
Merge pull request #3927 from acmesh-official/dev
sync
2022-02-04 13:53:40 +08:00
neilpang
0f762d98a4 Update Linux.yml
use centos:7
2022-02-04 13:52:23 +08:00
neilpang
36752cb6a8 Update acme.sh
fix zerossl endpoint
2022-02-04 13:49:58 +08:00
Andreas Scherer
a7f2d89e3f Added united-domains Reselling DNS API 2022-02-01 14:46:20 +01:00
neil
90b65c6618 fix https://github.com/acmesh-official/acme.sh/issues/3898
https://github.com/acmesh-official/acme.sh/issues/3898
2022-01-27 18:00:44 +08:00
Lorenz Stechauner
190ec0c14c
Adapt dns_world4you to new world4you website behaviour 2022-01-24 16:47:47 +01:00
michal
7250a300df add managed identity support for azure dns 2022-01-22 13:22:44 +08:00
neil
34bb00450d
Merge pull request #3896 from sjtuross/omv
add remote deploy hook for openmediavault 5
2022-01-21 20:39:07 +08:00
neil
63dadd8983
Merge pull request #3901 from tutugreen/tutugreen-patch-2
Fix dns_huaweicloud subshell return
2022-01-21 20:35:47 +08:00
Ross Shen
67c990e8cf omv deploy hook: add usage comments 2022-01-20 17:46:47 +08:00
Ross Shen
0292e20c86 omv deploy hook: support both local and remote deployment 2022-01-20 17:27:11 +08:00
Yuan Ming
9088c8741a
Fix dns_huaweicloud subshell return
Replace pipe read with line count loop, fix useless return in subshell.
2022-01-20 14:01:33 +08:00
neilpang
faedea2120 Update dns_ddnss.sh 2022-01-19 22:22:53 +08:00
Vitaly Kireev
e1a0f5706d DNS REGRU utf-list to idn (punycode)
service/get_list returns domains in utf. But if utf, then error Error parsing certificate request: x509: SAN dNSName is malformed

early using my patch by IDN_ITEM="$(echo "${ITEM}" | idn)"

Now replacing by IDN_ITEM="$(_idn "${ITEM}")"
2022-01-19 21:59:48 +08:00
Ross Shen
a78a4e6716 omv deploy hook: shellcheck disable=SC2029 2022-01-19 21:42:17 +08:00
Ross Shen
6bbf927f57 omv deploy hook: separate DEPLOY_OMV_WEBUI_ADMIN and DEPLOY_OMV_SSH_USER 2022-01-19 21:13:02 +08:00
neilpang
4c32bc8e22 Merge branch 'dev' 2022-01-19 20:55:24 +08:00
Ross Shen
df671a77f6 routeros deploy hook: store the env vars within the domainconf
related to #2344 and #2413
2022-01-19 20:46:29 +08:00
Ross Shen
dca9def42c add remote deploy hook for openmediavault 5
based on #3757
2022-01-19 12:36:54 +08:00
Ross Shen
edee7ea284 routeros deploy hook: store the env vars within the domainconf
related to #2344 and #2413
2022-01-16 20:46:09 +08:00
neil
658d09ed84
Merge pull request #3396 from F-Plass/master
deploy scipt for TrueNAS Server using REST API
2022-01-16 08:17:49 +08:00
neil
c41de8f270
Merge pull request #3891 from tutugreen/dev
dns_huaweicloud.sh minor bug fixes
2022-01-15 19:38:22 +08:00
Yuan Ming
9d2ee2127d
dns_huaweicloud debug info adjust
_secure_debug for sensitive token.
2022-01-15 19:23:30 +08:00
Yuan Ming
e49ece8793
dns_huaweicloud.sh minor bug fixes
1. Match zone name in response in case multiple items return.
2. Use string '"id"' (single quotation marks added) to check if zone/record exist in _get_zoneid() & _get_recordset_id(). Fix domain can't contain string "id".

(Sensitive _debug Access Token Commented out, For CICD Run)
2022-01-14 22:10:26 +08:00
neil
188274277a fix https://github.com/acmesh-official/acme.sh/issues/3883 2022-01-11 17:16:51 +08:00
neil
c0cb3945f1
Merge pull request #3884 from acmesh-official/dev
sync
2022-01-11 17:09:59 +08:00
neil
e07795e8f0 fix https://github.com/acmesh-official/acme.sh/issues/3883 2022-01-11 16:56:19 +08:00
I Komang Suryadana
bda454fe9c
Remove cloud domain record with cloud master zone. (#3507) 2022-01-11 15:25:10 +08:00
neil
856e77053e Merge branch '3870' into dev 2022-01-10 16:29:44 +08:00
Marvo2011
62dad721fc Start ShellCheck and CI Test 2022-01-09 11:04:15 +01:00
Felix Matouschek
2ce145f359
Refactoring amcedns api (second try) (#3231) 2022-01-09 11:11:00 +08:00
Sergey Pashinin
7e7291ace9
Support Vault KV v2 (#3502) 2022-01-09 11:01:38 +08:00
Victor R. Santos
61c853a3c1
Add Gotify notification (#3759) 2022-01-09 10:39:28 +08:00
Bodenhaltung
4346139d65
Add dnsHome.de API (#3823)
Add dnsHome.de API
2022-01-09 10:32:22 +08:00
neil
1476f83ba7
Merge pull request #3879 from acmesh-official/dev
sync
2022-01-08 21:22:18 +08:00
neil
c959d64099
Merge pull request #3807 from dacrystal/topic/synology_dsm-otp_code
Add SYNO_TOTP_SECRET for user with two-factor authentication enabled
2022-01-08 20:03:13 +08:00
neil
e67d26caeb fix https://github.com/acmesh-official/acme.sh/issues/3845#issuecomment-999367478 2022-01-08 19:58:49 +08:00
neil
86c3fa0df0 remove retry for get and post 2022-01-08 19:51:04 +08:00
neil
75ae57e194 report false 2022-01-08 19:19:51 +08:00
neil
d42feae0af fix ecdsa name for stepca 2022-01-07 23:44:19 +08:00
neil
45971b8083 add ip cert test for stepCA 2022-01-07 23:43:08 +08:00
neil
8e9bbd1bb3 fix CI 2022-01-07 23:35:18 +08:00
neil
ec10a3eab4 fix CI 2022-01-07 23:14:46 +08:00
neil
49deb4af24 fix CI 2022-01-07 23:09:56 +08:00
neil
10f171b6e4 fix ci 2022-01-07 23:05:49 +08:00
neil
735db1a12b fix ci 2022-01-07 23:00:34 +08:00
neil
b2f4cc2dc5 add Step-ca to CI
https://github.com/acmesh-official/acme.sh/issues/3871
2022-01-07 22:58:42 +08:00
neil
d43b587d17 fix https://github.com/acmesh-official/acme.sh/issues/3870 2022-01-07 22:06:18 +08:00
neil
6b07a955f2
Merge pull request #3877 from jvandborg/master
Cannot wait for PR #3673 to be completed
2022-01-07 19:09:44 +08:00
Jacob Vandborg
e23c02575d
Removed DNS sleep
Users should use command line parameter --dnssleep instead
2022-01-07 08:10:31 +01:00
neil
b1bf634136
Merge pull request #3876 from fraenki/fix_fritz
deploy/fritzbox: allow hook to be used with multiple fritzboxes
2022-01-07 09:48:54 +08:00
jvandborg
459faf4dfb Format to comply with style guide 2022-01-06 22:03:39 +01:00
Jacob Vandborg
8cdceb83b2
Cannot wait for PR #3673 to be completed
PR #3673 Fix simply.com API seems abandoned by maintainer and I need this fixed asap

Changes implemented
* Normalize JSON and fix not handling return code correctly
* Add some information to comments
* Fix trailing slash on URIs
* Add 60 second sleep for zone to be written
* Fix parsing record_data and record_type
2022-01-06 19:21:05 +01:00
Frank Wall
6aa1ec0802 deploy/fritzbox: allow hook to be used with multiple fritzboxes
Previously the deploy hook config was stored in the account config.
This seems odd and adds unnecessary limitations to the hook.
Now we're using the correct _*deployconf() functions to read and
write the deploy hook config.
2022-01-06 16:20:43 +01:00
Joel Pearson
0727f7054b Allow optional "NEW" in CSR header and footer
When generating a CSR in Windows it seems to create a CSR header that looks like "-----BEGIN NEW CERTIFICATE REQUEST-----", but the addition of "NEW" breaks the parsing of the CSR. Making "NEW " optional fixes the problem.

Apparently certbot is tolerant of both forms, see: https://community.letsencrypt.org/t/error-parsing-certificate-request-resolved/40039/6 for more information.
2022-01-06 17:41:42 +08:00
neilpang
37cc611e3f fix gentoo image 2022-01-06 17:41:42 +08:00
neilpang
c39e6c4423 add --info command to show the global configs or domain configs.
https://github.com/acmesh-official/acme.sh/issues/2444
2022-01-06 17:41:42 +08:00
neilpang
1566656af3 fix https://github.com/acmesh-official/acme.sh/issues/3869 2022-01-06 17:41:42 +08:00
neilpang
737eba57bd send notifications for renew command
https://github.com/acmesh-official/acme.sh/issues/3869#issuecomment-1003546762
2022-01-06 17:41:41 +08:00
Viktor G
d32cedd7dc DNS-ISPConfig ISPC_Api_Insecure argument check fix 2022-01-06 17:41:41 +08:00
racitup
2b6aa26703 fix: Neilpang review 2022-01-06 17:41:41 +08:00
racitup
95f1336060 fix: token request body quoting 2022-01-06 17:41:41 +08:00
racitup
f46ee93597 fix: github switch 2022-01-06 17:41:41 +08:00
racitup
56d799f449 fix: debugging 2022-01-06 17:41:41 +08:00
racitup
6251652c93 fix: correct return value 2022-01-06 17:41:41 +08:00
racitup
6a2c9a0dc1 fix: floating token for github 2022-01-06 17:41:41 +08:00
racitup
4dd709b543 feat: Mythic Beasts DNS API script 2022-01-06 17:41:41 +08:00
wacki4
aa9f5b8c4a Update dns_opnsense.sh
Correction when having many zones.
2022-01-06 17:41:41 +08:00
wacki4
f485f3fdb5 Update dns_opnsense.sh
Update for opnsense regards to error in #3735
2022-01-06 17:41:41 +08:00
neilpang
c6a0ec64cb upgrade solaris vm 2022-01-06 17:41:41 +08:00
Christian Burmeister
e0b179e5f3 Update Dockerfile - alpine:3.12 -> alpine:3.15
The support for the base image alpine:3.12 will expire in 4 months (https://endoflife.date/alpine), so it would make sense to upgrade to the current version alpine:3.15. 
I was able to create the acme.sh image with the new alpine:3.15 version without errors and also create and deploy a certificate, but further testing would be useful.
2022-01-06 17:41:41 +08:00
Jens Meißner
dac7a3d272 [dns_knot] Use key command instead of command line argument to transmit dns key data. 2022-01-06 17:41:41 +08:00
neilpang
beed123fb0 fix tunnel version 2022-01-06 17:41:41 +08:00
neilpang
267e582827 add TEST_DNS_NO_SUBDOMAIN 2022-01-06 17:41:40 +08:00
neilpang
69c02cae76 pass TEST_DNS_NO_SUBDOMAIN 2022-01-06 17:41:40 +08:00
neilpang
4f386663e7 fix for OpenBSD7
https://github.com/acmesh-official/acme.sh/issues/3833
2022-01-06 17:41:40 +08:00
neilpang
eaae0547f2 upgrade Solaris 2022-01-06 17:41:40 +08:00
Marvo2011
cc5cfc7525
Added Selfhost DNS API
+ShellCheck 
+ACME v2 compatible

Example:
- Fist create 2 new TXT records on _acme-challenge.example.com
- Now note the ID in (...) from the edit page behind "_acme-challenge.example.com"

export SELFHOSTDNS_USERNAME=myname
export SELFHOSTDNS_PASSWORD=mypass
export SELFHOSTDNS_RID=id_of_txt_record
export SELFHOSTDNS_RID2=id_of_second_txt_record
acme.sh --issue -d example.com  --dns  dns_selfhost
2022-01-05 15:03:32 +01:00
neil
795dee85ef
Merge pull request #3854 from pearj/dev
Allow optional "NEW" in CSR header and footer
2022-01-03 14:57:15 +08:00
neilpang
dbd5bef038 fix gentoo image 2022-01-03 13:41:57 +08:00
neilpang
dd2a420578 add --info command to show the global configs or domain configs.
https://github.com/acmesh-official/acme.sh/issues/2444
2022-01-03 12:38:59 +08:00
neilpang
eeee30ca03 fix https://github.com/acmesh-official/acme.sh/issues/3869 2022-01-03 11:46:12 +08:00
neilpang
82e8792737 send notifications for renew command
https://github.com/acmesh-official/acme.sh/issues/3869#issuecomment-1003546762
2022-01-03 11:20:53 +08:00
neil
6b18b3df34
Merge pull request #3868 from vktg/ispconfigargsfix
DNS-ISPConfig ISPC_Api_Insecure argument check fix
2022-01-03 10:56:38 +08:00
neil
fcebed19b9
Merge pull request #3849 from casesolved-co-uk/dev
Mythic Beasts DNS API script
2022-01-03 10:08:46 +08:00
neil
af5f6176b5
Merge pull request #3764 from wacki4/patch-1
Update dns_opnsense.sh
2022-01-03 10:05:59 +08:00
Viktor G
424cc46db0 DNS-ISPConfig ISPC_Api_Insecure argument check fix 2021-12-30 18:06:17 +03:00
racitup
ce47ccecc4 fix: Neilpang review 2021-12-28 14:45:02 +00:00
racitup
d940f17390 fix: token request body quoting 2021-12-25 23:41:43 +00:00
racitup
6351b5d0dc fix: github switch 2021-12-25 23:41:43 +00:00
racitup
9c4ac24a66 fix: debugging 2021-12-25 23:41:43 +00:00
racitup
bf66df2a29 fix: correct return value 2021-12-25 23:41:43 +00:00
racitup
962ce380cd fix: floating token for github 2021-12-25 23:41:43 +00:00
racitup
9769afb944 feat: Mythic Beasts DNS API script 2021-12-25 23:41:43 +00:00
neilpang
052b45a510 upgrade solaris vm 2021-12-25 09:57:58 +08:00
neil
84a96e862e
Merge pull request #3861 from christianbur/patch-2
Update Dockerfile - alpine:3.12 -> alpine:3.15
2021-12-22 10:37:48 +08:00
Christian Burmeister
3105235a7a
Update Dockerfile - alpine:3.12 -> alpine:3.15
The support for the base image alpine:3.12 will expire in 4 months (https://endoflife.date/alpine), so it would make sense to upgrade to the current version alpine:3.15. 
I was able to create the acme.sh image with the new alpine:3.15 version without errors and also create and deploy a certificate, but further testing would be useful.
2021-12-21 22:20:42 +01:00
fradev
71a32477e4
Merge branch 'acmesh-official:master' into master 2021-12-20 09:28:19 +01:00
Joel Pearson
342bce2168 Allow optional "NEW" in CSR header and footer
When generating a CSR in Windows it seems to create a CSR header that looks like "-----BEGIN NEW CERTIFICATE REQUEST-----", but the addition of "NEW" breaks the parsing of the CSR. Making "NEW " optional fixes the problem.

Apparently certbot is tolerant of both forms, see: https://community.letsencrypt.org/t/error-parsing-certificate-request-resolved/40039/6 for more information.
2021-12-17 19:32:35 +11:00
neil
86d8cbc4d2
Merge pull request #3852 from heptalium/dev
[dns_knot] Use key command instead of command line argument to transmit dns key data
2021-12-13 20:07:43 +08:00
neilpang
6b63bd6a44 fix tunnel version 2021-12-13 20:04:23 +08:00
Jens Meißner
225707c877
[dns_knot] Use key command instead of command line argument to transmit dns key data. 2021-12-12 14:17:13 +01:00
neilpang
66da6f18e3 add TEST_DNS_NO_SUBDOMAIN 2021-12-06 22:03:38 +08:00
neilpang
bdf8bf391c pass TEST_DNS_NO_SUBDOMAIN 2021-12-05 21:05:18 +08:00
neilpang
f66d9e1a22 fix for OpenBSD7
https://github.com/acmesh-official/acme.sh/issues/3833
2021-12-05 18:23:19 +08:00
neilpang
ccd3d96942 upgrade Solaris 2021-12-05 16:15:39 +08:00
F-Plass
b203f2abaa
Merge branch 'acmesh-official:master' into master 2021-12-03 17:18:44 +01:00
neil
5490a2f3ba
Merge pull request #3837 from acmesh-official/dev
sync
2021-11-30 22:49:43 +08:00
neil
ba44235471
Update DNS.yml 2021-11-30 13:10:39 +08:00
neil
be556f9e36
Merge pull request #3818 from hguandl/master
Add iOS Bark notify hook
2021-11-21 09:54:55 +08:00
Hao Guan
5e5ba11601
Add iOS Bark notify hook. 2021-11-21 02:39:46 +08:00
neil
e384df30fa
Merge pull request #3813 from acmesh-official/dev
fix https://github.com/acmesh-official/acme.sh/issues/3806
2021-11-19 13:35:18 +08:00
Nasser Alansari
4635dacf7f Add SYNO_TOTP_SECRET for user with two-factor authentication 2021-11-13 13:01:38 +03:00
neilpang
18e4d270d9 fix https://github.com/acmesh-official/acme.sh/issues/3806 2021-11-13 15:23:32 +08:00
F-Plass
3bcb91f6ae Update truenas.sh
solved the problem of UI-Restart after 12.0-U3
2021-11-11 23:03:00 +01:00
neil
5e574a355d
Merge pull request #3800 from acmesh-official/dev
sync
2021-11-10 09:22:45 +08:00
neil
640c7c5fa3
Merge pull request #3798 from Scre13/patch_mail_sh
removed -- at beginning of subject
2021-11-09 11:49:25 +08:00
neil
eb6395a62c
Update mail.sh 2021-11-09 11:48:58 +08:00
Scre13
2b2845aa07 removed -- at beginning of subject 2021-11-09 04:28:30 +01:00
neil
54d8c66f3e
Merge pull request #3797 from Scre13/patch_lf_mime_version
Removed newline at the end of subject, added MIME-Version header
2021-11-09 09:32:03 +08:00
neil
95bbf1b190
Update mail.sh 2021-11-09 09:30:36 +08:00
Scre13
ee2dab51f3 removed newline at the end of subject, added MIME-Version header 2021-11-08 22:13:14 +01:00
neil
f63409eed9 fix https://github.com/acmesh-official/acme.sh/issues/1559 2021-11-06 12:27:50 +08:00
neil
ad8940ad73
Merge pull request #3796 from acmesh-official/ip
Ip
2021-11-06 12:00:13 +08:00
neil
b8bfb5a56c fix format 2021-11-06 11:28:11 +08:00
neil
3f58823430 fix ip cert 2021-11-06 11:26:06 +08:00
neil
e488220bfc fix for solaris 2021-11-06 11:16:41 +08:00
neil
e6e0771496 fix for ip cert alpn mode 2021-11-06 11:16:40 +08:00
neil
fe77d43fa0 fix _deactivate for ip cert 2021-11-06 11:16:40 +08:00
neil
737a7a2db2 add test for ipcert 2021-11-06 11:16:12 +08:00
neil
6ae8d10132 support ip cert: rfc https://tools.ietf.org/html/rfc8738 2021-11-06 11:15:10 +08:00
neil
7d249b6d3b start 3.0.2 2021-11-06 09:52:21 +08:00
neil
a532b82771
Merge pull request #3793 from jearton/feature/feishu-notify
Add feishu notification
2021-11-04 09:43:59 +08:00
neil
e8756482aa
Update feishu.sh 2021-11-04 09:42:30 +08:00
jearton
35d6da785b add support for feishu notification 2021-11-04 00:41:58 +08:00
neilpang
dbdcbd4b9e add set-default-chain 2021-11-02 20:37:14 +08:00
neil
a2b6f49c5c
Merge pull request #2998 from masbicudo/dev
Notify user about a possible problem when using synology_dsm.sh with user that enabled 2fa
2021-11-01 13:42:57 +08:00
Miguel Angelo
a31ed4a723 Notify user about a possible problem when using synology_dsm.sh with 2fa enabled user account 2021-11-01 01:40:14 -03:00
neil
b2fc84c98e
Merge pull request #3787 from acmesh-official/dev
sync
2021-10-31 17:31:35 +08:00
neil
927369b06d
Merge pull request #3772 from retoo/bugfix/dns-gcloud-fix-format-change
dns_gcloud: allowrecord-sets list output to be separated by 'semicolon'
2021-10-21 22:33:31 +08:00
Reto Schuettel
401fd37e35 dns_gcloud: allowrecord-sets list output to be separated by 'semicolon'
gcloud dns record-sets list used to separate records by comma, with
version 353.0.0 the tool uses semicolons instead.
2021-10-20 18:18:02 +02:00
neil
759cdf10c5
Merge pull request #3745 from NerLOR/master
Fix Word4You dns plugin to work with current api
2021-10-20 23:39:29 +08:00
Lorenz Stechauner
6e7ce1eec1 dns_world4you: fix for freeBSD sed
Signed-off-by: Lorenz Stechauner <lorenz.stechauner@necronda.net>
2021-10-20 14:29:06 +02:00
Lorenz Stechauner
2a65955e88
Merge branch 'acmesh-official:master' into master 2021-10-18 11:20:15 +02:00
wacki4
00b6c6a437
Update dns_opnsense.sh
Correction when having many zones.
2021-10-16 16:57:12 +02:00
wacki4
21ef3b0ecf
Update dns_opnsense.sh
Update for opnsense regards to error in #3735
2021-10-16 14:08:03 +02:00
neil
5b0d6a1375
Merge pull request #3756 from acmesh-official/dev
sync
2021-10-13 09:04:06 +08:00
neil
0510da0853 fix test chain root name. 2021-10-13 00:28:14 +08:00
neil
365d22d076 add TEST_PREFERRED_CHAIN 2021-10-13 00:03:12 +08:00
neil
1760169ef9 fix Windows test 2021-10-12 23:43:20 +08:00
neil
32ea224933 update versions 2021-10-12 21:31:06 +08:00
neilpang
38a067e203 fix https://github.com/acmesh-official/acme.sh/issues/3752 2021-10-12 20:55:11 +08:00
neil
ab6f1b6df7
Merge pull request #3746 from tuffnatty/patch-1
Don't use global variable as local in recursion context
2021-10-09 21:29:36 +08:00
neil
b36802edff
Merge pull request #3728 from arnebjarne/dns_cpanel
Support for cPanel DNS
2021-10-09 10:29:27 +08:00
Bjarne Saltbaek
1d2af0f291 force a re-test. 2021-10-08 20:10:46 +02:00
Phil Krylov
40e8c5e2b0
Don't use global variable as local in recursion context
```nginx
include conf.d/*;
include sites-enabled/*;
```
In this situation, after the first recursive `_checkConf` invocation 4 lines below, `$_c_file` does not contain what you expect anymore, and the second lookup checks for `conf.d/sites-enabled/*` which is obviously wrong.
2021-10-08 18:24:21 +02:00
Bjarne Saltbaek
e11d0d37ee force a re-test. Le servere fails during test 2021-10-07 20:51:18 +02:00
Bjarne Saltbaek
ea4266538a force a re-test 2021-10-07 20:21:51 +02:00
Lorenz Stechauner
aa7bf9169f Fix Word4You dns plugin to work with current api
the value for uniqueFormIdTTL is not available or needed anymore.
values for 'aktivPaket' are not needed by the api.

changed endpoint for deletion from `/deleteRecord` to `/dns/record/delete`
2021-10-06 14:06:44 +02:00
Bjarne Saltbaek
a95e83ab6e Added txtvalue to dns lookup 2021-10-03 18:45:21 +02:00
Bjarne Saltbaek
86daaf4bf2 Added remove entry debug 2021-10-03 18:37:51 +02:00
Bjarne Saltbaek
d5b4f02932 Added proper id lookup with whitespace removed 2021-10-03 18:13:05 +02:00
Bjarne Saltbaek
15deec6c53 Added proper id lookup with missing bracket 2021-10-03 18:11:28 +02:00
Bjarne Saltbaek
17b1875151 Added proper id lookup 2021-10-03 18:08:21 +02:00
Bjarne Saltbaek
bfda8f0b8a First jq rework - 12. redo 2021-10-03 17:53:59 +02:00
Bjarne Saltbaek
7bb0ff986b First jq rework - 11. redo 2021-10-03 17:50:57 +02:00
Bjarne Saltbaek
f3cfef4021 First jq rework - 10. redo 2021-10-03 17:40:01 +02:00
Bjarne Saltbaek
3184c3c21b First jq rework - 9. redo 2021-10-03 17:10:38 +02:00
Bjarne Saltbaek
9264737985 First jq rework - 8. redo 2021-10-03 17:04:49 +02:00
Bjarne Saltbaek
c9b353a689 First jq rework - 8. redo 2021-10-03 17:02:24 +02:00
Bjarne Saltbaek
fda6502f33 First jq rework - 7. redo 2021-10-03 17:00:53 +02:00
Bjarne Saltbaek
0fdac82b93 First jq rework - 6. redo 2021-10-03 16:55:44 +02:00
Bjarne Saltbaek
6b3d6d5211 First jq rework - 5. redo 2021-10-03 16:51:02 +02:00
Bjarne Saltbaek
cb89ee39f5
Merge branch 'acmesh-official:master' into dns_cpanel 2021-10-03 16:49:38 +02:00
Bjarne Saltbaek
be827be742 First jq rework - 4. redo 2021-10-03 16:48:23 +02:00
neil
8fcecd59a0
Merge pull request #3734 from acmesh-official/dev
sync
2021-10-03 22:48:12 +08:00
Bjarne Saltbaek
83b49b23e4
Merge branch 'acmesh-official:master' into dns_cpanel 2021-10-03 16:37:55 +02:00
neil
f5ee618986
Merge pull request #3599 from cirow/dev
Pushbullet Webhook notification
2021-10-03 22:34:21 +08:00
Bjarne Saltbaek
8339b88180 First jq rework - docker fails in Github - not my fault... 2021-10-03 16:34:12 +02:00
neil
f2958818c8
Update pushbullet.sh 2021-10-03 22:33:41 +08:00
Bjarne Saltbaek
608547c62c First jq rework - 3. redo 2021-10-03 16:32:03 +02:00
neil
20f604948f
Update pushbullet.sh 2021-10-03 22:31:56 +08:00
neil
f72a4f966d
Merge pull request #3664 from shadowlmd/fix-grep-dns-he
Fix grep options processing in dns_he module
2021-10-03 22:25:44 +08:00
Bjarne Saltbaek
bd00db4292 First jq rework - redo 2021-10-03 16:25:21 +02:00
Bjarne Saltbaek
68debc474a First jq rework 2021-10-03 16:20:08 +02:00
Bjarne Saltbaek
6a7f993a9a Forced CI 2021-10-03 15:56:26 +02:00
neil
ae25931b37
Merge pull request #3733 from acmesh-official/dev
sync
2021-10-03 21:30:46 +08:00
neil
84fe6654cc fix for https://github.com/acmesh-official/acme.sh/issues/3717 2021-10-03 20:59:55 +08:00
Bjarne Saltbaek
d2d023cca7 added saving of cPanel_Hostname 2021-10-03 13:35:22 +02:00
neil
64908e0080 fix Windows path 2021-10-03 19:28:30 +08:00
neil
d4e1899747 support "--set-default-chain", fix https://github.com/acmesh-official/acme.sh/issues/3717 2021-10-03 19:02:45 +08:00
Bjarne Saltbaek
7f9b8d68ac Added dns-cpanel.sh as support for cPanel controlled DNS systems 2021-10-02 19:30:07 +02:00
neil
5b1e849bde
Merge pull request #3725 from acmesh-official/dev
sync
2021-10-01 23:02:30 +08:00
neil
fba6de76b1
Merge pull request #3687 from gstrauss/use-getdeployconf
use _getdeployconf instead of sourcing DOMAIN_CONF
2021-10-01 12:41:12 +08:00
Glenn Strauss
8419b42e83 use ${ACME_OPENSSL_BIN:-openssl} instead of openssl
(requested by @Neilpang in #3687)
2021-09-30 19:00:39 -04:00
neil
5f38c15b1f
Merge pull request #3709 from ToJIka4/add_veesp_api
Add Veesp DNS API
2021-09-25 15:52:04 +08:00
neil
c3b72baa8e
Merge pull request #3710 from tcocca/dev
Rackspace changed their API response, fixed the sed matching
2021-09-24 10:25:42 +08:00
Tom Cocca
16d0416f22 trigger GH Actions again 2021-09-23 08:50:20 -04:00
Tom Cocca
b9aa4f4478 trigger a GH actions change 2021-09-23 08:20:50 -04:00
Tom Cocca
8d3ad3a8c1 Rackspace changed their API response, fixed the sed matching 2021-09-23 08:10:17 -04:00
Stephen Pliaskin
5a689ce897 Add Veesp DNS API 2021-09-22 23:17:50 +03:00
neil
35e22703af
Merge pull request #3697 from DerVerruckteFuchs/1984-hosting-cookie-fix
1984 hosting cookie fix
2021-09-15 09:27:00 +08:00
DerVerruckteFuchs
41a2d0e06c reduce ttl 2021-09-13 11:44:39 -04:00
DerVerruckteFuchs
4d95e35c06 get response based on $txtvalue 2021-09-12 17:38:27 -04:00
DerVerruckteFuchs
4e553f34ba get TXT entry based on $txtvalue 2021-09-12 17:20:01 -04:00
DerVerruckteFuchs
b910726c43 pick first entry if more than one TXT entry exists 2021-09-12 17:05:36 -04:00
DerVerruckteFuchs
64e3cab6ab add correct number of vars for _get_zone_id 2021-09-12 16:57:32 -04:00
DerVerruckteFuchs
f3196396a2 fix email filtering 2021-09-12 16:49:53 -04:00
DerVerruckteFuchs
148336929d fix formatting 2021-09-12 16:27:40 -04:00
DerVerruckteFuchs
2f3ec3a77f filter out instances where email@domain.com exists 2021-09-12 16:25:21 -04:00
Christophe B Billheimer
8d7a487013 change $@ -> $_domain 2021-09-12 14:10:54 -04:00
Christophe B Billheimer
622464ff5e fix error message for _get_zone_id 2021-09-12 13:49:31 -04:00
Christophe B Billheimer
b45a44e405 fix formatting 2021-09-12 13:33:55 -04:00
Christophe B Billheimer
a196958bd6 add check when getting zone id 2021-09-12 13:13:55 -04:00
Christophe B Billheimer
f101418658 change _url -> url 2021-09-12 13:03:54 -04:00
Christophe B Billheimer
aa05a1e81d make sure _url gets set where it is needed 2021-09-12 13:00:03 -04:00
Christophe B Billheimer
384bc62f25 make _get_zone_id usage consistent 2021-09-12 12:54:42 -04:00
Christophe B Billheimer
46e62f1a9a fix typo 2021-09-12 12:50:03 -04:00
Christophe B Billheimer
c5c2014081 add _get_zone_id to dns_1984hosting_rm to get the zone id 2021-09-12 12:48:27 -04:00
Christophe B Billheimer
c668c603cc add Referer and X-CSRFToken HTTP headers 2021-09-12 12:45:06 -04:00
Christophe B Billheimer
8f3b7c179e put cookies into a format that the 1984 Hosting website expects 2021-09-12 12:37:56 -04:00
Christophe B Billheimer
ea18c47011 move getting zone id code into its own function 2021-09-12 12:35:20 -04:00
Christophe B Billheimer
ced7110a78 remove -o option from grep and use _egrep_o instead 2021-09-10 08:49:38 -04:00
Christophe B Billheimer
92f13eb8bf get both the CSRF token and session ID cookies, as they are both needed for login now 2021-09-10 08:02:13 -04:00
Christophe B Billheimer
1312ef7e50 simplify One984HOSTING_COOKIE grep 2021-09-10 07:25:18 -04:00
Christophe B Billheimer
e992979113 Merge branch 'master' of github.com:DerVerruckteFuchs/acme.sh into 1984-hosting-cookie-fix 2021-09-08 22:49:24 -04:00
Christophe B Billheimer
d317b49940 use head instead of tail so that the sessionid cookie gets set correctly 2021-09-08 22:48:43 -04:00
neil
6be53468c5
Merge pull request #3691 from nookery/patch-1
the type of 'snis' is array
2021-09-07 11:55:44 +08:00
neil
046094bdcb
Merge pull request #3696 from TheTyrius/dev
[dns_netcup] Fix variable name
2021-09-07 09:34:12 +08:00
Philipp B
1064c270d9
Fix variable name
Wrong variable name was used in login() and logout(), preventing operation.
2021-09-06 17:01:31 +02:00
Nookery
2447fccf1e
name="snis" => name="snis[]"
kong 2.5.x,snis参数是一个数组
2021-09-04 16:59:50 +08:00
Glenn Strauss
c43c711f72 use _getdeployconf instead of sourcing DOMAIN_CONF
(requested by @Neilpang in #3394)

github: closes #3394
2021-09-01 16:37:10 -04:00
Michael Weber
f354e6de69 lighttpd deploy hook
* verbatim copy from haproxy.sh, s/haproxy/lighttpd
* enable issuer
2021-09-01 16:33:24 -04:00
fradev
08d60fcbf2 Update ssh.sh
shfmt formatting
2021-08-30 11:32:07 +02:00
fradev
4cda54774a Update ssh.sh
SC2086 and SC2215
2021-08-30 11:17:03 +02:00
fradev
613475ac26 Update ssh.sh 2021-08-30 11:08:06 +02:00
neil
12615c46f8
Merge pull request #3682 from acmesh-official/dev
sync
2021-08-29 22:18:31 +08:00
fradev
20d23fcb92 Update ssh.sh
Added scp mode for copy the certs
2021-08-25 16:55:36 +02:00
neil
b335840f97
Merge pull request #3657 from Sp1l/extend_pre_hook
Make domain names available to pre hook
2021-08-22 11:01:02 +08:00
Leo
6d84f59e6b
Add Weixin Work notify hook 2021-08-21 04:11:21 +08:00
neilpang
c5efec678e remove clearlinux 2021-08-18 20:59:47 +08:00
Aleksei Faians
83cb89e4f7 treat variable contents as text, don't process switches 2021-08-17 08:58:04 +03:00
neilpang
6bdf689d0f fix https://github.com/acmesh-official/acme.sh/issues/3660 2021-08-15 08:52:55 +08:00
Bernard Spil
e164362069 Make domain names available to pre hook
Export Le_Domains and Le_Alt so your pre-hook script can run additional checks.

Allows running checks on the domain names before the first call to the ACME API. Thereby not counting against the rate-limit when an issue is going to be problematic.

Supersedes:	#3288
2021-08-10 12:36:29 +02:00
neilpang
72e3f33f28 fix docker test 2021-08-08 08:49:15 +08:00
neilpang
ccfd907914 fix https://github.com/acmesh-official/acme.sh/issues/3649 2021-08-07 21:06:05 +08:00
neilpang
5a44e63cad fix nginx mode
https://github.com/acmesh-official/acme.sh/issues/3648#issuecomment-894045613
2021-08-06 21:22:10 +08:00
neil
d96cca3822
Merge pull request #3647 from acmesh-official/dev
sync
2021-08-05 20:14:00 +08:00
neilpang
06580bf0e4 fix https://github.com/acmesh-official/acme.sh/issues/1914#issuecomment-893188476 2021-08-05 20:12:42 +08:00
neil
b21bd64764
Merge pull request #3646 from jonwltn/dev
Minor output formatting changes.
2021-08-05 16:54:53 +08:00
jonwltn
6b97dc6734
Minor output formatting changes. 2021-08-04 10:44:48 -07:00
neil
4e3f328a02
Merge pull request #3644 from acmesh-official/dev
sync
2021-08-04 21:43:40 +08:00
neil
8380ca2fdd
Merge pull request #3641 from felixonmars/patch-1
Correct a typo in dns_aws.sh
2021-08-03 11:01:59 +08:00
Felix Yan
ec678bc6d2
Correct a typo in dns_aws.sh 2021-08-03 01:36:59 +08:00
neilpang
2b5e2d4760 fix nginx mode 2021-08-01 15:44:14 +08:00
neilpang
89abad7980 fix https://github.com/acmesh-official/acme.sh/issues/3635 2021-08-01 13:11:52 +08:00
neil
d84da5bdbf
Merge pull request #3638 from acmesh-official/dev
fix https://github.com/acmesh-official/acme.sh/issues/3624#issuecomme
2021-08-01 08:47:41 +08:00
neilpang
5cc1d9521c fix https://github.com/acmesh-official/acme.sh/issues/3624#issuecomment-887689325 2021-07-28 22:14:54 +08:00
neil
a199fc6113
Merge pull request #3621 from acmesh-official/dev
sync
2021-07-24 23:42:34 +08:00
neil
655e34b166 minor, clean links for renewal 2021-07-24 16:23:43 +08:00
neil
5ea3a02d6a
Merge pull request #3587 from xpac1985/patch-2
dns_infoblox.sh: Fix Infoblox_View handling + some cleanup
2021-07-24 16:00:55 +08:00
neil
15c68c9594
Merge pull request #3620 from acmesh-official/dev
sync
2021-07-24 15:48:36 +08:00
neil
08438608d1 fix format 2021-07-24 15:46:58 +08:00
neil
2da94e0fdf
Merge pull request #3617 from Ivanovitchk/dev
dns_ovh: fix random add/remove txt records failures
2021-07-22 14:00:29 +08:00
Ivanovitch_k
63165764dc dns_ovh: fix random add/remove txt records failures
due to inconsistent curl api response json
2021-07-22 00:24:11 +02:00
neilpang
103810ce20 add info 2021-07-20 21:05:17 +08:00
neil
f59356b96b
Merge pull request #3612 from acmesh-official/retry
add retry logic for http requests
2021-07-20 20:59:41 +08:00
ciro
4a8511f680 fix wrong variable name 2021-07-17 13:50:45 -03:00
cirow
cd6698c688
Merge branch 'acmesh-official:dev' into dev 2021-07-15 22:56:26 -03:00
ciro
c7ca9d7e36 fix shfmt issues 2021-07-15 22:55:35 -03:00
neil
d70b759cb9 format 2021-07-15 22:47:20 +08:00
neil
ae3dda0f8f add retry for get() and post() 2021-07-15 22:21:32 +08:00
neil
e229ba5945
Merge pull request #3601 from acmesh-official/3600
fix https://github.com/acmesh-official/acme.sh/issues/3600
2021-07-12 22:27:19 +08:00
neil
dcc50093bb fix https://github.com/acmesh-official/acme.sh/issues/3600 2021-07-12 21:46:08 +08:00
neil
0831690f79
Merge pull request #3595 from stevenzhu25/patch-1
Feature Request: Add sender name for SendGrid notify hook
2021-07-12 09:11:29 +08:00
ciro
98ef51514f added pushbullet functionality 2021-07-11 20:29:44 -03:00
neilpang
ac9993394c update 2021-07-11 21:58:47 +08:00
Steven Zhu
849c3fd9c9
Fix space inconsistency 2021-07-06 22:54:15 -04:00
Steven Zhu
da58fcbfce
Add sender name for SendGrid notify hook 2021-07-06 20:51:51 -04:00
neil
fa3cd9736f
Merge pull request #3593 from jonwltn/fix-dnspod
Fix the URL for checking DNSPod availability.
2021-07-05 09:27:41 +08:00
jonwltn
a0c5d17539
Fix the URL for checking DNSPod availability. 2021-07-02 09:23:45 -07:00
xpac1985
224cd04673
Shell formatting, again 2021-07-01 22:59:43 +02:00
xpac1985
52243d0870
Clean up formatting (SHFMT) 2021-07-01 22:54:56 +02:00
xpac1985
d519873fa4
Fix Infoblox_View handling + some cleanup
URL is now constructed after possible fallback value for Infoblox_View is being set
Infoblox_View is URLencoded to deal with e.g. spaces
Some cleanup, clearer log messages etc.
2021-07-01 22:25:49 +02:00
neil
a76dcd4ba1
Merge pull request #3581 from acmesh-official/dev
sync
2021-06-28 21:21:04 +08:00
neilpang
2d07185300 use letsencrypt server to renew certs if no server was saved. 2021-06-28 21:16:32 +08:00
neil
518e1df257
sync (#3580)
sync
2021-06-28 21:10:42 +08:00
neilpang
e0def66959 fix for compatiblity 2021-06-27 11:29:51 +08:00
neil
772d970074
fix CI tests (#3574)
fix CI tests
2021-06-25 23:20:40 +08:00
neilpang
ba7d85145a fix env 2021-06-25 23:01:47 +08:00
neilpang
fb73dceab0 fix format 2021-06-25 22:46:55 +08:00
neilpang
13fd83e0ba fix revoke 2021-06-25 22:44:23 +08:00
neilpang
719ba75fcc fix test server 2021-06-25 22:29:40 +08:00
neilpang
13ab98440c fix initapi 2021-06-25 22:23:17 +08:00
neilpang
1752004301 fix deactivate 2021-06-25 22:16:16 +08:00
neilpang
536a5f7cff fix deactivate 2021-06-25 21:59:38 +08:00
neilpang
a69aece23a Use TEST_ACME_Server 2021-06-25 21:28:20 +08:00
neilpang
77d3815baa use TEST_ACME_Server 2021-06-25 21:18:03 +08:00
neilpang
e225e17386 remove unused file 2021-06-25 20:56:46 +08:00
neil
3290208749
Merge pull request #3573 from acmesh-official/dev
Dev
2021-06-25 20:13:06 +08:00
neil
3106187aac
Merge pull request #3572 from funzoneq/pdns-fix-content-type
Pdns fix content type
2021-06-25 18:25:19 +08:00
Arnoud Vermeer
eae490b5b1 [dns_pdns] Fix: missing content type in PATCH requests #3454 2021-06-25 10:12:23 +02:00
neilpang
bcce77508a remove buypass test 2021-06-25 00:04:13 +08:00
neilpang
e9bdf02cfc fix filter 2021-06-25 00:01:46 +08:00
neilpang
77f659c9b9 add NO_ECC_384 2021-06-24 23:57:21 +08:00
neilpang
c66e157a14 fix path filter 2021-06-24 23:30:16 +08:00
neilpang
2c927277e2 fix error 2021-06-24 23:23:46 +08:00
neilpang
29fe1c86da fix initapi 2021-06-24 23:21:10 +08:00
neilpang
1ae9c48370 fix error 2021-06-24 22:05:43 +08:00
neilpang
078a8b40e9 add buypass test 2021-06-24 22:03:00 +08:00
neilpang
9daeae1695 remove unnecessary check 2021-06-24 20:45:15 +08:00
neilpang
014e016058 add retry for init api 2021-06-24 20:35:49 +08:00
neil
f41f93af3a
Merge pull request #3491 from bgarret/consul-deploy-hook
Consul deploy hooks
2021-06-24 20:25:01 +08:00
neil
51539521b1
Merge pull request #3551 from marcusgrando/dev
Added Azion DNS API
2021-06-24 20:19:52 +08:00
Marcus Grando
522dec34a5 Added Azion DNS API 2021-06-23 08:45:22 -03:00
neil
ea6d76cce6
Merge pull request #3569 from Habetdin/dev
notify/telegram.sh: Fix special characters escaping
2021-06-23 13:27:07 +08:00
Habetdin
7c7d61f61e
Fix special characters escaping
To escape characters '_', '*', '`', '[' outside of an entity, prepend the characters '\' before them.
2021-06-23 03:20:07 +03:00
Marcus Grando
184dde92a2 Added Azion DNS API 2021-06-22 14:06:05 -03:00
neil
7e43c794fd
Merge pull request #3567 from acmesh-official/dev
support SSL.com
2021-06-22 20:40:43 +08:00
neilpang
c7285967d6 fix for list short name 2021-06-22 20:39:00 +08:00
neilpang
41f4baadb9 minor 2021-06-22 07:59:02 +08:00
neilpang
20082ec9fb update status 2021-06-22 07:55:12 +08:00
neilpang
8dae8c52c0 split in to multiple files, so that it can pass more. 2021-06-22 07:48:37 +08:00
neil
068076c0d5
Merge pull request #3565 from acmesh-official/dev
Dev
2021-06-21 23:42:23 +08:00
neilpang
c0ae44a41b fix format 2021-06-21 22:59:14 +08:00
neilpang
593e8e1f63 move ca key path 2021-06-21 22:47:22 +08:00
neilpang
707cf35f0a fix format 2021-06-21 22:29:14 +08:00
neilpang
30f11d0e16 typo 2021-06-21 21:41:56 +08:00
neilpang
53d6ab6c23 support SSL.com 2021-06-21 21:31:00 +08:00
neilpang
280e44304a fix for compatibility to sslcom 2021-06-21 20:11:15 +08:00
neilpang
79fac4466e minor 2021-06-20 16:58:20 +08:00
neil
0e9f09e582
Merge pull request #3539 from Djelibeybi/dev
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service
2021-06-20 16:05:56 +08:00
Avi Miller
25d0fdf8ff
fix: fix a format issue reported by shellfmt
Signed-off-by: Avi Miller <avi.miller@oracle.com>
2021-06-20 17:07:04 +10:00
Avi Miller
1d089d4541
fix: refactor the way the config is read from file and envvars
The plugin will use the following order of precedence:

environment value > file value > default value

See the wiki for details on environment variable names.

Signed-off-by: Avi Miller <avi.miller@oracle.com>
2021-06-20 17:00:53 +10:00
neilpang
1c78663378 exclude test for dns api changes 2021-06-20 12:26:12 +08:00
Avi Miller
7666022840
fix: revert _readini() function to be more generic
Also switched [::space::] with a literal space for better
cross-platform compatibility.

Signed-off-by: Avi Miller <avi.miller@oracle.com>
2021-06-20 13:12:14 +10:00
Avi Miller
946c8b498a
feat: enable automatic configuration from an OCI configuration file
The individual parameters can still be overridden via the
corresponding OCI_CLI environment variable.

Signed-off-by: Avi Miller <avi.miller@oracle.com>
2021-06-20 09:10:24 +10:00
Marcus Grando
406ca66c8d Added Azion DNS API 2021-06-19 15:19:56 -03:00
Avi Miller
ed971df93a
fix: add missing else/return 1 to if block
Signed-off-by: Avi Miller <avi.miller@oracle.com>
2021-06-19 15:41:34 +10:00
neilpang
74c054b2a5 fix https://github.com/acmesh-official/acme.sh/issues/3563 2021-06-19 11:52:11 +08:00
Avi Miller
017a10189c
fix: switch to using functions instead of calling OpenSSL directly
Also reduced the number of environment variables which simplifies
the documentation and requirements. The variable names now match
those used by the OCI CLI.

Signed-off-by: Avi Miller <avi.miller@oracle.com>
2021-06-18 12:00:42 +10:00
neil
f1c361855e
Merge pull request #2526 from PeterDaveHello/Refactor_Dockerfile
Refactor Dockerfile
2021-06-17 22:01:27 +08:00
neil
3d72df4666
Merge pull request #2529 from PeterDaveHello/UpdateREADME.md
Remove invalid "Contribute" link in README.md
2021-06-16 23:11:56 +08:00
Peter Dave Hello
6f732a9957 Use COPY instead of ADD in Dockerfile for folder
Ref:
https://docs.docker.com/develop/develop-images/#add-or-copy
2021-06-16 22:47:36 +08:00
Peter Dave Hello
447bf77dfe Simplify apk command in Dockerfile
With apk `--no-cache` parameter, there is no need to run `apk update`
and manually clean up the cache, apk will update automatically without
leaving local cache files to be cleaned up.
2021-06-16 22:47:33 +08:00
Peter Dave Hello
6621ef6a0b Remove invalid "Contribute" link in README.md 2021-06-16 19:44:31 +08:00
Marcus Grando
e327c8758e Merge branch 'acmesh-official:dev' into dev 2021-06-15 17:49:17 -03:00
neil
8a08de5691
Merge pull request #3554 from acmesh-official/dev
add linux tests
2021-06-14 12:25:39 +08:00
neilpang
3d7375be8b update status 2021-06-14 12:00:42 +08:00
neilpang
da754e9a71 fix 2021-06-14 11:52:45 +08:00
neilpang
cc9ec806b2 add all Linux 2021-06-14 11:50:19 +08:00
neil
72cf037c0d
Merge pull request #3553 from acmesh-official/dev
fix for solaris
2021-06-13 22:11:27 +08:00
neilpang
8ae08b29e4 fix for solaris 2021-06-13 21:37:26 +08:00
neil
4967fa020f
Merge pull request #3552 from acmesh-official/dev
sync
2021-06-13 16:16:11 +08:00
neilpang
54f2640ef2 fix env 2021-06-13 15:52:38 +08:00
neilpang
56246592c7 set ca names in the env 2021-06-13 15:45:33 +08:00
neilpang
1ff5d71e12 fix windows 2021-06-13 15:30:51 +08:00
neilpang
67c42c5911 add zerossl 2021-06-13 15:00:30 +08:00
neilpang
d0b514890a change default ca to zerossl 2021-06-13 14:29:26 +08:00
Marcus Grando
c0285fbc15 Added Azion DNS API 2021-06-11 11:17:26 -03:00
neil
a438c841e1
Merge pull request #3542 from DerVerruckteFuchs/_get_root()-fix
fix _get_root() so that it successfully gets the root domain
2021-06-09 17:50:54 +08:00
neil
19d7c2b336 fix bug 2021-06-06 22:53:39 +08:00
neil
afb6c70909
Merge pull request #3541 from DerVerruckteFuchs/dns_1984hosting_add()-fix
fix dns_1984hosting_add() so checks for HTML responses actually find HTML responses
2021-06-06 22:48:40 +08:00
DerVerruckteFuchs
d9af496b13
Merge branch 'dev' into _get_root()-fix 2021-06-05 23:20:01 -04:00
Christophe B Billheimer
a55cf40b1b fix _get_root() so that it successfully gets the root domain 2021-06-05 23:06:28 -04:00
Christophe B Billheimer
b19008d1b8 fix dns_1984hosting_add() so checks for HTML responses are actually find HTML responses 2021-06-05 22:38:45 -04:00
Avi Miller
6f88c81616
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service
This plugin is has noticeably more required fields than most
other plugins due to the requirement that all requests to
the OCI REST API must be cryptographically signed by the client
using the draft standard proposed in draft-cavage-http-signatures-08[1].

The OCI specific implementation details of the draft standard are
documented in the Developer Guide[2].

NOTE: there is maximum allowed clock skew of five minutes between the
client and the API endpoint. Requests will be denied if the skew is
greater.

This PR also includes a minor tweak to the Solaris job in the DNS
workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1.
Without these changes, the signature generation function does not
work on Solaris.

[1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08
[2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five

Signed-off-by: Avi Miller <avi.miller@oracle.com>
2021-06-05 21:55:40 +10:00
neil
43cb230f19
Merge pull request #3535 from sparunakian/dev
Fix typo (#3521)
2021-06-02 23:06:36 +08:00
neil
fd6a59202d start 3.0.0 2021-06-02 23:06:12 +08:00
Stéphane Parunakian
e353f66eaa Fix typo 2021-06-02 16:06:08 +02:00
neil
9293bcfb1c
Merge pull request #3534 from acmesh-official/dev
sync
2021-06-02 20:53:41 +08:00
neil
d154118600 fix bug 2021-06-01 22:21:17 +08:00
neil
c2273d2c8e add debug info 2021-06-01 22:15:53 +08:00
neil
495ba01d8e
Merge pull request #3529 from Haarolean/bugfix/porkbun-fixes
Porkbun DNS API fixes
2021-06-01 21:29:14 +08:00
neil
f627a02886 add error message 2021-06-01 21:24:37 +08:00
neil
5f9daa6640 check initAPI error 2021-06-01 21:23:00 +08:00
neil
9edda556de
Merge pull request #3530 from DerVerruckteFuchs/1984-login-fix
1984 login fix
2021-06-01 21:10:52 +08:00
Christophe B Billheimer
3891a52aeb change "$url" -> $url so the value of $url gets passed by reference, and the string "$url" does not erroneously get passed as a variable into _post() 2021-05-31 15:24:41 -04:00
Roman Zabaluev
1e5e3353f3 Fix porkbun issues
See gh-3450
2021-05-30 18:23:13 +03:00
neil
7aa4b8247c upgrade cf-tunnel 2021-05-29 15:17:34 +08:00
neil
37339ddafc
Merge pull request #3525 from tresni/synology_dsm
Synology DSM - Make certificate descriptions sed safe
2021-05-27 21:04:24 +08:00
Brian Hartvigsen
dcb51683c5
shellcheck cleanup
shellcheck sees '\\' as trying to escape the trailing quote (see
koalaman/shellcheck#1548 ).
2021-05-26 15:25:58 -06:00
Brian Hartvigsen
74a4a788b1
Make certificate descriptions sed safe
This escapes special characters used in POSIX sed to prevent mismatches.
e.g. `SYNO_Certficiate=*.example.com` would not match a description of
"*.example.com" and would look to match any number of double quotes (the
last character in the sed regex prior to certificate description),
followed by any single character, followed by "example", followed by any
character, followed by "com".

After this change, it will properly match `*.example.com` and not
`""zexamplefcom`.

Additionally we now store the certificate description as base64 encoded
to prevent issues with single quotes.

Tested on DSM 7.0-41222 (VDSM) and DSM 6.2.4-25556 (DS1515+).
2021-05-26 15:25:58 -06:00
neilpang
7909273a21 add debug info 2021-05-25 21:57:15 +08:00
neil
130e8dbd40
Merge pull request #3522 from acmesh-official/dev
sync
2021-05-23 23:55:23 +08:00
neil
40e2ebed95 remove ngrok token 2021-05-23 23:16:04 +08:00
neil
bf9b33acec use cloudflare tunnel to test 2021-05-23 23:12:46 +08:00
neil
7710a33b6c fix format 2021-05-22 23:48:39 +08:00
neil
af3ea2d4fd remove ACME v1 support 2021-05-22 23:45:50 +08:00
neil
52a3255936
Merge pull request #3520 from tresni/synology_dsm
Better fix for Synology DSM setting wrong default
2021-05-20 23:05:34 +08:00
Brian Hartvigsen
5ab9ca1c0d
Better fix for Synology DSM setting wrong default
As noted by @buxm, previous fix didn't work for all versions of DSM 6.
The better fix appears to be simply not outputting the "as_default"
parameter unless we are doing something with the default certificate.
2021-05-19 13:21:34 -06:00
neil
461f602992
Merge pull request #3505 from willbrowningme/patch-1
dnsapi/dns_desec.sh remove DEDYN_NAME variable
2021-05-08 21:12:56 +08:00
neilpang
46180435cc minor 2021-05-08 21:09:56 +08:00
neil
7f2699c6da
Merge pull request #3511 from acmesh-official/dev
Dev
2021-05-08 21:00:02 +08:00
neilpang
aede5c486b fix https://github.com/acmesh-official/acme.sh/issues/3504
check invalid status first.
2021-05-07 22:02:40 +08:00
neilpang
fb2407386f Merge branch 'dev' of https://github.com/acmesh-official/acme.sh into dev 2021-05-07 21:50:22 +08:00
neilpang
aa59c46c4c fix https://github.com/acmesh-official/acme.sh/issues/3504 2021-05-07 21:49:47 +08:00
Benoit Garret
07afc4953a Fix the shfmt check 2021-05-07 12:12:30 +02:00
Will Browning
c5557fc488
Remove DEDYN_NAME variable from dns_desec.sh 2021-05-06 16:51:43 +01:00
neil
8c14150536
Merge pull request #3350 from temoffey/deploy-gcore_cdn
Deploy gcore_cdn fix
2021-05-05 23:48:37 +08:00
Benoit Garret
c127903127 Add Consul deploy hook 2021-05-05 10:01:09 +02:00
neilpang
0881cf1379 start 2.9.0 2021-05-04 13:32:59 +08:00
neil
d0a16b0ec0
Merge pull request #3499 from acmesh-official/dev
sync
2021-05-03 22:20:20 +08:00
neil
290beb90a7 minor 2021-05-03 17:14:54 +08:00
neil
0a4ef17135 fix nginx relative path issue:
https://github.com/acmesh-official/acme.sh/issues/1743
https://github.com/acmesh-official/acme.sh/issues/1914
2021-05-03 17:11:02 +08:00
neil
e0c32ce700 minor 2021-05-03 16:42:09 +08:00
neil
e65144a105 fix https://github.com/acmesh-official/acme.sh/issues/3487
suppor Ali doh and dnspod doh.
2021-05-03 16:37:13 +08:00
neil
ae40445dba
Merge pull request #3498 from tresni/synology_dsm
FIX: Synology sets "default" on wrong certificate
2021-05-03 15:57:09 +08:00
neil
25a8240d12 fix https://github.com/acmesh-official/acme.sh/issues/3421 2021-05-03 15:52:56 +08:00
Brian Hartvigsen
1a4a180e8c
FIX: Synology sets "default" on wrong certificate
For some DSM installs, it appears that setting the "default" flag to the
string "false" actually sets it to true.  This causes Synology to set
the last updated certificate to be the default certificate.  Using an
empty string appears to still be accepted as a false-y value for DSMs
where this isn't happening and corrects the behavior in the cases that
it was.

Credit to @Run-King for identifying the fix and @buxm for reporting.
2021-05-02 13:37:59 -06:00
neilpang
aea10a3b93 Merge branch 'dev' of https://github.com/acmesh-official/acme.sh into dev 2021-05-02 22:20:27 +08:00
neilpang
f855862ade upgrade freebsd 2021-05-02 22:20:04 +08:00
neil
91d37c7875 fix compatibility issue 2021-05-01 22:32:44 +08:00
neil
5707b93110
Merge pull request #3493 from goekesmi/master
Pass content via printf string format and argument
2021-05-01 10:16:30 +08:00
Jeff Goeke-Smith
81b2d0732f
arguments passed to printf are more generic
On systems that /bin/sh is served by shells other than bash, or 
shells that don't implement the same syntax as the bash printf builtin,
printf -- fails to produce the output necessary for standalone operation.

The test case for this was SmartOS, which uses ksh93 as its /bin/sh.

This change uses the more generic method of passing a format parameter
of a single string, and then the argument to replace it with.
2021-04-29 16:46:32 -04:00
neil
ec0538d251
Merge pull request #3455 from ecm75/notify_fix
fix _exists error message if MAIL_BIN env variable is not set
2021-04-29 22:34:11 +08:00
Eike-Christian Müller
eb0c629fad
more simple mail.sh fix
Reverted the original patch and changed it to the obvious simple solution provided by @Neilpang.
2021-04-29 12:53:13 +02:00
neil
509d3f6d30
Merge pull request #3392 from akulumbeg/dev
Adding DNSAPI wrapper for Websupport webhosting (Slovakia)
2021-04-19 09:46:33 +08:00
neil
c576af7c6f
Merge pull request #3460 from JaZo/feature/aurora
Add Aurora DNS API
2021-04-17 22:17:35 +08:00
neilpang
f3682f0e8e fix format 2021-04-17 22:09:59 +08:00
Jasper Zonneveld
1c58913eeb
Add Aurora DNS API 2021-04-15 08:59:16 +02:00
neilpang
cfbc294832 fix onecom api 2021-04-14 22:18:01 +08:00
neil
64ad8b1dac
Merge pull request #3479 from mjbnz/dev
Update Telegram notification
2021-04-09 10:08:48 +08:00
Mike Beattie
fb079f9e50
Update telegram.sh
(fix shellcheck failure)
2021-04-08 16:44:22 +12:00
Mike Beattie
39b09f8f87 Dump _post() call output to /dev/null
Signed-off-by: Mike Beattie <mike@ethernal.org>
2021-04-08 16:38:00 +12:00
Mike Beattie
53d26e5c5c Add debug output of $_data variable to aid diagnosis
Signed-off-by: Mike Beattie <mike@ethernal.org>
2021-04-08 16:37:27 +12:00
Mike Beattie
e21f3e6c73 Escape asterisks in notification content
This messes with markdown parsing

Signed-off-by: Mike Beattie <mike@ethernal.org>
2021-04-08 16:36:42 +12:00
neil
edd46eb3d1
Merge pull request #3478 from acmesh-official/dev
sync
2021-04-07 22:04:08 +08:00
neil
e71238571a
Merge pull request #3464 from jpbede/cleverreach-deploy-sublient
CleverReach Deploy Hook: Allow deploy to agency subaccounts
2021-04-04 19:03:33 +08:00
Jan-Philipp Benecke
2867ec509e
Make CI happy 2021-03-30 09:18:33 +02:00
Jan-Philipp Benecke
d853a9ebbe
Make uploading cert to subaccount possible 2021-03-30 09:13:32 +02:00
neil
e0d2fa98f3
Merge pull request #3463 from c35sys/patch-1
Use 'vault kv put' instead of 'vault write'
2021-03-29 22:27:07 +08:00
Christophe Le Guern
cc90f83463
Use 'vault kv put' instead of 'vault write'
When using vault_cli with a kv2 path, it isn't working. I have the following error:
```
WARNING! The following warnings were returned from Vault:                                                                                                                                                                                     
                                                                                                                                                                                                                                              
  * Invalid path for a versioned K/V secrets engine. See the API docs for the                                                                                                                                                                 
  appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put'                                                                                                                                                                
  for this operation.                                                                                                                                                                                                                         
```
The new way to write data  is to use `vault kv put`, it is compatible with kv1 and kv2.
Ref: https://www.vaultproject.io/docs/commands#reading-and-writing-data
```
The original version of K/V used the common read and write operations. A more advanced K/V Version 2 engine was released in Vault 0.10 and introduced the kv get and kv put commands.
```
2021-03-29 15:10:14 +02:00
neil
9ea1238e1b
Merge pull request #3445 from woutd/constellix-wildcard-support
Add wildcard certificate support for dns_constellix
2021-03-27 08:10:59 +08:00
Jan-Philipp Benecke
1530abbd1a
Make uploading cert to subaccount possible 2021-03-26 15:37:12 +01:00
wout
3bfcd18a03 Workaround for Solaris, as it does not support non-greedy regex 2021-03-24 13:56:14 +01:00
wout
6b7db22981 Catch the situation when the TXT record is updated with the same value 2021-03-24 09:01:54 +01:00
wout
8adb8a6986 While [0-9]+ is a bit more correct than [0-9]*, the former does not seem to work on Solaris. 2021-03-23 21:20:27 +01:00
emueller
37e3e2f9c2 fixed formating 2021-03-22 15:32:02 +01:00
emueller
3c7be32ef5 fix _exists error message when MAIL_BIN env variable is not set 2021-03-22 15:12:27 +01:00
Alexander Kulumbeg
051775b9b4
String update
Hopefully the last one
2021-03-21 16:25:04 +01:00
neilpang
e0d5b91388 fix freebsd 2021-03-21 16:20:32 +01:00
qkdreyer
4dd2027428 fix: prevent rate limit 2021-03-21 16:20:32 +01:00
Quentin Dreyer
42ab98b830 feat: add dns_porkbun 2021-03-21 16:20:32 +01:00
neil
2b2bce6457 fix format 2021-03-21 16:20:32 +01:00
neil
69ee816541 fix https://github.com/acmesh-official/acme.sh/issues/3312 2021-03-21 16:20:32 +01:00
anom-human
2cbf3f7e15 Update dns_servercow.sh to support wildcard certs
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
2021-03-21 16:20:32 +01:00
anom-human
923eece3f5 Update dns_servercow.sh to support wildcard certs
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
2021-03-21 16:20:32 +01:00
neilpang
d4fb313ff0 fix format 2021-03-21 16:20:32 +01:00
neilpang
7dce465c06 fix https://github.com/acmesh-official/acme.sh/issues/3019 2021-03-21 16:20:32 +01:00
neilpang
5a30f5c00e fix https://github.com/acmesh-official/acme.sh/issues/3433 2021-03-21 16:20:32 +01:00
Lukas Brocke
fd406af962 dnsapi/ionos: Use POST instead of PATCH for adding TXT record
The API now supports a POST route for adding records. Therefore
checking for already existing records and including them in a PATCH
request is no longer necessary.
2021-03-21 16:20:32 +01:00
neilpang
9e5ae30372 fix https://github.com/acmesh-official/acme.sh/issues/3402 2021-03-21 16:20:32 +01:00
Kristian Johansson
0fe3538331 Adds comment 2021-03-21 16:20:32 +01:00
Kristian Johansson
b0f5ad75ae Fixes response handling and thereby allow issuing of subdomain certs 2021-03-21 16:20:32 +01:00
Geert Hendrickx
a290f63a15 No need to include EC parameters explicitly with the private key.
(they are embedded)
2021-03-21 16:20:32 +01:00
czeming
d078ce794e Update dns_dp.sh
没有encode中文字符会导致提交失败
2021-03-21 16:20:32 +01:00
medmunds
06f51a5c34 Change default SMTP_SECURE to "tls"
Secure by default. Also try to minimize configuration errors.
(Many ESPs/ISPs require STARTTLS, and most support it.)
2021-03-21 16:20:32 +01:00
medmunds
db96778064 Prefer Python to curl when both available 2021-03-21 16:20:32 +01:00
medmunds
d8918ea156 Use email.policy.default in Python 3 implementation
Improves standards compatibility and utf-8 handling
in Python 3.3-3.8. (email.policy.default becomes the
default in Python 3.9.)
2021-03-21 16:20:32 +01:00
medmunds
3503474bb8 Add Date email header in Python implementation 2021-03-21 16:20:32 +01:00
medmunds
eb1606b086 Clarify _readaccountconf_mutable_default 2021-03-21 16:20:32 +01:00
medmunds
1330a092fa Clean email headers and warn on unsupported address format
Just in case, make sure CR or NL don't end up in
an email header.
2021-03-21 16:20:32 +01:00
medmunds
d3c74cfb45 Implement _rfc2822_date helper 2021-03-21 16:20:32 +01:00
medmunds
d044545520 Rework read/save config to not save default values
Add and use _readaccountconf_mutable_default and
_saveaccountconf_mutable_default helpers to capture
common default value handling.

New approach also eliminates need for separate
underscore-prefixed version of each conf var.
2021-03-21 16:20:32 +01:00
medmunds
d1cdc1c6a0 Add _clearaccountconf_mutable() 2021-03-21 16:20:32 +01:00
medmunds
dc8d91ea39 Use PROJECT_NAME and VER for X-Mailer header
Also add X-Mailer header to Python version
2021-03-21 16:20:32 +01:00
neilpang
ae5a6d330d make the fix for rsa key only 2021-03-21 16:20:32 +01:00
neilpang
fe0bee21b0 support openssl 3.0
fix https://github.com/acmesh-official/acme.sh/issues/3399
2021-03-21 16:20:32 +01:00
Easton Man
c090c19bfe fix: fix freebsd and solaris 2021-03-21 16:20:32 +01:00
Easton Man
8fbec785e8 feat: add huaweicloud error handling 2021-03-21 16:20:32 +01:00
Mike Edmunds
06fb3d9476 Fix: Unifi deploy hook support Unifi Cloud Key (#3327)
* fix: unifi deploy hook also update Cloud Key nginx certs

When running on a Unifi Cloud Key device, also deploy to
/etc/ssl/private/cloudkey.{crt,key} and reload nginx. This
makes the new cert available for the Cloud Key management
app running via nginx on port 443 (as well as the port 8443
Unifi Controller app the deploy hook already supported).

Fixes #3326

* Improve settings documentation comments

* Improve Cloud Key pre-flight error messaging

* Fix typo

* Add support for UnifiOS (Cloud Key Gen2)

Since UnifiOS does not use the Java keystore (like a Unifi
Controller or Cloud Key Gen1 deploy), this also reworks
the settings validation and error messaging somewhat.

* PR review fixes

* Detect unsupported Cloud Key java keystore location

* Don't try to restart inactive services

(and remove extra spaces from reload command)

* Clean up error messages and internal variables

* Change to _getdeployconf/_savedeployconf

* Switch from cp to cat to preserve file permissions
2021-03-21 16:20:32 +01:00
medmunds
fe3e8a7bb6 More than one blank line is an abomination, apparently
I will not try to use whitespace to group code visually
2021-03-21 16:20:32 +01:00
medmunds
ce2ff25edd Implement curl version of smtp notify-hook 2021-03-21 16:20:32 +01:00
medmunds
65a1b892e3 Prep for curl or Python; clean up SMTP_* variable usage 2021-03-21 16:20:32 +01:00
medmunds
e272fde95e Add instructions for reporting bugs 2021-03-21 16:20:32 +01:00
medmunds
d48bff0e20 Only save config if send is successful 2021-03-21 16:20:32 +01:00
medmunds
6e61c34f0f Make shfmt happy
(I'm open to better ways of formatting the heredoc
that embeds the Python script.)
2021-03-21 16:20:32 +01:00
medmunds
2d9506eb54 Implement smtp notify hook
Support notifications via direct SMTP server connection.
Uses Python (2.7.x or 3.4+) to communicate with SMTP server.
2021-03-21 16:20:32 +01:00
jerrm
b1988c7b67 duckdns - fix "integer expression expected" errors (#3397)
* fix "integer expression expected" errors

* duckdns fix

* Update dns_duckdns.sh

* Update dns_duckdns.sh
2021-03-21 16:20:32 +01:00
neilpang
fb5d72c29b upgrade freebsd and solaris 2021-03-21 16:20:32 +01:00
neil
ac148ce0e9 Chain (#3408)
* fix https://github.com/acmesh-official/acme.sh/issues/3384
match the issuer to the root CA cert subject

* fix format

* fix https://github.com/acmesh-official/acme.sh/issues/3384

* remove the alt files. https://github.com/acmesh-official/acme.sh/issues/3384
2021-03-21 16:20:32 +01:00
manuel
016dca654e dnsapi/pdns: also normalize json response in detecting root zone 2021-03-21 16:20:32 +01:00
Gnought
6502bdecbe Updated --preferred-chain to issue ISRG properly
To support different openssl crl2pkcs7 help cli format
2021-03-21 16:20:32 +01:00
Vahid Fardi
91a739af6e change name actor 2021-03-21 16:20:32 +01:00
Vahid Fardi
e232565971 change Author name 2021-03-21 16:20:32 +01:00
Vahid Fardi
472488ebe8 change arvan api script 2021-03-21 16:20:32 +01:00
Alexander Kulumbeg
8de3698b23 Revert "Syncing with the original repo (#2)"
This reverts commit c384ed960c.
2021-03-21 16:16:38 +01:00
neilpang
a694b46914 fix freebsd 2021-03-21 22:46:35 +08:00
Alexander Kulumbeg
c384ed960c
Syncing with the original repo (#2)
* change arvan api script

* change Author name

* change name actor

* Updated --preferred-chain to issue ISRG properly

To support different openssl crl2pkcs7 help cli format

* dnsapi/pdns: also normalize json response in detecting root zone

* Chain (#3408)

* fix https://github.com/acmesh-official/acme.sh/issues/3384
match the issuer to the root CA cert subject

* fix format

* fix https://github.com/acmesh-official/acme.sh/issues/3384

* remove the alt files. https://github.com/acmesh-official/acme.sh/issues/3384

* upgrade freebsd and solaris

* duckdns - fix "integer expression expected" errors (#3397)

* fix "integer expression expected" errors

* duckdns fix

* Update dns_duckdns.sh

* Update dns_duckdns.sh

* Implement smtp notify hook

Support notifications via direct SMTP server connection.
Uses Python (2.7.x or 3.4+) to communicate with SMTP server.

* Make shfmt happy

(I'm open to better ways of formatting the heredoc
that embeds the Python script.)

* Only save config if send is successful

* Add instructions for reporting bugs

* Prep for curl or Python; clean up SMTP_* variable usage

* Implement curl version of smtp notify-hook

* More than one blank line is an abomination, apparently

I will not try to use whitespace to group code visually

* Fix: Unifi deploy hook support Unifi Cloud Key (#3327)

* fix: unifi deploy hook also update Cloud Key nginx certs

When running on a Unifi Cloud Key device, also deploy to
/etc/ssl/private/cloudkey.{crt,key} and reload nginx. This
makes the new cert available for the Cloud Key management
app running via nginx on port 443 (as well as the port 8443
Unifi Controller app the deploy hook already supported).

Fixes #3326

* Improve settings documentation comments

* Improve Cloud Key pre-flight error messaging

* Fix typo

* Add support for UnifiOS (Cloud Key Gen2)

Since UnifiOS does not use the Java keystore (like a Unifi
Controller or Cloud Key Gen1 deploy), this also reworks
the settings validation and error messaging somewhat.

* PR review fixes

* Detect unsupported Cloud Key java keystore location

* Don't try to restart inactive services

(and remove extra spaces from reload command)

* Clean up error messages and internal variables

* Change to _getdeployconf/_savedeployconf

* Switch from cp to cat to preserve file permissions

* feat: add huaweicloud error handling

* fix: fix freebsd and solaris

* support openssl 3.0
fix https://github.com/acmesh-official/acme.sh/issues/3399

* make the fix for rsa key only

* Use PROJECT_NAME and VER for X-Mailer header

Also add X-Mailer header to Python version

* Add _clearaccountconf_mutable()

* Rework read/save config to not save default values

Add and use _readaccountconf_mutable_default and
_saveaccountconf_mutable_default helpers to capture
common default value handling.

New approach also eliminates need for separate
underscore-prefixed version of each conf var.

* Implement _rfc2822_date helper

* Clean email headers and warn on unsupported address format

Just in case, make sure CR or NL don't end up in
an email header.

* Clarify _readaccountconf_mutable_default

* Add Date email header in Python implementation

* Use email.policy.default in Python 3 implementation

Improves standards compatibility and utf-8 handling
in Python 3.3-3.8. (email.policy.default becomes the
default in Python 3.9.)

* Prefer Python to curl when both available

* Change default SMTP_SECURE to "tls"

Secure by default. Also try to minimize configuration errors.
(Many ESPs/ISPs require STARTTLS, and most support it.)

* Update dns_dp.sh

没有encode中文字符会导致提交失败

* No need to include EC parameters explicitly with the private key.
(they are embedded)

* Fixes response handling and thereby allow issuing of subdomain certs

* Adds comment

* fix https://github.com/acmesh-official/acme.sh/issues/3402

* dnsapi/ionos: Use POST instead of PATCH for adding TXT record

The API now supports a POST route for adding records. Therefore
checking for already existing records and including them in a PATCH
request is no longer necessary.

* fix https://github.com/acmesh-official/acme.sh/issues/3433

* fix https://github.com/acmesh-official/acme.sh/issues/3019

* fix format

* Update dns_servercow.sh to support wildcard certs

Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.

* Update dns_servercow.sh to support wildcard certs

Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.

* fix https://github.com/acmesh-official/acme.sh/issues/3312

* fix format

* feat: add dns_porkbun

* fix: prevent rate limit

Co-authored-by: Vahid Fardi <vahid.fardi@snapp.cab>
Co-authored-by: neil <github@neilpang.com>
Co-authored-by: Gnought <1684105+gnought@users.noreply.github.com>
Co-authored-by: manuel <manuel@mausz.at>
Co-authored-by: jerrm <jerrm@users.noreply.github.com>
Co-authored-by: medmunds <medmunds@gmail.com>
Co-authored-by: Mike Edmunds <github@to.mikeedmunds.com>
Co-authored-by: Easton Man <manyang.me@outlook.com>
Co-authored-by: czeming <loser_wind@163.com>
Co-authored-by: Geert Hendrickx <geert@hendrickx.be>
Co-authored-by: Kristian Johansson <kristian.johansson86@gmail.com>
Co-authored-by: Lukas Brocke <lukas@brocke.net>
Co-authored-by: anom-human <80478363+anom-human@users.noreply.github.com>
Co-authored-by: neil <win10@neilpang.com>
Co-authored-by: Quentin Dreyer <quentin.dreyer@rgsystem.com>
2021-03-20 16:01:09 +01:00
Alexander Kulumbeg
2386d2e299
String change 2021-03-20 15:26:32 +01:00
wout
cc7e1a72c1 Retrigger checks 2021-03-14 15:54:28 +01:00
wout
5cc0fa7c98 Retrigger checks 2021-03-14 15:50:16 +01:00
neil
4ce848ab51
Merge pull request #3448 from qkdreyer/dev
Create dns_porkbun.sh
2021-03-14 09:22:18 +08:00
qkdreyer
2e34e11b02 fix: prevent rate limit 2021-03-13 14:53:43 +01:00
Quentin Dreyer
8eda5f36fb feat: add dns_porkbun 2021-03-13 14:25:05 +01:00
neil
3dbe5d872b fix format 2021-03-13 20:46:12 +08:00
neil
96a95ba9fe fix https://github.com/acmesh-official/acme.sh/issues/3312 2021-03-13 20:43:35 +08:00
neil
f594ed659e
Merge pull request #3449 from anom-human/master
Update dns_servercow.sh to support wildcard certs
2021-03-13 20:42:12 +08:00
anom-human
5c4bfbbd95
Update dns_servercow.sh to support wildcard certs
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
2021-03-11 20:25:49 +01:00
anom-human
8733635638
Update dns_servercow.sh to support wildcard certs
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
2021-03-11 19:11:02 +01:00
wout
928aa74e89 Fix typo 2021-03-10 23:36:34 +01:00
wout
8fdfe673e8 Improve the remove handling so it does not print errors 2021-03-10 23:34:21 +01:00
wout
494a6e6090 Fix checks 2021-03-10 16:32:09 +01:00
wout
89bb7e6b0e Add wildcard certificate support for dns_constellix 2021-03-10 16:18:07 +01:00
neilpang
52cfb9a041 fix format 2021-03-04 21:50:54 +08:00
neilpang
3817ddef41 fix https://github.com/acmesh-official/acme.sh/issues/3019 2021-03-04 21:46:36 +08:00
neilpang
0f494c9dd6 fix https://github.com/acmesh-official/acme.sh/issues/3433 2021-03-01 18:13:50 +08:00
neil
3ff97ecf45
Merge pull request #3430 from lbrocke/dns-api-ionos
dnsapi/ionos: Update API to use POST instead of PATCH for adding TXT records
2021-02-27 11:07:07 +08:00
neil
a10c0b516b
Merge pull request #3426 from jakelamotta/master
Fix issue with subdomain certificates in dns_simply
2021-02-26 22:29:48 +08:00
Lukas Brocke
5eb1469dbf dnsapi/ionos: Use POST instead of PATCH for adding TXT record
The API now supports a POST route for adding records. Therefore
checking for already existing records and including them in a PATCH
request is no longer necessary.
2021-02-26 15:27:22 +01:00
neilpang
9a90fe3794 fix https://github.com/acmesh-official/acme.sh/issues/3402 2021-02-25 07:45:36 +08:00
Kristian Johansson
1917c4b04a Adds comment 2021-02-24 17:34:28 +01:00
neil
2b01d4a203
Merge pull request #3423 from ghen2/dev
No need to include EC parameters explicitly with the private key.
2021-02-24 21:46:09 +08:00
Kristian Johansson
c5100219d1 Fixes response handling and thereby allow issuing of subdomain certs 2021-02-24 08:53:35 +01:00
Geert Hendrickx
a730a08161
No need to include EC parameters explicitly with the private key.
(they are embedded)
2021-02-23 10:28:17 +01:00
F-Plass
4bb8e3a121 Update truenas.sh
-error handling
2021-02-21 22:48:31 +01:00
F-Plass
eacc00f786 Update truenas.sh
- check if curl exists
- check if wget exist, then errortext and exit scipt
- _get command "restartUI"  wirh info about curl error 52
2021-02-21 22:42:24 +01:00
czeming
17f5e557ed
Update dns_dp.sh
没有encode中文字符会导致提交失败
2021-02-20 17:16:33 +08:00
neil
c33e5bc40f
Merge pull request #3416 from acmesh-official/dev
sync
2021-02-19 21:33:44 +08:00
neil
06d1a98ad2
Merge pull request #3330 from medmunds/feature/notify-smtp
Implement smtp notify hook
2021-02-19 09:20:24 +08:00
medmunds
afe6f4030e Change default SMTP_SECURE to "tls"
Secure by default. Also try to minimize configuration errors.
(Many ESPs/ISPs require STARTTLS, and most support it.)
2021-02-17 11:39:16 -08:00
medmunds
6e49c4ffe0 Prefer Python to curl when both available 2021-02-17 11:28:50 -08:00
medmunds
28d9f00610 Use email.policy.default in Python 3 implementation
Improves standards compatibility and utf-8 handling
in Python 3.3-3.8. (email.policy.default becomes the
default in Python 3.9.)
2021-02-17 09:57:44 -08:00
medmunds
8f688e5e13 Add Date email header in Python implementation 2021-02-17 09:46:13 -08:00
medmunds
5a182eddbf Clarify _readaccountconf_mutable_default 2021-02-16 14:41:21 -08:00
medmunds
4b615cb3a9 Clean email headers and warn on unsupported address format
Just in case, make sure CR or NL don't end up in
an email header.
2021-02-16 14:02:09 -08:00
medmunds
b36247a091 Implement _rfc2822_date helper 2021-02-16 13:13:26 -08:00
medmunds
6e77756d6a Rework read/save config to not save default values
Add and use _readaccountconf_mutable_default and
_saveaccountconf_mutable_default helpers to capture
common default value handling.

New approach also eliminates need for separate
underscore-prefixed version of each conf var.
2021-02-16 12:49:27 -08:00
medmunds
585c0c3818 Add _clearaccountconf_mutable() 2021-02-16 09:33:39 -08:00
medmunds
6ff75f9a9f Use PROJECT_NAME and VER for X-Mailer header
Also add X-Mailer header to Python version
2021-02-15 12:23:48 -08:00
neilpang
906ef43c00 make the fix for rsa key only 2021-02-15 21:35:59 +08:00
neilpang
4528957235 support openssl 3.0
fix https://github.com/acmesh-official/acme.sh/issues/3399
2021-02-15 21:25:27 +08:00
neil
9d448a42a7
Merge pull request #3409 from eastonman/master
DNSAPI, Huaweicloud DNS: Add error handling
2021-02-15 20:44:09 +08:00
neil
979e10f9d5
Merge pull request #3410 from acmesh-official/dev
sync
2021-02-15 20:03:32 +08:00
Easton Man
31f65b89bb
fix: fix freebsd and solaris 2021-02-15 15:19:18 +08:00
Easton Man
86639dbc02
feat: add huaweicloud error handling 2021-02-15 15:18:49 +08:00
Mike Edmunds
bf8c33703c
Fix: Unifi deploy hook support Unifi Cloud Key (#3327)
* fix: unifi deploy hook also update Cloud Key nginx certs

When running on a Unifi Cloud Key device, also deploy to
/etc/ssl/private/cloudkey.{crt,key} and reload nginx. This
makes the new cert available for the Cloud Key management
app running via nginx on port 443 (as well as the port 8443
Unifi Controller app the deploy hook already supported).

Fixes #3326

* Improve settings documentation comments

* Improve Cloud Key pre-flight error messaging

* Fix typo

* Add support for UnifiOS (Cloud Key Gen2)

Since UnifiOS does not use the Java keystore (like a Unifi
Controller or Cloud Key Gen1 deploy), this also reworks
the settings validation and error messaging somewhat.

* PR review fixes

* Detect unsupported Cloud Key java keystore location

* Don't try to restart inactive services

(and remove extra spaces from reload command)

* Clean up error messages and internal variables

* Change to _getdeployconf/_savedeployconf

* Switch from cp to cat to preserve file permissions
2021-02-15 15:01:21 +08:00
medmunds
ffe7ef4764 More than one blank line is an abomination, apparently
I will not try to use whitespace to group code visually
2021-02-14 20:06:07 -08:00
medmunds
30dae70e2b Implement curl version of smtp notify-hook 2021-02-14 19:56:23 -08:00
medmunds
557a747d55 Prep for curl or Python; clean up SMTP_* variable usage 2021-02-14 16:42:25 -08:00
medmunds
fe273b3829 Add instructions for reporting bugs 2021-02-14 13:10:30 -08:00
medmunds
2439bb30e8 Only save config if send is successful 2021-02-14 13:10:30 -08:00
medmunds
e48b6bd22d Make shfmt happy
(I'm open to better ways of formatting the heredoc
that embeds the Python script.)
2021-02-14 13:10:30 -08:00
medmunds
1de9ffacb0 Implement smtp notify hook
Support notifications via direct SMTP server connection.
Uses Python (2.7.x or 3.4+) to communicate with SMTP server.
2021-02-14 13:10:30 -08:00
F-Plass
93fd6170a3 Update truenas.sh 2021-02-13 12:38:57 +01:00
jerrm
b7c3e6099c
duckdns - fix "integer expression expected" errors (#3397)
* fix "integer expression expected" errors

* duckdns fix

* Update dns_duckdns.sh

* Update dns_duckdns.sh
2021-02-13 18:58:44 +08:00
neilpang
d8163e9835 upgrade freebsd and solaris 2021-02-13 17:27:22 +08:00
neil
12b1916599
Chain (#3408)
* fix https://github.com/acmesh-official/acme.sh/issues/3384
match the issuer to the root CA cert subject

* fix format

* fix https://github.com/acmesh-official/acme.sh/issues/3384

* remove the alt files. https://github.com/acmesh-official/acme.sh/issues/3384
2021-02-13 16:22:31 +08:00
neil
9d8cdb5976
Merge pull request #3401 from gnought/bugfix/preferred_chain_isrg
Updated --preferred-chain to issue ISRG properly
2021-02-12 14:33:02 +08:00
neil
29a7c1938a
Merge pull request #3403 from manuelm/dev
dnsapi/pdns: also normalize json response in detecting root zone
2021-02-12 11:03:38 +08:00
manuel
8636d3139e dnsapi/pdns: also normalize json response in detecting root zone 2021-02-11 11:24:21 +01:00
Gnought
987571ce91
Updated --preferred-chain to issue ISRG properly
To support different openssl crl2pkcs7 help cli format
2021-02-11 01:08:08 +08:00
F-Plass
6f4c5fcc87 Update truenas.sh 2021-02-07 21:25:49 +01:00
F-Plass
a7ca010d4e Update truenas.sh 2021-02-07 21:24:06 +01:00
F-Plass
a836842a7e Update truenas.sh 2021-02-07 21:20:56 +01:00
F-Plass
f8c11a324a Update truenas.sh 2021-02-07 19:19:04 +01:00
F-Plass
052c9be111 Update truenas.sh 2021-02-07 19:12:39 +01:00
F-Plass
854e520528 Update truenas.sh 2021-02-07 19:02:03 +01:00
F-Plass
05737b85eb Update truenas.sh 2021-02-07 18:47:04 +01:00
F-Plass
c8a2308739 Update truenas.sh 2021-02-07 18:42:48 +01:00
F-Plass
ed46a078f9 Update truenas.sh 2021-02-07 16:35:51 +01:00
F-Plass
4f7c2bf8c3 Update truenas.sh 2021-02-07 16:12:24 +01:00
F-Plass
0e341726d2
Edits after DoShellcheck 2021-02-06 23:20:52 +01:00
F-Plass
a4f9746d3a
Danksagung an danb35 2021-02-06 23:03:07 +01:00
F-Plass
556c546b2e
Deploy Scipt for TrueNAs Server
acme .sh deploy Scipt for TrueNAS Server that uses the REST API from TrueNAS.

- Authentification with API Key
- If HTTP redirect is configured, automatik switch to HTTPS
- If WebDAV Certificate is the same as Web UI Certificate, Webdav Certificate get also an updated
- If FTP Certificate is the same as Web UI Certificate, FTP Certificate get also an updated
2021-02-06 22:48:25 +01:00
Alexander Kulumbeg
aa479948f9
Final try, leaving _hmac as before 2021-02-04 19:03:35 +01:00
Alexander Kulumbeg
fa3cee9d58
Update dns_websupport.sh 2021-02-04 18:38:40 +01:00
Alexander Kulumbeg
0021fb8a33
Changing the _hmac auth back
It only works this way, apparently
2021-02-04 17:27:39 +01:00
Alexander Kulumbeg
c8c727e6c6
added hex param to _hmac
but removed "printf "s%" ...
2021-02-04 17:21:33 +01:00
Alexander Kulumbeg
b8494ab3cc
Update dns_websupport.sh 2021-02-04 17:15:22 +01:00
Alexander Kulumbeg
2eda03f5de
Changing the _hmac call into Neil's suggestion 2021-02-04 15:32:51 +01:00
Alexander Kulumbeg
3a38358946
Trying the original solution
_hmac sha1 "$(printf "%s" "$WS_ApiSecret" | _hex_dump | tr -d " ")" hex)
2021-02-04 15:22:53 +01:00
neil
e7fc697e57
Merge pull request #3338 from fvahid/master
update arvan api script
2021-02-04 22:20:00 +08:00
Alexander Kulumbeg
6c9845b9f3
adding the hex parameter to _hmac call 2021-02-04 15:18:39 +01:00
Alexander Kulumbeg
9e146a8a5a
Typo
Forgot a quotation mark on line 161
2021-02-04 15:15:17 +01:00
Alexander Kulumbeg
433d9bfb02
Implementing/testing Neil's suggestions 2021-02-04 15:11:53 +01:00
Alexander Kulumbeg
94917e315e
Testing double 2>/dev/null into _utc_date with sed 2021-02-04 11:18:22 +01:00
Alexander Kulumbeg
ced6852735
2>/dev/null/ to 2>/dev/null
Silly mistake with a "/" -.-
2021-02-04 11:15:13 +01:00
Alexander Kulumbeg
8dc55f417d
Extra test - adding date -u -d
Adding this to at least partially prevent the virtually nonexistent possibility of timestamp and _utc_date() mismatch. If the normal date -u -d does not get converted (looking at you Solaris!), the poor man's method with manipulating the _utc_date() string output kicks in.
2021-02-04 10:13:36 +01:00
Alexander Kulumbeg
3d338bba3c
Fixing the shebang accident 2021-02-04 00:31:46 +01:00
Alexander Kulumbeg
631398f700
sed workaround for "datez" 2021-02-04 00:21:08 +01:00
Alexander Kulumbeg
7984d8cdfb
And again 2021-02-01 20:43:22 +01:00
Alexander Kulumbeg
783a6110ef
Yet another Solaris test 2021-02-01 20:31:05 +01:00
Alexander Kulumbeg
5d4d53c3a1
Testing datez change for Solaris 2021-02-01 18:37:17 +01:00
Alexander Kulumbeg
3014955ece
Fix comments, error msg and time formatting 2021-02-01 18:16:15 +01:00
Alexander Kulumbeg
0481f20c6b
"datez" var and comments 2021-02-01 00:30:36 +01:00
Alexander Kulumbeg
76309601eb
Update dns_websupport.sh 2021-01-31 22:25:13 +01:00
Alexander Kulumbeg
84dd864886
Simplified approach for the HMAC method 2021-01-31 22:16:00 +01:00
Alexander Kulumbeg
7924e01b15
Added a forgotten ")" 2021-01-31 22:04:53 +01:00
Alexander Kulumbeg
dadc70630b
Testing HMAC 2021-01-31 22:02:11 +01:00
Alexander Kulumbeg
effc37a702
Catching up with the current state of things
Catching up with the current state of things
2021-01-30 11:09:39 +01:00
neil
deac3fc918
Merge pull request #3387 from acmesh-official/dev
fix format
2021-01-30 13:42:43 +08:00
neil
e6dea4c92c fix format 2021-01-30 12:05:23 +08:00
neil
075e992fa0
Merge pull request #3386 from acmesh-official/dev
sync
2021-01-30 11:59:28 +08:00
neil
565ca81b30 update readme 2021-01-30 11:44:42 +08:00
neil
58c4eaaf86
fix online install (#3385) 2021-01-30 11:27:18 +08:00
neil
77e8008752
fix docker build (#3383)
* fix dockerhub

* fix

Co-authored-by: neil <win10@neilpang.com>
2021-01-26 22:10:53 +08:00
neil
2ba10fcbc7
Merge pull request #3381 from dgasaway/patch-1
Change ipconfig.co to ifconfig.co
2021-01-26 19:10:23 +08:00
Alexander Kulumbeg
4956a58026
Update dns_websupport.sh 2021-01-25 22:10:27 +01:00
Alexander Kulumbeg
92332fc385
Update dns_websupport.sh 2021-01-25 22:01:41 +01:00
Alexander Kulumbeg
9366f4b40e
Test original implementation by trgosk 2021-01-25 21:55:07 +01:00
dgasaway
f49e8ec5ad
Change ipconfig.co to ifconfig.co
URL https://ipconfig.co/ip does not currently work, and since https://ifconfig.co/ip is mentioned on the DNS API wiki page, I assume these messages were a typo.
2021-01-25 11:46:52 -08:00
neil
cd33647087
Merge pull request #3378 from mayswind/master
update dnspod.com api
2021-01-22 09:22:41 +08:00
neil
71ebcac7f2
Merge pull request #3377 from lbrocke/dns-api-ionos
Add IONOS API support
2021-01-22 09:21:25 +08:00
Lukas Brocke
f06aee21eb dnsapi/ionos: Change to root zone finding algorithm 2021-01-21 16:10:10 +01:00
MaysWind
5fbbc17376 update dnspod.com api 2021-01-21 22:15:23 +08:00
Lukas Brocke
a9d8830106 dnsapi/ionos: Fixes for Solaris 2021-01-20 21:08:58 +01:00
Lukas Brocke
d21e6235ad dnsapi/ionos: Add support for v2 wildcard certificates 2021-01-20 19:08:35 +01:00
neil
289f79bbb0 fix format 2021-01-16 23:50:57 +08:00
neil
768e9f4c09
Merge pull request #3365 from pssara/hotfix/dns_ispconfig.sh-3239-2696
Fixed issue 3239 and 2696 with ISP config
2021-01-16 23:36:59 +08:00
neil
62c776d90c
Merge pull request #3343 from markchalloner/master
Add Peplink deploy hook
2021-01-16 13:26:43 +08:00
pssara
464022bea2 Fixed issue with ISP config where the Client ID was asumed to be the same as the SYS User ID 2021-01-15 15:12:53 +01:00
Mark Challoner
61549b4a74 Add Peplink deploy hook 2021-01-13 20:37:05 +00:00
neil
18df3dc07a
Merge pull request #3333 from mjbnz/patch-1
Add Telegram notify hook
2021-01-12 09:32:07 +08:00
neil
3725724c54
Merge pull request #3352 from senjoo/master
Added RackCorp API Integration
2021-01-11 22:00:45 +08:00
Stephen Dendtler
500a005aac _get_root now does not skip the first label of the domain 2021-01-11 13:03:42 +00:00
Mike Beattie
584cc6de2e
Avoid usage of sed -e 2021-01-11 11:27:39 +13:00
Mike Beattie
2e5a6e21cf
Correct shebang 2021-01-11 11:21:46 +13:00
Stephen Dendtler
b79f63db78 Added RackCorp API Integration 2021-01-10 11:19:16 +00:00
tyahin
7ed7a57d92 deploy gcore_cdn fix syntax 2021-01-10 12:44:56 +03:00
tyahin
1eaf7c89b7 deploy gcore_cdn fix api 2021-01-10 12:39:20 +03:00
tyahin
1fff8dd306 deploy gcore_cdn fix auth 2021-01-10 12:39:12 +03:00
neil
c3a3d02bea fix https://github.com/acmesh-official/acme.sh/issues/3156 2021-01-10 11:48:12 +08:00
neil
a9261970dd
Merge pull request #3347 from JamesTheAwesomeDude/master
Update README to reflect the fact that this is a general-purpose ACME client
2021-01-10 11:06:44 +08:00
neil
b7a3fe05a4
Merge pull request #3349 from acmesh-official/dev
sync
2021-01-10 10:48:51 +08:00
James Edington
ab6b9006b7 This is a general-purpose ACME client. We should be proud of this. 2021-01-08 11:14:39 -07:00
Vahid Fardi
d9a8b057c3 change name actor 2021-01-05 21:31:31 +03:30
Vahid Fardi
2ec6215b1c change Author name 2021-01-05 17:10:41 +03:30
Vahid Fardi
c59a8c9644 change arvan api script 2021-01-05 15:29:08 +03:30
Mike Beattie
10de4b6b7b
Add Telegram notification script
Requires:
- API Token for a bot created with the Telegram Bot Father.
- A Chat ID for a user/group that the bot has permission to post to.
2021-01-04 18:41:02 +13:00
neil
0be214e79e
Merge pull request #3307 from jimp100/patch-1
Corrected regex for duckdns subdomains
2021-01-02 22:29:54 +08:00
neil
d6083c68fd add libidn 2020-12-28 21:10:22 +08:00
Lukas Brocke
22f7ac22d5 dnsapi/ionos: Run shfmt 2020-12-24 13:40:03 +01:00
Lukas Brocke
a00046f9b2 dnsapi/ionos: Add API support for IONOS DNS API
The IONOS DNS API is in beta state, please read [1] on how to get
started.

PLEASE NOTE: The v2 wildcard certification creation [2] is not yet
supported as the IONOS API doesn't allow the creation of multiple TXT
records with the same domain name.

[1] https://beta.developer.hosting.ionos.de/docs/getstarted
[2] https://github.com/acmesh-official/acme.sh/issues/1261
2020-12-24 12:47:28 +01:00
neil
8a24275ba9 add dns check wiki 2020-12-23 20:45:43 +08:00
neil
ca841252bd
Merge pull request #3313 from NerLOR/master
World4You Bugfix unable to parse paketnr
2020-12-22 22:47:01 +08:00
neil
54195b16ad
Merge pull request #3299 from tresni/synology_dsm
Add DSM7 support to synology_dsm deployhook
2020-12-22 22:45:22 +08:00
Lorenz Stechauner
cb90167c76
World4You shellcheck 2020-12-21 09:41:05 +01:00
Lorenz Stechauner
ac4ae85a4a
World4You code refactor 2020-12-21 09:39:09 +01:00
Lorenz Stechauner
48b2a271cc
World4You Bugfix unable to parse paketnr 2020-12-20 20:17:05 +01:00
neil
596807055e
Merge pull request #3289 from vanonox/addScaleway
Add scaleway provider
2020-12-17 22:16:22 +08:00
jimp100
cee20c4eb9
Corrected regex for subdomains
A fix to handle subdomains of a duckdns domain.  I.e.  subdomain.mydomain.duckdns.org
Handles n number of subdomains
2020-12-16 10:11:43 +00:00
neil
15fb47cb3d fix https://github.com/acmesh-official/acme.sh/issues/3300 2020-12-10 20:22:14 +08:00
Brian Hartvigsen
2635dfef96
Shellcheck linting
Also removed unused code
2020-12-09 21:01:44 -07:00
Brian Hartvigsen
7d7789ae96
Support DSM 6 and 7
Small changes for DSM 6:

All fields (except enable_syno_token as explained below) must either be in the GET params or the POST params, you can't mix GET and POST params
enable_syno_token=yes must be in both the GET and POST params.
If enable_syno_token=yes is only in the POST fields, then DSM6 returns a synotoken of --------. If enable_syno_token=yes is only in the GET params, then it returns no synotoken at all. It must be in both to work.
Need to use /webapi/auth.cgi instead of /webapi/entry.cgi
Verified with DSM 6.2.3-25426 Update 2 and DSM 7.0-40850
2020-12-09 20:35:50 -07:00
Thijn
cc69285420
Fix synology_dsm deployhook for DSM 7 2020-12-09 19:47:31 -07:00
Brian Hartvigsen
99d3a283ef
Use POST for login
This allows us to get the cookie and the token (as it appears to be only in the body in DSM 7.)  HTTP_HEADERS is only guarenteed to be output with POST for both wget and curl.
2020-12-09 19:44:14 -07:00
Van Hau TRAN
9b532584d6 fix: fix delete txt record and error mngtt 2020-12-08 16:32:31 +01:00
neil
7576eb38d9
Merge pull request #3287 from nate1010smith/dev
Correct sed regex
2020-12-08 17:43:10 +08:00
neil
8440d013f8 fix 2020-12-07 22:01:30 +08:00
neil
174c87a192 fix 2020-12-07 21:42:31 +08:00
neil
32b62d6d4f fix 2020-12-07 21:41:08 +08:00
neil
a0c2d312e9 start 2.8.9 2020-12-07 21:31:02 +08:00
Van Hau TRAN
5127a9ae3c fix: shell if 2020-12-06 23:20:41 +01:00
Van Hau TRAN
b5653a1c06 feat: add comment and configure workflow ci test 2020-12-06 23:14:25 +01:00
Van Hau TRAN
671bd1022e feat: add scaleway provider 2020-12-06 22:59:36 +01:00
Nate
94bba4ac9c
Correct sed regex
Corrects issue #3285.

The '?' character after a group is not supported in POSIX Basic Regular Expressions. Replacing it with '\{0,1\}' retains the same functionality and also works on non-GNU systems.
2020-12-06 22:45:42 +07:00
neil
fe1136aa95
Merge pull request #3280 from christianbur/patch-7
Update mailcow.sh
2020-12-02 11:55:07 +08:00
neil
8950ffcc5e
Merge pull request #3256 from jakelamotta/dev
Adds DNS-API support for Simply.com
2020-12-02 11:00:08 +08:00
Christian Burmeister
2bc627970e
Update mailcow.sh
I have modified the following things:

    Originally, "/data/assets/ssl/" is always appended to the varialbe ${_mailcow_path}. Since I use acme.sh as docker container, I only want to include the mailcow-ssl directory in the acem.sh container and not the complete mailcow directory. So now it is checked if the file generate_config.sh is in the directory (then it is the mailcow root directory, see https://github.com/mailcow/mailcow-dockerized) and only then "/data/assets/ssl/" is appended, in all other cases the passed variable is taken over unchanged.

    Because of the RP mailcow/mailcow-dockerized#2443 I have extended the script with ECC certificates.

    I adapted the reboot commands as described in the mailcow manual (https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ssl/#how-to-use-your-own-certificate).
2020-12-01 20:30:56 +01:00
neil
44615c6fa2
Merge pull request #3279 from acmesh-official/dev
sync
2020-12-01 21:43:06 +08:00
neil
00f55ea0bc
Merge pull request #3261 from NerLOR/master
Added World4You DNS API
2020-12-01 09:43:14 +08:00
Lorenz Stechauner
be43cebf7d World4You Mac fix 2020-11-30 20:01:43 +01:00
Lorenz Stechauner
f38317d01f World4You Mac debug 2020-11-30 19:56:48 +01:00
Lorenz Stechauner
da839aae66 World4You check response message 2020-11-30 17:57:25 +01:00
jakelamotta
768e00ff1a Merge remote-tracking branch 'upstream/dev' into dev 2020-11-30 11:31:43 +01:00
Lorenz Stechauner
40631f465e World4You updated info strings 2020-11-29 15:22:41 +01:00
Lorenz Stechauner
f665c73bb1 World4You fixed return value 2020-11-29 15:03:54 +01:00
neil
be067466fe
Merge pull request #3132 from jpbede/deploy-cleverreach
Add CleverReach Deploy API
2020-11-29 21:47:05 +08:00
Lorenz Stechauner
3c309df6dd World4You shellcheck cleaning 2020-11-29 14:42:55 +01:00
Lorenz Stechauner
b7e6d98647 World4You grep fix 2020-11-29 14:38:04 +01:00
Lorenz Stechauner
48942de75e World4You cleaning 2020-11-29 13:59:33 +01:00
Lorenz Stechauner
fbcbc10174 World4You Shellcheck 2020-11-29 12:03:51 +01:00
Lorenz Stechauner
342b48105f World4You fix for no redirects 2020-11-29 12:02:05 +01:00
Lorenz Stechauner
5f3e7f02cc World4You _head_n fix 2020-11-29 11:55:49 +01:00
Lorenz Stechauner
bfccf29ccf World4You redirect fix 2020-11-29 11:55:22 +01:00
Lorenz Stechauner
1e3bb1f02b World4You head_n 2020-11-29 11:51:59 +01:00
Lorenz Stechauner
0dcf6771e7 World4you grammar 2020-11-29 11:51:16 +01:00
Lorenz Stechauner
062503c523 Merge branch 'master' of github.com:NerLOR/acme.sh 2020-11-29 11:48:33 +01:00
Lorenz Stechauner
c3d7f2f170 World4You removed _ggrep 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
faf6c16717 World4You success on 302 instead of 302 or 200 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
3d79d78134 World4You using /dev/null instead of grep -q 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
35cab4ee73 World4You using _egrep_o instead of grep -E 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
a0edb8f2ad World4You using ggrep more often 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
5cfe5e312b World4You dns root parsing 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
13f6ec04d5 World4You Bugfix 2 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
2edc4a79b9 World4You Bugfix 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
4661185719 World4You grep -q 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
895da5cbf0 World4You Shellcheck 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
ef9147512b World4You posix shell 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
abe05456f7 World4You domain root fix 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
f9dfd3b348 World4You shellcheck 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
9449501537 World4You using ggrep in solaris 2020-11-29 11:48:08 +01:00
Lorenz Stechauner
f3b5d5ab7b World4You using _egrep_o 2020-11-29 11:46:24 +01:00
Lorenz Stechauner
8ee5726e0c Added World4You DNS API 2020-11-29 11:46:24 +01:00
neil
effa7fd57d add ACME_HTTP_NO_REDIRECTS and _resethttp to make http requests not follow redirects 2020-11-29 18:39:11 +08:00
Lorenz Stechauner
6c039d2ad0 World4You removed _ggrep 2020-11-29 10:43:25 +01:00
Lorenz Stechauner
2dd8527566 World4You success on 302 instead of 302 or 200 2020-11-29 10:33:46 +01:00
neil
fe811ce32e
Merge pull request #3253 from tsoybe/master
fix: wrong ttl  issue#2925
2020-11-29 17:23:15 +08:00
Lorenz Stechauner
9fee0805c4 World4You using /dev/null instead of grep -q 2020-11-29 09:40:35 +01:00
Lorenz Stechauner
1987c32761 World4You using _egrep_o instead of grep -E 2020-11-29 09:34:52 +01:00
Lorenz Stechauner
0ed2659698 World4You using ggrep more often 2020-11-28 17:27:50 +01:00
neil
9878856dfe
Merge pull request #3274 from moritz-h/fritzbox-uconv
uconv as fallback for iconv in fritzbox deploy
2020-11-28 23:11:31 +08:00
Moritz H
ed01fd4edf uconv as fallback for iconv 2020-11-28 15:22:14 +01:00
Lorenz Stechauner
9474933070 World4You dns root parsing 2020-11-28 08:50:47 +01:00
Lorenz Stechauner
f3987b453c World4You Bugfix 2 2020-11-27 22:29:31 +01:00
Lorenz Stechauner
dcb4cb3a1e World4You Bugfix 2020-11-27 22:28:25 +01:00
Lorenz Stechauner
198b840059 World4You grep -q 2020-11-27 22:27:10 +01:00
Lorenz Stechauner
42583cf3bb World4You Shellcheck 2020-11-27 22:25:29 +01:00
Lorenz Stechauner
2e15371d61 World4You posix shell 2020-11-27 22:22:50 +01:00
Lorenz Stechauner
339ff8ca77 World4You domain root fix 2020-11-27 22:12:11 +01:00
Lorenz Stechauner
268eaddad8 World4You shellcheck 2020-11-27 19:35:53 +01:00
Lorenz Stechauner
bb3cc1130b World4You using ggrep in solaris 2020-11-27 19:34:16 +01:00
Lorenz Stechauner
64ae3280e1 Merge branch 'master' of github.com:NerLOR/acme.sh 2020-11-27 17:09:49 +01:00
Lorenz Stechauner
95235d69c2 World4You using _egrep_o 2020-11-27 17:09:31 +01:00
Lorenz Stechauner
d639c7be39 Added World4You DNS API 2020-11-27 17:09:31 +01:00
Lorenz Stechauner
d7cafe25ff
World4You using _egrep_o 2020-11-26 13:59:18 +01:00
neilpang
996f53373e fix https://github.com/acmesh-official/acme.sh/issues/3250 2020-11-25 18:07:54 +08:00
neil
6f55370ad4
Merge pull request #3262 from eastonman/master
feat: Add huaweicloud intl dnsapi
2020-11-25 09:57:26 +08:00
Easton Man
fd511966a7 fix: revert adding tr to replace sed 2020-11-24 12:58:16 +08:00
Easton Man
c4ddddd434 refactor: remove dirty debug code
- add tr to replace sed for robusty
- add comments
2020-11-24 10:05:34 +08:00
Easton Man
83a4db3b31 fix: remove sed before grep, but lead to less robusty 2020-11-23 23:46:06 +08:00
Easton Man
e35ef75949 fix: fix solaris sed and grep issue 2020-11-23 22:18:57 +08:00
jakelamotta
d9dec6fe6b Merge branch 'dev' of https://github.com/jakelamotta/acme.sh into dev 2020-11-23 12:53:48 +01:00
jakelamotta
69bdbaed41 Fix comment 2020-11-23 12:53:06 +01:00
jakelamotta
30f359e642 Fix code style problems 2020-11-23 12:53:06 +01:00
jakelamotta
29d0a1714e Fix code style problems 2020-11-23 12:53:06 +01:00
jakelamotta
fcb97f802f Removes tabs and trailing spaces 2020-11-23 12:53:06 +01:00
jakelamotta
9ad05e640d Removed spaces on empty lines 2020-11-23 12:53:06 +01:00
jakelamotta
449f00f960 Add double quotes to variables 2020-11-23 12:53:06 +01:00
jakelamotta
8e64329d05 Fix CI-errors 2020-11-23 12:53:06 +01:00
jakelamotta
4284777556 Fix indentation and added some debug messages 2020-11-23 12:53:06 +01:00
jakelamotta
81c496d96c Fix comments 2020-11-23 12:53:06 +01:00
jakelamotta
65c06da275 Adds dnsapi support for Simply.com 2020-11-23 12:53:06 +01:00
Easton Man
5d0657c49a fix: fix adding record before removing 2020-11-23 14:57:33 +08:00
Easton Man
f6f6550bfb feat: add very tricky method to adapt to non-intuitive huaweicloud api 2020-11-23 14:25:48 +08:00
Easton Man
e01fb50359 feat: add env var check 2020-11-23 00:32:50 +08:00
Easton Man
28ce1c1249 fix: fix wrong debug output 2020-11-23 00:20:57 +08:00
Easton Man
7db592d27a fix: fix failing ci test 2020-11-23 00:20:57 +08:00
Easton Man
b8e5c0d898 feat: Add huaweicloud intl dnsapi 2020-11-23 00:20:57 +08:00
neil
067c1771d0
Merge pull request #3263 from acmesh-official/dev
sync
2020-11-22 23:20:30 +08:00
neil
349429b76e fix solaris badge 2020-11-22 21:55:55 +08:00
neil
cc8f2afce9 fix for Solaris, and add Solaris to Github actions 2020-11-22 21:41:22 +08:00
Lorenz Stechauner
2e97b20f94 Added World4You DNS API 2020-11-22 11:35:24 +01:00
neil
1a163243ec fix https://github.com/acmesh-official/acme.sh/issues/3259 2020-11-22 12:19:52 +08:00
neil
75660e6f21
Merge pull request #3258 from acmesh-official/dev
sync
2020-11-19 21:39:39 +08:00
neil
199ca77c2a fix for PebbleStrict mode test. 2020-11-19 20:14:28 +08:00
jakelamotta
1e2d2abbdf Fix comment 2020-11-18 18:01:02 +01:00
neil
11b980f574 fix set-env 2020-11-18 23:16:36 +08:00
jakelamotta
3274f9f155 Fix code style problems 2020-11-18 15:55:02 +01:00
jakelamotta
f90f8824bb Fix code style problems 2020-11-18 15:52:46 +01:00
jakelamotta
c7116d40ca Removes tabs and trailing spaces 2020-11-18 15:46:16 +01:00
jakelamotta
6ef66399f8 Removed spaces on empty lines 2020-11-18 15:37:26 +01:00
neil
2b8561f27d fix set-env 2020-11-18 22:23:36 +08:00
jakelamotta
b20d8f195b Add double quotes to variables 2020-11-18 15:12:22 +01:00
jakelamotta
6cf0eb9e1d Fix CI-errors 2020-11-18 14:52:32 +01:00
neil
c349e9aabe fix set-env 2020-11-18 21:19:10 +08:00
neil
6ee38ceaba fix https://github.com/acmesh-official/acme.sh/issues/3252 2020-11-17 22:52:05 +08:00
jakelamotta
c60613fbcb Fix indentation and added some debug messages 2020-11-17 14:20:45 +01:00
jakelamotta
bcc1b7b48a Fix comments 2020-11-17 13:49:32 +01:00
jakelamotta
b19cb0805c Adds dnsapi support for Simply.com 2020-11-17 13:19:55 +01:00
tsoybe
7dfc5a78ba
Update dns_desec.sh
Deletion to
2020-11-12 22:09:31 +01:00
tsoybe
a077132d82
Update dns_desec.sh
ttl must be greater than or equal 3600, see https://desec.readthedocs.io/en/latest/dns/domains.html#domain-object
2020-11-12 22:04:05 +01:00
neil
8ed6be6307
Merge pull request #3220 from edglynes/dev
Akamai EdgeDNS Support
2020-11-11 11:55:32 +08:00
Ed Lynes
c490dd1563 add quotes to resolve shell check failure 2020-11-09 10:36:12 -05:00
Ed Lynes
d866b3df1f convert key to hex before calling _hmac 2020-11-09 10:16:57 -05:00
Ed Lynes
97f3fb4496 Merge branch 'dev' of https://github.com/acmesh-official/acme.sh into dev 2020-11-09 09:17:33 -05:00
neil
7530266330 remove dependency to md5 and awk 2020-11-09 20:14:22 +08:00
neil
6a53f356d2
Merge pull request #3246 from MaxPeal/MaxPeal-patch-ppc64le-s390x
add linux/ppc64le and linux/s390x
2020-11-05 09:30:15 +08:00
MaxPeal
075dc1e4e9
add linux/ppc64le and linux/s390x 2020-11-05 01:25:07 +01:00
neil
97b87d4ce4
Merge pull request #3111 from pashinin/master
Vault deploy hook (using curl)
2020-11-02 22:37:43 +08:00
Sergey Pashinin
e203e98375
Use _savedeployconf 2020-11-02 16:46:09 +03:00
Sergey Pashinin
9fcd104065
Use _getdeployconf for env vars 2020-11-02 13:35:12 +03:00
neil
178e0ba87c
Merge pull request #3237 from ma331/patch-1
Anexia CloudDNS Support
2020-11-02 11:58:40 +08:00
Ed Lynes
cc40110d7e refactored sig timestamp generation 2020-10-30 13:12:45 -04:00
ma331
d58fb2bbc0
Speedup for _get_root function 2020-10-30 14:13:32 +01:00
ma331
812333e9ae
Changed comment once more 2020-10-29 14:01:08 +01:00
ma331
92bbdce435
changed comment 2020-10-29 13:35:53 +01:00
ma331
bc62d49fc9
removed empty line to make shfmt happy 2020-10-29 13:04:29 +01:00
ma331
fe54d5b8ae
fixed spacing in two lines 2020-10-29 12:51:49 +01:00
ma331
7cc30c268b
Script to use with Anexia CloudDNS 2020-10-29 11:14:44 +01:00
Ed Lynes
df60a2248a fix typo 2020-10-28 15:20:24 -04:00
Ed Lynes
aa85d0ffeb trigger commit 2020-10-28 09:05:14 -04:00
Jan-Philipp Benecke
1db963361c
Rework based on review from Neilpang 2020-10-28 13:50:40 +01:00
Ed Lynes
8a55b20284 Merge branch 'dev' of https://github.com/edglynes/acme.sh into dev 2020-10-27 14:01:52 -04:00
Ed Lynes
beec349bc5 Merge branch 'dev' of https://github.com/acmesh-official/acme.sh into dev 2020-10-27 13:40:18 -04:00
neil
b025ed6057 Update LetsEncrypt.yml 2020-10-27 13:39:11 -04:00
Adrian Fedoreanu
27a54bcbaa fix dnsapi/dns_1984hosting 2020-10-27 13:39:11 -04:00
Ed Lynes
6b20993d2a fix format 2020-10-27 13:39:11 -04:00
Ed Lynes
9ab16bdbb3 use _digest instead of openssl 2020-10-27 13:39:11 -04:00
neil
23088bc897 Update LetsEncrypt.yml 2020-10-27 13:39:11 -04:00
neil
054a62de60 Update DNS.yml 2020-10-27 13:39:10 -04:00
Ed Lynes
5aff548794 remove uuidgen 2020-10-27 13:39:10 -04:00
Rene Luria
ff8fe7e018 Revert "Fix DNS workflow use variables TEST_DNS_SLEEP and TEST_DNS_NO_WILDCARD"
This reverts commit f864416e39.
2020-10-27 13:39:10 -04:00
Rene Luria
c6617ebc9f Fix DNS workflow use variables TEST_DNS_SLEEP and TEST_DNS_NO_WILDCARD 2020-10-27 13:39:10 -04:00
Rene Luria
15fa0c264f dnsapi/dns_infomaniak.sh: Replace grep by _contains 2020-10-27 13:39:10 -04:00
Rene Luria
25468f55ff Added dnsapi/dns_infomaniak.sh 2020-10-27 13:39:10 -04:00
neil
2340c55d76 update freebsd 2020-10-27 13:39:10 -04:00
neil
13c1f4ab19 update badge 2020-10-27 13:39:10 -04:00
neil
a160b798ca update badge 2020-10-27 13:39:10 -04:00
neil
71f00a9efd minor 2020-10-27 13:39:10 -04:00
neil
967096f01c update freebsd-vm 2020-10-27 13:39:10 -04:00
neil
7616e94fd3 fix message 2020-10-27 13:39:10 -04:00
neil
27ec69fb97 add FreeBSD 2020-10-27 13:39:10 -04:00
neil
182d150eaa add curl to freebsd 2020-10-27 13:39:10 -04:00
neil
098ef976f7 add freebsd 2020-10-27 13:39:10 -04:00
neil
ea724e343b enable for any branches. 2020-10-27 13:39:09 -04:00
neil
85736d697c fix debug info 2020-10-27 13:39:09 -04:00
neil
576a146ed2 add debug info for duckdns 2020-10-27 13:39:09 -04:00
neil
69c5291e52 fix for Windows 2020-10-27 13:39:09 -04:00
neil
4875ef045a support more dns tokens 2020-10-27 13:39:09 -04:00
neil
369cfc2413 use testall target 2020-10-27 13:39:09 -04:00
neil
491842ea34 fix https://github.com/acmesh-official/acme.sh/issues/3159 2020-10-27 13:39:09 -04:00
Ed Lynes
9801876a2f shfmt fixes 2020-10-27 13:39:09 -04:00
Ed Lynes
9c28a04c65 add alt nonce generation logic 2020-10-27 13:39:09 -04:00
Ed Lynes
596a1764ef vetted by shfmt 2020-10-27 13:39:09 -04:00
Ed Lynes
8e09e1b248 debugging and cleanup 2020-10-27 13:39:09 -04:00
Ed Lynes
d5674c85d7 initial commit 2020-10-27 13:39:09 -04:00
Ed Lynes
ed6649b1d3 Merge branch 'dev' of https://github.com/acmesh-official/acme.sh into dev 2020-10-26 10:12:58 -04:00
neil
02baa778c5
Merge pull request #3232 from acmesh-official/dev
sync
2020-10-26 14:35:05 +08:00
neil
5fd0e5add2
Update DNS.yml 2020-10-21 15:07:25 +08:00
neil
23eccb2f20
Update LetsEncrypt.yml 2020-10-21 15:00:33 +08:00
neil
3c523fb824
Merge pull request #3227 from phedoreanu/dns_1984hosting
fix dnsapi/dns_1984hosting
2020-10-20 17:42:26 +08:00
Adrian Fedoreanu
5dbfc2786d
fix dnsapi/dns_1984hosting 2020-10-19 22:29:16 +02:00
Ed Lynes
c61495df52 fix format 2020-10-16 10:32:01 -04:00
Ed Lynes
6ad5ea1696 use _digest instead of openssl 2020-10-16 10:16:25 -04:00
neil
39fa27a2dc
Merge pull request #3221 from acmesh-official/dev
sync
2020-10-16 19:10:08 +08:00
neil
348bae53fe
Update LetsEncrypt.yml 2020-10-16 18:47:27 +08:00
neil
6bc00fc5e5
Update DNS.yml 2020-10-16 18:47:02 +08:00
Ed Lynes
54c0f015f9 Merge branch 'edgedns' into dev 2020-10-14 14:50:52 -04:00
Ed Lynes
ea3e6dae93 remove uuidgen 2020-10-14 14:49:09 -04:00
Ed Lynes
80e52c73b0 Merge branch 'edgedns' into dev 2020-10-14 13:41:51 -04:00
Marcel Waldvogel
92dbe6cdf8 Simplify and clarify SunOS crontab differences 2020-10-12 14:20:40 +02:00
Marcel Waldvogel
0781e8cf12 Use random hour for cron job
The hour for the cron job isn't really random (as is the minute),
but assuming acme.sh installation times are not correlated, neither
will be the resulting cron start times.
2020-10-12 13:52:57 +02:00
neil
5c893f0f39
Merge pull request #3191 from Infomaniak/dev
Added dnsapi/dns_infomaniak.sh
2020-10-12 09:16:49 +08:00
Rene Luria
e05dc99006 Revert "Fix DNS workflow use variables TEST_DNS_SLEEP and TEST_DNS_NO_WILDCARD"
This reverts commit f864416e39.
2020-10-10 18:20:26 +02:00
Rene Luria
f864416e39 Fix DNS workflow use variables TEST_DNS_SLEEP and TEST_DNS_NO_WILDCARD 2020-10-10 18:19:29 +02:00
Rene Luria
472dbd641c dnsapi/dns_infomaniak.sh: Replace grep by _contains 2020-10-10 18:19:29 +02:00
Rene Luria
05141b4f52 Added dnsapi/dns_infomaniak.sh 2020-10-10 18:19:29 +02:00
Arnaud Launay
b71a088da7 Revert "no private functions"
This reverts commit d76fb566a2.
2020-10-10 11:46:32 +02:00
Arnaud Launay
d76fb566a2 no private functions 2020-10-10 11:02:47 +02:00
Arnaud Launay
24a40af103 Merge remote-tracking branch 'upstream/dev' into dev 2020-10-09 17:32:30 +02:00
neil
4a60292f82 update freebsd 2020-10-09 17:22:17 +02:00
neil
784b914e07 update freebsd 2020-10-09 22:33:21 +08:00
Arnaud Launay
7eea866869 BMN -> BookMyName 2020-10-05 15:57:52 +02:00
Arnaud Launay
4ab5456a98 keep shfmt happy 2020-10-05 15:49:00 +02:00
Arnaud Launay
8881a9f40e Add BookMyName API support 2020-10-05 15:46:18 +02:00
neil
4db7f6f59c update badge 2020-10-02 17:17:31 +08:00
neil
edbf8509e1 Merge branch 'dev' of https://github.com/acmesh-official/acme.sh into dev 2020-10-02 17:11:26 +08:00
neil
a017fbadd3 update badge 2020-10-02 17:11:04 +08:00
neil
201f4b7e4a
Merge pull request #3203 from neilpangtest/dev
Dev
2020-10-02 17:04:29 +08:00
neil
c9ff536e24 minor 2020-10-02 16:20:27 +08:00
neil
238efb02c6 update freebsd-vm 2020-10-02 16:17:16 +08:00
Jan-Philipp Benecke
f7e12b629f
Update CleverReach REST Endpoint 2020-10-01 11:26:29 +02:00
Ed Lynes
7cbca7fc1e Merge branch 'dev' into edgedns 2020-09-28 14:14:58 -04:00
neil
be7b87cda3 fix message 2020-09-28 21:50:20 +08:00
neil
07979a13fb add FreeBSD 2020-09-24 22:57:26 +08:00
neil
9073c4554f add curl to freebsd 2020-09-24 22:18:38 +08:00
neil
8694e0ad19 add freebsd 2020-09-24 21:37:51 +08:00
neil
60fe987a5f enable for any branches. 2020-09-21 19:57:10 +08:00
Ed Lynes
86256162de Merge branch 'dev' into edgedns 2020-09-18 08:43:41 -04:00
neil
db24ca3dc1 fix debug info 2020-09-14 22:29:23 +08:00
neil
5e3aa2db1d add debug info for duckdns 2020-09-14 22:22:36 +08:00
neil
b74a501fac fix for Windows 2020-09-14 21:51:21 +08:00
neil
490a7d4a78 support more dns tokens 2020-09-13 00:16:04 +08:00
neil
b147195189 use testall target 2020-09-12 14:22:18 +08:00
neil
b561666d80 fix https://github.com/acmesh-official/acme.sh/issues/3159 2020-09-12 08:47:46 +08:00
Ed Lynes
a0b5305e3e Merge branch 'dev' into edgedns 2020-09-11 12:47:16 -04:00
neil
e7a6c17260 fix dns check 2020-09-11 23:35:27 +08:00
neil
c8ee9e6447 add dns api check 2020-09-11 23:11:26 +08:00
neil
f2d350002e
Merge pull request #3164 from acmesh-official/dev
sync
2020-09-11 09:24:35 +08:00
neil
fabd26f85b check token first 2020-09-08 22:44:43 +08:00
neil
17dcf7d2e5
Merge pull request #2973 from StefanAbl/master
Update dynv6 dns api to allow custom domains
2020-09-07 15:40:17 +08:00
neil
6f62995c96 remove ZeroSSL test 2020-09-06 12:29:23 +08:00
neil
f405f4bbc4 fix zerossl 2020-09-06 12:22:09 +08:00
neil
98124de362 add email for zerossl 2020-09-06 11:31:22 +08:00
neil
1e4ea90021 add zerossl test 2020-09-06 11:26:53 +08:00
neil
053f4a9a2e
Merge pull request #3154 from acmesh-official/dev
sync
2020-09-05 20:33:12 +08:00
neilpang
2c7d2230b3 minor 2020-09-04 18:25:00 +08:00
neil
040e0d8387
Merge pull request #3146 from ym/dev
fix misaka.io api: breaking changes introduced by apiv1
2020-09-03 21:50:09 +08:00
Siyuan Miao
b5c382f929 fix misaka.io api: breaking changes introduced by apiv1 2020-09-03 21:46:54 +08:00
neilpang
0c9c1ae673 fix https://github.com/acmesh-official/acme.sh/issues/3140 2020-09-02 18:22:39 +08:00
neil
da0e0bdaec
Merge pull request #3141 from acmesh-official/dev
sync
2020-09-01 22:39:33 +08:00
neil
1f5b6a6a35 fix filter to *.yml 2020-09-01 21:39:44 +08:00
neil
d25b2890be split shellcheck 2020-09-01 21:34:44 +08:00
neil
d73438a397 update comments 2020-09-01 21:30:56 +08:00
Ed Lynes
e91538a554 Merge branch 'dev' into edgedns 2020-08-31 13:48:04 -04:00
Ed Lynes
8a3b514372 Merge branch 'master' into edgedns 2020-08-31 13:27:01 -04:00
StefanAbl
7eca955b79 merge second rebase against upstream/master 2020-08-31 09:25:42 +02:00
StefanAbl
4242354c03 fix shfmt error 2020-08-31 09:20:10 +02:00
StefanAbl
8728389c88 formatting 2020-08-31 09:20:10 +02:00
StefanAbl
6651801b3f formatting 2020-08-31 09:17:56 +02:00
StefanAbl
9190ce3701 no supporting HTTP API as well 2020-08-31 09:17:13 +02:00
StefanAbl
90e2064d72 first attempt to make travis happy 2020-08-31 09:16:55 +02:00
StefanAbl
943d419f98 Added support for custom domains 2020-08-31 09:14:47 +02:00
StefanAbl
551316bcb6 formatting 2020-08-31 09:09:10 +02:00
StefanAbl
9dd5089940 formatting 2020-08-31 09:09:10 +02:00
StefanAbl
06e7ebbdeb no supporting HTTP API as well 2020-08-31 09:09:10 +02:00
StefanAbl
a83b16e12a first attempt to make travis happy 2020-08-31 09:09:10 +02:00
StefanAbl
91a8b97cf4 Added support for custom domains 2020-08-31 09:09:10 +02:00
neil
41754c92c3 --preserve-env 2020-08-30 23:26:10 +08:00
neil
e544995b83
Merge pull request #3133 from acmesh-official/dev
Sync
2020-08-29 23:39:43 +08:00
neil
45cf5c4c0f trigger build 2020-08-29 23:23:07 +08:00
neil
900eedfc2e fix checktoken 2020-08-29 23:19:21 +08:00
neil
faaa7bfa3a check token before run 2020-08-29 23:14:18 +08:00
neil
70366a98bd fix if 2020-08-29 14:33:33 +08:00
neil
e88180b4d5 fix if 2020-08-29 14:19:17 +08:00
neil
b639683ac1 don't run if "${{ secrets.NGROK_TOKEN }}" is not set. 2020-08-29 14:11:11 +08:00
neil
918c8f9295 filer events 2020-08-29 13:14:28 +08:00
neil
c2214cd4b5 minor 2020-08-29 13:06:58 +08:00
neil
7d7e5bac12 add comments 2020-08-29 09:54:02 +08:00
StefanAbl
185b558561 fix shfmt error 2020-08-28 19:46:45 +02:00
neil
4632035581 no need to run for PR from dev to master 2020-08-29 01:32:10 +08:00
StefanAbl
d7f81dff23 merged rebase into master 2020-08-28 19:32:01 +02:00
StefanAbl
c849738c6f formatting 2020-08-28 19:20:16 +02:00
StefanAbl
3cd7a2e6d6 formatting 2020-08-28 19:20:16 +02:00
StefanAbl
0d4904f05d no supporting HTTP API as well 2020-08-28 19:19:43 +02:00
StefanAbl
0b539a5977 first attempt to make travis happy 2020-08-28 19:18:42 +02:00
StefanAbl
395fdc9d61 Added support for custom domains 2020-08-28 19:18:18 +02:00
neil
3b3d7eff3c remove \r 2020-08-29 00:35:33 +08:00
neil
763c05313b 80 port of github windows server is already used. 2020-08-28 23:54:39 +08:00
neil
9f80df3fcb add unzip 2020-08-28 23:31:18 +08:00
neil
f170ee9e59 add Windows 2020-08-28 23:18:05 +08:00
Ed Lynes
339218508d shfmt fixes 2020-08-28 09:55:20 -04:00
neil
f0c710b245 Update LetsEncrypt.yml 2020-08-28 20:11:39 +08:00
neil
e66337a1db fix badge 2020-08-28 20:11:39 +08:00
neil
e087bccd33 remove travis 2020-08-28 20:11:39 +08:00
neil
8017774bf3 add token 2020-08-28 20:11:38 +08:00
neil
5f4d08ada5 fix name 2020-08-28 20:11:38 +08:00
neil
1ad450d753 add ubuntu test in github actions 2020-08-28 20:11:38 +08:00
neil
f1692b3436 begin 2.8.8 2020-08-28 20:10:12 +08:00
Jan-Philipp Benecke
2a9c56d9e3
Formatting for CI 2020-08-28 11:30:23 +02:00
Jan-Philipp Benecke
39a5688464
Make CI happy 2020-08-28 11:28:06 +02:00
Jan-Philipp Benecke
e4e6173eff
CleverReach Deploy API 2020-08-28 11:21:20 +02:00
Ed Lynes
cf7334eb7d add alt nonce generation logic 2020-08-27 17:40:07 -04:00
neil
fdb96e91f1 match issuer ignoring case 2020-08-27 21:41:18 +08:00
neil
844c5027ea
Merge pull request #3131 from acmesh-official/dev
add set-default-ca
2020-08-27 21:20:23 +08:00
neilpang
8d0e485120 add set-default-ca 2020-08-27 18:07:26 +08:00
Ed Lynes
281ee1a853 vetted by shfmt 2020-08-26 18:07:46 -04:00
Ed Lynes
a0bf29e600 Merge branch 'master' into edgedns 2020-08-26 16:13:48 -04:00
Ed Lynes
d66c430e46 debugging and cleanup 2020-08-26 16:11:11 -04:00
Sergey Pashinin
f511a52705
Using _post function 2020-08-24 00:05:21 +03:00
Ed Lynes
a674e410e0 initial commit 2020-08-21 17:15:18 -04:00
neil
fc63445c80
Merge pull request #3126 from acmesh-official/dev
Sync
2020-08-22 00:57:06 +08:00
neil
0c15655574
Merge pull request #3125 from lcts/usage-cleanup
Update individual 'Usage: ...'-messages to match showhelp()
2020-08-22 00:55:44 +08:00
neilpang
328b6d1cc6 add docker hub badge 2020-08-21 18:19:26 +08:00
Christopher Engelhard
b67d663a38 fix wrong options listed in --ecc help entry 2020-08-21 12:19:26 +02:00
Christopher Engelhard
dd6c5c9eea add documentation for --password option 2020-08-21 12:15:45 +02:00
Christopher Engelhard
2e87e64bd1 update individual Usage: messages to match showHelp 2020-08-21 12:12:30 +02:00
neil
08c210d833
Merge pull request #3124 from acmesh-official/dev
sync
2020-08-21 18:11:13 +08:00
neil
a9403013df
Merge pull request #3069 from PedroLamas/pedrolamas/multi-arch-build
Fixes #3068 - Adds docker multi-arch support
2020-08-21 18:05:52 +08:00
Pedro Lamas
05477c1a03
Fixes Dockerfile 2020-08-21 11:03:53 +01:00
Pedro Lamas
fcb6198a82
More updated following PR comments 2020-08-21 10:55:07 +01:00
Pedro Lamas
410d0bc125
Updates following PR comments 2020-08-21 10:40:13 +01:00
Pedro Lamas
abc62b9348
more 2020-08-21 10:34:43 +01:00
Pedro Lamas
6fbf33c8f4
More changes 2020-08-21 10:17:54 +01:00
neil
0ceb750dc7
Merge pull request #3119 from lcts/usage-cleanup
Update showhelp() message & add some hyphenated option forms for clarity & consistency
2020-08-21 16:26:02 +08:00
Christopher Engelhard
a48c22d14f add missing blank lines after links to wiki 2020-08-21 09:58:58 +02:00
Christopher Engelhard
1521199e44 add hidden alias --to-pkcs for --to-pkcs12 2020-08-21 09:56:57 +02:00
Christopher Engelhard
2910be82a4 revert change of --no-color option 2020-08-21 09:54:47 +02:00
Christopher Engelhard
07fdb087dc fix typo 2020-08-21 09:53:04 +02:00
Christopher Engelhard
58150f5dcd change --pkcs to --pkcs12 2020-08-21 09:53:04 +02:00
Christopher Engelhard
e7a6ff39f9 fix wrong indentation 2020-08-21 09:53:04 +02:00
Christopher Engelhard
b086afb272 fix some more issues in showhelp() 2020-08-21 09:53:04 +02:00
Christopher Engelhard
7decf76883 group commands logically, rearrange option forms in _process()
Commands have been reordered in showhelp() to a more consistent grouping,
help > version > install > certs > csr > account > cron > other

All option alternatives in _process() case statement have been reordered toshow the canonical variants first, legacy variants after.
2020-08-21 09:53:04 +02:00
Christopher Engelhard
d81369d63a add hyphenated options, fix wrong -ccr in usage() 2020-08-21 09:53:04 +02:00
Christopher Engelhard
c0fbe8237b reformat usage message for consistency & clarity 2020-08-21 09:53:04 +02:00
neil
58923b2846
Merge pull request #3099 from Alexilmarranen/dev
Issue2547 wrong url construction for multiple dns services
2020-08-20 22:10:34 +08:00
neil
d9f9477a52
move badge
move badge
2020-08-20 21:44:37 +08:00
neil
966c744992 minor, just move badge position 2020-08-20 21:41:36 +08:00
neil
ddc91ce7c3
Merge pull request #3122 from acmesh-official/dev
Add pebble strict to CI
2020-08-20 21:34:38 +08:00
neil
7e5107d90f
Merge pull request #3121 from acmesh-official/peb
Add pebble strict to CI
2020-08-20 21:33:32 +08:00
neil
c1668c9bdb add pebble badge 2020-08-20 21:26:42 +08:00
neil
7ddc2ccf1a add TEST_CA 2020-08-20 21:06:21 +08:00
neil
3cd85fb395 install socat 2020-08-20 20:54:27 +08:00
neil
b805ea9bf6 fix dir 2020-08-20 20:52:42 +08:00
neil
edd76f595a fix dir 2020-08-20 20:37:23 +08:00
neil
c131b63852 typo 2020-08-20 20:32:22 +08:00
neil
a70f377388 add pebble 2020-08-20 20:18:53 +08:00
neil
50f76446a9
Merge pull request #3118 from acmesh-official/dev
sync
2020-08-20 09:24:02 +08:00
neil
15ce3ec41a
Merge pull request #3117 from acmesh-official/fix-preferred-chain-for-renewal
fix preferred chain for renewal
2020-08-20 09:14:48 +08:00
neil
b7b01999d9
fix preferred chain for renewal
fix https://github.com/acmesh-official/acme.sh/issues/3116
2020-08-20 09:13:44 +08:00
Alexilmarranen
956114fc42 Issue2336 Add subdomain (3 and more) support
Fix for issue in https://github.com/acmesh-official/acme.sh/issues/2336#issuecomment-670522738
2020-08-19 00:50:18 +03:00
neil
bb3a986859 Merge branch 'dev' of https://github.com/acmesh-official/acme.sh into dev 2020-08-18 23:28:25 +08:00
neil
50fefc3bb0 minor 2020-08-18 23:28:06 +08:00
neil
c5eea2e7c5
Merge pull request #3113 from acmesh-official/dev
sync
2020-08-18 23:16:05 +08:00
neil
19555a98ed
Merge pull request #3112 from olibu/dev
Dev: Fix issue #2833
2020-08-18 22:30:30 +08:00
neil
9021f006f0 update shfmt 2020-08-18 22:22:03 +08:00
Oliver Burgmaier
2d5f14388e Revert "Removed content for clean pull request"
This reverts commit ab47bf6451.
2020-08-18 14:52:23 +02:00
Oliver Burgmaier
ab47bf6451 Removed content for clean pull request 2020-08-18 14:01:02 +02:00
Oliver Burgmaier
d8bd45c2bd Fix issue #2833 with backslash in JSON
Backslash will be removed form JSON responses for each request
and for the initial configuration request
2020-08-18 13:53:48 +02:00
Sergey Pashinin
de692d3dcc
Vault deploy hook 2020-08-18 13:14:00 +03:00
neil
4adb525513
Merge pull request #3109 from acmesh-official/dev
Support github actions
2020-08-17 23:17:03 +08:00
neil
72235a5f72 add shellcheck badge 2020-08-17 23:13:00 +08:00
neil
b6508cccec
Merge pull request #3108 from acmesh-official/ga
support Github Actions
2020-08-17 22:59:46 +08:00
neil
d9e7cf659e
Update ci.yml 2020-08-17 22:52:59 +08:00
neil
cf500cd817 fix 2020-08-17 22:50:19 +08:00
neil
f1338aca84 fix 2020-08-17 22:49:09 +08:00
neil
284de4ac5d add actions 2020-08-17 22:46:52 +08:00
neil
19c4345162 fix shfmt 2020-08-17 22:18:20 +08:00
neil
d5d38b3331 support multiple intermediate CA matching for --preferred-chain 2020-08-17 22:06:02 +08:00
neil
bd04638d27 minor 2020-08-16 17:36:24 +08:00
neil
2f0d0e7c7a
Merge pull request #3105 from acmesh-official/dev
sync
2020-08-16 17:12:46 +08:00
neil
0b531e9fbc fix format 2020-08-16 16:59:08 +08:00
neil
e3ebd582ec support "--preferred-chain" to select chain
https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain
2020-08-16 16:57:06 +08:00
neil
95ef046d0a fix https://github.com/acmesh-official/acme.sh/issues/3103 2020-08-15 12:32:15 +08:00
neil
21fd46d66b
Merge pull request #3104 from acmesh-official/dev
sync
2020-08-15 10:35:16 +08:00
neil
b3a801df11 fix test endpoint 2020-08-15 10:33:24 +08:00
neil
a6d22e3b22 1. save the CA url anyway.
2. clear some code.
2020-08-13 23:12:30 +08:00
neil
0415c050a5 remove gitads 2020-08-13 23:04:19 +08:00
neil
014396cf11
Merge pull request #3082 from kappernet/dev
initial kapper.net DNS API support
2020-08-13 17:34:50 +08:00
kapper.net support account
70488f9c56 Merge branch 'dev' of https://github.com/kappernet/acme.sh into dev 2020-08-13 00:24:11 +02:00
kapper.net support account
0052ab7148 more mutable + style-update
more mutable config-read-calls
more details for TXT records info + errors;
typo fixed (create instead of delete)
2020-08-13 00:23:57 +02:00
Harald Kapper
f725040dd5
Merge pull request #6 from acmesh-official/dev
sync upstream
2020-08-12 23:55:25 +02:00
kapper.net support account
f131863642 now with "_saveaccountconf_mutable"
_saveaccountconf_mutable instead of _saveaccountconf now used.

Co-Authored-By: kapper.net support account <33451837+kappernet@users.noreply.github.com>
2020-08-12 23:48:11 +02:00
neil
8791047005
Merge pull request #3101 from acmesh-official/dev
sync
2020-08-12 22:33:55 +08:00
neil
836a293f16
Merge pull request #3100 from acmesh-official/eab
Suppor EAB and Zerossl.com
2020-08-12 22:31:03 +08:00
neil
1177cc3f29 fix format 2020-08-12 22:09:37 +08:00
neil
269847d19d Add CA name to the --list command output. 2020-08-12 21:45:20 +08:00
neil
df22f68088 Add info for set-default-ca 2020-08-12 21:25:35 +08:00
neil
d83d8552b8 Add "--server" wiki 2020-08-12 21:17:15 +08:00
neil
365aa69afd fix format 2020-08-12 20:48:53 +08:00
neil
578c338d40 Display ZeroSSL usage 2020-08-12 20:48:53 +08:00
neil
389518e1b8 1. move email to ca conf
2. get EAB credentials from Zerossl by email automatically
2020-08-12 20:48:53 +08:00
neil
d42ff227f1 fix format 2020-08-12 20:48:53 +08:00
neil
737e9e48ca 1. Support short names for --server parameter, The valid values are: letsencrypt, letsencrypt_test, buypass, buypass_test and zerossl
2. Support Zerossl.com acme protocol.
3. Add "--set-default-ca  --server xxxx" command to set the default CA to use.
2020-08-12 20:48:52 +08:00
neil
f96d91cb6c eab 2020-08-12 20:48:52 +08:00
neil
85503655ab Display ZeroSSL usage 2020-08-12 20:47:17 +08:00
neil
8d811760a9 1. move email to ca conf
2. get EAB credentials from Zerossl by email automatically
2020-08-12 20:43:44 +08:00
Alexilmarranen
4e0de22375
Issue2547 wrong url construction for multiple dns services
Fix for problem in https://github.com/acmesh-official/acme.sh/issues/2547#issuecomment-672830796
2020-08-12 15:17:54 +03:00
neil
7cfbf100eb
Merge pull request #3098 from andybotting/dev
Rename openstack to dns_openstack
2020-08-12 10:10:52 +08:00
Andy Botting
edbe026b49 Rename openstack to dns_openstack
Although the DNS API dev guide at https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide
says `The script file name must be myapi.sh`, it should really
be names dns_myapi.sh for consistency.
2020-08-12 11:24:45 +10:00
neil
1e967eceef fix format 2020-08-11 23:45:12 +08:00
neil
7d20db93d3 1. Support short names for --server parameter, The valid values are: letsencrypt, letsencrypt_test, buypass, buypass_test and zerossl
2. Support Zerossl.com acme protocol.
3. Add "--set-default-ca  --server xxxx" command to set the default CA to use.
2020-08-11 23:28:52 +08:00
Harald Kapper
fb05a42d2e
Merge pull request #3 from acmesh-official/dev
sync upstream
2020-08-09 04:31:07 +02:00
neil
9490ae1440
Merge pull request #3095 from acmesh-official/dev
fix format
2020-08-09 09:56:00 +08:00
neil
e932be0fb3 eab 2020-08-09 09:53:22 +08:00
neil
70b49980cb fix format 2020-08-09 09:40:22 +08:00
neil
5e6ee5fd48
Merge pull request #3092 from acmesh-official/dev
sync
2020-08-07 12:10:35 +08:00
neil
a2d872a9f0
Merge pull request #3087 from draevin/dev-netlify
Add Netlify API support
2020-08-05 09:21:10 +08:00
Draevin Luke
e8bcde31b7
Add Netlify API support 2020-08-04 16:33:24 -07:00
neil
40cda9220a fix https://github.com/acmesh-official/acme.sh/issues/3077 2020-08-03 21:22:32 +08:00
kapper.net support account
a494683bc8 Merge branch 'dev' of https://github.com/kappernet/acme.sh into dev 2020-08-02 15:59:59 +02:00
kapper.net support account
2ba6a85eca fix multiple txt-records delete + API update
new API version
fix to delete specific TXT records for wildcard-certs with LE

Co-Authored-By: Harald Kapper <hknet@users.noreply.github.com>
2020-08-02 15:59:46 +02:00
kapper.net support account
0e58158a59
Merge pull request #2 from acmesh-official/dev
sync upstream
2020-08-02 13:56:52 +02:00
neil
af740592c9
Merge pull request #3073 from vi9076/dev
Fix failed test in acmetest. Item alpine:latest - test 12
2020-08-02 14:41:40 +08:00
neil
c9452c9f31
Merge pull request #2574 from rewqazxv/master
Fix sudo issue
2020-08-02 14:31:45 +08:00
kapper.net support account
494a1603e4 Update dns_kappernet.sh
add issue-link in sourcecode

Co-Authored-By: Harald Kapper <hknet@users.noreply.github.com>
2020-08-02 01:41:26 +02:00
kapper.net support account
5207e111e1 initial kapper.net DNS API support
hopefully this time we get it right ;)

Co-Authored-By: Harald Kapper <hknet@users.noreply.github.com>
2020-08-02 00:19:28 +02:00
neil
06995fb080
Merge pull request #3075 from jpmens/patch-2
Remove unecessary word from README.md
2020-07-28 09:34:48 +08:00
neil
1f5cafc2d1
Update README.md 2020-07-28 09:32:15 +08:00
JP Mens
f190de39a6
Remove unecessary word from README.md 2020-07-27 14:34:35 +02:00
neil
272ab746a6
Merge pull request #3071 from pdxgf1208/dev
Update dns_dynv6.sh
2020-07-27 15:57:07 +08:00
neil
fce0bf6e59
Merge pull request #3070 from phedoreanu/replace_response_equals_with_contains
replace response equals with contains
2020-07-27 15:54:05 +08:00
neil
5957786b2c
Merge pull request #3072 from tresni/synology_dsm
Support for DS218+
2020-07-27 15:52:37 +08:00
Vinton Huang
4f3f4e23e4 Fix failed test in acmetest. Item alpine:latest - test 12: le_test_standandalone_deactivate_v2
- Message of failed test [1]: /root/.acme.sh/acme.sh --deactivate -d testdocker.acme.sh [FAIL]
- Reason of failure: left brace was not escaped. According to the standard [2], if special chars appear first in an ERE, it will produce undefined results.
- egrep from busybox (and thus alpine) take it as an error, but egrep from GNU grep (included in most distros) and *BSD are more tolerant, just ignore it.
- Fix: consider the right brace at the right-hand side of the ERE, the result string will not contain right brace. So the left-hand side should not contain left brace, too.
[1] 446939706e/logs/alpine-latest.out (L119)
[2] 9.4.3 ERE Special Characters, The Open Group Base Specifications. https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap09.html
2020-07-27 03:55:07 +08:00
Brian Hartvigsen
5f5096e1d4
Addressing issues found in DS218+ DSM
DS218+ appears to have a slighly different DSM that sends back headers in lowercase.

Reported by @BartSiwek in #2727
2020-07-25 21:56:18 -06:00
12bbf7608ae1
4b35aef728
Update dns_dynv6.sh
Add support for domains like '*.v6.rocks'
2020-07-25 21:48:11 +08:00
Adrian Fedoreanu
6a0ed51f5e
replace response equals with contains 2020-07-24 16:28:34 +02:00
Pedro Lamas
67360e93b8
Correctly labels Docker images per branch 2020-07-24 09:25:58 +01:00
Pedro Lamas
f18f4c69f2
Adds Docker multi-arch build support 2020-07-23 14:57:16 +01:00
neil
41435578d2
Merge pull request #3055 from andybotting/openstack-dns
Add OpenStack Designate DNS API support
2020-07-16 13:45:01 +08:00
neil
7f33ae3bee
Merge pull request #3059 from andybotting/dev
Fix CI test failure for deploy/openstack.sh
2020-07-16 13:44:40 +08:00
neil
645135bf56
Merge pull request #3051 from szepeviktor/patch-2
Upgrade Travis image
2020-07-16 13:44:02 +08:00
Viktor Szépe
eb9005ad74
Fix SC2236 2020-07-16 06:18:46 +02:00
Viktor Szépe
14089f8c6a
Fix SC2236 2020-07-16 06:18:12 +02:00
Viktor Szépe
49094120d9
Fix SC2236 2020-07-16 06:17:11 +02:00
Viktor Szépe
fe4111a9f5
Fix SC2236 2020-07-16 06:14:50 +02:00
Viktor Szépe
61613bee98
Fix SC2230 2020-07-16 06:13:15 +02:00
Andy Botting
3ce967d8e5 Fix CI test failure for deploy/openstack.sh 2020-07-16 13:53:21 +10:00
Andy Botting
aad9afad59 Add OpenStack Designate DNS API support
This provider relies on the the python-openstackclient and
python-designateclient tools be installed and working, with
either password or application credentials loaded in your env.
2020-07-16 13:25:59 +10:00
neil
8cbbd022fc
Merge pull request #3057 from andybotting/openstack-deploy
Add OpenStack Barbican deploy support
2020-07-16 09:24:12 +08:00
Andy Botting
9b23cd6d19 Add OpenStack Barbican deploy support
This provider relies on the the python-openstackclient and
python-designateclient tools be installed and working, with
either password or application credentials loaded in your env.
2020-07-16 09:59:40 +10:00
Viktor Szépe
d94f241d3c
Upgrade Travis image 2020-07-15 20:45:11 +02:00
neil
bb7c11adf1
Merge pull request #3049 from acmesh-official/dev
sync
2020-07-15 21:32:07 +08:00
neil
5c295254bf fix format 2020-07-15 21:31:14 +08:00
neil
236e8cc95c add gitads 2020-07-15 21:30:17 +08:00
neil
421973e0d9
Merge pull request #3046 from acmesh-official/dev
sync
2020-07-14 21:56:08 +08:00
neil
e2a5af1cf7 fix format 2020-07-14 21:49:50 +08:00
StefanAbl
65aa7b1084 formatting 2020-07-13 16:01:46 +02:00
StefanAbl
f8c8330258 formatting 2020-07-13 15:49:25 +02:00
StefanAbl
f5411ac9ab no supporting HTTP API as well 2020-07-13 15:42:45 +02:00
neil
f31debc09c fix format 2020-07-13 21:03:57 +08:00
neil
6654d7a919 fix format 2020-07-13 20:56:58 +08:00
neil
44743b5f6f
Merge pull request #3043 from robertoetcheverryr/dev
Added check for Authentication failure in dns_dynu module
2020-07-13 14:54:16 +08:00
robertoetcheverryr
f80276584f Added check for Authentication failure in dns_dynu module 2020-07-12 23:43:03 -03:00
neil
cda41debfc
Merge pull request #3042 from andrewheberle/patch-2
Use base64 for docker reload command
2020-07-13 09:40:14 +08:00
neil
2c50d01c26
Merge pull request #3039 from vi9076/master
Update "Tested OS" section of README.md
2020-07-13 09:35:51 +08:00
andrewheberle
01ebb6576d
Use base64 for reload
Ensure that reload command is encoded with base64 so special characters in command do not wreck config on renewals
2020-07-13 09:31:47 +08:00
Vinton Huang
aaca0b6f76 Update "Tested OS" section of README.md
- Update openSUSE build badge file name (opensuse-leap.svg -> opensuse-leap-latest.svg)
- Update link target of build badge (letest -> acmetest), for item 1-12, 15, 16, 18, 19, 21
- Update Proxmox document link for 5.2 and later
2020-07-11 19:50:16 +08:00
neil
84e1f3649f
Merge pull request #3035 from acmesh-official/dev
sync
2020-07-08 23:12:19 +08:00
neil
0ab2cfaf8b
Merge pull request #3029 from licaon-kter/patch-2
Fix typo candindates
2020-07-08 22:25:20 +08:00
neil
0545d6f083
Merge pull request #3031 from peterkelm/patch-1
Reflect recent Variomedia API changes
2020-07-08 22:24:14 +08:00
neil
d804228956 fix https://github.com/acmesh-official/acme.sh/issues/3032 2020-07-08 22:22:06 +08:00
neil
f7d70df2ba
Merge pull request #3033 from grindsa/ecc_sign
Prepending for ecc signature
2020-07-08 22:10:31 +08:00
neil
4daef52991
Merge pull request #3034 from acmesh-official/dev
sync
2020-07-08 21:30:43 +08:00
grindsa
a329547682 prepending for ecc signature
leftpadding "0" if _ec_s and _ec_r are to short
2020-07-08 11:59:20 +02:00
peterkelm
f02af8d481
Reflect recent Variomedia API changes
Spaces were recently removed from the JSON "response" returned by Variomedia's API.
2020-07-07 22:56:51 +02:00
neil
dd6c067832 fix format 2020-07-07 20:52:00 +08:00
Licaon_Kter
dbc435506c
Fix typo candindates 2020-07-07 12:06:37 +00:00
neil
f00e289014 fix format 2020-07-07 20:02:48 +08:00
neil
1dffaba266 fix format 2020-07-07 19:58:02 +08:00
neil
958a2f4274
Merge pull request #3017 from metaquanta/master
dns_duckdns.sh - correctly extract domain
2020-07-05 21:52:26 +08:00
Matthew
21718a69d3
Update dns_duckdns.sh
Don't depend on eregex in sed
2020-07-03 07:48:38 -04:00
neil
c650ae0e19
Merge pull request #3015 from TonyGravagno/dev
Trivial text changes
2020-07-03 16:59:47 +08:00
neil
9ed435d04a
Merge pull request #3023 from tomsommer/patch-1
unoeuro.com is now simply.com
2020-07-03 16:42:20 +08:00
neil
fed6a0c24e
Merge pull request #3024 from snvad/fix2963-dns_regru
Fix bug in dns_regru.sh (#2963)
2020-07-03 16:41:33 +08:00
snv
44b9a8e7ed fix new line at end of file 2020-07-02 13:18:37 +04:00
snv
c16757b03a add some debug output and fix data in GET request 2020-07-02 12:59:24 +04:00
snv
5d0dde5c15 main changes 2020-07-02 12:23:46 +04:00
Tom Sommer
f60356e8c7
Username not required to contain "UE" 2020-07-02 09:48:05 +02:00
Tom Sommer
cdf8f78962
unoeuro.com is now simply.com
Maintaining the naming of the API (for backwards compatibility), but renaming hostname.
2020-07-02 09:47:05 +02:00
Matthew
4539d236df
dns_duckdns.sh - correctly extract domain
$fulldomain could be just 'domain.duckdns.org' if provided with --domain-alias or '_acme-challenge.domain.duckdns.org' otherwise. In the latter case, '_acme-challenge' is thrown away. Correctly extract 'domain' in both cases.
2020-06-30 07:19:41 -04:00
Matthew
8718ac0c4b
duckdns doesn't permit subdomains or underscores 2020-06-30 02:22:08 -04:00
Tony Gravagno
94787d537a
Issue #2849 Trivial variable name fix from apacheMajer to apacheMajor 2020-06-29 11:51:55 -07:00
Tony Gravagno
bb8cff967e
Merge branch 'dev' of https://github.com/TonyGravagno/acme.sh into dev 2020-06-29 11:31:18 -07:00
Tony Gravagno
eca57beec1
Issue #2850 : grammar corrections for "exists" and "exist". 2020-06-29 11:29:10 -07:00
neil
58b4eb04f9
Merge pull request #3002 from msamoylych/dev
dns_hexonet: Fix removing DNS records
2020-06-25 23:15:15 +08:00
msamoylych
a9d46297c4
Update dns_hexonet.sh
Fix removing DNS records
2020-06-24 12:26:11 +03:00
msamoylych
e9edecf34a
Update dns_hexonet.sh
Remove useless &
2020-06-24 12:25:23 +03:00
neil
71a5f0e84e
Merge pull request #3000 from acmesh-official/dev
sync
2020-06-24 13:38:03 +08:00
neil
fb22ee94d9
Merge pull request #2917 from mdbraber/lexicon_output_fix
Lexicon output fix
2020-06-10 22:45:39 +08:00
Maarten den Braber
f03904ebce change to --output QUIET 2020-06-09 09:57:36 +02:00
StefanAbl
6cc9f49d97 first attempt to make travis happy 2020-05-31 19:09:27 +02:00
StefanAbl
f5f0680ec7 Added support for custom domains 2020-05-31 18:49:39 +02:00
neil
60e04b9065
Merge pull request #2961 from DerVerruckteFuchs/master
Fix broken grep so that One984HOSTING_COOKIE actually gets set, and isn't left empty.
2020-05-26 21:39:47 +08:00
DerVerruckteFuchs
025da92450 Handle case insensitivity for HTTP/1.1 headers. 2020-05-26 02:00:05 -04:00
neil
5de4aa091b
Merge pull request #2962 from grindsa/retry-after-fix
retry-timer fix
2020-05-26 09:34:46 +08:00
grindsa
1fe8235a85 Update acme.sh 2020-05-25 20:28:05 +02:00
DerVerruckteFuchs
0ab14399ae Fix broken grep so that One984HOSTING_COOKIE actually gets set, and isn't left empty. 2020-05-25 12:04:26 -04:00
neil
15dded712c fix retry
https://github.com/acmesh-official/acme.sh/issues/2939#issuecomment-632481658
2020-05-24 18:04:47 +08:00
neil
8837f7e6e8
Merge pull request #2929 from PMExtra/dev
Support multiple servers for SSH deployment
2020-05-24 18:02:56 +08:00
neil
e8defd821a update readme 2020-05-23 20:37:06 +08:00
neil
5d6effeff5
Merge pull request #2955 from dandv/patch-2
Fix sloppy English
2020-05-23 20:31:59 +08:00
Dan Dascalescu
427c278012
Fix sloppy English 2020-05-22 10:28:29 -07:00
PM Extra
a78a09f594 Support multiple servers for SSH deployment. 2020-05-22 18:15:38 +08:00
neil
59fd48cfe2 support Retry-After header
https://github.com/acmesh-official/acme.sh/issues/2939
2020-05-21 22:32:19 +08:00
neil
cc78ab4855
Merge pull request #2923 from mdbraber/add-provider-transip
Add TransIP provider
2020-05-21 22:27:50 +08:00
Maarten den Braber
063562261e Fix string truncation for POSIX 2020-05-19 23:09:16 +02:00
Maarten den Braber
70619dd0b7 Remove debugging 2020-05-19 20:07:14 +02:00
Maarten den Braber
63031fb278 bugfixes 2020-05-19 20:04:23 +02:00
neil
7f924a56b3
Merge pull request #2950 from acmesh-official/revoke
fix https://github.com/acmesh-official/acme.sh/issues/2880
2020-05-19 23:32:41 +08:00
neil
114f2a1465 fix https://github.com/acmesh-official/acme.sh/issues/2880 2020-05-19 23:26:58 +08:00
Maarten den Braber
5d2777634a Fix forgotten then 2020-05-19 16:43:39 +02:00
Maarten den Braber
2d5b4a0003 Change if-statement for private keys to more portable version 2020-05-19 16:39:49 +02:00
Maarten den Braber
adfa1704e2 Update nonce calculation to use acme.sh methods instead of openssl
command
2020-05-19 16:38:23 +02:00
neil
ab3fd6be8f
Merge pull request #2942 from gassan/dns-hetzner
Added dnsapi/dns_hetzner.sh
2020-05-19 22:18:19 +08:00
neil
47702d075e
Merge pull request #2945 from ianw/rax-lookup
dns_rackspace: search for domain
2020-05-19 22:12:45 +08:00
neil
341f000b9c
Merge pull request #2947 from kref/patch-1
fix octal escapes for printf %b format
2020-05-19 13:45:42 +08:00
kref
0deea53931
fix octal escapes for printf %b format
Stop it from misinterpreting a following digit as part of the escape sequence
2020-05-19 13:27:00 +08:00
Ian Wienand
8b3d792bec dns_rackspace: search for domain
The current call uses the /domains end-point which lists all domains.
This only returns 100 domains at a time, so for long domain lists you
may not match and find the required ID.

Switch to using the search interface that only returns values matching
the requested domain.  This will avoid missing results.

Reported by @jjamfd.

Closes: #2944
2020-05-18 15:29:31 +10:00
Gassan Gousseinov
b82c48b66f shfmt 2020-05-17 23:09:22 +02:00
Gassan Gousseinov
fa91516dce added dnsapi/dns_hetzner.sh 2020-05-17 21:40:54 +02:00
Maarten den Braber
4954b44d8e Remove default key file (leave it to the user to explicitly specify) 2020-05-16 16:18:05 +02:00
neil
d132e51ac7
Merge pull request #2922 from QDaniel/QDaniel-patch-INWX
INWX fix Domain Limit #1491
2020-05-16 21:43:31 +08:00
neil
243b6ae985
Merge pull request #2931 from dvaerum/dev
Bug fix: DNS TXT entries will now be removed for dns_gdnsdk.sh
2020-05-16 21:39:06 +08:00
neil
8780ba3626
Merge pull request #2935 from tresni/synology_dsm
Update Synology DSM deploy hook
2020-05-16 21:02:32 +08:00
Brian Hartvigsen
694194be2f
Shellcheck fix
SYNO_Certificate gets set by _getdeployconf, so this may be an empty string but that's fine
2020-05-16 02:25:53 -06:00
Brian Hartvigsen
c7f61f8b80
Allow rotating the default certificate which has no description
This means, by default, we will rotate the default certificate that comes with the DSM
2020-05-16 02:02:23 -06:00
Brian Hartvigsen
3a7c7fe4e8
Fix shellcheck issues 2020-05-16 00:19:18 -06:00
Brian Hartvigsen
668967a719
If SYNO_Create is not set here, print the nice message 2020-05-16 00:05:35 -06:00
Brian Hartvigsen
d15c14ab93
Fix support for wget
I'm actually not entirely sure why/how this worked with curl but not wget, but it did.  The short answer is that using a GET does not result in the HTTP_HEADER file being written, instead you must pass in the http_headers param ($2) which will return the HTTP headers as a string.  Luckily, the Token is in both the body and the header.  We need it and the id (and smid if 2fa) cookie to proceed.  So now we parrse the response for that instead of the HTTP_HEADER file.

Interesting side note: wget is fine if the URL contains a \r or \n, but curl will barf on it.  So we need to make sure those are stripped from the token as it will be passed in the URL later.
2020-05-15 23:53:00 -06:00
Brian Hartvigsen
52b81608a1
need to _url_encode anything sent in GET requests
Fixes issue raised by @tatablack
2020-05-15 23:48:50 -06:00
Dennis Vestergaard Værum
048f754d83 Bug fix: DNS TXT entries will now be removed for dns_gdnsdk.sh 2020-05-14 23:04:08 +02:00
Ian Epperson
748cb28017 Add Discord notification 2020-05-13 10:39:11 -07:00
Maarten den Braber
d5ef3a3f8c Formatting issues 2020-05-13 17:07:19 +02:00
Maarten den Braber
e768e285ce Remove extra newline 2020-05-13 16:49:42 +02:00
Maarten den Braber
a102d775b2 Formatting issues 2020-05-13 16:49:07 +02:00
Maarten den Braber
65e82b03ad Fix CI errors 2020-05-13 16:11:53 +02:00
Maarten den Braber
80a636bd14 Fix extra space 2020-05-13 16:08:34 +02:00
Maarten den Braber
a4c57ee363 Add TransIP provider 2020-05-13 15:35:51 +02:00
QDaniel
94bf54e7e0
INWX fix Domain Limit #1491 2020-05-13 12:14:27 +02:00
neil
b18ce5ade0
Merge pull request #2872 from honzahommer/feat/notify-teams
Add Microsoft Teams notify
2020-05-10 22:50:15 +08:00
Honza Hommer
99793bb2c4
chore: remove shellcheck disable 2020-05-09 12:26:16 +02:00
neil
093936e594
Merge pull request #2914 from philband/philband-patch-1
Add support for Njalla DNS API
2020-05-08 22:40:31 +08:00
Maarten den Braber
036a37e351 Nullify output from lexicon_cmd to prevent getting wrong return codes 2020-05-07 23:19:02 +02:00
Philipp Bandow
d904df57ca
Bugfix error message in rest function 2020-05-07 15:45:47 +02:00
Philipp Bandow
d507979ec1
Make CI happy: Remove extraneous new line 2020-05-07 15:41:09 +02:00
Philipp Bandow
9bbcfead67
Bugfix shell format error 2020-05-07 15:37:59 +02:00
Philipp Bandow
81036894c0
Add new DNS Provider: Njalla 2020-05-07 15:28:00 +02:00
neil
9044adecb5 start 2.8.7 2020-05-04 08:43:47 +08:00
neil
9190fdd42c
Merge pull request #2903 from acmesh-official/dev
sync
2020-05-04 08:41:37 +08:00
neil
eab35605e4 remove sudo 2020-05-03 11:01:02 +08:00
neil
28b65a7e7b
Merge pull request #2898 from ThiloGa/dyndnsfree
adding support for dyndnsfree.de
2020-05-03 10:50:29 +08:00
neil
5d1d2308b4
Merge pull request #2900 from felixbuenemann/patch-2
Fix HAProxy Deploy Hook OCSP Update
2020-05-03 10:45:56 +08:00
Felix Bünemann
cf5952f508
fix haproxy deploy hook ocsp update
fixes ocsp reponse update failing with `Responder Error: unauthorized (6)`
by removing `-no_nonce` switch from `openssl oscp` command .
2020-05-02 22:14:21 +02:00
ThiloGa
3b0d7bc4ad
typo fixing 2020-05-02 08:29:44 +02:00
ThiloGa
22f8ab110e
typo fixing 2020-05-02 08:26:26 +02:00
neil
8f2d085d28
Merge pull request #2899 from acmesh-official/dev
sync
2020-05-01 23:55:21 +08:00
neil
c3d7f5b28b build on docker hub 2020-05-01 23:44:56 +08:00
ThiloGa
45e6000619 adding support for dyndnsfree.de 2020-05-01 06:25:19 +02:00
neil
7cd00a6760
Merge pull request #2886 from Ritbit/Fix_openprovider.sh_#2104
#2104 Fix openprovider.sh
2020-04-29 21:19:02 +08:00
neil
cecc53fed3
Merge pull request #2892 from acmesh-official/dev
sync
2020-04-29 10:46:04 +08:00
neil
58c2c70146 fix https://github.com/acmesh-official/acme.sh/issues/2888 2020-04-29 10:42:17 +08:00
neil
ad9f488df6 fix https://github.com/acmesh-official/acme.sh/issues/2888 2020-04-29 10:38:21 +08:00
neil
b19799bc72 fix https://github.com/acmesh-official/acme.sh/issues/2888 2020-04-29 10:19:35 +08:00
neil
1209b9b86e fix https://github.com/acmesh-official/acme.sh/issues/2888 2020-04-29 10:15:13 +08:00
neil
da957a3caf fix https://github.com/acmesh-official/acme.sh/issues/2888 2020-04-29 10:12:29 +08:00
Bas van Ritbergen
1bfd0f0149 Update dns_openprovider.sh
fixed shebang shell to be as suggested
2020-04-27 15:41:50 +02:00
Bas van Ritbergen
3ff48b8559 Update dns_openprovider.sh
#2104  Fix wildcard handling & custom NS config for OpenProvider DNS
2020-04-27 15:34:20 +02:00
neil
6ba1eda96f fix https://github.com/acmesh-official/acme.sh/issues/2883#issuecomment-619215961 2020-04-25 22:44:00 +08:00
neil
dddfe07867
Merge pull request #2879 from blablup/OPNsense_dns
Allow old and new API response for OPNsense Plugin
2020-04-24 22:16:03 +08:00
neil
054f67eeb8
Merge pull request #2877 from vktg/loopia300ttl
DNS Loopia min 300 TTL
2020-04-24 22:13:27 +08:00
neil
65c59c8c30
Merge pull request #2882 from acmesh-official/dev
sync
2020-04-24 22:10:38 +08:00
Honza Hommer
24925a1739
feat: add default colors 2020-04-22 21:13:52 +02:00
Jesai Langenbach
c49b40ee95 Allow old and new API response
CLOSES #2480
2020-04-21 11:43:08 +02:00
Viktor G
c06db30a65 DNS Loopia min 300 TTL 2020-04-20 21:05:40 +03:00
neil
0ed6fef49b
Merge pull request #2876 from wurzelpanzer/easydns-updates
easyDNS API out of beta
2020-04-20 21:45:48 +08:00
wurzelpanzer
9bad11ec79 easyDNS API out of beta
Added new links to API docs and API access signup
2020-04-20 08:49:08 +02:00
Honza Hommer
74cdcde449
fix: remove :xdigit: 2020-04-19 23:59:35 +02:00
neil
1613461504
Merge pull request #2869 from wwebers/fix_opnsense
Fix for latest "os-bind" plugin
2020-04-19 20:39:25 +08:00
neil
0043f3558c
Merge pull request #2870 from softcat/fix/inwx-api
Fix for INWX DNS API (multiple domains and 2FA enabled failing)
2020-04-19 20:36:47 +08:00
Honza Hommer
a9c4b8dd1a
feat: Microsoft Teams notify 2020-04-19 01:03:04 +02:00
Nils Sandmann
5d00edc896
Fix multiple domains with 2FA, reuse session cookie 2020-04-18 18:54:43 +02:00
Nils Sandmann
3bad815982
Better error handling on login, return correct return code 2020-04-18 18:52:08 +02:00
Wolfram Webers
08cc7587ab - Adding fix for latest "os-bind" plugin 2020-04-18 18:11:24 +02:00
neil
458c0db3a8
Merge pull request #2868 from acmesh-official/reason
fix format
2020-04-18 22:35:27 +08:00
neil
a995333081 fix format 2020-04-18 22:34:32 +08:00
neil
8eb608a839
Merge pull request #2866 from acmesh-official/reason
support revoke reason.
2020-04-18 20:16:24 +08:00
neil
1041c9f9fc support revoke reason.
https://github.com/acmesh-official/acme.sh/issues/2856
2020-04-18 20:03:48 +08:00
neil
1564742b76 add comments 2020-04-18 19:38:38 +08:00
neil
b887fd153d
Merge pull request #2843 from der-berni/patch-1
Update to work with new one.com procedure
2020-04-18 19:22:47 +08:00
neil
d083674fb1
Merge pull request #2779 from honzahommer/notify/mail.sh
Add msmtp command to notify/mail.sh
2020-04-18 19:00:42 +08:00
neil
ed7a945261 add comment message. 2020-04-18 18:59:33 +08:00
neil
ef5ffa939f
Merge pull request #2864 from siwyd/fix-updating-empty-email
Fix: allow removal of email address as contact
2020-04-18 18:55:03 +08:00
neil
d842ccb287 fix format error 2020-04-18 18:51:08 +08:00
neil
233893f122
Merge pull request #2863 from mod242/master
Filter out blank lines
2020-04-18 18:50:22 +08:00
Simon Wydooghe
2febdfc363
Fix: allow removal of email address as contact
It seems the current code doesn't allow for removing the email address
from the contact field. This fixes that. This only removes the email
address if an explicit empty email address is specified on the command
line or in the account.conf file. If it is left unspecified on the
command line it still just uses whatever was configured in the
account.conf.
2020-04-17 15:53:15 +02:00
mod242
2c971a2598
Filter out blank lines
Response from the provider has changed so that there are blank lines at the end, which leads to the result can not be parsed correctly
2020-04-16 20:03:34 +02:00
neil
b4c3c20e5e
Merge pull request #2797 from EAliakbar/arvandns
Adding Arvan Dns Api
2020-04-12 14:09:54 +08:00
neil
b6fbb012ad
Merge pull request #2749 from dkerr64/ssh-deploy
Updates to ssh_deploy hook
2020-04-12 13:58:44 +08:00
neil
7f4db5a731
Merge pull request #2855 from maidmeow4/master
Fix a typo in dns_he.sh on line 27
2020-04-12 13:47:24 +08:00
喵喵喵喵四
4dfdfa0b7d
Fix typo on line 27 2020-04-12 12:28:07 +08:00
neil
dbf659c575
Merge pull request #2854 from acmesh-official/dev
sync
2020-04-12 12:11:11 +08:00
neil
cd8e04471c Merge branch 'dev' of https://github.com/acmesh-official/acme.sh into dev 2020-04-12 11:48:43 +08:00
neil
93de1e4903 un-escape json chars
fix https://github.com/acmesh-official/acme.sh/issues/2833
2020-04-12 11:48:24 +08:00
neil
2df43c9e2b
Merge pull request #2847 from woutd/fix-constellix-api-domain-search
Constellix made changes to their API.
2020-04-12 10:49:35 +08:00
neil
5ace44493a fix comments 2020-04-12 10:47:41 +08:00
neil
a57ba3d81c update comments 2020-04-12 10:38:31 +08:00
neil
6298112531
Merge pull request #2852 from phedoreanu/dns_1984hosting
add dns_1984hosting.sh
2020-04-12 10:15:52 +08:00
neil
25afca55f6
Merge pull request #2853 from scottw/master
show response when unable to retrieve DNS records for a zone
2020-04-12 09:41:00 +08:00
Scott Wiersdorf
52a16c917f show response when unable to retrieve DNS records for a zone 2020-04-11 11:24:30 -06:00
Adrian Fedoreanu
eef9a60037
add dns_1984hosting dns api 2020-04-10 23:34:00 +02:00
Wout
e158b5ccf6 Constellix made changes to their API. They added more search capabilities, but the changes are not backwards compatible. We need to use the exact parameter instead of name now. 2020-04-09 19:15:32 +02:00
neil
f03d7efb5e
Merge pull request #2845 from woutd/fix-constellix-domain-id
Fixes getting the correct domain id using Contellix API.
2020-04-09 20:21:50 +08:00
der-berni
da7b1fb014
cleanup according to styleguide / ShellCheck 2020-04-09 12:17:08 +02:00
Wout
62378d063e Fixes getting the correct domain id using Contellix API. 2020-04-07 22:34:05 +02:00
der-berni
5fac282ee0
Update to work with new one.com procedure
Since some Months, its no longer possible to add TXT Records with the Name "_acme-challenge" to the base domain.
To override the fallback value, you must use a CNAME and proxy it.
For example.
CNAME _acme-challenge.yourdomain.com => proxy_acme-challenge.yourdomain.com
The TXT Records have to be created on proxy_acme-challenge.yourdomain.com

Since the default CNAME TTL is 3600 seconds, it is recommended to leave the CNAME record.
But if you would like to use the build-in SSL (for your web-site etc.) from one.com, you have to delete the record.

A new variable "ONECOM_KeepCnameProxy" you can set in the account.conf is used to keep the CNAME record.
By default the CNAME record will be removed.

For ex.: SAVED_ONECOM_KeepCnameProxy='1'
to keep the CNAME Record and speedup the process.
2020-04-07 19:25:39 +02:00
neil
6eff873a07
Merge pull request #2783 from Blfrg/dns_me
dns_me id parse using only sed
2020-04-06 10:32:09 +08:00
neil
1fb306c9d3
Merge pull request #2841 from aattww/master
Add support for Joker.com
2020-04-06 10:29:55 +08:00
aattww
c064b3896a Change command check to fully pass shellcheck 2020-04-06 01:13:59 +03:00
aattww
8400d1e60e Add bugs report link 2020-04-05 22:07:20 +03:00
aattww
5530e74382 Initial release 2020-04-05 21:57:37 +03:00
neil
47a38a8977
Merge pull request #2839 from acmesh-official/dev
sync
2020-04-05 13:47:08 +08:00
neil
47883a94a6 support auto-comment 2020-04-05 13:46:02 +08:00
neil
ca19bbd366
Merge pull request #2831 from olibu/dev
Dev
2020-04-04 11:36:48 +08:00
Oliver Burgmaier
7595808d26 fix #2828 mailto compliant to RFC6068
This fix removes the space between "mailto:" and the email address to
make the contact attribute compliant to RFC6068.
2020-04-01 20:35:07 +02:00
Oliver Burgmaier
37d22a144a fix #2830 Autorization segment typo fixed
This fixes the parsing of the authorization segment in the response of
an order. Without this fix the start of the array is not found
correctly and therefore the finalize URL is part of the authorization
segment. Changing the regex to *\[[^\[]*\] fix this. Seems to be a typo
which has not been recognized so far. This can be only recognized if
the response is in a single line.
2020-04-01 20:31:06 +02:00
Oliver Burgmaier
dc697a6862 fix #2830 Autorization segment typo fixed
This fixes the parsing of the authorization segment in the response of
an order. Without this fix the start of the array is not found
correctly and therefore the finalize URL is part of the authorization
segment. Changing the regex to *\[[^\[]*\] fix this. Seems to be a typo
which has not been recognized so far. This can be only recognized if
the response is in a single line.
2020-04-01 20:24:40 +02:00
neil
5398bac533
Merge pull request #2823 from acmesh-official/dev
sync
2020-03-31 21:36:26 +08:00
neil
9984a168cb
Merge pull request #2822 from xiaohuilam/patch-1
Try incrementing cert issuing waiting counter.
2020-03-31 21:15:30 +08:00
neil
286f3713b0
Merge pull request #2816 from netpok/patch-2
Fix invalid domain error on dns_cf update
2020-03-31 21:08:59 +08:00
Xiaohui Lam
ff9be30f86
resolved #2818 2020-03-31 03:10:12 +08:00
netpok
34cebe8c0c
Fix invalid domain error on dns_cf update
When dns_cf used with Zone ID it fails on removal of the entry.

This pull request adds the missing CF_Zone_ID loading.
2020-03-29 23:45:52 +02:00
Ehsan Aliakbar
200cd5972a fix shellcheck errors in Arvan Dns Api 2020-03-28 21:50:58 +04:30
neil
808d1af578
Merge pull request #2777 from ThiloGa/dev
add support for namemaster.de
2020-03-28 19:06:25 +08:00
neil
d0995665a3
Merge pull request #2808 from ucando/dev
enable qiniu deploy hook to deploy more than one domain
2020-03-28 16:46:13 +08:00
ucando
6132af8ecb enable qiniu to deploy more than one domain 2020-03-26 14:59:23 +08:00
neil
2e9c4914a8
Merge pull request #2807 from acmesh-official/dev
sync
2020-03-26 09:10:18 +08:00
neil
bf0d513e5b
Merge pull request #2798 from oliverblaha/dev
add support for upgrade from tag
2020-03-25 19:50:05 +08:00
neil
2be435ff32
Merge pull request #2802 from luoch/patch-1
update dns_dp.sh
2020-03-25 14:49:03 +08:00
罗诚
20ba820253
Update dns_dp.sh
https://dnsapi.cn has change the default language to cn other then en. So the api call need to add `lang=en` to url params for getting the english messages.
And, They also change the susccess message from "Action completed successful" to "Operation successful". Simply use "successful" as keyword will be fine.
2020-03-25 14:39:52 +08:00
neil
44fd332965
Merge pull request #2799 from PaloAltoNetworks/fix-panos-data-format
fix(deploy/panos): data format improvements
2020-03-25 11:11:57 +08:00
Brian Torres-Gil
0453d656d6 fix(deploy/panos): data format improvements
It was discovered in testing that PAN-OS < 9.0 has slightly different
requirements for the multipart/form-data format and requires the `type`
parameter to be passed in the URL. These corrections should work for all
PAN-OS versions.
2020-03-24 20:01:51 -07:00
Oliver Blaha
cb7e38577d add support for upgrade from tag 2020-03-24 14:44:35 +01:00
Ehsan Aliakbar
4fa59ea04e Adding Arvan Dns Api 2020-03-24 17:56:50 +04:30
ThiloGa
bc2ed602e7 deleted txt entry routine by request of namemaster.de, entry is deleted automatically 2020-03-21 21:18:25 +01:00
ThiloGa
a1c4d159dd further shellcheck fixes 2020-03-21 19:48:17 +01:00
ThiloGa
598f29b78e doing shellcheck staff 2020-03-21 19:41:46 +01:00
ThiloGa
f61f2d6e5e adaptations to the new api functions
_get_root fully functional due to the extended api
2020-03-21 19:28:16 +01:00
dkerr64
f38df4df11 Make remote backup directory path user configurable. 2020-03-14 21:51:21 -04:00
neil
1e34ccbe2e
Merge pull request #2782 from lippertmarkus/feature-deployhook-synology-otp
Add OTP support to Synology DSM deployhook
2020-03-14 16:05:05 +08:00
Honza Hommer
2a8746f6b0
Feat: add msmtp command 2020-03-11 22:32:37 +01:00
dkerr64
554e083f3d For MULTI_CALL default to undefined, deleting entry in config file if set to "no" 2020-03-11 10:58:36 -04:00
Jeremiah
5d881a8b0f use more compatible regex flag 2020-03-09 11:34:50 -06:00
neil
3d81641139 fix format 2020-03-09 19:04:32 +08:00
Jeremiah
c25b4ba099 dns_me id parse using only sed 2020-03-08 15:39:18 -06:00
Markus Lippert
fd64c20807 store device ID 2020-03-08 20:22:31 +01:00
Markus Lippert
80f1034dd6 add OTP support 2020-03-08 19:49:46 +01:00
Honza Hommer
15b841da06
Feat: simplify conditions for bin and command 2020-03-08 04:47:55 +01:00
neil
902c08e9c9 Merge branch 'dev' of https://github.com/acmesh-official/acme.sh into dev 2020-03-08 10:17:41 +08:00
neil
ea652c023e fix https://github.com/acmesh-official/acme.sh/issues/2778 2020-03-08 10:17:21 +08:00
ThiloGa
3c79bb77db fixing travis-ci warnings SC2086: Double quote to prevent globbing and word splitting. 2020-03-07 21:21:39 +01:00
ThiloGa
d8dbb85946 small fixes 2020-03-07 21:11:08 +01:00
ThiloGa
20702d26ec fixing https://github.com/koalaman/shellcheck/wiki/SC2181 problems 2020-03-07 21:05:42 +01:00
ThiloGa
7d7e9501fa fixing https://github.com/koalaman/shellcheck/wiki/SC2181 problems 2020-03-07 20:37:29 +01:00
ThiloGa
efef76d9cf fixed typo 2020-03-07 19:34:57 +01:00
ThiloGa
e1e1ee31f0 Dont use $? directly anymore 2020-03-07 16:00:52 +01:00
ThiloGa
142ca58d38 removed some unused Vars 2020-03-07 15:45:41 +01:00
ThiloGa
3b01bf7bda removed the probably last blank line 2020-03-07 15:33:21 +01:00
ThiloGa
30416f54d1 Fixes for Travis CI
-removing some blanks etc.
2020-03-07 15:18:25 +01:00
ThiloGa
f21ef0d2e9 add support for namemaster.de 2020-03-07 14:55:09 +01:00
neil
39ced21a6f
Merge pull request #2198 from pipedrive/Add-AWS_API-slowrate
Add aws api slowrate
2020-03-07 19:59:20 +08:00
neil
0f24417cb3
Merge pull request #2769 from ianw/update-account-json
Update account.json on account update
2020-03-07 19:50:17 +08:00
neil
f84a87f2a2 remove DEFAULT_DNS_SLEEP.
fix https://github.com/acmesh-official/acme.sh/issues/2773
2020-03-07 18:26:22 +08:00
David Kerr
dada57e5c4 Merge branch 'ssh-deploy' of https://github.com/dkerr64/acme.sh into ssh-deploy 2020-03-05 16:22:59 -05:00
neil
d437d6fde9
Merge pull request #2770 from acmesh-official/dev
add clearlinux
2020-03-04 09:53:51 +08:00
neil
69b11575e3 add clearlinux
fix https://github.com/acmesh-official/acme.sh/issues/2768
2020-03-04 09:51:16 +08:00
Ian Wienand
72e1a1b2e9 Update account.json on account update
When running --updateaccount, the ca/<ca>/account.json file isn't
updated with the new response showing the updated account details.
This can be a bit confusing if you add an email to the account but
then you're not sure if it actually applied looking at this file.

Write out the new response on successful account updates.
2020-03-04 12:28:21 +11:00
dkerr64
8ba573d196 Change variable name to MULTI_CALL so default can be "no" 2020-03-03 13:40:33 -05:00
David Kerr
4593231049 Merge branch 'ssh-deploy' of https://github.com/dkerr64/acme.sh into ssh-deploy
# Conflicts:
#	deploy/ssh.sh
2020-02-28 08:37:25 -05:00
neil
de9eac760b
Merge pull request #2754 from acmesh-official/dev
sync
2020-02-25 21:46:42 +08:00
neil
12ad8d52ae
Merge pull request #2753 from nobbs/fix_docker_deploy
Fix error on docker deploy command with spaces.
2020-02-25 21:34:07 +08:00
alex
22f9a3b467 Fix error on docker deploy command with spaces.
This adds quotes to the last eval in _getdeployconf which is reponsible
for loading and exporting saved environment variables back into the
acme.sh process. This caused some errors if used with the docker
deploy-hook and the example nginx "service nginx force-reload" command
as it contains spaces.
2020-02-25 12:37:46 +01:00
Stephane Moser
b64f0ba83f Update usage of AWS_DNS_SLOWRATE 2020-02-24 23:14:40 +00:00
dkerr64
f73a494407 Remove spaces on blank line to fix travis error 2020-02-22 22:09:28 -05:00
dkerr64
46ee74ed16 Remove variable from info/error printout that could potentially expose login credentials. 2020-02-22 22:05:06 -05:00
dkerr64
806b746fc0 Fix bug where backup and batch_mode yes/no values could not be changed.
Once set to "no" then they could never be set back to "yes"
2020-02-22 21:23:59 -05:00
dkerr64
cc820e97c6 Add support for DEPLOY_SSH_BATCH_MODE with default of yes.
Before this update all remote commands were bunched together and
sent to the remote host in a single SSH command.  This could result
in a very long sequence of commands that might be rejected by a
remote host (example is VMware ESXi that uses busybox sh).
With this update you can set DEPLOY_SSH_BATCH_MODE="no" and
each remote command is sent as a separate SSH call so now we
do not have big long sequence of commands.  Defaults to same
behaviour as before this update.
2020-02-22 21:10:42 -05:00
dkerr64
283b04df73 Move cleanup of backup directory to first step in the function. 2020-02-22 20:43:28 -05:00
dkerr64
6420d1239f Move call to remote system into separate function 2020-02-22 20:31:52 -05:00
dkerr64
04771e5a4a Move call to remote system into separate function 2020-02-22 20:16:36 -05:00
dkerr64
3d9608faa0 Move -T parameter into default ssh command variable 2020-02-22 20:09:24 -05:00
David Kerr
b7b4ae4262 Merge branch 'dev' of https://github.com/acmesh-official/acme.sh into ssh-deploy 2020-02-22 20:01:41 -05:00
neil
b73b078705
Merge pull request #2719 from qwqVictor/dev
Add support for CQHTTP QQ bot API
2020-02-22 17:44:15 +08:00
neil
887fa8649b
Merge pull request #2670 from sreyemnayr/fix-pfsense-linode
Fix pfsense linode
2020-02-22 13:41:19 +08:00
neil
f6172d7273
Merge pull request #2690 from nstepa/dns_yandex
Fix dns records removing after usage.
2020-02-22 13:39:04 +08:00
neil
c70681712d
Merge pull request #2746 from acmesh-official/dev
sync
2020-02-22 13:34:01 +08:00
neil
80ca6de531
Merge pull request #2728 from artooro/master
add support for using a Zone ID
2020-02-22 13:28:37 +08:00
neil
c6c395cd0f
Merge pull request #2737 from xpac1985/patch-3
Make socat debug output show version + features instead of help text
2020-02-22 12:10:22 +08:00
neil
4831064623
Merge pull request #2744 from xpac1985/patch-2
haproxy deploy script now compatible with OpenSSL v1.1+
2020-02-21 23:20:34 +08:00
neil
d4660a23c0
Merge pull request #2742 from adrian5/patch-3
Fix phrasing in README
2020-02-21 22:34:18 +08:00
xpac1985
e184a1b9e6
haproxy deploy script now compatible with OpenSSL v1.1+
haproxy deploy script now compatible with OpenSSL v1.1+

The OpenSSL OCSP request for haproxy deployment breaks from OpenSSL v1.1.0 on.
The format of the `-header` option has been changed and does now contain a `=` instead of a whitespace.
Other projects have hit the same issue:
https://github.com/nghttp2/nghttp2/issues/742

This commit determines the OpenSSL/LibreSSL version and then adjusts the request accordingly.
Also removed the duplicate command line and added some more debug output.
2020-02-20 23:28:55 +01:00
adrian5
f8662c9bc2
Fix phrasing in README 2020-02-20 18:43:08 +01:00
xpac1985
463df9e4ba
Make socat debug output show version + features instead of help text 2020-02-18 16:26:15 +01:00
neil
c768581829
Merge pull request #2735 from acmesh-official/dev
sync
2020-02-15 21:56:03 +08:00
neil
754f7a7891
Merge pull request #2614 from PaloAltoNetworks/deploy-panos
Adding abillity to deploy cert to Palo Alto Networks Firewall via API.
2020-02-15 20:46:59 +08:00
Paul Nguyen
21450a08c2 Fixed 6 character requirement. 2020-02-13 18:01:27 -08:00
Paul Nguyen
c355b25bb1 Fixed line formatting 2020-02-12 15:00:23 -08:00
Paul Nguyen
1fe3d80838 Updated to use saveconf function and base64encode. 2020-02-12 14:57:31 -08:00
Paul Nguyen
930e16b64a fix gitdiff 2020-02-11 22:50:05 -08:00
Paul Nguyen
2077a70d03 Fixing gitdiff 2020-02-11 22:44:51 -08:00
Paul Nguyen
cbdb8bd9b9 Fixing gitdiff 2020-02-11 22:34:55 -08:00
Paul Nguyen
5dcb417676 ShellCheck fixes 2020-02-11 22:26:48 -08:00
Paul Nguyen
71bc993e3d Fixed Shellchecks 2020-02-11 22:23:10 -08:00
Paul Nguyen
c2812896f8 Update deployer 2020-02-11 18:15:10 -08:00
Arthur Wiebe
d43227ede4
fix shellcheck issues 2020-02-11 13:07:10 -05:00
neil
8554ae38ed
Merge pull request #2369 from tresni/synology_dsm
Initial support for Synology DSM deployhook
2020-02-11 20:12:47 +08:00
neil
da656caf1e
Merge pull request #2726 from Blfrg/dns_me
fix #2031 dns_me id parse
2020-02-11 19:09:38 +08:00
neil
51fc853228
Merge pull request #1341 from phlegx/all-inkl-kasserver-dns-script
All inkl kasserver dns script
2020-02-11 19:08:31 +08:00
neil
7a30cb9de7
Merge branch 'dev' into all-inkl-kasserver-dns-script 2020-02-11 19:07:20 +08:00
Brian Hartvigsen
1b475cf9f3
Remove -q from greps 2020-02-10 21:02:27 -07:00
Arthur Wiebe
719b690451
add support for using a Zone ID 2020-02-10 10:22:55 -05:00
neil
3cdc523dec
Merge pull request #2628 from woutd/master
Add DNS API support for Constellix
2020-02-10 22:27:05 +08:00
Blfrg
eb49127b9e
improve id parse
Locate only the outer most "id" property
2020-02-09 14:50:29 -06:00
Brian Hartvigsen
d07172a528
Replace disabled linter with variable substituion 2020-02-09 12:06:13 -08:00
Brian Hartvigsen
79637097ba
Use _utc_date 2020-02-09 11:50:50 -08:00
Brian Hartvigsen
1259341095
Use deployconf properly 2020-02-09 03:10:11 -08:00
Brian Hartvigsen
5d3bc95ac5
Fix some debug output 2020-02-09 02:50:29 -08:00
Brian Hartvigsen
de25232a73
Allow creating new certificates when certificate is not found 2020-02-09 02:26:55 -08:00
Brian Hartvigsen
95769de464
Fix shfmt/shellcheck issues 2020-02-09 02:01:26 -08:00
Brian Hartvigsen
52a168b961
Stop using jq/curl directly
This is a lot more fragile then the previous code due to treating JSON as just a string
2020-02-09 01:49:20 -08:00
Brian Hartvigsen
b3b00b6700
Using domainconf instead of account 2020-02-09 01:49:20 -08:00
Brian Hartvigsen
8e8cda132c
Remove boilerplate from what I used for template 2020-02-09 01:49:20 -08:00
Brian Hartvigsen
6459ccb185
Cleanup shfmt warnings 2020-02-09 01:49:20 -08:00
Brian Hartvigsen
548f83c3ad
Cleanup shellcheck errors 2020-02-09 01:49:19 -08:00
Brian Hartvigsen
555e0de9e4
Initial support for Synology DSM
This allows you to update a key on a Synology DSM using the existing API.
Handles restarting the necessary services the certificate is attached to and all other internal stuff (copying the certificate around, etc.)

This is way less error prone than most articles I've found on how to update a Synology DSM certificate.
2020-02-09 01:49:19 -08:00
Wout
cc4bce283f Merge branch 'master' of git://github.com/acmesh-official/acme.sh 2020-02-09 10:13:17 +01:00
Blfrg
8189a34d14
fix dns_me id parse
The API seems to have changed and the ID is no longer in the same location.
2020-02-08 16:43:23 -06:00
Victor Huang
5d88ad554f
Improved token processing method and misc bugfixes
Replace '_err' to '_debug' in the final error report.
Removed redundancy code.
2020-02-08 23:24:45 +08:00
Wout
2cc50a2b65 Cosmetic fixes. 2020-02-08 12:27:19 +01:00
Victor Huang
33670a5bd0
CQHTTP: Change shebang to "/usr/bin/env sh" 2020-02-06 11:26:56 +08:00
Victor Huang
64f8a222cb
Add support for CQHTTP QQ bot API 2020-02-06 11:12:14 +08:00
Paul Nguyen
d9a9695fe0 Deploy certificates to Palo Alto Network Firewalls 2020-02-05 14:29:01 -08:00
neil
8e6c4e1aca
Merge pull request #2481 from blablup/OPNsense_dns
Add OPNsense Bind API Support
2020-01-31 16:37:31 +08:00
neil
490fbfc13e
Merge pull request #2701 from xpac1985/patch-1
Updated/fixed some entries in --help output
2020-01-31 16:32:13 +08:00
neil
4b45973361
Merge pull request #2470 from StefanAbl/master
DNS Api for dynv6
2020-01-31 16:30:51 +08:00
neil
4c27e08e3d
Merge pull request #2692 from helbgd/patch-7
fix for ddnss.de updates
2020-01-31 16:29:16 +08:00
neil
94eb80597b
Merge pull request #2712 from acmesh-official/dev
update repo name
2020-01-30 12:44:47 +08:00
neilpang
d610eb15d8 update repo name 2020-01-30 12:44:02 +08:00
neil
4f53cd1704
Merge pull request #2711 from acmesh-official/dev
update repo name
2020-01-30 12:08:21 +08:00
neilpang
d795fac37a update repo name 2020-01-30 12:06:39 +08:00
neil
ce6b71a58b
Merge pull request #2710 from acmesh-official/dev
start v2.8.6, change the repo name
2020-01-30 10:51:51 +08:00
neilpang
09f74a9af8 start v2.8.6, change the repo name 2020-01-30 10:50:39 +08:00
neil
552a49a680
Merge pull request #2707 from Neilpang/2695
fix 2695
2020-01-27 23:56:33 +08:00
neilpang
97741398fb minor 2020-01-27 23:40:51 +08:00
neilpang
f8b225e70e fix format 2020-01-27 23:30:36 +08:00
neil
57b4eda014
Merge pull request #2706 from Neilpang/dev
sync
2020-01-27 23:09:30 +08:00
neilpang
fc3a181779 move the error message 2020-01-27 23:07:10 +08:00
neilpang
9541ea6a9f fix bug https://github.com/Neilpang/acme.sh/issues/2695
If a domain was already verified by http-01 method,  when we try to issue a cert for them same domain with dns-01 method, we just get only one challenge object of type http-01 with "valid" status, from the authz-v3 url. So, we report error that we are not able the validate the domain, because of that we don't find dns-01 challenge.
This behavior is not the same as before. I believe it was changed by the letsencrypt CA.
2020-01-27 23:07:10 +08:00
neilpang
f716f6060e minor check update hash for branch name 2020-01-27 23:02:09 +08:00
neilpang
dc0cca8c83 move the error message 2020-01-27 22:22:25 +08:00
neilpang
4f303de00c fix bug https://github.com/Neilpang/acme.sh/issues/2695
If a domain was already verified by http-01 method,  when we try to issue a cert for them same domain with dns-01 method, we just get only one challenge object of type http-01 with "valid" status, from the authz-v3 url. So, we report error that we are not able the validate the domain, because of that we don't find dns-01 challenge.
This behavior is not the same as before. I believe it was changed by the letsencrypt CA.
2020-01-27 22:12:21 +08:00
neilpang
05aa26e619 minor, remove space key 2020-01-27 21:22:42 +08:00
Phlegx Systems OG
1c4b831922
Merge pull request #7 from Marco4223/Fix-issues-and-reslolve-zone-and-record-name
Update dns_kas.sh
2020-01-24 09:01:04 +01:00
Marco4223
6613ae57b0 Update dns_kas.sh
sleep 10 to _sleep 10
2020-01-23 19:20:44 +01:00
xpac1985
b6552aff75
Added maximum account key length to --help output 2020-01-22 21:21:38 +01:00
xpac1985
3c98fae4f2
Updated/fixed some entries in --help output 2020-01-22 20:00:04 +01:00
neil
2028e4c8ad
Merge pull request #2700 from radek-sprta/clouddns
Support for CloudDNS API
2020-01-22 22:20:30 +08:00
Radek SPRTA
5c7feba77b
Format with shfmt 2020-01-22 05:33:46 +01:00
Radek SPRTA
23f2677052
Do not print HTTP responses to stdout 2020-01-22 02:53:50 +01:00
Radek SPRTA
6b67511748
Disable check 2020-01-22 02:03:11 +01:00
Radek SPRTA
36e0feea43
Clean up comments 2020-01-22 01:59:40 +01:00
Radek SPRTA
69392f67e8
Correctly handle .co.uk type domains 2020-01-22 01:33:15 +01:00
Radek SPRTA
e7d130cc11
Add support for CloudDNS API 2020-01-21 06:36:31 +01:00
StefanAbl
6e3ba3ca45 travis 2020-01-18 13:53:26 +01:00
StefanAbl
0f54cf83f4 fixed dynv6 dns validation 2020-01-18 13:48:29 +01:00
Phlegx Systems OG
fb209cdfde
Merge pull request #6 from Marco4223/Fix-issues-and-reslolve-zone-and-record-name
delete spaces in empty lines
2020-01-15 19:47:26 +01:00
Marco4223
431c53efcf Update dns_kas.sh
Removing spaces in empty lines
2020-01-15 17:48:30 +01:00
rewqazxv
79ad0ff56b Simplify code 2020-01-15 22:11:34 +08:00
neil
d4dad58b0d
Merge pull request #2694 from Neilpang/dev
sync
2020-01-15 22:08:17 +08:00
neilpang
baff032e3b Merge branch 'up' into dev 2020-01-15 22:05:37 +08:00
neilpang
26309f51e3 start 2.8.5 2020-01-15 22:04:49 +08:00
neilpang
f8f53a6bd9 debug 2020-01-15 22:01:34 +08:00
neilpang
ac3667c765 fix https://github.com/Neilpang/acme.sh/issues/2693 2020-01-15 21:43:49 +08:00
Phlegx Systems OG
96180e7555
Merge pull request #5 from Marco4223/Fix-issues-and-reslolve-zone-and-record-name
Update dns_kas.sh
2020-01-15 14:01:04 +01:00
Marco4223
024619676b Update dns_kas.sh
fixing 4 Travis style
2020-01-15 13:56:01 +01:00
neil
5aa0f547cf
Merge pull request #2691 from astorath/fix/dns_gcloud_private_zone
fix: added public dns zones filter
2020-01-14 22:28:17 +08:00
helbgd
b1ce6ffcc7
www is incorrect as well
use ip4 and not www, if you use www it deletes the ip4 address of the host and updates only the ip6 address
2020-01-14 15:27:35 +01:00
helbgd
f01936ca4f
Server Name not correct
the servername of the server that has the upd.php file was not correct
2020-01-14 15:19:37 +01:00
Andrey Tuzhilin
70fdb1042f fix: added public dns zones filter 2020-01-14 15:55:44 +03:00
Phlegx Systems OG
58cfc0d0cf
Merge pull request #4 from Marco4223/Fix-issues-and-reslolve-zone-and-record-name
Update dns_kas.sh
2020-01-14 10:10:39 +01:00
Nick Stepa
4eff3b6a24 Change error to info in case record already exists. 2020-01-12 15:16:48 +01:00
Nick Stepa
e5f69f0815 Fix indentation. 2020-01-12 14:07:49 +01:00
Nick Stepa
ef7b51beb7 Remove local keyword. 2020-01-12 13:54:18 +01:00
Nick Stepa
8494ac8f3d Fix dns records removing after usage. 2020-01-12 13:29:09 +01:00
neil
8dea519235
Merge pull request #2689 from Neilpang/dev
sync
2020-01-12 13:57:14 +08:00
neil
0712e98904 fix https://github.com/Neilpang/acme.sh/pull/2559 2020-01-12 13:36:24 +08:00
neil
c7ccddbcb9
Merge pull request #2678 from Sergey-Zorin/issue2547-throw-nic_token
Issue2547 throw nic token
2020-01-09 22:06:55 +08:00
Sergey Zorin
efd3e8067b remove -F option 2020-01-09 17:05:18 +03:00
neil
c6f7b7f35f
Merge pull request #2671 from Rayzilt/master
dns_lexicon.sh: Add extra variable _API_KEY
2020-01-07 09:10:39 +08:00
Sergey Zorin
f3dd1603db fix CI warnings v3 2020-01-07 01:11:43 +03:00
Sergey Zorin
be7688a4df fix CI warnings SC2039 v2 2020-01-07 01:05:50 +03:00
Sergey Zorin
8e2f11389d fix CI warnings SC2039 2020-01-07 00:49:13 +03:00
Sergey Zorin
346454c21b fix CI warnings 2020-01-07 00:26:44 +03:00
Sergey Zorin
c822870cf8 comment cleaning 2020-01-06 23:52:11 +03:00
Sergey Zorin
9666cf680e #2547 fix multiply _service selection 2020-01-06 23:42:08 +03:00
Sergey Zorin
a88622c1be #2547 replace NIC_Token to NIC_ClientID&NIC_ClientSecret with backward compatibility 2020-01-06 23:39:15 +03:00
neilpang
c3fbc36ce7 fix https://github.com/Neilpang/acme.sh/issues/2547#issuecomment-570963981 2020-01-06 20:57:12 +08:00
Silvan Raijer
f174d7dd39
dns_lexicon.sh: Add extra variable _API_KEY 2020-01-05 15:27:04 +01:00
Ryan Meyers
38a8721a91 Escape opening brackets 2020-01-04 10:52:52 -06:00
Ryan Meyers
8aedf26a87 Replace \s with hard space 2020-01-04 10:51:32 -06:00
neil
b2ff9240ac
Merge pull request #2662 from tambetliiv/zone-root-check
zone.eu dns api: use different method to get root
2020-01-03 21:44:08 +08:00
neilpang
7a3c61b744 check upgrade hash
https://github.com/Neilpang/acme.sh/issues/2667
2020-01-03 21:38:47 +08:00
Marco4223
8dd1df71cc Update dns_kas.sh
tested and works now
2020-01-02 17:10:36 +01:00
Tambet Liiv
b59b0f0386 use different method to get root 2020-01-02 14:55:36 +02:00
neil
f59f484c01
Merge pull request #2657 from gildea/master
Return failure when falling through limiting loop
2020-01-01 18:28:30 +08:00
gildea
a44ea0ddf0
Return failure when falling through limiting loop
In _send_signed_request and _check_dns_entries, return 1 when the
timeout (or number of retries) has been exhausted.  This allows
the calling function to correctly handle the error.
2019-12-31 20:22:08 -08:00
Marco4223
2214507db0 Revert "Update dns_kas.sh"
This reverts commit 99c47dd50a.
2019-12-29 10:59:28 +01:00
Marco4223
a138425417 Update dns_kas.sh
sorry for this commit.  ;)
Fix NewBeMistakes
2019-12-28 23:42:46 +01:00
Marco4223
99c47dd50a Update dns_kas.sh
only bash needed
2019-12-28 22:42:51 +01:00
Marco4223
594b83e7a6 Update dns_kas.sh
remove "rev" command
fix "Error removing txt for domain:_acme-challenge.foo"
2019-12-28 11:58:21 +01:00
neil
76d0ef0851
Merge pull request #2650 from wurzelpanzer/master
Add easyDNS support
2019-12-24 18:31:43 +08:00
wurzelpanzer
549ebbb462
Add easyDNS support 2019-12-21 20:19:02 +01:00
neil
341656ddb9
Merge pull request #2631 from misakaio/add-misaka-support
add acme.sh support for misaka.io dns service
2019-12-19 21:48:16 +08:00
neil
5a3c3b4876
Merge pull request #2604 from cngarrison/master
Added trailing slash to end of each line of DEPLOY_SCRIPT_CMD
2019-12-19 21:35:37 +08:00
Siyuan Miao
375b8dceb7 use append mode to update recordsets 2019-12-14 10:44:57 +08:00
Siyuan Miao
f37546e173 add acme.sh support for misaka.io dns service 2019-12-13 18:46:09 +08:00
Martin Kammerlander
239d53426a Merge remote-tracking branch 'upstream/dev' into all-inkl-kasserver-dns-script 2019-12-12 16:36:41 +01:00
Martin Kammerlander
3ccac629bc Change the loop for sh. 2019-12-12 16:23:42 +01:00
Wout
e8e6feeb0f Use different e-mail. 2019-12-11 17:15:35 +01:00
Wout
c22705a593 Add DNS API support for Constellix. 2019-12-11 17:13:11 +01:00
neil
ec7889dfa8
Merge pull request #2621 from kolargol/master
Fix case sensitive detection of domain in the response request #2617
2019-12-08 10:15:30 +08:00
neil
563d59526f
Merge pull request #2623 from GustavGenberg/patch-1
Fix dns_unoeuro add record error
2019-12-08 10:14:54 +08:00
Gustav Genberg
0ffd5de6fc
Fix add record error 2019-12-08 00:13:30 +01:00
Zbyszek Żółkiewski
5014f83b86
Fix case sensitive detection of domain in the response request 2019-12-06 09:59:35 +01:00
Martin Kammerlander
953a9b1768 Remove obsolete blank. 2019-11-29 22:51:23 +01:00
Martin Kammerlander
c641b61b26 Fix a few snytax issues 2019-11-29 22:46:44 +01:00
Martin Kammerlander
d87e507865 Merge remote-tracking branch 'upstream/dev' into all-inkl-kasserver-dns-script 2019-11-29 22:27:11 +01:00
Martin Kammerlander
ec1f9841b2 Replace grep -A. 2019-11-29 22:22:26 +01:00
Charlie Garrison
84b0f29d87
Merge branch 'dev' into master 2019-11-26 20:44:48 +11:00
Charlie Garrison
b23e05dbc5 Added trailing slash to end of each line of DEPLOY_SCRIPT_CMD 2019-11-26 20:39:08 +11:00
Stephane Moser
37978b4fe5 Merge branch 'dev' into Add-AWS_API-slowrate 2019-11-22 10:20:25 +00:00
neil
ef15e55947
Merge pull request #2596 from Neilpang/dev
Dev
2019-11-19 22:50:36 +08:00
neilpang
c282dd086f minor 2019-11-16 08:06:21 +08:00
neil
aac9f089d9
Merge pull request #2583 from JohnVillalovos/dev
debug_bash_helper: Use eval as busybox systems have problems
2019-11-15 22:23:07 +08:00
John L. Villalovos
adce8f52e8 debug_bash_helper: Use eval as busybox systems have problems
In _debug_bash_helper use eval as we are seeing issues with busybox
systems having issues with array access. Even though they aren't
actually running the code they appear to be parsing it and failing.

Also older versions of busybox have a bug with eval and double quotes,
so make sure to use single quotes when using eval.

Resolves: #2579
2019-11-13 14:30:19 -08:00
neil
20b64c8900
Merge pull request #2580 from vitaliytv/patch-1
DOCS: typo in notify/mailgun.sh  (sandbox)
2019-11-13 18:09:58 +08:00
neil
66d781a226
Merge pull request #2584 from kolbma/issue1586
Issue1586 - Fix callhook error in manual mode
2019-11-13 18:07:10 +08:00
arlecchino
867ec010ab
Fix callhook error in manual mode
Fixes #1586  
Check force manual switch before causing error about it.
2019-11-12 19:58:36 +01:00
neil
ce0c6da9fa
Merge pull request #2562 from stilez/master
Create DNS 01 module for Plesk XML API
2019-11-12 15:38:45 +08:00
Martin Kammerlander
e22c5ea800 Merge with Neilpang dev repo. 2019-11-10 17:39:56 +01:00
Phlegx Systems OG
16bfb1727f
Merge pull request #3 from dojo90/all-inkl-kasserver-dns-script
support to delete multiple entries
2019-11-10 17:15:01 +01:00
Vitalii Tverdokhlib
f1f14040b8
DOCS: typo 2019-11-09 12:12:30 +02:00
Jesai Langenbach
9cb328966c typo 2019-11-08 08:58:51 +01:00
Jesai Langenbach
0c76890572 whitespace fix 2019-11-08 08:52:10 +01:00
Jesai Langenbach
18fc42e63b typos and integrate suggestions from stilez 2019-11-07 22:06:32 +01:00
Jesai Langenbach
fc8d9df516 fix newline 2019-11-07 14:33:38 +01:00
Jesai Langenbach
afdf8a78c0 fix space 2019-11-07 14:18:09 +01:00
Jesai Langenbach
0b3ae1f972 Add suggestions 2019-11-07 14:10:30 +01:00
rewqazxv
6a5ee72722 format code style 2019-11-06 20:27:12 +08:00
rewqazxv
c6ec8bc0d9 fix sudo issue 2019-11-06 18:57:05 +08:00
stilez
51cfd996eb
rmv space 2019-11-05 23:29:51 +00:00
stilez
6d0e4bed4b
remove \n in output messages 2019-11-05 23:26:05 +00:00
stilez
05247dc4a4
fix 2019-11-05 21:09:14 +00:00
stilez
43011f3bfa
enhance 2019-11-05 21:04:10 +00:00
stilez
38854bd876
bugfix 2019-11-05 21:00:34 +00:00
stilez
a9726bd52f
bugfix 2019-11-05 20:58:51 +00:00
stilez
4216c9e8f7
rmv spaces 2019-11-05 19:19:08 +00:00
stilez
a8d670fc0d
Rest of sed -r 2019-11-05 19:01:32 +00:00
stilez
cbacc779fc
Fix some sed -r, and clean up some variable references ("$1" -> "$varname") 2019-11-05 18:50:39 +00:00
stilez
896778cead
Grep fixes and minor improvements 2019-11-05 17:56:20 +00:00
stilez
04b0c62bf9
basic regex's to use \+
Maybe BRE aren't as basic as they sound. But I'm sure `man grep` didn't list the extra syntax of "preceded by backslash" :)  So let's use it
2019-11-04 19:05:44 +00:00
stilez
63a779baa8
remove unnecessary \ 2019-11-04 18:44:14 +00:00
stilez
2d1a776db7
Replace egrep -> basic regex grep
(( ... isn't it annoying that basic regex has * but not + ..... ))
2019-11-04 18:40:12 +00:00
neil
3d2df3ba93
Merge pull request #2571 from Neilpang/dev
sync
2019-11-03 19:42:34 +08:00
neil
eb6238781d
Merge pull request #2546 from JohnVillalovos/master
Improve debug capabilities when using bash
2019-11-03 19:41:51 +08:00
neil
6140a3c26b
Merge pull request #1925 from kuk/master
Fix Vscale hostedzone
2019-11-03 19:38:35 +08:00
Kukushkin Alexander
6eaf2d67b7 Fix Vscale 2019-11-03 07:21:16 +03:00
neilpang
35b34c43ed fix format 2019-11-02 19:44:43 +08:00
neil
f67a9d2de1
Merge pull request #2569 from johannrichard/patch-1
Add openssh package for ssh.sh deploy support
2019-11-02 14:21:45 +08:00
Johann Richard
05acf28e0d Update Dockerfile 2019-11-02 07:10:50 +01:00
neilpang
5698bec621 fix https://github.com/Neilpang/acme.sh/issues/2566 2019-11-02 09:48:41 +08:00
neil
3ec495225f
Merge pull request #2563 from peterkelm/peterkelm-variomedia-dns
Variomedia DNS API
2019-11-02 08:32:02 +08:00
Johann Richard
fee9baca89
Add openssh package
* `acme.sh`'s `ssh.sh` is probably one of the hooks that's most versatile
* By default, it's not installed on `alpine` docker images and therefore is lacking in the `acme.sh` docker image
* This change adds the `openssh` package and therefore the `ssh` and associated commands
2019-11-01 17:59:40 +01:00
peterkelm
bec26ce754
Shellcheck'd 2019-10-31 09:03:35 +01:00
stilez
343d7df57c
shellcheck directive 2019-10-30 22:11:16 +00:00
peterkelm
dca6a4bbd5
minor formatting changes 2019-10-30 20:51:16 +01:00
stilez
a32b95544b
[[:space:]] -> " " 2019-10-30 17:06:03 +00:00
stilez
2422e0b481
grep -E and sed -E 2019-10-30 17:01:06 +00:00
stilez
3441bd0e7c
improve _err message and remove a dubious _debug message. 2019-10-30 10:22:04 +00:00
stilez
05ced9fbc4
edit a comment 2019-10-30 09:53:40 +00:00
stilez
b7c3df455e
travis fix 2019-10-30 09:38:03 +00:00
stilez
d7affad059
various small improves 2019-10-29 10:30:00 +00:00
neil
34c3da9117
Merge pull request #2560 from scottkof/aws-dns-avoid-throttle
Avoid API throttling errors in AWS DNS plugin
2019-10-28 22:42:21 +08:00
scottkof
a22d3b2390
Switch from sleep to _sleep 2019-10-28 06:32:08 -07:00
stilez
7c09bdc6e0
renamed 2019-10-27 16:58:58 +00:00
stilez
bc291141b1
fix filename 2019-10-27 16:58:22 +00:00
peterkelm
c1b089d1c3
unused code removed 2019-10-27 16:58:36 +01:00
peterkelm
1271f97b66
fixed dns_variomedia_rm for wildcard certs
fixed dns_variomedia_rm to respect the txtvalue supplied as function parameter
2019-10-27 16:52:51 +01:00
peterkelm
582c77805c
variomedia dns api
initial commit for the variomedia dns api implementation
2019-10-27 13:13:22 +01:00
stilez
9eb5f65b8f
edit comments 2019-10-27 07:38:22 +00:00
neilpang
00f01a9889 Merge branch 'dev' of github.com:Neilpang/acme.sh into dev 2019-10-27 11:44:22 +08:00
neilpang
671edc33e1 fix background color 2019-10-27 11:43:40 +08:00
stilez
1253357a39
edits to comments 2019-10-27 01:48:02 +00:00
stilez
6df31eb7f5
travis 2019-10-27 01:13:15 +00:00
stilez
9299a83b17
Travis fixes 2019-10-27 01:10:03 +00:00
stilez
a6614abd24
Formatting fixes for Travis 2019-10-27 01:00:59 +00:00
stilez
4c9d99040c
Fix (revert) edited .md file 2019-10-27 01:31:17 +01:00
stilez
6ef8adc863
Merge branch 'dev' into master 2019-10-27 01:26:06 +01:00
stilez
a00300f88a
revert changes to this file 2019-10-27 01:23:14 +01:00
stilez
274393ac64
Create DNS 01 module for Plesk XML API 2019-10-27 01:09:50 +01:00
stilez
1339b9422d
Update for dns pleskxml 2019-10-27 01:04:08 +01:00
stilez
ed9e196bf6
Update list of DNS providers for Plesk XML API 2019-10-27 00:58:33 +01:00
John L. Villalovos
bba5376a36 Improve debug capabilities when using bash
When calling the _debug3() function will print the filename, function
name, and line number when running under bash
2019-10-26 09:07:22 -07:00
scottkof
df3575217a
Avoid API throttling errors in AWS DNS plugin 2019-10-25 12:05:15 -07:00
neil
c504506455
Merge pull request #2455 from RolphH/leaseweb-api
Added Leaseweb API for dns-01 verification
2019-10-25 22:41:23 +08:00
neilpang
2a28772312 fix https://github.com/Neilpang/acme.sh/pull/2553#issuecomment-546173277 2019-10-25 22:34:33 +08:00
neilpang
d04c6dd3ac fix https://github.com/Neilpang/acme.sh/issues/2557 and https://github.com/Neilpang/acme.sh/issues/2544 2019-10-25 22:31:36 +08:00
Rolph Haspers
e48daffad9 Fixed error 2019-10-25 13:46:10 +02:00
Rolph Haspers
58642286c9 Fix for SC2039/SC2086 2019-10-25 13:22:19 +02:00
Rolph Haspers
6d62ae226a Small fix 2019-10-25 12:14:53 +02:00
Rolph Haspers
14f6f9ec94 Fixed wrong assignement of var 2019-10-25 11:56:27 +02:00
Rolph Haspers
e10f447b5b Fixed some bugs, tested and working 2019-10-25 11:42:15 +02:00
Rolph Haspers
1d1f61613c Check for root domain via API 2019-10-25 09:25:29 +02:00
Jesai Langenbach
b85c1a8861 Fix additional line 2019-10-25 08:22:15 +02:00
Jesai Langenbach
430956d304 Fix whitespaces 2019-10-25 08:13:35 +02:00
Jesai Langenbach
c0449a3ed2 Only save Attributes if it is set 2019-10-25 08:04:20 +02:00
neil
18ad01533b add space.
fix https://github.com/Neilpang/acme.sh/pull/2553
2019-10-24 09:19:18 +08:00
neil
288049dc95
Merge pull request #2553 from master-nevi/dev
Use more widely supported options for the "tr" command line utility b…y removing the use of the character class representation option. [:space:] => "\t\r\n\v\f"
2019-10-23 22:47:54 +08:00
David Robles
573c8f3b13 Use more widely supported options for the "tr" command line utility by removing the use of the character class representation option. [:space:] => "\t\r\n\v\f" 2019-10-23 07:20:01 -07:00
neil
e85d7a7be5
Merge pull request #2534 from billgertz/patch-2
dnsapi/dns_miab.sh MIAB DNS-01 Validation
2019-10-23 22:07:20 +08:00
neil
7015215f26
Merge pull request #2548 from rserpent/dns_nic
nic.ru dnsapi
2019-10-20 17:02:30 +08:00
rserpent
ffa5472b31
fix whitespaces 2019-10-16 16:25:38 +05:00
rserpent
e00f0b4cf1
Update dns_nic.sh 2019-10-16 15:31:50 +05:00
rserpent
dc5c220e8f
dns_nic init 2019-10-16 15:12:21 +05:00
Bill Gertz
933d49b0b0
Style space change
Extra space on empty line 27.
2019-10-14 00:06:08 +02:00
Bill Gertz
9af85f5a7e
Updated to use _H1 Authorization: Basic
Updated to use suggested export _H1 env var to supply Authorization Basic credentials. This undocumented support for Basic Authorization, ContentType, etc. needs to be documented in DNSAPI Dev Guide. Removed two stray debugging lines.
2019-10-14 00:01:25 +02:00
Bill Gertz
7ec52145e8
Space style changes.
Local copy of shellcheck somehow missed these, odd.
2019-10-13 20:02:03 +02:00
Bill Gertz
aa6112482d
Rewrite to conform to Dev guide
Created _get_root() that tests the requested host is a subdomain to the domains hosted on MailinaBox (MIAB) DNS Server. Created common _miab_rest() used with dns_miab_add(), dns_miab_rm() and _get_root(). Also created barbaric _is_json() to test the response given by the MIAB Custom DNS API at least looks like a JSON file. We should add a hint to use _normalizeJson with JSON responses so _startswith, _endswith won't perplexingly fail.
2019-10-13 19:56:04 +02:00
neil
d035cdcff9
Merge pull request #2537 from master-nevi/master
Use more widely supported options for the "tr" command line utility in dns_freedns.sh
2019-10-10 10:38:17 +08:00
neil
7ad3ddef2a
Merge pull request #2539 from temoffey/gcore_cdn
Gcore cdn
2019-10-10 10:35:22 +08:00
neil
38e08bb91f
Merge pull request #2434 from dkerr64/FreeDNS
Work around bug in _egrep_o() function
2019-10-10 10:34:26 +08:00
temoffey
252a21e2ae fixed json parse regex for support api gcore_cdn 2019-10-10 00:36:34 +03:00
David Robles
ba7db3edda Use more widely supported options for the "tr" command line utility by removing the use of the character class representation option. Fixes #2536 2019-10-09 08:24:24 -07:00
Bill Gertz
f64b061a28
Style issue
Spaces on blank line on line 133.
2019-10-08 18:46:35 +02:00
Bill Gertz
f323ced4ca
Style issues and orphan _postContentType debug fix
Fixed spacing and removed unneeded debug for _postContenetType
2019-10-08 18:24:14 +02:00
Bill Gertz
c06ec7c6ba
Removed parameters and unused code for _miab_post
Ok, should have noticed earlier that the calls to the private function _miab_post() never used the _needbase64_ or the __postContentType parameters. Parameters and code to handle them has been factored out.
2019-10-08 18:15:16 +02:00
Bill Gertz
835f9aad91
Um that's a wee bit of nit pick.
'Errant' space removed on blank line on line 147.
2019-10-08 16:47:32 +02:00
Bill Gertz
a4ec9f8b44
Fixed weird spacing on line 180
Um, fixed.
2019-10-08 16:34:56 +02:00
Bill Gertz
47c33d0344
Cleanup/ removed private function _get_root
Function _get_root() copied from acme.sh and is not needed here. Other cleanup as recommended by acme.sh test bot.
2019-10-08 16:29:23 +02:00
Bill Gertz
f500c7abcb
dnsapi/dns_miab.sh MIAB DNS-01 Validation
Know I'm new to contorting to this project. I i've broke conventions please let me know what I've screwed up and I'll set it right as quickly as possible.

Propose this as a new DNS-01 validation script to dynamically add challenge DNS records to MailinaBox (MIAB) DNS. MIAB uses a custom DNS API to manage external DNS records.

The script was originally written by Darven Dissek and can be found in his repository: https://framagit.org/DarvenDissek/acme.sh-MIAB-DNS-API/). This has been forked and some slight cleanup applied and change shebang to UNIx shell. The forked repository can be found here: https://github.com/billgertz/MIAB_dns_api.

Wrote to Darven but received no reply. Support for this script has been submitted to the OPNsense project via this pull request: https://github.com/opnsense/plugins/pull/1531
2019-10-08 15:47:39 +02:00
neil
95dd7b5323
Merge pull request #2531 from moose-kazan/master
Fix for dns_vultr.sh
2019-10-06 20:13:19 +08:00
MooSE
65c950e1a4
Update README.md 2019-10-06 15:02:48 +03:00
Vadim Kalinnikov
e484f32b1a - Return shell detect via env 2019-10-06 14:40:57 +03:00
Vadim Kalinnikov
bc396e7a90 Small fix in dns_vultr.sh 2019-10-06 14:38:26 +03:00
neil
ce182f43db
Merge pull request #2527 from PeterDaveHello/RemoveTrailingSpaces
Remove trailing spaces in text files
2019-10-05 21:31:46 +08:00
neil
9382d52d55
Merge pull request #2528 from PeterDaveHello/ImproveTravisCI
Use shallow clone to speed up git clone on Travis CI
2019-10-05 21:23:30 +08:00
Peter Dave Hello
dd156d0689 Use shallow clone to speed up git clone on Travis CI
Shallow clone is faster than a normal one, there is no need to clone the
whole history of a repository when we only needs its latest or certain
state of commit.
2019-10-05 21:13:28 +08:00
Peter Dave Hello
ac9f6e3a41 Remove trailing spaces in text files
This issue in the shell scripts will also be detected in the stable
version of shfmt(we are currently using an ancient pre-release of shfmt)
2019-10-05 21:09:24 +08:00
neilpang
1e7534b9d7 fix https://github.com/Neilpang/acme.sh/issues/2518#issuecomment-538474232 2019-10-05 11:59:04 +08:00
Michael Braunoeder
72d800ed10 [DNSAPI] add dns_rcode0.sh - Support for https://my.rcodezero.at/api-doc (#2489)
* first version dns_rcode0.sh

* fixed URLs for ACME calls

* fixed challenge remove

* read & write Token/URL at rm too

* make info messages debug

* typos fixed

* update rrset only if existing challenge is found

* polish error messages and make "detect root zone" scaleable

* fixed formating issues

* code cleanup, remove some unneeded functions

* removed empty lines

* save rcode0 url only if not default
2019-10-05 11:47:57 +08:00
neil
54143ae6d4
sync (#2523)
sync
2019-10-03 21:15:32 +08:00
Jesai Langenbach
bfa6e52470 another whitespace 2019-09-12 20:50:20 +02:00
Jesai Langenbach
ec654d2355 More space removing 2019-09-12 17:24:00 +02:00
Jesai Langenbach
dfb4883c93 Some fixes 2019-09-12 17:17:32 +02:00
Jesai Langenbach
4bf1f579f5 Add OPNsense Bind API Support 2019-09-12 16:28:57 +02:00
Rolph Haspers
f0d6d46766 Added link to API docs 2019-08-19 17:27:19 +02:00
Rolph Haspers
4a81205e04 Styling, trailing space 2019-08-19 16:22:48 +02:00
Rolph Haspers
0ac37981cb Styling, newline removed 2019-08-19 16:04:16 +02:00
Rolph Haspers
400c31d031 Fixed another styling issue (trailing spaces) 2019-08-19 16:01:51 +02:00
Rolph Haspers
54b38086e5 Fix style issues 2019-08-19 15:39:19 +02:00
Rolph Haspers
e0deca33d0 Added Leaseweb API for dns-01 verification 2019-08-19 14:27:23 +02:00
David Kerr
0b2b8b960b
Replace grep -o with sed 2019-08-16 22:56:22 -04:00
David Kerr
9826b8ae69 Merge branch 'dev' of https://github.com/Neilpang/acme.sh into FreeDNS 2019-08-09 21:05:08 -04:00
David Kerr
2ce9fb9760
Work around bug in _egrep_o() function
_egrep_o() function accepts extended regex and on systems that do not have egrep uses sed to emulate egrep.
This is failing on the specific regex I was using before my last commit... ae66c6f0b4
The problem is that I fixed it by passing in non-extended regex which then fails on systems that do have egrep.  So I am no longer using _egrep_o.
2019-07-11 18:06:56 -04:00
David Kerr
ae66c6f0b4
Fix bug (in egrep regex) reported by @maks2018 in issue 2305
Fix bug reported by @maks2018 in issue https://github.com/Neilpang/acme.sh/issues/2305 by updating the regex in egrep of the subdomain html page.
2019-07-11 15:46:17 -04:00
Dominic Jonas
1ef7fd3659 support to delete multiple entries 2019-06-05 11:38:41 +02:00
Stephane Moser
aeed287122 Add Double quote to slowrateslepp 2019-04-02 10:27:22 +01:00
Stephane Moser
ea6a3c0963 Use AWS_DNS_SLOWRATE env variable instead of arg 2019-03-29 14:39:32 +00:00
Stephane Moser
8902a5c5cd Revert "Add --dnsslowrate arg"
This reverts commit 16db9a7337.
2019-03-29 14:33:15 +00:00
Stephane Moser
3021c5cfad Use dnsslowrate arg 2019-03-29 14:12:50 +00:00
Stephane Moser
16db9a7337 Add --dnsslowrate arg 2019-03-29 14:12:34 +00:00
Martin Kammerlander
68f66ca101 Add default delay for the calls to KAS api since they are very restrictive with that. 2018-08-02 16:20:48 +02:00
Martin Kammerlander
c34aadfbf7 Merge with latest dev branch. 2018-06-08 10:35:17 +02:00
Martin Kammerlander
cb4a2cf029 remove debug output 2018-03-16 16:47:47 +01:00
Martin Kammerlander
26b5180bf7 Rename full_domain and txt_value variables. 2018-03-16 15:49:40 +01:00
Martin Kammerlander
11bfb1e5fd Fix return values of some functions. 2018-03-16 15:02:47 +01:00
Martin Kammerlander
e431df06ab Only create entry. Remove update. 2018-03-16 14:54:08 +01:00
Martin Kammerlander
cbf0ceacd5 Update dnsapi Readme. 2018-03-16 14:51:16 +01:00
Martin Kammerlander
8c634d8323 Merge branch 'dev' into all-inkl-kasserver-dns-script 2018-03-16 14:49:02 +01:00
Martin Kammerlander
32d7bd5ab1 Add own github repository URL. 2018-03-09 16:33:35 +01:00
Martin Kammerlander
861df49670 Add All-inkl kasserver script. 2018-03-09 16:29:47 +01:00
228 changed files with 25615 additions and 4442 deletions

2
.github/FUNDING.yml vendored
View File

@ -3,7 +3,7 @@
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
patreon: # Replace with a single Patreon username patreon: # Replace with a single Patreon username
open_collective: acmesh open_collective: acmesh
ko_fi: # Replace with a single Ko-fi username ko_fi: neilpang
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username liberapay: # Replace with a single Liberapay username

View File

@ -2,7 +2,7 @@
我很忙, 每天可能只有 几秒钟 时间看你的 issue, 如果不按照我的要求写 issue, 你可能不会得到任何回复, 石沉大海. 我很忙, 每天可能只有 几秒钟 时间看你的 issue, 如果不按照我的要求写 issue, 你可能不会得到任何回复, 石沉大海.
请确保已经更新到最新的代码, 然后贴上来 `--debug 2` 的调试输出. 没有调试信息. 我做不了什么. 请确保已经更新到最新的代码, 然后贴上来 `--debug 2` 的调试输出. 没有调试信息. 我做不了什么.
如何调试 https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh 如何调试 https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
If it is a bug report: If it is a bug report:
- make sure you are able to repro it on the latest released version. - make sure you are able to repro it on the latest released version.
@ -10,7 +10,7 @@ You can install the latest version by: `acme.sh --upgrade`
- Search the existing issues. - Search the existing issues.
- Refer to the [WIKI](https://wiki.acme.sh). - Refer to the [WIKI](https://wiki.acme.sh).
- Debug info [Debug](https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh). - Debug info [Debug](https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh).
--> -->

View File

@ -3,7 +3,7 @@
Please send to `dev` branch instead. Please send to `dev` branch instead.
Any PR to `master` branch will NOT be merged. Any PR to `master` branch will NOT be merged.
2. For dns api support, read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide 2. For dns api support, read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide
You will NOT get any review without passing this guide. You also need to fix the CI errors. You will NOT get any review without passing this guide. You also need to fix the CI errors.
--> -->

515
.github/workflows/DNS.yml vendored Normal file
View File

@ -0,0 +1,515 @@
name: DNS
on:
workflow_dispatch:
push:
paths:
- 'dnsapi/*.sh'
- '.github/workflows/DNS.yml'
pull_request:
branches:
- 'dev'
paths:
- 'dnsapi/*.sh'
- '.github/workflows/DNS.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
CheckToken:
runs-on: ubuntu-latest
outputs:
hasToken: ${{ steps.step_one.outputs.hasToken }}
steps:
- name: Set the value
id: step_one
run: |
if [ "${{secrets.TokenName1}}" ] ; then
echo "::set-output name=hasToken::true"
else
echo "::set-output name=hasToken::false"
fi
- name: Check the value
run: echo ${{ steps.step_one.outputs.hasToken }}
Fail:
runs-on: ubuntu-latest
needs: CheckToken
if: "contains(needs.CheckToken.outputs.hasToken, 'false')"
steps:
- name: "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test"
run: |
echo "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test"
if [ "${{github.repository_owner}}" != "acmesh-official" ]; then
false
fi
Docker:
runs-on: ubuntu-latest
needs: CheckToken
if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
TestingDomain: ${{ secrets.TestingDomain }}
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }}
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
CASE: le_test_dnsapi
TEST_LOCAL: 1
DEBUG: ${{ secrets.DEBUG }}
http_proxy: ${{ secrets.http_proxy }}
https_proxy: ${{ secrets.https_proxy }}
TokenName1: ${{ secrets.TokenName1}}
TokenName2: ${{ secrets.TokenName2}}
TokenName3: ${{ secrets.TokenName3}}
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Set env file
run: |
cd ../acmetest
if [ "${{ secrets.TokenName1}}" ] ; then
echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> docker.env
fi
if [ "${{ secrets.TokenName2}}" ] ; then
echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> docker.env
fi
if [ "${{ secrets.TokenName3}}" ] ; then
echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> docker.env
fi
if [ "${{ secrets.TokenName4}}" ] ; then
echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> docker.env
fi
if [ "${{ secrets.TokenName5}}" ] ; then
echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> docker.env
fi
- name: Run acmetest
run: cd ../acmetest && ./rundocker.sh testall
MacOS:
runs-on: macos-latest
needs: Docker
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
TestingDomain: ${{ secrets.TestingDomain }}
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }}
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
CASE: le_test_dnsapi
TEST_LOCAL: 1
DEBUG: ${{ secrets.DEBUG }}
http_proxy: ${{ secrets.http_proxy }}
https_proxy: ${{ secrets.https_proxy }}
TokenName1: ${{ secrets.TokenName1}}
TokenName2: ${{ secrets.TokenName2}}
TokenName3: ${{ secrets.TokenName3}}
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v4
- name: Install tools
run: brew install socat
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest
run: |
if [ "${{ secrets.TokenName1}}" ] ; then
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}"
fi
if [ "${{ secrets.TokenName2}}" ] ; then
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}"
fi
if [ "${{ secrets.TokenName3}}" ] ; then
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}"
fi
if [ "${{ secrets.TokenName4}}" ] ; then
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}"
fi
if [ "${{ secrets.TokenName5}}" ] ; then
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}"
fi
cd ../acmetest
./letest.sh
Windows:
runs-on: windows-latest
needs: MacOS
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
TestingDomain: ${{ secrets.TestingDomain }}
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }}
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
CASE: le_test_dnsapi
TEST_LOCAL: 1
DEBUG: ${{ secrets.DEBUG }}
http_proxy: ${{ secrets.http_proxy }}
https_proxy: ${{ secrets.https_proxy }}
TokenName1: ${{ secrets.TokenName1}}
TokenName2: ${{ secrets.TokenName2}}
TokenName3: ${{ secrets.TokenName3}}
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- name: Set git to use LF
run: |
git config --global core.autocrlf false
- uses: actions/checkout@v4
- name: Install cygwin base packages with chocolatey
run: |
choco config get cacheLocation
choco install --no-progress cygwin
shell: cmd
- name: Install cygwin additional packages
run: |
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s https://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
shell: cmd
- name: Set ENV
shell: cmd
run: |
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV%
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest
shell: bash
run: |
if [ "${{ secrets.TokenName1}}" ] ; then
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}"
fi
if [ "${{ secrets.TokenName2}}" ] ; then
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}"
fi
if [ "${{ secrets.TokenName3}}" ] ; then
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}"
fi
if [ "${{ secrets.TokenName4}}" ] ; then
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}"
fi
if [ "${{ secrets.TokenName5}}" ] ; then
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}"
fi
cd ../acmetest
./letest.sh
FreeBSD:
runs-on: ubuntu-latest
needs: Windows
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
TestingDomain: ${{ secrets.TestingDomain }}
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }}
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
CASE: le_test_dnsapi
TEST_LOCAL: 1
DEBUG: ${{ secrets.DEBUG }}
http_proxy: ${{ secrets.http_proxy }}
https_proxy: ${{ secrets.https_proxy }}
TokenName1: ${{ secrets.TokenName1}}
TokenName2: ${{ secrets.TokenName2}}
TokenName3: ${{ secrets.TokenName3}}
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/freebsd-vm@v1
with:
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
prepare: pkg install -y socat curl
usesh: true
copyback: false
run: |
if [ "${{ secrets.TokenName1}}" ] ; then
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}"
fi
if [ "${{ secrets.TokenName2}}" ] ; then
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}"
fi
if [ "${{ secrets.TokenName3}}" ] ; then
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}"
fi
if [ "${{ secrets.TokenName4}}" ] ; then
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}"
fi
if [ "${{ secrets.TokenName5}}" ] ; then
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}"
fi
cd ../acmetest
./letest.sh
OpenBSD:
runs-on: ubuntu-latest
needs: FreeBSD
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
TestingDomain: ${{ secrets.TestingDomain }}
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }}
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
CASE: le_test_dnsapi
TEST_LOCAL: 1
DEBUG: ${{ secrets.DEBUG }}
http_proxy: ${{ secrets.http_proxy }}
https_proxy: ${{ secrets.https_proxy }}
TokenName1: ${{ secrets.TokenName1}}
TokenName2: ${{ secrets.TokenName2}}
TokenName3: ${{ secrets.TokenName3}}
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/openbsd-vm@v1
with:
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
prepare: pkg_add socat curl libiconv
usesh: true
copyback: false
run: |
if [ "${{ secrets.TokenName1}}" ] ; then
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}"
fi
if [ "${{ secrets.TokenName2}}" ] ; then
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}"
fi
if [ "${{ secrets.TokenName3}}" ] ; then
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}"
fi
if [ "${{ secrets.TokenName4}}" ] ; then
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}"
fi
if [ "${{ secrets.TokenName5}}" ] ; then
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}"
fi
cd ../acmetest
./letest.sh
NetBSD:
runs-on: ubuntu-latest
needs: OpenBSD
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
TestingDomain: ${{ secrets.TestingDomain }}
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }}
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
CASE: le_test_dnsapi
TEST_LOCAL: 1
DEBUG: ${{ secrets.DEBUG }}
http_proxy: ${{ secrets.http_proxy }}
https_proxy: ${{ secrets.https_proxy }}
TokenName1: ${{ secrets.TokenName1}}
TokenName2: ${{ secrets.TokenName2}}
TokenName3: ${{ secrets.TokenName3}}
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/netbsd-vm@v1
with:
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
prepare: |
/usr/sbin/pkg_add curl socat
usesh: true
copyback: false
run: |
if [ "${{ secrets.TokenName1}}" ] ; then
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}"
fi
if [ "${{ secrets.TokenName2}}" ] ; then
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}"
fi
if [ "${{ secrets.TokenName3}}" ] ; then
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}"
fi
if [ "${{ secrets.TokenName4}}" ] ; then
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}"
fi
if [ "${{ secrets.TokenName5}}" ] ; then
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}"
fi
cd ../acmetest
./letest.sh
DragonFlyBSD:
runs-on: ubuntu-latest
needs: NetBSD
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
TestingDomain: ${{ secrets.TestingDomain }}
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }}
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
CASE: le_test_dnsapi
TEST_LOCAL: 1
DEBUG: ${{ secrets.DEBUG }}
http_proxy: ${{ secrets.http_proxy }}
https_proxy: ${{ secrets.https_proxy }}
TokenName1: ${{ secrets.TokenName1}}
TokenName2: ${{ secrets.TokenName2}}
TokenName3: ${{ secrets.TokenName3}}
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/dragonflybsd-vm@v1
with:
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
prepare: |
pkg install -y curl socat libnghttp2
usesh: true
copyback: false
run: |
if [ "${{ secrets.TokenName1}}" ] ; then
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}"
fi
if [ "${{ secrets.TokenName2}}" ] ; then
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}"
fi
if [ "${{ secrets.TokenName3}}" ] ; then
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}"
fi
if [ "${{ secrets.TokenName4}}" ] ; then
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}"
fi
if [ "${{ secrets.TokenName5}}" ] ; then
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}"
fi
cd ../acmetest
./letest.sh
Solaris:
runs-on: ubuntu-latest
needs: DragonFlyBSD
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
TestingDomain: ${{ secrets.TestingDomain }}
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }}
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
CASE: le_test_dnsapi
TEST_LOCAL: 1
DEBUG: ${{ secrets.DEBUG }}
http_proxy: ${{ secrets.http_proxy }}
https_proxy: ${{ secrets.https_proxy }}
HTTPS_INSECURE: 1 # always set to 1 to ignore https error, since Solaris doesn't accept the expired ISRG X1 root
TokenName1: ${{ secrets.TokenName1}}
TokenName2: ${{ secrets.TokenName2}}
TokenName3: ${{ secrets.TokenName3}}
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/solaris-vm@v1
with:
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
copyback: false
prepare: pkgutil -y -i socat
run: |
pkg set-mediator -v -I default@1.1 openssl
export PATH=/usr/gnu/bin:$PATH
if [ "${{ secrets.TokenName1}}" ] ; then
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}"
fi
if [ "${{ secrets.TokenName2}}" ] ; then
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}"
fi
if [ "${{ secrets.TokenName3}}" ] ; then
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}"
fi
if [ "${{ secrets.TokenName4}}" ] ; then
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}"
fi
if [ "${{ secrets.TokenName5}}" ] ; then
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}"
fi
cd ../acmetest
./letest.sh
Omnios:
runs-on: ubuntu-latest
needs: Solaris
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
TestingDomain: ${{ secrets.TestingDomain }}
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }}
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
CASE: le_test_dnsapi
TEST_LOCAL: 1
DEBUG: ${{ secrets.DEBUG }}
http_proxy: ${{ secrets.http_proxy }}
https_proxy: ${{ secrets.https_proxy }}
HTTPS_INSECURE: 1 # always set to 1 to ignore https error, since Omnios doesn't accept the expired ISRG X1 root
TokenName1: ${{ secrets.TokenName1}}
TokenName2: ${{ secrets.TokenName2}}
TokenName3: ${{ secrets.TokenName3}}
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/omnios-vm@v1
with:
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
copyback: false
prepare: pkg install socat
run: |
if [ "${{ secrets.TokenName1}}" ] ; then
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}"
fi
if [ "${{ secrets.TokenName2}}" ] ; then
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}"
fi
if [ "${{ secrets.TokenName3}}" ] ; then
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}"
fi
if [ "${{ secrets.TokenName4}}" ] ; then
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}"
fi
if [ "${{ secrets.TokenName5}}" ] ; then
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}"
fi
cd ../acmetest
./letest.sh

71
.github/workflows/DragonFlyBSD.yml vendored Normal file
View File

@ -0,0 +1,71 @@
name: DragonFlyBSD
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/DragonFlyBSD.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/DragonFlyBSD.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
DragonFlyBSD:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v4
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
protocol: http
port: 8080
- name: Set envs
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/dragonflybsd-vm@v1
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
nat: |
"8080": "80"
prepare: |
pkg install -y curl socat libnghttp2
usesh: true
copyback: false
run: |
cd ../acmetest \
&& ./letest.sh

76
.github/workflows/FreeBSD.yml vendored Normal file
View File

@ -0,0 +1,76 @@
name: FreeBSD
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/FreeBSD.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/FreeBSD.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
FreeBSD:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
ACME_USE_WGET: 1
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v4
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
protocol: http
port: 8080
- name: Set envs
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/freebsd-vm@v1
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
nat: |
"8080": "80"
prepare: pkg install -y socat curl wget
usesh: true
copyback: false
run: |
cd ../acmetest \
&& ./letest.sh

48
.github/workflows/Linux.yml vendored Normal file
View File

@ -0,0 +1,48 @@
name: Linux
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/Linux.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/Linux.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
Linux:
strategy:
matrix:
os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"]
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_PREFERRED_CHAIN: (STAGING)
TEST_ACME_Server: "LetsEncrypt.org_test"
steps:
- uses: actions/checkout@v4
- name: Clone acmetest
run: |
cd .. \
&& git clone --depth=1 https://github.com/acmesh-official/acmetest.git \
&& cp -r acme.sh acmetest/
- name: Run acmetest
run: |
cd ../acmetest \
&& ./rundocker.sh testplat ${{ matrix.os }}

60
.github/workflows/MacOS.yml vendored Normal file
View File

@ -0,0 +1,60 @@
name: MacOS
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/MacOS.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/MacOS.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
MacOS:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: macos-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
steps:
- uses: actions/checkout@v4
- name: Install tools
run: brew install socat
- name: Clone acmetest
run: |
cd .. \
&& git clone --depth=1 https://github.com/acmesh-official/acmetest.git \
&& cp -r acme.sh acmetest/
- name: Run acmetest
run: |
cd ../acmetest \
&& sudo --preserve-env ./letest.sh

71
.github/workflows/NetBSD.yml vendored Normal file
View File

@ -0,0 +1,71 @@
name: NetBSD
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/NetBSD.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/NetBSD.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
NetBSD:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v4
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
protocol: http
port: 8080
- name: Set envs
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/netbsd-vm@v1
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
nat: |
"8080": "80"
prepare: |
/usr/sbin/pkg_add curl socat
usesh: true
copyback: false
run: |
cd ../acmetest \
&& ./letest.sh

75
.github/workflows/Omnios.yml vendored Normal file
View File

@ -0,0 +1,75 @@
name: Omnios
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/Omnios.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/Omnios.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
Omnios:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
ACME_USE_WGET: 1
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v4
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
protocol: http
port: 8080
- name: Set envs
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/omnios-vm@v1
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
nat: |
"8080": "80"
prepare: pkg install socat wget
copyback: false
run: |
cd ../acmetest \
&& ./letest.sh

76
.github/workflows/OpenBSD.yml vendored Normal file
View File

@ -0,0 +1,76 @@
name: OpenBSD
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/OpenBSD.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/OpenBSD.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
OpenBSD:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
ACME_USE_WGET: 1
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v4
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
protocol: http
port: 8080
- name: Set envs
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/openbsd-vm@v1
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
nat: |
"8080": "80"
prepare: pkg_add socat curl wget libnghttp2
usesh: true
copyback: false
run: |
cd ../acmetest \
&& ./letest.sh

72
.github/workflows/PebbleStrict.yml vendored Normal file
View File

@ -0,0 +1,72 @@
name: PebbleStrict
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/PebbleStrict.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/PebbleStrict.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
PebbleStrict:
runs-on: ubuntu-latest
env:
TestingDomain: example.com
TestingAltDomains: www.example.com
TEST_ACME_Server: https://localhost:14000/dir
HTTPS_INSECURE: 1
Le_HTTPPort: 5002
TEST_LOCAL: 1
TEST_CA: "Pebble Intermediate CA"
steps:
- uses: actions/checkout@v4
- name: Install tools
run: sudo apt-get install -y socat
- name: Run Pebble
run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker compose up -d
- name: Set up Pebble
run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest
run: cd ../acmetest && ./letest.sh
PebbleStrict_IPCert:
runs-on: ubuntu-latest
env:
TestingDomain: 1.23.45.67
TEST_ACME_Server: https://localhost:14000/dir
HTTPS_INSECURE: 1
Le_HTTPPort: 5002
Le_TLSPort: 5001
TEST_LOCAL: 1
TEST_CA: "Pebble Intermediate CA"
TEST_IPCERT: 1
steps:
- uses: actions/checkout@v4
- name: Install tools
run: sudo apt-get install -y socat
- name: Run Pebble
run: |
docker run --rm -itd --name=pebble \
-e PEBBLE_VA_ALWAYS_VALID=1 \
-p 14000:14000 -p 15000:15000 letsencrypt/pebble:latest pebble -config /test/config/pebble-config.json -strict
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest
run: cd ../acmetest && ./letest.sh

75
.github/workflows/Solaris.yml vendored Normal file
View File

@ -0,0 +1,75 @@
name: Solaris
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/Solaris.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/Solaris.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
Solaris:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
ACME_USE_WGET: 1
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v4
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
protocol: http
port: 8080
- name: Set envs
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/solaris-vm@v1
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
nat: |
"8080": "80"
prepare: pkgutil -y -i socat curl wget
copyback: false
run: |
cd ../acmetest \
&& ./letest.sh

103
.github/workflows/Ubuntu.yml vendored Normal file
View File

@ -0,0 +1,103 @@
name: Ubuntu
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/Ubuntu.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/Ubuntu.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
Ubuntu:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
ACME_USE_WGET: 1
- TEST_ACME_Server: "ZeroSSL.com"
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
CA: "ZeroSSL RSA Domain Secure Site CA"
CA_EMAIL: "githubtest@acme.sh"
TEST_PREFERRED_CHAIN: ""
- TEST_ACME_Server: "https://localhost:9000/acme/acme/directory"
CA_ECDSA: "Smallstep Intermediate CA"
CA: "Smallstep Intermediate CA"
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: ""
NO_REVOKE: 1
- TEST_ACME_Server: "https://localhost:9000/acme/acme/directory"
CA_ECDSA: "Smallstep Intermediate CA"
CA: "Smallstep Intermediate CA"
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: ""
NO_REVOKE: 1
TEST_IPCERT: 1
TestingDomain: "172.17.0.1"
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
NO_ECC_384: ${{ matrix.NO_ECC_384 }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
NO_REVOKE: ${{ matrix.NO_REVOKE }}
TEST_IPCERT: ${{ matrix.TEST_IPCERT }}
TestingDomain: ${{ matrix.TestingDomain }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v4
- name: Install tools
run: sudo apt-get install -y socat wget
- name: Start StepCA
if: ${{ matrix.TEST_ACME_Server=='https://localhost:9000/acme/acme/directory' }}
run: |
docker run --rm -d \
-p 9000:9000 \
-e "DOCKER_STEPCA_INIT_NAME=Smallstep" \
-e "DOCKER_STEPCA_INIT_DNS_NAMES=localhost,$(hostname -f)" \
-e "DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT=true" \
-e "DOCKER_STEPCA_INIT_PASSWORD=test" \
--name stepca \
smallstep/step-ca:0.23.1
sleep 5
docker exec stepca bash -c "echo test >test" \
&& docker exec stepca step ca provisioner add acme --type ACME --admin-subject step --admin-password-file=/home/step/test \
&& docker exec stepca kill -1 1 \
&& docker exec stepca cat /home/step/certs/root_ca.crt | sudo bash -c "cat - >>/etc/ssl/certs/ca-certificates.crt"
- name: Clone acmetest
run: |
cd .. \
&& git clone --depth=1 https://github.com/acmesh-official/acmetest.git \
&& cp -r acme.sh acmetest/
- name: Run acmetest
run: |
cd ../acmetest \
&& sudo --preserve-env ./letest.sh

78
.github/workflows/Windows.yml vendored Normal file
View File

@ -0,0 +1,78 @@
name: Windows
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/Windows.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/Windows.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
Windows:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: windows-latest
env:
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_LOCAL: 1
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port.
Le_HTTPPort: 8888
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
steps:
- name: Set git to use LF
run: |
git config --global core.autocrlf false
- uses: actions/checkout@v4
- name: Install cygwin base packages with chocolatey
run: |
choco config get cacheLocation
choco install --no-progress cygwin
shell: cmd
- name: Install cygwin additional packages
run: |
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s https://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git,xxd
shell: cmd
- name: Set ENV
shell: cmd
run: |
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin;%PATH% >> %GITHUB_ENV%
- name: Check ENV
shell: cmd
run: |
echo "PATH=%PATH%"
- name: Clone acmetest
shell: cmd
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest
shell: cmd
run: cd ../acmetest && bash.exe -c ./letest.sh

84
.github/workflows/dockerhub.yml vendored Normal file
View File

@ -0,0 +1,84 @@
name: Build DockerHub
on:
push:
branches:
- '*'
tags:
- '*'
paths:
- '**.sh'
- "Dockerfile"
- '.github/workflows/dockerhub.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
DOCKER_IMAGE: neilpang/acme.sh
jobs:
CheckToken:
runs-on: ubuntu-latest
outputs:
hasToken: ${{ steps.step_one.outputs.hasToken }}
env:
DOCKER_PASSWORD : ${{ secrets.DOCKER_PASSWORD }}
steps:
- name: Set the value
id: step_one
run: |
if [ "$DOCKER_PASSWORD" ] ; then
echo "hasToken=true" >>$GITHUB_OUTPUT
else
echo "hasToken=false" >>$GITHUB_OUTPUT
fi
- name: Check the value
run: echo ${{ steps.step_one.outputs.hasToken }}
build:
runs-on: ubuntu-latest
needs: CheckToken
if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
steps:
- name: checkout code
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5.5.1
with:
images: ${DOCKER_IMAGE}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: login to docker hub
run: |
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
- name: build and push the image
run: |
if [[ $GITHUB_REF == refs/tags/* ]]; then
DOCKER_IMAGE_TAG=${GITHUB_REF#refs/tags/}
fi
if [[ $GITHUB_REF == refs/heads/* ]]; then
DOCKER_IMAGE_TAG=${GITHUB_REF#refs/heads/}
if [[ $DOCKER_IMAGE_TAG == master ]]; then
DOCKER_IMAGE_TAG=latest
AUTO_UPGRADE=1
fi
fi
DOCKER_LABELS=()
while read -r label; do
DOCKER_LABELS+=(--label "${label}")
done <<<"${DOCKER_METADATA_OUTPUT_LABELS}"
docker buildx build \
--tag ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} \
"${DOCKER_LABELS[@]}" \
--output "type=image,push=true" \
--build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \
--platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386,linux/ppc64le,linux/s390x .

19
.github/workflows/issue.yml vendored Normal file
View File

@ -0,0 +1,19 @@
name: "Update issues"
on:
issues:
types: [opened]
jobs:
comment:
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@v6
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: "Please upgrade to the latest code and try again first. Maybe it's already fixed. ```acme.sh --upgrade``` If it's still not working, please provide the log with `--debug 2`, otherwise, nobody can help you."
})

30
.github/workflows/pr_dns.yml vendored Normal file
View File

@ -0,0 +1,30 @@
name: Check dns api
on:
pull_request_target:
types:
- opened
paths:
- 'dnsapi/*.sh'
jobs:
welcome:
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@v6
with:
script: |
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `**Welcome**
First thing: don't send PR to the master branch, please send to the dev branch instead.
Please make sure you've read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test).
Then reply on this message, otherwise, your code will not be reviewed or merged.
We look forward to reviewing your Pull request shortly ✨
注意: 必须通过了 [DNS-API-Test](../wiki/DNS-API-Test) 才会被 review. 无论是修改, 还是新加的 dns api, 都必须确保通过这个测试.
`
})

30
.github/workflows/pr_notify.yml vendored Normal file
View File

@ -0,0 +1,30 @@
name: Check notify api
on:
pull_request_target:
types:
- opened
branches:
- 'dev'
paths:
- 'notify/*.sh'
jobs:
welcome:
runs-on: ubuntu-latest
steps:
- uses: actions/github-script@v6
with:
script: |
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `**Welcome**
Please make sure you've read our [Code-of-conduct](../wiki/Code-of-conduct) and add the usage here: [notify](../wiki/notify).
Then reply on this message, otherwise, your code will not be reviewed or merged.
We look forward to reviewing your Pull request shortly ✨
`
})

38
.github/workflows/shellcheck.yml vendored Normal file
View File

@ -0,0 +1,38 @@
name: Shellcheck
on:
push:
branches:
- '*'
paths:
- '**.sh'
- '.github/workflows/shellcheck.yml'
pull_request:
branches:
- dev
paths:
- '**.sh'
- '.github/workflows/shellcheck.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
ShellCheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Shellcheck
run: sudo apt-get install -y shellcheck
- name: DoShellcheck
run: shellcheck -V && shellcheck -e SC2181 -e SC2089 **/*.sh && echo "shellcheck OK"
shfmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install shfmt
run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt
- name: shfmt
run: ~/shfmt -l -w -i 2 . ; git diff --exit-code && echo "shfmt OK"

View File

@ -1,38 +0,0 @@
language: shell
sudo: required
dist: trusty
os:
- linux
- osx
services:
- docker
env:
global:
- SHFMT_URL=https://github.com/mvdan/sh/releases/download/v0.4.0/shfmt_v0.4.0_linux_amd64
install:
- if [ "$TRAVIS_OS_NAME" = 'osx' ]; then
brew update && brew install socat;
export PATH="/usr/local/opt/openssl@1.1/bin:$PATH" ;
fi
script:
- echo "NGROK_TOKEN=$(echo "$NGROK_TOKEN" | wc -c)"
- command -V openssl && openssl version
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then curl -sSL $SHFMT_URL -o ~/shfmt && chmod +x ~/shfmt && ~/shfmt -l -w -i 2 . ; fi
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then git diff --exit-code && echo "shfmt OK" ; fi
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -V ; fi
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" ; fi
- cd ..
- git clone https://github.com/Neilpang/acmetest.git && cp -r acme.sh acmetest/ && cd acmetest
- if [ "$TRAVIS_OS_NAME" = "linux" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./rundocker.sh testplat ubuntu:latest ; fi
- if [ "$TRAVIS_OS_NAME" = "osx" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ACME_OPENSSL_BIN="$ACME_OPENSSL_BIN" ./letest.sh ; fi
matrix:
fast_finish: true

View File

@ -1,27 +1,32 @@
FROM alpine:3.10 FROM alpine:3.17
RUN apk update -f \ RUN apk --no-cache add -f \
&& apk --no-cache add -f \
openssl \ openssl \
openssh-client \
coreutils \ coreutils \
bind-tools \ bind-tools \
curl \ curl \
sed \
socat \ socat \
tzdata \ tzdata \
oath-toolkit-oathtool \ oath-toolkit-oathtool \
tar \ tar \
&& rm -rf /var/cache/apk/* libidn \
jq \
cronie
ENV LE_CONFIG_HOME /acme.sh ENV LE_CONFIG_HOME /acme.sh
ENV AUTO_UPGRADE 1 ARG AUTO_UPGRADE=1
ENV AUTO_UPGRADE $AUTO_UPGRADE
#Install #Install
ADD ./ /install_acme.sh/ COPY ./ /install_acme.sh/
RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) && rm -rf /install_acme.sh/ RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) && rm -rf /install_acme.sh/
RUN ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh && crontab -l | grep acme.sh | sed 's#> /dev/null##' | crontab - RUN ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh && crontab -l | grep acme.sh | sed 's#> /dev/null#> /proc/1/fd/1 2>/proc/1/fd/2#' | crontab -
RUN for verb in help \ RUN for verb in help \
version \ version \
@ -37,6 +42,7 @@ RUN for verb in help \
revoke \ revoke \
remove \ remove \
list \ list \
info \
showcsr \ showcsr \
install-cronjob \ install-cronjob \
uninstall-cronjob \ uninstall-cronjob \
@ -51,17 +57,18 @@ RUN for verb in help \
deactivate \ deactivate \
deactivate-account \ deactivate-account \
set-notify \ set-notify \
set-default-ca \
set-default-chain \
; do \ ; do \
printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \ printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
; done ; done
RUN printf "%b" '#!'"/usr/bin/env sh\n \ RUN printf "%b" '#!'"/usr/bin/env sh\n \
if [ \"\$1\" = \"daemon\" ]; then \n \ if [ \"\$1\" = \"daemon\" ]; then \n \
trap \"echo stop && killall crond && exit 0\" SIGTERM SIGINT \n \ exec crond -n -s -m off \n \
crond && while true; do sleep 1; done;\n \
else \n \ else \n \
exec -- \"\$@\"\n \ exec -- \"\$@\"\n \
fi" >/entry.sh && chmod +x /entry.sh fi\n" >/entry.sh && chmod +x /entry.sh
VOLUME /acme.sh VOLUME /acme.sh

173
README.md
View File

@ -1,81 +1,108 @@
# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh) # An ACME Shell script: acme.sh
[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml)
[![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml)
[![NetBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml)
[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml)
[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)
[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)
[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)
[![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml)
[![Omnios](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml)
![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg)
![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg)
<a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a>
[![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
[![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
<a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a> [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
- An ACME protocol client written purely in Shell (Unix shell) language. - An ACME protocol client written purely in Shell (Unix shell) language.
- Full ACME protocol implementation. - Full ACME protocol implementation.
- Support ACME v1 and ACME v2 - Support ECDSA certs
- Support ACME v2 wildcard certs - Support SAN and wildcard certs
- Simple, powerful and very easy to use. You only need 3 minutes to learn it. - Simple, powerful and very easy to use. You only need 3 minutes to learn it.
- Bash, dash and sh compatible. - Bash, dash and sh compatible.
- Simplest shell script for Let's Encrypt free certificate client. - Purely written in Shell with no dependencies on python.
- Purely written in Shell with no dependencies on python or the official Let's Encrypt client.
- Just one script to issue, renew and install your certificates automatically. - Just one script to issue, renew and install your certificates automatically.
- DOES NOT require `root/sudoer` access. - DOES NOT require `root/sudoer` access.
- Docker friendly - Docker ready
- IPv6 support - IPv6 ready
- Cron job notifications for renewal or error etc. - Cron job notifications for renewal or error etc.
It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt. It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates.
Wiki: https://github.com/Neilpang/acme.sh/wiki Wiki: https://github.com/acmesh-official/acme.sh/wiki
For Docker Fans: [acme.sh :two_hearts: Docker ](https://github.com/Neilpang/acme.sh/wiki/Run-acme.sh-in-docker) For Docker Fans: [acme.sh :two_hearts: Docker ](https://github.com/acmesh-official/acme.sh/wiki/Run-acme.sh-in-docker)
Twitter: [@neilpangxa](https://twitter.com/neilpangxa) Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
# [中文说明](https://github.com/Neilpang/acme.sh/wiki/%E8%AF%B4%E6%98%8E) # [中文说明](https://github.com/acmesh-official/acme.sh/wiki/%E8%AF%B4%E6%98%8E)
# Who: # Who:
- [FreeBSD.org](https://blog.crashed.org/letsencrypt-in-freebsd-org/) - [FreeBSD.org](https://blog.crashed.org/letsencrypt-in-freebsd-org/)
- [ruby-china.org](https://ruby-china.org/topics/31983) - [ruby-china.org](https://ruby-china.org/topics/31983)
- [Proxmox](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x_and_newer)) - [Proxmox](https://pve.proxmox.com/wiki/Certificate_Management)
- [pfsense](https://github.com/pfsense/FreeBSD-ports/pull/89) - [pfsense](https://github.com/pfsense/FreeBSD-ports/pull/89)
- [webfaction](https://community.webfaction.com/questions/19988/using-letsencrypt)
- [Loadbalancer.org](https://www.loadbalancer.org/blog/loadbalancer-org-with-lets-encrypt-quick-and-dirty) - [Loadbalancer.org](https://www.loadbalancer.org/blog/loadbalancer-org-with-lets-encrypt-quick-and-dirty)
- [discourse.org](https://meta.discourse.org/t/setting-up-lets-encrypt/40709) - [discourse.org](https://meta.discourse.org/t/setting-up-lets-encrypt/40709)
- [Centminmod](https://centminmod.com/letsencrypt-acmetool-https.html) - [Centminmod](https://centminmod.com/letsencrypt-acmetool-https.html)
- [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297) - [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297)
- [archlinux](https://www.archlinux.org/packages/community/any/acme.sh)
- [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient) - [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient)
- [CentOS Web Panel](http://centos-webpanel.com/) - [CentOS Web Panel](https://control-webpanel.com)
- [lnmp.org](https://lnmp.org/) - [lnmp.org](https://lnmp.org/)
- [more...](https://github.com/Neilpang/acme.sh/wiki/Blogs-and-tutorials) - [more...](https://github.com/acmesh-official/acme.sh/wiki/Blogs-and-tutorials)
# Tested OS # Tested OS
| NO | Status| Platform| | NO | Status| Platform|
|----|-------|---------| |----|-------|---------|
|1|[![](https://neilpang.github.io/acmetest/status/ubuntu-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)| Ubuntu |1|[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml)|Mac OSX
|2|[![](https://neilpang.github.io/acmetest/status/debian-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)| Debian |2|[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)|Windows (cygwin with curl, openssl and crontab included)
|3|[![](https://neilpang.github.io/acmetest/status/centos-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|CentOS |3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml)|FreeBSD
|4|[![](https://neilpang.github.io/acmetest/status/windows-cygwin.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Windows (cygwin with curl, openssl and crontab included) |4|[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)|Solaris
|5|[![](https://neilpang.github.io/acmetest/status/freebsd.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|FreeBSD |5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)| Ubuntu
|6|[![](https://neilpang.github.io/acmetest/status/pfsense.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|pfsense |6|NA|pfsense
|7|[![](https://neilpang.github.io/acmetest/status/opensuse-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|openSUSE |7|[![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml)|OpenBSD
|8|[![](https://neilpang.github.io/acmetest/status/alpine-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Alpine Linux (with curl) |8|[![NetBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml)|NetBSD
|9|[![](https://neilpang.github.io/acmetest/status/base-archlinux.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Archlinux |9|[![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml)|DragonFlyBSD
|10|[![](https://neilpang.github.io/acmetest/status/fedora-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|fedora |10|[![Omnios](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml)|Omnios
|11|[![](https://neilpang.github.io/acmetest/status/kalilinux-kali-linux-docker.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Kali Linux |11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian
|12|[![](https://neilpang.github.io/acmetest/status/oraclelinux-latest.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Oracle Linux |12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS
|13|[![](https://neilpang.github.io/acmetest/status/proxmox.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)| Proxmox https://pve.proxmox.com/wiki/HTTPSCertificateConfiguration#Let.27s_Encrypt_using_acme.sh |13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE
|14|-----| Cloud Linux https://github.com/Neilpang/le/issues/111 |14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl)
|15|[![](https://neilpang.github.io/acmetest/status/openbsd.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|OpenBSD |15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux
|16|[![](https://neilpang.github.io/acmetest/status/mageia.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Mageia |16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora
|17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/Neilpang/acme.sh/wiki/How-to-run-on-OpenWRT) |17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux
|18|[![](https://neilpang.github.io/acmetest/status/solaris.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|SunOS/Solaris |18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux
|19|[![](https://neilpang.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/Neilpang/letest#here-are-the-latest-status)|Gentoo Linux |19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia
|20|[![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh)|Mac OSX |10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux
|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux
|22|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111
|23|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
|24|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management)
For all build statuses, check our [weekly build project](https://github.com/Neilpang/acmetest):
https://github.com/Neilpang/acmetest Check our [testing project](https://github.com/acmesh-official/acmetest):
https://github.com/acmesh-official/acmetest
# Supported CA # Supported CA
- Letsencrypt.org CA(default) - [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)(default)
- [BuyPass.com CA](https://github.com/Neilpang/acme.sh/wiki/BuyPass.com-CA) - Letsencrypt.org CA
- [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA)
- [SSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA)
- [Google.com Public CA](https://github.com/acmesh-official/acme.sh/wiki/Google-Public-CA)
- [Pebble strict Mode](https://github.com/letsencrypt/pebble) - [Pebble strict Mode](https://github.com/letsencrypt/pebble)
- Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA
# Supported modes # Supported modes
@ -85,24 +112,24 @@ https://github.com/Neilpang/acmetest
- Apache mode - Apache mode
- Nginx mode - Nginx mode
- DNS mode - DNS mode
- [DNS alias mode](https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode) - [DNS alias mode](https://github.com/acmesh-official/acme.sh/wiki/DNS-alias-mode)
- [Stateless mode](https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode) - [Stateless mode](https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mode)
# 1. How to install # 1. How to install
### 1. Install online ### 1. Install online
Check this project: https://github.com/Neilpang/get.acme.sh Check this project: https://github.com/acmesh-official/get.acme.sh
```bash ```bash
curl https://get.acme.sh | sh curl https://get.acme.sh | sh -s email=my@example.com
``` ```
Or: Or:
```bash ```bash
wget -O - https://get.acme.sh | sh wget -O - https://get.acme.sh | sh -s email=my@example.com
``` ```
@ -111,14 +138,14 @@ wget -O - https://get.acme.sh | sh
Clone this project and launch installation: Clone this project and launch installation:
```bash ```bash
git clone https://github.com/Neilpang/acme.sh.git git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh cd ./acme.sh
./acme.sh --install ./acme.sh --install -m my@example.com
``` ```
You `don't have to be root` then, although `it is recommended`. You `don't have to be root` then, although `it is recommended`.
Advanced Installation: https://github.com/Neilpang/acme.sh/wiki/How-to-install Advanced Installation: https://github.com/acmesh-official/acme.sh/wiki/How-to-install
The installer will perform 3 actions: The installer will perform 3 actions:
@ -180,7 +207,7 @@ The certs will be placed in `~/.acme.sh/example.com/`
The certs will be renewed automatically every **60** days. The certs will be renewed automatically every **60** days.
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert
# 3. Install the cert to Apache/Nginx etc. # 3. Install the cert to Apache/Nginx etc.
@ -226,7 +253,7 @@ Port `80` (TCP) **MUST** be free to listen on, otherwise you will be prompted to
acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com
``` ```
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert
# 5. Use Standalone ssl server to issue cert # 5. Use Standalone ssl server to issue cert
@ -238,14 +265,14 @@ Port `443` (TCP) **MUST** be free to listen on, otherwise you will be prompted t
acme.sh --issue --alpn -d example.com -d www.example.com -d cp.example.com acme.sh --issue --alpn -d example.com -d www.example.com -d cp.example.com
``` ```
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert
# 6. Use Apache mode # 6. Use Apache mode
**(requires you to be root/sudoer, since it is required to interact with Apache server)** **(requires you to be root/sudoer, since it is required to interact with Apache server)**
If you are running a web server, Apache or Nginx, it is recommended to use the `Webroot mode`. If you are running a web server, it is recommended to use the `Webroot mode`.
Particularly, if you are running an Apache server, you can use Apache mode instead. This mode doesn't write any files to your web root folder. Particularly, if you are running an Apache server, you can use Apache mode instead. This mode doesn't write any files to your web root folder.
@ -257,15 +284,15 @@ acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com
**This apache mode is only to issue the cert, it will not change your apache config files. **This apache mode is only to issue the cert, it will not change your apache config files.
You will need to configure your website config files to use the cert by yourself. You will need to configure your website config files to use the cert by yourself.
We don't want to mess your apache server, don't worry.** We don't want to mess with your apache server, don't worry.**
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert
# 7. Use Nginx mode # 7. Use Nginx mode
**(requires you to be root/sudoer, since it is required to interact with Nginx server)** **(requires you to be root/sudoer, since it is required to interact with Nginx server)**
If you are running a web server, Apache or Nginx, it is recommended to use the `Webroot mode`. If you are running a web server, it is recommended to use the `Webroot mode`.
Particularly, if you are running an nginx server, you can use nginx mode instead. This mode doesn't write any files to your web root folder. Particularly, if you are running an nginx server, you can use nginx mode instead. This mode doesn't write any files to your web root folder.
@ -281,9 +308,9 @@ acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com
**This nginx mode is only to issue the cert, it will not change your nginx config files. **This nginx mode is only to issue the cert, it will not change your nginx config files.
You will need to configure your website config files to use the cert by yourself. You will need to configure your website config files to use the cert by yourself.
We don't want to mess your nginx server, don't worry.** We don't want to mess with your nginx server, don't worry.**
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert More examples: https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert
# 8. Automatic DNS API integration # 8. Automatic DNS API integration
@ -293,13 +320,13 @@ You don't have to do anything manually!
### Currently acme.sh supports most of the dns providers: ### Currently acme.sh supports most of the dns providers:
https://github.com/Neilpang/acme.sh/wiki/dnsapi https://github.com/acmesh-official/acme.sh/wiki/dnsapi
# 9. Use DNS manual mode: # 9. Use DNS manual mode:
See: https://github.com/Neilpang/acme.sh/wiki/dns-manual-mode first. See: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode first.
If your dns provider doesn't support any api access, you can add the txt record by your hand. If your dns provider doesn't support any api access, you can add the txt record by hand.
```bash ```bash
acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com acme.sh --issue --dns -d example.com -d www.example.com -d cp.example.com
@ -333,10 +360,6 @@ Ok, it's done.
# 10. Issue ECC certificates # 10. Issue ECC certificates
`Let's Encrypt` can now issue **ECDSA** certificates.
And we support them too!
Just set the `keylength` parameter with a prefix `ec-`. Just set the `keylength` parameter with a prefix `ec-`.
For example: For example:
@ -357,10 +380,12 @@ Please look at the `keylength` parameter above.
Valid values are: Valid values are:
1. **ec-256 (prime256v1, "ECDSA P-256")** 1. **ec-256 (prime256v1, "ECDSA P-256", which is the default key type)**
2. **ec-384 (secp384r1, "ECDSA P-384")** 2. **ec-384 (secp384r1, "ECDSA P-384")**
3. **ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)** 3. **ec-521 (secp521r1, "ECDSA P-521", which is not supported by Let's Encrypt yet.)**
4. **2048 (RSA2048)**
5. **3072 (RSA3072)**
6. **4096 (RSA4096)**
# 11. Issue Wildcard certificates # 11. Issue Wildcard certificates
@ -430,12 +455,12 @@ acme.sh --upgrade --auto-upgrade 0
# 15. Issue a cert from an existing CSR # 15. Issue a cert from an existing CSR
https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR https://github.com/acmesh-official/acme.sh/wiki/Issue-a-cert-from-existing-CSR
# 16. Send notifications in cronjob # 16. Send notifications in cronjob
https://github.com/Neilpang/acme.sh/wiki/notify https://github.com/acmesh-official/acme.sh/wiki/notify
# 17. Under the Hood # 17. Under the Hood
@ -455,8 +480,8 @@ TODO:
### Code Contributors ### Code Contributors
This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)]. This project exists thanks to all the people who contribute.
<a href="https://github.com/Neilpang/acme.sh/graphs/contributors"><img src="https://opencollective.com/acmesh/contributors.svg?width=890&button=false" /></a> <a href="https://github.com/acmesh-official/acme.sh/graphs/contributors"><img src="https://opencollective.com/acmesh/contributors.svg?width=890&button=false" /></a>
### Financial Contributors ### Financial Contributors
@ -481,13 +506,15 @@ Support this project with your organization. Your logo will show up here with a
<a href="https://opencollective.com/acmesh/organization/8/website"><img src="https://opencollective.com/acmesh/organization/8/avatar.svg"></a> <a href="https://opencollective.com/acmesh/organization/8/website"><img src="https://opencollective.com/acmesh/organization/8/avatar.svg"></a>
<a href="https://opencollective.com/acmesh/organization/9/website"><img src="https://opencollective.com/acmesh/organization/9/avatar.svg"></a> <a href="https://opencollective.com/acmesh/organization/9/website"><img src="https://opencollective.com/acmesh/organization/9/avatar.svg"></a>
# 19. License & Others # 19. License & Others
License is GPLv3 License is GPLv3
Please Star and Fork me. Please Star and Fork me.
[Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcome. [Issues](https://github.com/acmesh-official/acme.sh/issues) and [pull requests](https://github.com/acmesh-official/acme.sh/pulls) are welcome.
# 20. Donate # 20. Donate
@ -495,4 +522,4 @@ Your donation makes **acme.sh** better:
1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/) 1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/)
[Donate List](https://github.com/Neilpang/acme.sh/wiki/Donate-list) [Donate List](https://github.com/acmesh-official/acme.sh/wiki/Donate-list)

3049
acme.sh

File diff suppressed because it is too large Load Diff

View File

@ -2,5 +2,5 @@
deploy hook usage: deploy hook usage:
https://github.com/Neilpang/acme.sh/wiki/deployhooks https://github.com/acmesh-official/acme.sh/wiki/deployhooks

88
deploy/ali_cdn.sh Normal file
View File

@ -0,0 +1,88 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034,SC2154
# Script to create certificate to Alibaba Cloud CDN
#
# Docs: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#33-deploy-your-certificate-to-cdn-or-dcdn-of-alibaba-cloud-aliyun
#
# This deployment required following variables
# export Ali_Key="ALIACCESSKEY"
# export Ali_Secret="ALISECRETKEY"
# The credentials are shared with all the Alibaba Cloud deploy hooks and dnsapi
#
# To specify the CDN domain that is different from the certificate CN, usually used for multi-domain or wildcard certificates
# export DEPLOY_ALI_CDN_DOMAIN="cdn.example.com"
# If you have multiple CDN domains using the same certificate, just
# export DEPLOY_ALI_CDN_DOMAIN="cdn1.example.com cdn2.example.com"
#
# For DCDN, see ali_dcdn deploy hook
Ali_CDN_API="https://cdn.aliyuncs.com/"
ali_cdn_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
# Load dnsapi/dns_ali.sh to reduce the duplicated codes
# https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276
dnsapi_ali="$(_findHook "$_cdomain" "$_SUB_FOLDER_DNSAPI" dns_ali)"
# shellcheck source=/dev/null
if ! . "$dnsapi_ali"; then
_err "Error loading file $dnsapi_ali. Please check your API file and try again."
return 1
fi
_prepare_ali_credentials || return 1
_getdeployconf DEPLOY_ALI_CDN_DOMAIN
if [ "$DEPLOY_ALI_CDN_DOMAIN" ]; then
_savedeployconf DEPLOY_ALI_CDN_DOMAIN "$DEPLOY_ALI_CDN_DOMAIN"
else
DEPLOY_ALI_CDN_DOMAIN="$_cdomain"
fi
# read cert and key files and urlencode both
_cert=$(_url_encode upper-hex <"$_cfullchain")
_key=$(_url_encode upper-hex <"$_ckey")
_debug2 _cert "$_cert"
_debug2 _key "$_key"
## update domain ssl config
for domain in $DEPLOY_ALI_CDN_DOMAIN; do
_set_cdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key"
if _ali_rest "Set CDN domain SSL certificate for $domain" "" POST; then
_info "Domain $domain certificate has been deployed successfully"
fi
done
return 0
}
# domain pub pri
_set_cdn_domain_ssl_certificate_query() {
endpoint=$Ali_CDN_API
query=''
query=$query'AccessKeyId='$Ali_Key
query=$query'&Action=SetCdnDomainSSLCertificate'
query=$query'&CertType=upload'
query=$query'&DomainName='$1
query=$query'&Format=json'
query=$query'&SSLPri='$3
query=$query'&SSLProtocol=on'
query=$query'&SSLPub='$2
query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0'
query=$query'&Timestamp='$(_timestamp)
query=$query'&Version=2018-05-10'
}

88
deploy/ali_dcdn.sh Normal file
View File

@ -0,0 +1,88 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034,SC2154
# Script to create certificate to Alibaba Cloud DCDN
#
# Docs: https://github.com/acmesh-official/acme.sh/wiki/deployhooks#33-deploy-your-certificate-to-cdn-or-dcdn-of-alibaba-cloud-aliyun
#
# This deployment required following variables
# export Ali_Key="ALIACCESSKEY"
# export Ali_Secret="ALISECRETKEY"
# The credentials are shared with all the Alibaba Cloud deploy hooks and dnsapi
#
# To specify the DCDN domain that is different from the certificate CN, usually used for multi-domain or wildcard certificates
# export DEPLOY_ALI_DCDN_DOMAIN="dcdn.example.com"
# If you have multiple CDN domains using the same certificate, just
# export DEPLOY_ALI_DCDN_DOMAIN="dcdn1.example.com dcdn2.example.com"
#
# For regular CDN, see ali_cdn deploy hook
Ali_DCDN_API="https://dcdn.aliyuncs.com/"
ali_dcdn_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
# Load dnsapi/dns_ali.sh to reduce the duplicated codes
# https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276
dnsapi_ali="$(_findHook "$_cdomain" "$_SUB_FOLDER_DNSAPI" dns_ali)"
# shellcheck source=/dev/null
if ! . "$dnsapi_ali"; then
_err "Error loading file $dnsapi_ali. Please check your API file and try again."
return 1
fi
_prepare_ali_credentials || return 1
_getdeployconf DEPLOY_ALI_DCDN_DOMAIN
if [ "$DEPLOY_ALI_DCDN_DOMAIN" ]; then
_savedeployconf DEPLOY_ALI_DCDN_DOMAIN "$DEPLOY_ALI_DCDN_DOMAIN"
else
DEPLOY_ALI_DCDN_DOMAIN="$_cdomain"
fi
# read cert and key files and urlencode both
_cert=$(_url_encode upper-hex <"$_cfullchain")
_key=$(_url_encode upper-hex <"$_ckey")
_debug2 _cert "$_cert"
_debug2 _key "$_key"
## update domain ssl config
for domain in $DEPLOY_ALI_DCDN_DOMAIN; do
_set_dcdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key"
if _ali_rest "Set DCDN domain SSL certificate for $domain" "" POST; then
_info "Domain $domain certificate has been deployed successfully"
fi
done
return 0
}
# domain pub pri
_set_dcdn_domain_ssl_certificate_query() {
endpoint=$Ali_DCDN_API
query=''
query=$query'AccessKeyId='$Ali_Key
query=$query'&Action=SetDcdnDomainSSLCertificate'
query=$query'&CertType=upload'
query=$query'&DomainName='$1
query=$query'&Format=json'
query=$query'&SSLPri='$3
query=$query'&SSLProtocol=on'
query=$query'&SSLPub='$2
query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0'
query=$query'&Timestamp='$(_timestamp)
query=$query'&Version=2018-01-15'
}

92
deploy/cleverreach.sh Normal file
View File

@ -0,0 +1,92 @@
#!/usr/bin/env sh
# Here is the script to deploy the cert to your CleverReach Account using the CleverReach REST API.
# Your OAuth needs the right scope, please contact CleverReach support for that.
#
# Written by Jan-Philipp Benecke <github@bnck.me>
# Public domain, 2020
#
# Following environment variables must be set:
#
#export DEPLOY_CLEVERREACH_CLIENT_ID=myid
#export DEPLOY_CLEVERREACH_CLIENT_SECRET=mysecret
cleverreach_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_rest_endpoint="https://rest.cleverreach.com"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
_getdeployconf DEPLOY_CLEVERREACH_CLIENT_ID
_getdeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET
_getdeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID
if [ -z "${DEPLOY_CLEVERREACH_CLIENT_ID}" ]; then
_err "CleverReach Client ID is not found, please define DEPLOY_CLEVERREACH_CLIENT_ID."
return 1
fi
if [ -z "${DEPLOY_CLEVERREACH_CLIENT_SECRET}" ]; then
_err "CleverReach client secret is not found, please define DEPLOY_CLEVERREACH_CLIENT_SECRET."
return 1
fi
_savedeployconf DEPLOY_CLEVERREACH_CLIENT_ID "${DEPLOY_CLEVERREACH_CLIENT_ID}"
_savedeployconf DEPLOY_CLEVERREACH_CLIENT_SECRET "${DEPLOY_CLEVERREACH_CLIENT_SECRET}"
_savedeployconf DEPLOY_CLEVERREACH_SUBCLIENT_ID "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
_info "Obtaining a CleverReach access token"
_data="{\"grant_type\": \"client_credentials\", \"client_id\": \"${DEPLOY_CLEVERREACH_CLIENT_ID}\", \"client_secret\": \"${DEPLOY_CLEVERREACH_CLIENT_SECRET}\"}"
_auth_result="$(_post "$_data" "$_rest_endpoint/oauth/token.php" "" "POST" "application/json")"
_debug _data "$_data"
_debug _auth_result "$_auth_result"
_regex=".*\"access_token\":\"\([-._0-9A-Za-z]*\)\".*$"
_debug _regex "$_regex"
_access_token=$(echo "$_auth_result" | _json_decode | sed -n "s/$_regex/\1/p")
_debug _subclient "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
if [ -n "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then
_info "Obtaining token for sub-client ${DEPLOY_CLEVERREACH_SUBCLIENT_ID}"
export _H1="Authorization: Bearer ${_access_token}"
_subclient_token_result="$(_get "$_rest_endpoint/v3/clients/$DEPLOY_CLEVERREACH_SUBCLIENT_ID/token")"
_access_token=$(echo "$_subclient_token_result" | sed -n "s/\"//p")
_debug _subclient_token_result "$_access_token"
_info "Destroying parent token at CleverReach, as it not needed anymore"
_destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")"
_debug _destroy_result "$_destroy_result"
fi
_info "Uploading certificate and key to CleverReach"
_certData="{\"cert\":\"$(_json_encode <"$_cfullchain")\", \"key\":\"$(_json_encode <"$_ckey")\"}"
export _H1="Authorization: Bearer ${_access_token}"
_add_cert_result="$(_post "$_certData" "$_rest_endpoint/v3/ssl" "" "POST" "application/json")"
if [ -z "${DEPLOY_CLEVERREACH_SUBCLIENT_ID}" ]; then
_info "Destroying token at CleverReach, as it not needed anymore"
_destroy_result="$(_post "" "$_rest_endpoint/v3/oauth/token.json" "" "DELETE" "application/json")"
_debug _destroy_result "$_destroy_result"
fi
if ! echo "$_add_cert_result" | grep '"error":' >/dev/null; then
_info "Uploaded certificate successfully"
return 0
else
_debug _add_cert_result "$_add_cert_result"
_err "Unable to update certificate"
return 1
fi
}

98
deploy/consul.sh Normal file
View File

@ -0,0 +1,98 @@
#!/usr/bin/env sh
# Here is a script to deploy cert to hashicorp consul using curl
# (https://www.consul.io/)
#
# it requires following environment variables:
#
# CONSUL_PREFIX - this contains the prefix path in consul
# CONSUL_HTTP_ADDR - consul requires this to find your consul server
#
# additionally, you need to ensure that CONSUL_HTTP_TOKEN is available
# to access the consul server
#returns 0 means success, otherwise error.
######## Public functions #####################
#domain keyfile certfile cafile fullchain
consul_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
# validate required env vars
_getdeployconf CONSUL_PREFIX
if [ -z "$CONSUL_PREFIX" ]; then
_err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)"
return 1
fi
_savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX"
_getdeployconf CONSUL_HTTP_ADDR
if [ -z "$CONSUL_HTTP_ADDR" ]; then
_err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)"
return 1
fi
_savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR"
CONSUL_CMD=$(command -v consul)
# force CLI, but the binary does not exist => error
if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then
_err "Cannot find the consul binary!"
return 1
fi
# use the CLI first
if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then
_info "Found consul binary, deploying with CLI"
consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX"
else
_info "Did not find consul binary, deploying with API"
consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN"
fi
}
consul_deploy_api() {
CONSUL_HTTP_ADDR="$1"
CONSUL_PREFIX="$2"
CONSUL_HTTP_TOKEN="$3"
URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX"
export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN"
if [ -n "$FABIO" ]; then
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1
_post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1
else
_post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1
_post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1
_post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1
fi
}
consul_deploy_cli() {
CONSUL_CMD="$1"
CONSUL_PREFIX="$2"
if [ -n "$FABIO" ]; then
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1
else
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
fi
}

View File

@ -3,18 +3,29 @@
# Uses command line uapi. --user option is needed only if run as root. # Uses command line uapi. --user option is needed only if run as root.
# Returns 0 when success. # Returns 0 when success.
# #
# Configure DEPLOY_CPANEL_AUTO_<...> options to enable or restrict automatic
# detection of deployment targets through UAPI (if not set, defaults below are used.)
# - ENABLED : 'true' for multi-site / wildcard capability; otherwise single-site mode.
# - NOMATCH : 'true' to allow deployment to sites that do not match the certificate.
# - INCLUDE : Comma-separated list - sites must match this field.
# - EXCLUDE : Comma-separated list - sites must NOT match this field.
# INCLUDE/EXCLUDE both support non-lexical, glob-style matches using '*'
#
# Please note that I am no longer using Github. If you want to report an issue # Please note that I am no longer using Github. If you want to report an issue
# or contact me, visit https://forum.webseodesigners.com/web-design-seo-and-hosting-f16/ # or contact me, visit https://forum.webseodesigners.com/web-design-seo-and-hosting-f16/
# #
# Written by Santeri Kannisto <santeri.kannisto@webseodesigners.com> # Written by Santeri Kannisto <santeri.kannisto@webseodesigners.com>
# Public domain, 2017-2018 # Public domain, 2017-2018
#
# export DEPLOY_CPANEL_USER=myusername # export DEPLOY_CPANEL_USER=myusername
# export DEPLOY_CPANEL_AUTO_ENABLED='true'
# export DEPLOY_CPANEL_AUTO_NOMATCH='false'
# export DEPLOY_CPANEL_AUTO_INCLUDE='*'
# export DEPLOY_CPANEL_AUTO_EXCLUDE=''
######## Public functions ##################### ######## Public functions #####################
#domain keyfile certfile cafile fullchain #domain keyfile certfile cafile fullchain
cpanel_uapi_deploy() { cpanel_uapi_deploy() {
_cdomain="$1" _cdomain="$1"
_ckey="$2" _ckey="$2"
@ -22,6 +33,9 @@ cpanel_uapi_deploy() {
_cca="$4" _cca="$4"
_cfullchain="$5" _cfullchain="$5"
# re-declare vars inherited from acme.sh but not passed to make ShellCheck happy
: "${Le_Alt:=""}"
_debug _cdomain "$_cdomain" _debug _cdomain "$_cdomain"
_debug _ckey "$_ckey" _debug _ckey "$_ckey"
_debug _ccert "$_ccert" _debug _ccert "$_ccert"
@ -32,25 +46,120 @@ cpanel_uapi_deploy() {
_err "The command uapi is not found." _err "The command uapi is not found."
return 1 return 1
fi fi
# declare useful constants
uapi_error_response='status: 0'
# read cert and key files and urlencode both # read cert and key files and urlencode both
_cert=$(_url_encode <"$_ccert") _cert=$(_url_encode <"$_ccert")
_key=$(_url_encode <"$_ckey") _key=$(_url_encode <"$_ckey")
_debug _cert "$_cert" _debug2 _cert "$_cert"
_debug _key "$_key" _debug2 _key "$_key"
if [ "$(id -u)" = 0 ]; then if [ "$(id -u)" = 0 ]; then
if [ -z "$DEPLOY_CPANEL_USER" ]; then _getdeployconf DEPLOY_CPANEL_USER
# fallback to _readdomainconf for old installs
if [ -z "${DEPLOY_CPANEL_USER:=$(_readdomainconf DEPLOY_CPANEL_USER)}" ]; then
_err "It seems that you are root, please define the target user name: export DEPLOY_CPANEL_USER=username" _err "It seems that you are root, please define the target user name: export DEPLOY_CPANEL_USER=username"
return 1 return 1
fi fi
_savedomainconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER" _debug DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
_response=$(uapi --user="$DEPLOY_CPANEL_USER" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key") _savedeployconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
_uapi_user="$DEPLOY_CPANEL_USER"
fi
# Load all AUTO envars and set defaults - see above for usage
__cpanel_initautoparam ENABLED 'true'
__cpanel_initautoparam NOMATCH 'false'
__cpanel_initautoparam INCLUDE '*'
__cpanel_initautoparam EXCLUDE ''
# Auto mode
if [ "$DEPLOY_CPANEL_AUTO_ENABLED" = "true" ]; then
# call API for site config
_response=$(uapi DomainInfo list_domains)
# exit if error in response
if [ -z "$_response" ] || [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
_err "Error in deploying certificate - cannot retrieve sitelist:"
_err "\n$_response"
return 1
fi
# parse response to create site list
sitelist=$(__cpanel_parse_response "$_response")
_debug "UAPI sites found: $sitelist"
# filter sitelist using configured domains
# skip if NOMATCH is "true"
if [ "$DEPLOY_CPANEL_AUTO_NOMATCH" = "true" ]; then
_debug "DEPLOY_CPANEL_AUTO_NOMATCH is true"
_info "UAPI nomatch mode is enabled - Will not validate sites are valid for the certificate"
else
_debug "DEPLOY_CPANEL_AUTO_NOMATCH is false"
d="$(echo "${Le_Alt}," | sed -e "s/^$_cdomain,//" -e "s/,$_cdomain,/,/")"
d="$(echo "$_cdomain,$d" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\[\^\.\]\*/g')"
sitelist="$(echo "$sitelist" | grep -ix "$d")"
_debug2 "Matched UAPI sites: $sitelist"
fi
# filter sites that do not match $DEPLOY_CPANEL_AUTO_INCLUDE
_info "Applying sitelist filter DEPLOY_CPANEL_AUTO_INCLUDE: $DEPLOY_CPANEL_AUTO_INCLUDE"
sitelist="$(echo "$sitelist" | grep -ix "$(echo "$DEPLOY_CPANEL_AUTO_INCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")"
_debug2 "Remaining sites: $sitelist"
# filter sites that match $DEPLOY_CPANEL_AUTO_EXCLUDE
_info "Applying sitelist filter DEPLOY_CPANEL_AUTO_EXCLUDE: $DEPLOY_CPANEL_AUTO_EXCLUDE"
sitelist="$(echo "$sitelist" | grep -vix "$(echo "$DEPLOY_CPANEL_AUTO_EXCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")"
_debug2 "Remaining sites: $sitelist"
# counter for success / failure check
successes=0
if [ -n "$sitelist" ]; then
sitetotal="$(echo "$sitelist" | wc -l)"
_debug "$sitetotal sites to deploy"
else
sitetotal=0
_debug "No sites to deploy"
fi
# for each site: call uapi to publish cert and log result. Only return failure if all fail
for site in $sitelist; do
# call uapi to publish cert, check response for errors and log them.
if [ -n "$_uapi_user" ]; then
_response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$site" cert="$_cert" key="$_key")
else
_response=$(uapi SSL install_ssl domain="$site" cert="$_cert" key="$_key")
fi
if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
_err "Error in deploying certificate to $site:"
_err "$_response"
else
successes=$((successes + 1))
_debug "$_response"
_info "Succcessfully deployed to $site"
fi
done
# Raise error if all updates fail
if [ "$sitetotal" -gt 0 ] && [ "$successes" -eq 0 ]; then
_err "Could not deploy to any of $sitetotal sites via UAPI"
_debug "successes: $successes, sitetotal: $sitetotal"
return 1
fi
_info "Successfully deployed certificate to $successes of $sitetotal sites via UAPI"
return 0
else
# "classic" mode - will only try to deploy to the primary domain; will not check UAPI first
if [ -n "$_uapi_user" ]; then
_response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
else else
_response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key") _response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
fi fi
error_response="status: 0"
if test "${_response#*$error_response}" != "$_response"; then if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
_err "Error in deploying certificate:" _err "Error in deploying certificate:"
_err "$_response" _err "$_response"
return 1 return 1
@ -59,4 +168,44 @@ cpanel_uapi_deploy() {
_debug response "$_response" _debug response "$_response"
_info "Certificate successfully deployed" _info "Certificate successfully deployed"
return 0 return 0
fi
}
######## Private functions #####################
# Internal utility to process YML from UAPI - looks at main_domain, sub_domains, addon domains and parked domains
#[response]
__cpanel_parse_response() {
if [ $# -gt 0 ]; then resp="$*"; else resp="$(cat)"; fi
echo "$resp" |
sed -En \
-e 's/\r$//' \
-e 's/^( *)([_.[:alnum:]]+) *: *(.*)/\1,\2,\3/p' \
-e 's/^( *)- (.*)/\1,-,\2/p' |
awk -F, '{
level = length($1)/2;
section[level] = $2;
for (i in section) {if (i > level) {delete section[i]}}
if (length($3) > 0) {
prefix="";
for (i=0; i < level; i++)
{ prefix = (prefix)(section[i])("/") }
printf("%s%s=%s\n", prefix, $2, $3);
}
}' |
sed -En -e 's/^result\/data\/(main_domain|sub_domains\/-|addon_domains\/-|parked_domains\/-)=(.*)$/\2/p'
}
# Load parameter by prefix+name - fallback to default if not set, and save to config
#pname pdefault
__cpanel_initautoparam() {
pname="$1"
pdefault="$2"
pkey="DEPLOY_CPANEL_AUTO_$pname"
_getdeployconf "$pkey"
[ -n "$(eval echo "\"\$$pkey\"")" ] || eval "$pkey=\"$pdefault\""
_debug2 "$pkey" "$(eval echo "\"\$$pkey\"")"
_savedeployconf "$pkey" "$(eval echo "\"\$$pkey\"")"
} }

View File

@ -8,7 +8,7 @@
#DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="/path/to/fullchain.pem" #DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="/path/to/fullchain.pem"
#DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="service nginx force-reload" #DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="service nginx force-reload"
_DEPLOY_DOCKER_WIKI="https://github.com/Neilpang/acme.sh/wiki/deploy-to-docker-containers" _DEPLOY_DOCKER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/deploy-to-docker-containers"
_DOCKER_HOST_DEFAULT="/var/run/docker.sock" _DOCKER_HOST_DEFAULT="/var/run/docker.sock"
@ -91,7 +91,7 @@ docker_deploy() {
_getdeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD _getdeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD
_debug2 DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" _debug2 DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"
if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then
_savedeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" _savedeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" "base64"
fi fi
_cid="$(_get_id "$DEPLOY_DOCKER_CONTAINER_LABEL")" _cid="$(_get_id "$DEPLOY_DOCKER_CONTAINER_LABEL")"
@ -273,15 +273,27 @@ _check_curl_version() {
_minor="$(_getfield "$_cversion" 2 '.')" _minor="$(_getfield "$_cversion" 2 '.')"
_debug2 "_minor" "$_minor" _debug2 "_minor" "$_minor"
if [ "$_major$_minor" -lt "740" ]; then if [ "$_major" -ge "8" ]; then
#ok
return 0
fi
if [ "$_major" = "7" ]; then
if [ "$_minor" -lt "40" ]; then
_err "curl v$_cversion doesn't support unit socket" _err "curl v$_cversion doesn't support unit socket"
_err "Please upgrade to curl 7.40 or later."
return 1 return 1
fi fi
if [ "$_major$_minor" -lt "750" ]; then if [ "$_minor" -lt "50" ]; then
_debug "Use short host name" _debug "Use short host name"
export _CURL_NO_HOST=1 export _CURL_NO_HOST=1
else else
export _CURL_NO_HOST= export _CURL_NO_HOST=
fi fi
return 0 return 0
else
_err "curl v$_cversion doesn't support unit socket"
_err "Please upgrade to curl 7.40 or later."
return 1
fi
} }

View File

@ -69,8 +69,8 @@ exim4_deploy() {
cp "$_exim4_conf" "$_backup_conf" cp "$_exim4_conf" "$_backup_conf"
_info "Modify exim4 conf: $_exim4_conf" _info "Modify exim4 conf: $_exim4_conf"
if _setopt "$_exim4_conf" "tls_certificate" "=" "$_real_fullchain" \ if _setopt "$_exim4_conf" "tls_certificate" "=" "$_real_fullchain" &&
&& _setopt "$_exim4_conf" "tls_privatekey" "=" "$_real_key"; then _setopt "$_exim4_conf" "tls_privatekey" "=" "$_real_key"; then
_info "Set config success!" _info "Set config success!"
else else
_err "Config exim4 server error, please report bug to us." _err "Config exim4 server error, please report bug to us."
@ -109,6 +109,5 @@ exim4_deploy() {
fi fi
return 1 return 1
fi fi
return 0
} }

View File

@ -28,47 +28,59 @@ fritzbox_deploy() {
_debug _cfullchain "$_cfullchain" _debug _cfullchain "$_cfullchain"
if ! _exists iconv; then if ! _exists iconv; then
if ! _exists uconv; then
if ! _exists perl; then if ! _exists perl; then
_err "iconv or perl not found" _err "iconv or uconv or perl not found"
return 1 return 1
fi fi
fi fi
fi
_fritzbox_username="${DEPLOY_FRITZBOX_USERNAME}" # Clear traces of incorrectly stored values
_fritzbox_password="${DEPLOY_FRITZBOX_PASSWORD}" _clearaccountconf DEPLOY_FRITZBOX_USERNAME
_fritzbox_url="${DEPLOY_FRITZBOX_URL}" _clearaccountconf DEPLOY_FRITZBOX_PASSWORD
_clearaccountconf DEPLOY_FRITZBOX_URL
_debug _fritzbox_url "$_fritzbox_url" # Read config from saved values or env
_debug _fritzbox_username "$_fritzbox_username" _getdeployconf DEPLOY_FRITZBOX_USERNAME
_secure_debug _fritzbox_password "$_fritzbox_password" _getdeployconf DEPLOY_FRITZBOX_PASSWORD
if [ -z "$_fritzbox_username" ]; then _getdeployconf DEPLOY_FRITZBOX_URL
_debug DEPLOY_FRITZBOX_URL "$DEPLOY_FRITZBOX_URL"
_debug DEPLOY_FRITZBOX_USERNAME "$DEPLOY_FRITZBOX_USERNAME"
_secure_debug DEPLOY_FRITZBOX_PASSWORD "$DEPLOY_FRITZBOX_PASSWORD"
if [ -z "$DEPLOY_FRITZBOX_USERNAME" ]; then
_err "FRITZ!Box username is not found, please define DEPLOY_FRITZBOX_USERNAME." _err "FRITZ!Box username is not found, please define DEPLOY_FRITZBOX_USERNAME."
return 1 return 1
fi fi
if [ -z "$_fritzbox_password" ]; then if [ -z "$DEPLOY_FRITZBOX_PASSWORD" ]; then
_err "FRITZ!Box password is not found, please define DEPLOY_FRITZBOX_PASSWORD." _err "FRITZ!Box password is not found, please define DEPLOY_FRITZBOX_PASSWORD."
return 1 return 1
fi fi
if [ -z "$_fritzbox_url" ]; then if [ -z "$DEPLOY_FRITZBOX_URL" ]; then
_err "FRITZ!Box url is not found, please define DEPLOY_FRITZBOX_URL." _err "FRITZ!Box url is not found, please define DEPLOY_FRITZBOX_URL."
return 1 return 1
fi fi
_saveaccountconf DEPLOY_FRITZBOX_USERNAME "${_fritzbox_username}" # Save current values
_saveaccountconf DEPLOY_FRITZBOX_PASSWORD "${_fritzbox_password}" _savedeployconf DEPLOY_FRITZBOX_USERNAME "$DEPLOY_FRITZBOX_USERNAME"
_saveaccountconf DEPLOY_FRITZBOX_URL "${_fritzbox_url}" _savedeployconf DEPLOY_FRITZBOX_PASSWORD "$DEPLOY_FRITZBOX_PASSWORD"
_savedeployconf DEPLOY_FRITZBOX_URL "$DEPLOY_FRITZBOX_URL"
# Do not check for a valid SSL certificate, because initially the cert is not valid, so it could not install the LE generated certificate # Do not check for a valid SSL certificate, because initially the cert is not valid, so it could not install the LE generated certificate
export HTTPS_INSECURE=1 export HTTPS_INSECURE=1
_info "Log in to the FRITZ!Box" _info "Log in to the FRITZ!Box"
_fritzbox_challenge="$(_get "${_fritzbox_url}/login_sid.lua" | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//')" _fritzbox_challenge="$(_get "${DEPLOY_FRITZBOX_URL}/login_sid.lua" | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//')"
if _exists iconv; then if _exists iconv; then
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | iconv -f ASCII -t UTF16LE | md5sum | awk '{print $1}')" _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${DEPLOY_FRITZBOX_PASSWORD}" | iconv -f ASCII -t UTF16LE | _digest md5 hex)"
elif _exists uconv; then
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${DEPLOY_FRITZBOX_PASSWORD}" | uconv -f ASCII -t UTF16LE | _digest md5 hex)"
else else
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | md5sum | awk '{print $1}')" _fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${DEPLOY_FRITZBOX_PASSWORD}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | _digest md5 hex)"
fi fi
_fritzbox_sid="$(_get "${_fritzbox_url}/login_sid.lua?sid=0000000000000000&username=${_fritzbox_username}&response=${_fritzbox_challenge}-${_fritzbox_hash}" | sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//')" _fritzbox_sid="$(_get "${DEPLOY_FRITZBOX_URL}/login_sid.lua?sid=0000000000000000&username=${DEPLOY_FRITZBOX_USERNAME}&response=${_fritzbox_challenge}-${_fritzbox_hash}" | sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//')"
if [ -z "${_fritzbox_sid}" ] || [ "${_fritzbox_sid}" = "0000000000000000" ]; then if [ -z "${_fritzbox_sid}" ] || [ "${_fritzbox_sid}" = "0000000000000000" ]; then
_err "Logging in to the FRITZ!Box failed. Please check username, password and URL." _err "Logging in to the FRITZ!Box failed. Please check username, password and URL."
@ -100,7 +112,7 @@ fritzbox_deploy() {
_info "Upload certificate to the FRITZ!Box" _info "Upload certificate to the FRITZ!Box"
export _H1="Content-type: multipart/form-data boundary=${_post_boundary}" export _H1="Content-type: multipart/form-data boundary=${_post_boundary}"
_post "$(cat "${_post_request}")" "${_fritzbox_url}/cgi-bin/firmwarecfg" | grep SSL _post "$(cat "${_post_request}")" "${DEPLOY_FRITZBOX_URL}/cgi-bin/firmwarecfg" | grep SSL
retval=$? retval=$?
if [ $retval = 0 ]; then if [ $retval = 0 ]; then

View File

@ -1,10 +1,11 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# Here is the script to deploy the cert to G-Core CDN service (https://gcorelabs.com/ru/) using the G-Core Labs API (https://docs.gcorelabs.com/cdn/). # Here is the script to deploy the cert to G-Core CDN service (https://gcore.com/) using the G-Core Labs API (https://apidocs.gcore.com/cdn).
# Returns 0 when success. # Returns 0 when success.
# #
# Written by temoffey <temofffey@gmail.com> # Written by temoffey <temofffey@gmail.com>
# Public domain, 2019 # Public domain, 2019
# Update by DreamOfIce <admin@dreamofice.cn> in 2023
#export DEPLOY_GCORE_CDN_USERNAME=myusername #export DEPLOY_GCORE_CDN_USERNAME=myusername
#export DEPLOY_GCORE_CDN_PASSWORD=mypassword #export DEPLOY_GCORE_CDN_PASSWORD=mypassword
@ -56,9 +57,9 @@ gcore_cdn_deploy() {
_request="{\"username\":\"$Le_Deploy_gcore_cdn_username\",\"password\":\"$Le_Deploy_gcore_cdn_password\"}" _request="{\"username\":\"$Le_Deploy_gcore_cdn_username\",\"password\":\"$Le_Deploy_gcore_cdn_password\"}"
_debug _request "$_request" _debug _request "$_request"
export _H1="Content-Type:application/json" export _H1="Content-Type:application/json"
_response=$(_post "$_request" "https://api.gcdn.co/auth/signin") _response=$(_post "$_request" "https://api.gcore.com/auth/jwt/login")
_debug _response "$_response" _debug _response "$_response"
_regex=".*\"token\":\"\([-._0-9A-Za-z]*\)\".*$" _regex=".*\"access\":\"\([-._0-9A-Za-z]*\)\".*$"
_debug _regex "$_regex" _debug _regex "$_regex"
_token=$(echo "$_response" | sed -n "s/$_regex/\1/p") _token=$(echo "$_response" | sed -n "s/$_regex/\1/p")
_debug _token "$_token" _debug _token "$_token"
@ -69,23 +70,26 @@ gcore_cdn_deploy() {
fi fi
_info "Find CDN resource with cname $_cdomain" _info "Find CDN resource with cname $_cdomain"
export _H2="Authorization:Token $_token" export _H2="Authorization:Bearer $_token"
_response=$(_get "https://api.gcdn.co/resources") _response=$(_get "https://api.gcore.com/cdn/resources")
_debug _response "$_response"
_regex="\"primary_resource\":null},"
_debug _regex "$_regex"
_response=$(echo "$_response" | sed "s/$_regex/$_regex\n/g")
_debug _response "$_response" _debug _response "$_response"
_regex=".*(\"id\".*?\"cname\":\"$_cdomain\".*?})"
_regex="^.*\"cname\":\"$_cdomain\".*$" _regex="^.*\"cname\":\"$_cdomain\".*$"
_debug _regex "$_regex" _debug _regex "$_regex"
_resource=$(echo "$_response" | sed 's/},{/},\n{/g' | _egrep_o "$_regex") _resource=$(echo "$_response" | _egrep_o "$_regex")
_debug _resource "$_resource" _debug _resource "$_resource"
_regex=".*\"id\":\([0-9]*\),.*$" _regex=".*\"id\":\([0-9]*\).*$"
_debug _regex "$_regex" _debug _regex "$_regex"
_resourceId=$(echo "$_resource" | sed -n "s/$_regex/\1/p") _resourceId=$(echo "$_resource" | sed -n "s/$_regex/\1/p")
_debug _resourceId "$_resourceId" _debug _resourceId "$_resourceId"
_regex=".*\"sslData\":\([0-9]*\)}.*$" _regex=".*\"sslData\":\([0-9]*\).*$"
_debug _regex "$_regex" _debug _regex "$_regex"
_sslDataOld=$(echo "$_resource" | sed -n "s/$_regex/\1/p") _sslDataOld=$(echo "$_resource" | sed -n "s/$_regex/\1/p")
_debug _sslDataOld "$_sslDataOld" _debug _sslDataOld "$_sslDataOld"
_regex=".*\"originGroup\":\([0-9]*\),.*$" _regex=".*\"originGroup\":\([0-9]*\).*$"
_debug _regex "$_regex" _debug _regex "$_regex"
_originGroup=$(echo "$_resource" | sed -n "s/$_regex/\1/p") _originGroup=$(echo "$_resource" | sed -n "s/$_regex/\1/p")
_debug _originGroup "$_originGroup" _debug _originGroup "$_originGroup"
@ -99,9 +103,9 @@ gcore_cdn_deploy() {
_date=$(date "+%d.%m.%Y %H:%M:%S") _date=$(date "+%d.%m.%Y %H:%M:%S")
_request="{\"name\":\"$_cdomain ($_date)\",\"sslCertificate\":\"$_fullchain\",\"sslPrivateKey\":\"$_key\"}" _request="{\"name\":\"$_cdomain ($_date)\",\"sslCertificate\":\"$_fullchain\",\"sslPrivateKey\":\"$_key\"}"
_debug _request "$_request" _debug _request "$_request"
_response=$(_post "$_request" "https://api.gcdn.co/sslData") _response=$(_post "$_request" "https://api.gcore.com/cdn/sslData")
_debug _response "$_response" _debug _response "$_response"
_regex=".*\"id\":\([0-9]*\),.*$" _regex=".*\"id\":\([0-9]*\).*$"
_debug _regex "$_regex" _debug _regex "$_regex"
_sslDataAdd=$(echo "$_response" | sed -n "s/$_regex/\1/p") _sslDataAdd=$(echo "$_response" | sed -n "s/$_regex/\1/p")
_debug _sslDataAdd "$_sslDataAdd" _debug _sslDataAdd "$_sslDataAdd"
@ -114,7 +118,7 @@ gcore_cdn_deploy() {
_info "Update CDN resource" _info "Update CDN resource"
_request="{\"originGroup\":$_originGroup,\"sslData\":$_sslDataAdd}" _request="{\"originGroup\":$_originGroup,\"sslData\":$_sslDataAdd}"
_debug _request "$_request" _debug _request "$_request"
_response=$(_post "$_request" "https://api.gcdn.co/resources/$_resourceId" '' "PUT") _response=$(_post "$_request" "https://api.gcore.com/cdn/resources/$_resourceId" '' "PUT")
_debug _response "$_response" _debug _response "$_response"
_regex=".*\"sslData\":\([0-9]*\).*$" _regex=".*\"sslData\":\([0-9]*\).*$"
_debug _regex "$_regex" _debug _regex "$_regex"
@ -130,7 +134,7 @@ gcore_cdn_deploy() {
_info "Not found old SSL certificate" _info "Not found old SSL certificate"
else else
_info "Delete old SSL certificate" _info "Delete old SSL certificate"
_response=$(_post '' "https://api.gcdn.co/sslData/$_sslDataOld" '' "DELETE") _response=$(_post '' "https://api.gcore.com/cdn/sslData/$_sslDataOld" '' "DELETE")
_debug _response "$_response" _debug _response "$_response"
fi fi

View File

@ -67,7 +67,7 @@ gitlab_deploy() {
error_response="error" error_response="error"
if test "${_response#*$error_response}" != "$_response"; then if test "${_response#*"$error_response"}" != "$_response"; then
_err "Error in deploying certificate:" _err "Error in deploying certificate:"
_err "$_response" _err "$_response"
return 1 return 1

View File

@ -36,6 +36,19 @@
# Note: This functionality requires HAProxy was compiled against # Note: This functionality requires HAProxy was compiled against
# a version of OpenSSL that supports this. # a version of OpenSSL that supports this.
# #
# export DEPLOY_HAPROXY_HOT_UPDATE="yes"
# export DEPLOY_HAPROXY_STATS_SOCKET="UNIX:/run/haproxy/admin.sock"
#
# OPTIONAL: Deploy the certificate over the HAProxy stats socket without
# needing to reload HAProxy. Default is "no".
#
# Require the socat binary. DEPLOY_HAPROXY_STATS_SOCKET variable uses the socat
# address format.
#
# export DEPLOY_HAPROXY_MASTER_CLI="UNIX:/run/haproxy-master.sock"
#
# OPTIONAL: To use the master CLI with DEPLOY_HAPROXY_HOT_UPDATE="yes" instead
# of a stats socket, use this variable.
######## Public functions ##################### ######## Public functions #####################
@ -46,6 +59,7 @@ haproxy_deploy() {
_ccert="$3" _ccert="$3"
_cca="$4" _cca="$4"
_cfullchain="$5" _cfullchain="$5"
_cmdpfx=""
# Some defaults # Some defaults
DEPLOY_HAPROXY_PEM_PATH_DEFAULT="/etc/haproxy" DEPLOY_HAPROXY_PEM_PATH_DEFAULT="/etc/haproxy"
@ -53,11 +67,8 @@ haproxy_deploy() {
DEPLOY_HAPROXY_BUNDLE_DEFAULT="no" DEPLOY_HAPROXY_BUNDLE_DEFAULT="no"
DEPLOY_HAPROXY_ISSUER_DEFAULT="no" DEPLOY_HAPROXY_ISSUER_DEFAULT="no"
DEPLOY_HAPROXY_RELOAD_DEFAULT="true" DEPLOY_HAPROXY_RELOAD_DEFAULT="true"
DEPLOY_HAPROXY_HOT_UPDATE_DEFAULT="no"
if [ -f "${DOMAIN_CONF}" ]; then DEPLOY_HAPROXY_STATS_SOCKET_DEFAULT="UNIX:/run/haproxy/admin.sock"
# shellcheck disable=SC1090
. "${DOMAIN_CONF}"
fi
_debug _cdomain "${_cdomain}" _debug _cdomain "${_cdomain}"
_debug _ckey "${_ckey}" _debug _ckey "${_ckey}"
@ -66,6 +77,8 @@ haproxy_deploy() {
_debug _cfullchain "${_cfullchain}" _debug _cfullchain "${_cfullchain}"
# PEM_PATH is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_PATH_DEFAULT}" # PEM_PATH is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_PATH_DEFAULT}"
_getdeployconf DEPLOY_HAPROXY_PEM_PATH
_debug2 DEPLOY_HAPROXY_PEM_PATH "${DEPLOY_HAPROXY_PEM_PATH}"
if [ -n "${DEPLOY_HAPROXY_PEM_PATH}" ]; then if [ -n "${DEPLOY_HAPROXY_PEM_PATH}" ]; then
Le_Deploy_haproxy_pem_path="${DEPLOY_HAPROXY_PEM_PATH}" Le_Deploy_haproxy_pem_path="${DEPLOY_HAPROXY_PEM_PATH}"
_savedomainconf Le_Deploy_haproxy_pem_path "${Le_Deploy_haproxy_pem_path}" _savedomainconf Le_Deploy_haproxy_pem_path "${Le_Deploy_haproxy_pem_path}"
@ -82,14 +95,23 @@ haproxy_deploy() {
fi fi
# PEM_NAME is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_NAME_DEFAULT}" # PEM_NAME is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_NAME_DEFAULT}"
_getdeployconf DEPLOY_HAPROXY_PEM_NAME
_debug2 DEPLOY_HAPROXY_PEM_NAME "${DEPLOY_HAPROXY_PEM_NAME}"
if [ -n "${DEPLOY_HAPROXY_PEM_NAME}" ]; then if [ -n "${DEPLOY_HAPROXY_PEM_NAME}" ]; then
Le_Deploy_haproxy_pem_name="${DEPLOY_HAPROXY_PEM_NAME}" Le_Deploy_haproxy_pem_name="${DEPLOY_HAPROXY_PEM_NAME}"
_savedomainconf Le_Deploy_haproxy_pem_name "${Le_Deploy_haproxy_pem_name}" _savedomainconf Le_Deploy_haproxy_pem_name "${Le_Deploy_haproxy_pem_name}"
elif [ -z "${Le_Deploy_haproxy_pem_name}" ]; then elif [ -z "${Le_Deploy_haproxy_pem_name}" ]; then
Le_Deploy_haproxy_pem_name="${DEPLOY_HAPROXY_PEM_NAME_DEFAULT}" Le_Deploy_haproxy_pem_name="${DEPLOY_HAPROXY_PEM_NAME_DEFAULT}"
# We better not have '*' as the first character
if [ "${Le_Deploy_haproxy_pem_name%%"${Le_Deploy_haproxy_pem_name#?}"}" = '*' ]; then
# removes the first characters and add a _ instead
Le_Deploy_haproxy_pem_name="_${Le_Deploy_haproxy_pem_name#?}"
fi
fi fi
# BUNDLE is optional. If not provided then assume "${DEPLOY_HAPROXY_BUNDLE_DEFAULT}" # BUNDLE is optional. If not provided then assume "${DEPLOY_HAPROXY_BUNDLE_DEFAULT}"
_getdeployconf DEPLOY_HAPROXY_BUNDLE
_debug2 DEPLOY_HAPROXY_BUNDLE "${DEPLOY_HAPROXY_BUNDLE}"
if [ -n "${DEPLOY_HAPROXY_BUNDLE}" ]; then if [ -n "${DEPLOY_HAPROXY_BUNDLE}" ]; then
Le_Deploy_haproxy_bundle="${DEPLOY_HAPROXY_BUNDLE}" Le_Deploy_haproxy_bundle="${DEPLOY_HAPROXY_BUNDLE}"
_savedomainconf Le_Deploy_haproxy_bundle "${Le_Deploy_haproxy_bundle}" _savedomainconf Le_Deploy_haproxy_bundle "${Le_Deploy_haproxy_bundle}"
@ -98,6 +120,8 @@ haproxy_deploy() {
fi fi
# ISSUER is optional. If not provided then assume "${DEPLOY_HAPROXY_ISSUER_DEFAULT}" # ISSUER is optional. If not provided then assume "${DEPLOY_HAPROXY_ISSUER_DEFAULT}"
_getdeployconf DEPLOY_HAPROXY_ISSUER
_debug2 DEPLOY_HAPROXY_ISSUER "${DEPLOY_HAPROXY_ISSUER}"
if [ -n "${DEPLOY_HAPROXY_ISSUER}" ]; then if [ -n "${DEPLOY_HAPROXY_ISSUER}" ]; then
Le_Deploy_haproxy_issuer="${DEPLOY_HAPROXY_ISSUER}" Le_Deploy_haproxy_issuer="${DEPLOY_HAPROXY_ISSUER}"
_savedomainconf Le_Deploy_haproxy_issuer "${Le_Deploy_haproxy_issuer}" _savedomainconf Le_Deploy_haproxy_issuer "${Le_Deploy_haproxy_issuer}"
@ -106,6 +130,8 @@ haproxy_deploy() {
fi fi
# RELOAD is optional. If not provided then assume "${DEPLOY_HAPROXY_RELOAD_DEFAULT}" # RELOAD is optional. If not provided then assume "${DEPLOY_HAPROXY_RELOAD_DEFAULT}"
_getdeployconf DEPLOY_HAPROXY_RELOAD
_debug2 DEPLOY_HAPROXY_RELOAD "${DEPLOY_HAPROXY_RELOAD}"
if [ -n "${DEPLOY_HAPROXY_RELOAD}" ]; then if [ -n "${DEPLOY_HAPROXY_RELOAD}" ]; then
Le_Deploy_haproxy_reload="${DEPLOY_HAPROXY_RELOAD}" Le_Deploy_haproxy_reload="${DEPLOY_HAPROXY_RELOAD}"
_savedomainconf Le_Deploy_haproxy_reload "${Le_Deploy_haproxy_reload}" _savedomainconf Le_Deploy_haproxy_reload "${Le_Deploy_haproxy_reload}"
@ -113,6 +139,36 @@ haproxy_deploy() {
Le_Deploy_haproxy_reload="${DEPLOY_HAPROXY_RELOAD_DEFAULT}" Le_Deploy_haproxy_reload="${DEPLOY_HAPROXY_RELOAD_DEFAULT}"
fi fi
# HOT_UPDATE is optional. If not provided then assume "${DEPLOY_HAPROXY_HOT_UPDATE_DEFAULT}"
_getdeployconf DEPLOY_HAPROXY_HOT_UPDATE
_debug2 DEPLOY_HAPROXY_HOT_UPDATE "${DEPLOY_HAPROXY_HOT_UPDATE}"
if [ -n "${DEPLOY_HAPROXY_HOT_UPDATE}" ]; then
Le_Deploy_haproxy_hot_update="${DEPLOY_HAPROXY_HOT_UPDATE}"
_savedomainconf Le_Deploy_haproxy_hot_update "${Le_Deploy_haproxy_hot_update}"
elif [ -z "${Le_Deploy_haproxy_hot_update}" ]; then
Le_Deploy_haproxy_hot_update="${DEPLOY_HAPROXY_HOT_UPDATE_DEFAULT}"
fi
# STATS_SOCKET is optional. If not provided then assume "${DEPLOY_HAPROXY_STATS_SOCKET_DEFAULT}"
_getdeployconf DEPLOY_HAPROXY_STATS_SOCKET
_debug2 DEPLOY_HAPROXY_STATS_SOCKET "${DEPLOY_HAPROXY_STATS_SOCKET}"
if [ -n "${DEPLOY_HAPROXY_STATS_SOCKET}" ]; then
Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_STATS_SOCKET}"
_savedomainconf Le_Deploy_haproxy_stats_socket "${Le_Deploy_haproxy_stats_socket}"
elif [ -z "${Le_Deploy_haproxy_stats_socket}" ]; then
Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_STATS_SOCKET_DEFAULT}"
fi
# MASTER_CLI is optional. No defaults are used. When the master CLI is used,
# all commands are sent with a prefix.
_getdeployconf DEPLOY_HAPROXY_MASTER_CLI
_debug2 DEPLOY_HAPROXY_MASTER_CLI "${DEPLOY_HAPROXY_MASTER_CLI}"
if [ -n "${DEPLOY_HAPROXY_MASTER_CLI}" ]; then
Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_MASTER_CLI}"
_savedomainconf Le_Deploy_haproxy_stats_socket "${Le_Deploy_haproxy_stats_socket}"
_cmdpfx="@1 " # command prefix used for master CLI only.
fi
# Set the suffix depending if we are creating a bundle or not # Set the suffix depending if we are creating a bundle or not
if [ "${Le_Deploy_haproxy_bundle}" = "yes" ]; then if [ "${Le_Deploy_haproxy_bundle}" = "yes" ]; then
_info "Bundle creation requested" _info "Bundle creation requested"
@ -137,12 +193,13 @@ haproxy_deploy() {
_issuer="${_pem}.issuer" _issuer="${_pem}.issuer"
_ocsp="${_pem}.ocsp" _ocsp="${_pem}.ocsp"
_reload="${Le_Deploy_haproxy_reload}" _reload="${Le_Deploy_haproxy_reload}"
_statssock="${Le_Deploy_haproxy_stats_socket}"
_info "Deploying PEM file" _info "Deploying PEM file"
# Create a temporary PEM file # Create a temporary PEM file
_temppem="$(_mktemp)" _temppem="$(_mktemp)"
_debug _temppem "${_temppem}" _debug _temppem "${_temppem}"
cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}" cat "${_ccert}" "${_cca}" "${_ckey}" | grep . >"${_temppem}"
_ret="$?" _ret="$?"
# Check that we could create the temporary file # Check that we could create the temporary file
@ -190,7 +247,7 @@ haproxy_deploy() {
_info "Updating OCSP stapling info" _info "Updating OCSP stapling info"
_debug _ocsp "${_ocsp}" _debug _ocsp "${_ocsp}"
_info "Extracting OCSP URL" _info "Extracting OCSP URL"
_ocsp_url=$(openssl x509 -noout -ocsp_uri -in "${_pem}") _ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}")
_debug _ocsp_url "${_ocsp_url}" _debug _ocsp_url "${_ocsp_url}"
# Only process OCSP if URL was present # Only process OCSP if URL was present
@ -203,38 +260,41 @@ haproxy_deploy() {
# Only process the certificate if we have a .issuer file # Only process the certificate if we have a .issuer file
if [ -r "${_issuer}" ]; then if [ -r "${_issuer}" ]; then
# Check if issuer cert is also a root CA cert # Check if issuer cert is also a root CA cert
_subjectdn=$(openssl x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) _subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
_debug _subjectdn "${_subjectdn}" _debug _subjectdn "${_subjectdn}"
_issuerdn=$(openssl x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) _issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
_debug _issuerdn "${_issuerdn}" _debug _issuerdn "${_issuerdn}"
_info "Requesting OCSP response" _info "Requesting OCSP response"
# Request the OCSP response from the issuer and store it
if [ "${_subjectdn}" = "${_issuerdn}" ]; then
# If the issuer is a CA cert then our command line has "-CAfile" added # If the issuer is a CA cert then our command line has "-CAfile" added
openssl ocsp \ if [ "${_subjectdn}" = "${_issuerdn}" ]; then
-issuer "${_issuer}" \ _cafile_argument="-CAfile \"${_issuer}\""
-cert "${_pem}" \
-url "${_ocsp_url}" \
-header Host "${_ocsp_host}" \
-respout "${_ocsp}" \
-verify_other "${_issuer}" \
-no_nonce \
-CAfile "${_issuer}" \
| grep -q "${_pem}: good"
_ret=$?
else else
# Issuer is not a root CA so no "-CAfile" option _cafile_argument=""
openssl ocsp \
-issuer "${_issuer}" \
-cert "${_pem}" \
-url "${_ocsp_url}" \
-header Host "${_ocsp_host}" \
-respout "${_ocsp}" \
-verify_other "${_issuer}" \
-no_nonce \
| grep -q "${_pem}: good"
_ret=$?
fi fi
_debug _cafile_argument "${_cafile_argument}"
# if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed
_openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2)
_debug _openssl_version "${_openssl_version}"
_openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1)
_openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2)
if [ "${_openssl_major}" -eq "1" ] && [ "${_openssl_minor}" -ge "1" ] || [ "${_openssl_major}" -ge "2" ]; then
_header_sep="="
else
_header_sep=" "
fi
# Request the OCSP response from the issuer and store it
_openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \
-issuer \"${_issuer}\" \
-cert \"${_pem}\" \
-url \"${_ocsp_url}\" \
-header Host${_header_sep}\"${_ocsp_host}\" \
-respout \"${_ocsp}\" \
-verify_other \"${_issuer}\" \
${_cafile_argument} \
| grep -q \"${_pem}: good\""
_debug _openssl_ocsp_cmd "${_openssl_ocsp_cmd}"
eval "${_openssl_ocsp_cmd}"
_ret=$?
else else
# Non fatal: No issuer file was present so no OCSP stapling file created # Non fatal: No issuer file was present so no OCSP stapling file created
_err "OCSP stapling in use but no .issuer file was present" _err "OCSP stapling in use but no .issuer file was present"
@ -257,6 +317,76 @@ haproxy_deploy() {
fi fi
fi fi
if [ "${Le_Deploy_haproxy_hot_update}" = "yes" ]; then
# set the socket name for messages
if [ -n "${_cmdpfx}" ]; then
_socketname="master CLI"
else
_socketname="stats socket"
fi
# Update certificate over HAProxy stats socket or master CLI.
if _exists socat; then
# look for the certificate on the stats socket, to chose between updating or creating one
_socat_cert_cmd="echo '${_cmdpfx}show ssl cert' | socat '${_statssock}' - | grep -q '^${_pem}$'"
_debug _socat_cert_cmd "${_socat_cert_cmd}"
eval "${_socat_cert_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_newcert="1"
_info "Creating new certificate '${_pem}' over HAProxy ${_socketname}."
# certificate wasn't found, it's a new one. We should check if the crt-list exists and creates/inserts the certificate.
_socat_crtlist_show_cmd="echo '${_cmdpfx}show ssl crt-list' | socat '${_statssock}' - | grep -q '^${Le_Deploy_haproxy_pem_path}$'"
_debug _socat_crtlist_show_cmd "${_socat_crtlist_show_cmd}"
eval "${_socat_crtlist_show_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Couldn't find '${Le_Deploy_haproxy_pem_path}' in haproxy 'show ssl crt-list'"
return "${_ret}"
fi
# create a new certificate
_socat_new_cmd="echo '${_cmdpfx}new ssl cert ${_pem}' | socat '${_statssock}' - | grep -q 'New empty'"
_debug _socat_new_cmd "${_socat_new_cmd}"
eval "${_socat_new_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Couldn't create '${_pem}' in haproxy"
return "${_ret}"
fi
else
_info "Update existing certificate '${_pem}' over HAProxy ${_socketname}."
fi
_socat_cert_set_cmd="echo -e '${_cmdpfx}set ssl cert ${_pem} <<\n$(cat "${_pem}")\n' | socat '${_statssock}' - | grep -q 'Transaction created'"
_debug _socat_cert_set_cmd "${_socat_cert_set_cmd}"
eval "${_socat_cert_set_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Can't update '${_pem}' in haproxy"
return "${_ret}"
fi
_socat_cert_commit_cmd="echo '${_cmdpfx}commit ssl cert ${_pem}' | socat '${_statssock}' - | grep -q '^Success!$'"
_debug _socat_cert_commit_cmd "${_socat_cert_commit_cmd}"
eval "${_socat_cert_commit_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Can't commit '${_pem}' in haproxy"
return ${_ret}
fi
if [ "${_newcert}" = "1" ]; then
# if this is a new certificate, it needs to be inserted into the crt-list`
_socat_cert_add_cmd="echo '${_cmdpfx}add ssl crt-list ${Le_Deploy_haproxy_pem_path} ${_pem}' | socat '${_statssock}' - | grep -q 'Success!'"
_debug _socat_cert_add_cmd "${_socat_cert_add_cmd}"
eval "${_socat_cert_add_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Can't update '${_pem}' in haproxy"
return "${_ret}"
fi
fi
else
_err "'socat' is not available, couldn't update over ${_socketname}"
fi
else
# Reload HAProxy # Reload HAProxy
_debug _reload "${_reload}" _debug _reload "${_reload}"
eval "${_reload}" eval "${_reload}"
@ -267,6 +397,7 @@ haproxy_deploy() {
else else
_info "Reload successful" _info "Reload successful"
fi fi
fi
return 0 return 0
} }

View File

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# If certificate already exist it will update only cert and key not touching other parameter # If certificate already exists it will update only cert and key, not touching other parameters
# If certificate doesn't exist it will only upload cert and key and not set other parameter # If certificate doesn't exist it will only upload cert and key, and not set other parameters
# Note that we deploy full chain # Note that we deploy full chain
# Written by Geoffroi Genot <ggenot@voxbone.com> # Written by Geoffroi Genot <ggenot@voxbone.com>
@ -45,7 +45,7 @@ kong_deploy() {
#Generate data for request (Multipart/form-data with mixed content) #Generate data for request (Multipart/form-data with mixed content)
if [ -z "$ssl_uuid" ]; then if [ -z "$ssl_uuid" ]; then
#set sni to domain #set sni to domain
content="--$delim${nl}Content-Disposition: form-data; name=\"snis\"${nl}${nl}$_cdomain" content="--$delim${nl}Content-Disposition: form-data; name=\"snis[]\"${nl}${nl}$_cdomain"
fi fi
#add key #add key
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")" content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"

280
deploy/lighttpd.sh Normal file
View File

@ -0,0 +1,280 @@
#!/usr/bin/env sh
# Script for acme.sh to deploy certificates to lighttpd
#
# The following variables can be exported:
#
# export DEPLOY_LIGHTTPD_PEM_NAME="${domain}.pem"
#
# Defines the name of the PEM file.
# Defaults to "<domain>.pem"
#
# export DEPLOY_LIGHTTPD_PEM_PATH="/etc/lighttpd"
#
# Defines location of PEM file for Lighttpd.
# Defaults to /etc/lighttpd
#
# export DEPLOY_LIGHTTPD_RELOAD="systemctl reload lighttpd"
#
# OPTIONAL: Reload command used post deploy
# This defaults to be a no-op (ie "true").
# It is strongly recommended to set this something that makes sense
# for your distro.
#
# export DEPLOY_LIGHTTPD_ISSUER="yes"
#
# OPTIONAL: Places CA file as "${DEPLOY_LIGHTTPD_PEM}.issuer"
# Note: Required for OCSP stapling to work
#
# export DEPLOY_LIGHTTPD_BUNDLE="no"
#
# OPTIONAL: Deploy this certificate as part of a multi-cert bundle
# This adds a suffix to the certificate based on the certificate type
# eg RSA certificates will have .rsa as a suffix to the file name
# Lighttpd will load all certificates and provide one or the other
# depending on client capabilities
# Note: This functionality requires Lighttpd was compiled against
# a version of OpenSSL that supports this.
#
######## Public functions #####################
#domain keyfile certfile cafile fullchain
lighttpd_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
# Some defaults
DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT="/etc/lighttpd"
DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT="${_cdomain}.pem"
DEPLOY_LIGHTTPD_BUNDLE_DEFAULT="no"
DEPLOY_LIGHTTPD_ISSUER_DEFAULT="yes"
DEPLOY_LIGHTTPD_RELOAD_DEFAULT="true"
_debug _cdomain "${_cdomain}"
_debug _ckey "${_ckey}"
_debug _ccert "${_ccert}"
_debug _cca "${_cca}"
_debug _cfullchain "${_cfullchain}"
# PEM_PATH is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}"
_getdeployconf DEPLOY_LIGHTTPD_PEM_PATH
_debug2 DEPLOY_LIGHTTPD_PEM_PATH "${DEPLOY_LIGHTTPD_PEM_PATH}"
if [ -n "${DEPLOY_LIGHTTPD_PEM_PATH}" ]; then
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH}"
_savedomainconf Le_Deploy_lighttpd_pem_path "${Le_Deploy_lighttpd_pem_path}"
elif [ -z "${Le_Deploy_lighttpd_pem_path}" ]; then
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}"
fi
# Ensure PEM_PATH exists
if [ -d "${Le_Deploy_lighttpd_pem_path}" ]; then
_debug "PEM_PATH ${Le_Deploy_lighttpd_pem_path} exists"
else
_err "PEM_PATH ${Le_Deploy_lighttpd_pem_path} does not exist"
return 1
fi
# PEM_NAME is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}"
_getdeployconf DEPLOY_LIGHTTPD_PEM_NAME
_debug2 DEPLOY_LIGHTTPD_PEM_NAME "${DEPLOY_LIGHTTPD_PEM_NAME}"
if [ -n "${DEPLOY_LIGHTTPD_PEM_NAME}" ]; then
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME}"
_savedomainconf Le_Deploy_lighttpd_pem_name "${Le_Deploy_lighttpd_pem_name}"
elif [ -z "${Le_Deploy_lighttpd_pem_name}" ]; then
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}"
fi
# BUNDLE is optional. If not provided then assume "${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}"
_getdeployconf DEPLOY_LIGHTTPD_BUNDLE
_debug2 DEPLOY_LIGHTTPD_BUNDLE "${DEPLOY_LIGHTTPD_BUNDLE}"
if [ -n "${DEPLOY_LIGHTTPD_BUNDLE}" ]; then
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE}"
_savedomainconf Le_Deploy_lighttpd_bundle "${Le_Deploy_lighttpd_bundle}"
elif [ -z "${Le_Deploy_lighttpd_bundle}" ]; then
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}"
fi
# ISSUER is optional. If not provided then assume "${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}"
_getdeployconf DEPLOY_LIGHTTPD_ISSUER
_debug2 DEPLOY_LIGHTTPD_ISSUER "${DEPLOY_LIGHTTPD_ISSUER}"
if [ -n "${DEPLOY_LIGHTTPD_ISSUER}" ]; then
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER}"
_savedomainconf Le_Deploy_lighttpd_issuer "${Le_Deploy_lighttpd_issuer}"
elif [ -z "${Le_Deploy_lighttpd_issuer}" ]; then
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}"
fi
# RELOAD is optional. If not provided then assume "${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}"
_getdeployconf DEPLOY_LIGHTTPD_RELOAD
_debug2 DEPLOY_LIGHTTPD_RELOAD "${DEPLOY_LIGHTTPD_RELOAD}"
if [ -n "${DEPLOY_LIGHTTPD_RELOAD}" ]; then
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD}"
_savedomainconf Le_Deploy_lighttpd_reload "${Le_Deploy_lighttpd_reload}"
elif [ -z "${Le_Deploy_lighttpd_reload}" ]; then
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}"
fi
# Set the suffix depending if we are creating a bundle or not
if [ "${Le_Deploy_lighttpd_bundle}" = "yes" ]; then
_info "Bundle creation requested"
# Initialise $Le_Keylength if its not already set
if [ -z "${Le_Keylength}" ]; then
Le_Keylength=""
fi
if _isEccKey "${Le_Keylength}"; then
_info "ECC key type detected"
_suffix=".ecdsa"
else
_info "RSA key type detected"
_suffix=".rsa"
fi
else
_suffix=""
fi
_debug _suffix "${_suffix}"
# Set variables for later
_pem="${Le_Deploy_lighttpd_pem_path}/${Le_Deploy_lighttpd_pem_name}${_suffix}"
_issuer="${_pem}.issuer"
_ocsp="${_pem}.ocsp"
_reload="${Le_Deploy_lighttpd_reload}"
_info "Deploying PEM file"
# Create a temporary PEM file
_temppem="$(_mktemp)"
_debug _temppem "${_temppem}"
cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}"
_ret="$?"
# Check that we could create the temporary file
if [ "${_ret}" != "0" ]; then
_err "Error code ${_ret} returned during PEM file creation"
[ -f "${_temppem}" ] && rm -f "${_temppem}"
return ${_ret}
fi
# Move PEM file into place
_info "Moving new certificate into place"
_debug _pem "${_pem}"
cat "${_temppem}" >"${_pem}"
_ret=$?
# Clean up temp file
[ -f "${_temppem}" ] && rm -f "${_temppem}"
# Deal with any failure of moving PEM file into place
if [ "${_ret}" != "0" ]; then
_err "Error code ${_ret} returned while moving new certificate into place"
return ${_ret}
fi
# Update .issuer file if requested
if [ "${Le_Deploy_lighttpd_issuer}" = "yes" ]; then
_info "Updating .issuer file"
_debug _issuer "${_issuer}"
cat "${_cca}" >"${_issuer}"
_ret="$?"
if [ "${_ret}" != "0" ]; then
_err "Error code ${_ret} returned while copying issuer/CA certificate into place"
return ${_ret}
fi
else
[ -f "${_issuer}" ] && _err "Issuer file update not requested but .issuer file exists"
fi
# Update .ocsp file if certificate was requested with --ocsp/--ocsp-must-staple option
if [ -z "${Le_OCSP_Staple}" ]; then
Le_OCSP_Staple="0"
fi
if [ "${Le_OCSP_Staple}" = "1" ]; then
_info "Updating OCSP stapling info"
_debug _ocsp "${_ocsp}"
_info "Extracting OCSP URL"
_ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}")
_debug _ocsp_url "${_ocsp_url}"
# Only process OCSP if URL was present
if [ "${_ocsp_url}" != "" ]; then
# Extract the hostname from the OCSP URL
_info "Extracting OCSP URL"
_ocsp_host=$(echo "${_ocsp_url}" | cut -d/ -f3)
_debug _ocsp_host "${_ocsp_host}"
# Only process the certificate if we have a .issuer file
if [ -r "${_issuer}" ]; then
# Check if issuer cert is also a root CA cert
_subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
_debug _subjectdn "${_subjectdn}"
_issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
_debug _issuerdn "${_issuerdn}"
_info "Requesting OCSP response"
# If the issuer is a CA cert then our command line has "-CAfile" added
if [ "${_subjectdn}" = "${_issuerdn}" ]; then
_cafile_argument="-CAfile \"${_issuer}\""
else
_cafile_argument=""
fi
_debug _cafile_argument "${_cafile_argument}"
# if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed
_openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2)
_debug _openssl_version "${_openssl_version}"
_openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1)
_openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2)
if [ "${_openssl_major}" -eq "1" ] && [ "${_openssl_minor}" -ge "1" ] || [ "${_openssl_major}" -ge "2" ]; then
_header_sep="="
else
_header_sep=" "
fi
# Request the OCSP response from the issuer and store it
_openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \
-issuer \"${_issuer}\" \
-cert \"${_pem}\" \
-url \"${_ocsp_url}\" \
-header Host${_header_sep}\"${_ocsp_host}\" \
-respout \"${_ocsp}\" \
-verify_other \"${_issuer}\" \
${_cafile_argument} \
| grep -q \"${_pem}: good\""
_debug _openssl_ocsp_cmd "${_openssl_ocsp_cmd}"
eval "${_openssl_ocsp_cmd}"
_ret=$?
else
# Non fatal: No issuer file was present so no OCSP stapling file created
_err "OCSP stapling in use but no .issuer file was present"
fi
else
# Non fatal: No OCSP url was found int the certificate
_err "OCSP update requested but no OCSP URL was found in certificate"
fi
# Non fatal: Check return code of openssl command
if [ "${_ret}" != "0" ]; then
_err "Updating OCSP stapling failed with return code ${_ret}"
fi
else
# An OCSP file was already present but certificate did not have OCSP extension
if [ -f "${_ocsp}" ]; then
_err "OCSP was not requested but .ocsp file exists."
# Could remove the file at this step, although Lighttpd just ignores it in this case
# rm -f "${_ocsp}" || _err "Problem removing stale .ocsp file"
fi
fi
# Reload Lighttpd
_debug _reload "${_reload}"
eval "${_reload}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Error code ${_ret} during reload"
return ${_ret}
else
_info "Reload successful"
fi
return 0
}

View File

@ -20,14 +20,25 @@ mailcow_deploy() {
_debug _cca "$_cca" _debug _cca "$_cca"
_debug _cfullchain "$_cfullchain" _debug _cfullchain "$_cfullchain"
_mailcow_path="${DEPLOY_MAILCOW_PATH}" _getdeployconf DEPLOY_MAILCOW_PATH
_getdeployconf DEPLOY_MAILCOW_RELOAD
if [ -z "$_mailcow_path" ]; then _debug DEPLOY_MAILCOW_PATH "$DEPLOY_MAILCOW_PATH"
_debug DEPLOY_MAILCOW_RELOAD "$DEPLOY_MAILCOW_RELOAD"
if [ -z "$DEPLOY_MAILCOW_PATH" ]; then
_err "Mailcow path is not found, please define DEPLOY_MAILCOW_PATH." _err "Mailcow path is not found, please define DEPLOY_MAILCOW_PATH."
return 1 return 1
fi fi
_ssl_path="${_mailcow_path}/data/assets/ssl/" _savedeployconf DEPLOY_MAILCOW_PATH "$DEPLOY_MAILCOW_PATH"
[ -n "$DEPLOY_MAILCOW_RELOAD" ] && _savedeployconf DEPLOY_MAILCOW_RELOAD "$DEPLOY_MAILCOW_RELOAD"
_ssl_path="$DEPLOY_MAILCOW_PATH"
if [ -f "$DEPLOY_MAILCOW_PATH/generate_config.sh" ]; then
_ssl_path="$DEPLOY_MAILCOW_PATH/data/assets/ssl/"
fi
if [ ! -d "$_ssl_path" ]; then if [ ! -d "$_ssl_path" ]; then
_err "Cannot find mailcow ssl path: $_ssl_path" _err "Cannot find mailcow ssl path: $_ssl_path"
return 1 return 1
@ -46,7 +57,7 @@ mailcow_deploy() {
return 1 return 1
fi fi
DEFAULT_MAILCOW_RELOAD="cd ${_mailcow_path} && docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow" DEFAULT_MAILCOW_RELOAD="docker restart \$(docker ps --quiet --filter name=nginx-mailcow --filter name=dovecot-mailcow --filter name=postfix-mailcow)"
_reload="${DEPLOY_MAILCOW_RELOAD:-$DEFAULT_MAILCOW_RELOAD}" _reload="${DEPLOY_MAILCOW_RELOAD:-$DEFAULT_MAILCOW_RELOAD}"
_info "Run reload: $_reload" _info "Run reload: $_reload"

156
deploy/openmediavault.sh Normal file
View File

@ -0,0 +1,156 @@
#!/usr/bin/env sh
# This deploy hook is tested on OpenMediaVault 5.x. It supports both local and remote deployment.
# The way it works is that if a cert with the matching domain name is not found, it will firstly create a dummy cert to get its uuid, and then replace it with your cert.
#
# DEPLOY_OMV_WEBUI_ADMIN - This is OMV web gui admin account. Default value is admin. It's required as the user parameter (-u) for the omv-rpc command.
# DEPLOY_OMV_HOST and DEPLOY_OMV_SSH_USER are optional. They are used for remote deployment through ssh (support public key authentication only). Per design, OMV web gui admin doesn't have ssh permission, so another account is needed for ssh.
#
# returns 0 means success, otherwise error.
######## Public functions #####################
#domain keyfile certfile cafile fullchain
openmediavault_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
_getdeployconf DEPLOY_OMV_WEBUI_ADMIN
if [ -z "$DEPLOY_OMV_WEBUI_ADMIN" ]; then
DEPLOY_OMV_WEBUI_ADMIN="admin"
fi
_savedeployconf DEPLOY_OMV_WEBUI_ADMIN "$DEPLOY_OMV_WEBUI_ADMIN"
_getdeployconf DEPLOY_OMV_HOST
_getdeployconf DEPLOY_OMV_SSH_USER
if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then
_info "[OMV deploy-hook] Deploy certificate remotely through ssh."
_savedeployconf DEPLOY_OMV_HOST "$DEPLOY_OMV_HOST"
_savedeployconf DEPLOY_OMV_SSH_USER "$DEPLOY_OMV_SSH_USER"
else
_info "[OMV deploy-hook] Deploy certificate locally."
fi
if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'"
# shellcheck disable=SC2029
_uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
_debug _command "$_command"
if [ -z "$_uuid" ]; then
_info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!"
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'"
# shellcheck disable=SC2029
_uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
_debug _command "$_command"
if [ -z "$_uuid" ]; then
_err "[OMV deploy-hook] An error occured while creating the certificate"
return 1
fi
fi
_info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid"
_fullchain=$(jq <"$_cfullchain" -aRs .)
_key=$(jq <"$_ckey" -aRs .)
_debug _fullchain "$_fullchain"
_debug _key "$_key"
_info "[OMV deploy-hook] Updating key and certificate in openmediavault"
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'"
# shellcheck disable=SC2029
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
_debug _command "$_command"
_debug _result "$_result"
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')"
# shellcheck disable=SC2029
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
_debug _command "$_command"
_debug _result "$_result"
_info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)"
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'"
# shellcheck disable=SC2029
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
_debug _command "$_command"
_debug _result "$_result"
_info "[OMV deploy-hook] Asking nginx to reload"
_command="nginx -s reload"
# shellcheck disable=SC2029
_result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
_debug _command "$_command"
_debug _result "$_result"
else
# shellcheck disable=SC2086
_uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{"start": 0, "limit": -1}' | jq -r '.data[] | select(.name=="/CN='$_cdomain'") | .uuid')
if [ -z "$_uuid" ]; then
_info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!"
# shellcheck disable=SC2086
_uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{"cn": "test.example.com", "size": 4096, "days": 3650, "c": "", "st": "", "l": "", "o": "", "ou": "", "email": ""}' | jq -r '.uuid')
if [ -z "$_uuid" ]; then
_err "[OMB deploy-hook] An error occured while creating the certificate"
return 1
fi
fi
_info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid"
_fullchain=$(jq <"$_cfullchain" -aRs .)
_key=$(jq <"$_ckey" -aRs .)
_debug _fullchain "$_fullchain"
_debug _key "$_key"
_info "[OMV deploy-hook] Updating key and certificate in openmediavault"
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'"
_result=$(eval "$_command")
_debug _command "$_command"
_debug _result "$_result"
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')"
_result=$(eval "$_command")
_debug _command "$_command"
_debug _result "$_result"
_info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)"
_command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'"
_result=$(eval "$_command")
_debug _command "$_command"
_debug _result "$_result"
_info "[OMV deploy-hook] Asking nginx to reload"
_command="nginx -s reload"
_result=$(eval "$_command")
_debug _command "$_command"
_debug _result "$_result"
fi
return 0
}

262
deploy/openstack.sh Normal file
View File

@ -0,0 +1,262 @@
#!/usr/bin/env sh
# OpenStack Barbican deploy hook
#
# This requires you to have OpenStackClient and python-barbicanclient
# installed.
#
# You will require Keystone V3 credentials loaded into your environment, which
# could be either password or v3applicationcredential type.
#
# Author: Andy Botting <andy@andybotting.com>
openstack_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
if ! _exists openstack; then
_err "OpenStack client not found"
return 1
fi
_openstack_credentials || return $?
_info "Generate import pkcs12"
_import_pkcs12="$(_mktemp)"
if ! _openstack_to_pkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca"; then
_err "Error creating pkcs12 certificate"
return 1
fi
_debug _import_pkcs12 "$_import_pkcs12"
_base64_pkcs12=$(_base64 "multiline" <"$_import_pkcs12")
secretHrefs=$(_openstack_get_secrets)
_debug secretHrefs "$secretHrefs"
_openstack_store_secret || return $?
if [ -n "$secretHrefs" ]; then
_info "Cleaning up existing secret"
_openstack_delete_secrets || return $?
fi
_info "Certificate successfully deployed"
return 0
}
_openstack_store_secret() {
if ! openstack secret store --name "$_cdomain." -t 'application/octet-stream' -e base64 --payload "$_base64_pkcs12"; then
_err "Failed to create OpenStack secret"
return 1
fi
return
}
_openstack_delete_secrets() {
echo "$secretHrefs" | while read -r secretHref; do
_info "Deleting old secret $secretHref"
if ! openstack secret delete "$secretHref"; then
_err "Failed to delete OpenStack secret"
return 1
fi
done
return
}
_openstack_get_secrets() {
if ! secretHrefs=$(openstack secret list -f value --name "$_cdomain." | cut -d' ' -f1); then
_err "Failed to list secrets"
return 1
fi
echo "$secretHrefs"
}
_openstack_to_pkcs() {
# The existing _toPkcs command can't allow an empty password, due to sh
# -z test, so copied here and forcing the empty password.
_cpfx="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
${ACME_OPENSSL_BIN:-openssl} pkcs12 -export -out "$_cpfx" -inkey "$_ckey" -in "$_ccert" -certfile "$_cca" -password "pass:"
}
_openstack_credentials() {
_debug "Check OpenStack credentials"
# If we have OS_AUTH_URL already set in the environment, then assume we want
# to use those, otherwise use stored credentials
if [ -n "$OS_AUTH_URL" ]; then
_debug "OS_AUTH_URL env var found, using environment"
else
_debug "OS_AUTH_URL not found, loading stored credentials"
OS_AUTH_URL="${OS_AUTH_URL:-$(_readaccountconf_mutable OS_AUTH_URL)}"
OS_IDENTITY_API_VERSION="${OS_IDENTITY_API_VERSION:-$(_readaccountconf_mutable OS_IDENTITY_API_VERSION)}"
OS_AUTH_TYPE="${OS_AUTH_TYPE:-$(_readaccountconf_mutable OS_AUTH_TYPE)}"
OS_APPLICATION_CREDENTIAL_ID="${OS_APPLICATION_CREDENTIAL_ID:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID)}"
OS_APPLICATION_CREDENTIAL_SECRET="${OS_APPLICATION_CREDENTIAL_SECRET:-$(_readaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET)}"
OS_USERNAME="${OS_USERNAME:-$(_readaccountconf_mutable OS_USERNAME)}"
OS_PASSWORD="${OS_PASSWORD:-$(_readaccountconf_mutable OS_PASSWORD)}"
OS_PROJECT_NAME="${OS_PROJECT_NAME:-$(_readaccountconf_mutable OS_PROJECT_NAME)}"
OS_PROJECT_ID="${OS_PROJECT_ID:-$(_readaccountconf_mutable OS_PROJECT_ID)}"
OS_USER_DOMAIN_NAME="${OS_USER_DOMAIN_NAME:-$(_readaccountconf_mutable OS_USER_DOMAIN_NAME)}"
OS_USER_DOMAIN_ID="${OS_USER_DOMAIN_ID:-$(_readaccountconf_mutable OS_USER_DOMAIN_ID)}"
OS_PROJECT_DOMAIN_NAME="${OS_PROJECT_DOMAIN_NAME:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_NAME)}"
OS_PROJECT_DOMAIN_ID="${OS_PROJECT_DOMAIN_ID:-$(_readaccountconf_mutable OS_PROJECT_DOMAIN_ID)}"
fi
# Check each var and either save or clear it depending on whether its set.
# The helps us clear out old vars in the case where a user may want
# to switch between password and app creds
_debug "OS_AUTH_URL" "$OS_AUTH_URL"
if [ -n "$OS_AUTH_URL" ]; then
export OS_AUTH_URL
_saveaccountconf_mutable OS_AUTH_URL "$OS_AUTH_URL"
else
unset OS_AUTH_URL
_clearaccountconf SAVED_OS_AUTH_URL
fi
_debug "OS_IDENTITY_API_VERSION" "$OS_IDENTITY_API_VERSION"
if [ -n "$OS_IDENTITY_API_VERSION" ]; then
export OS_IDENTITY_API_VERSION
_saveaccountconf_mutable OS_IDENTITY_API_VERSION "$OS_IDENTITY_API_VERSION"
else
unset OS_IDENTITY_API_VERSION
_clearaccountconf SAVED_OS_IDENTITY_API_VERSION
fi
_debug "OS_AUTH_TYPE" "$OS_AUTH_TYPE"
if [ -n "$OS_AUTH_TYPE" ]; then
export OS_AUTH_TYPE
_saveaccountconf_mutable OS_AUTH_TYPE "$OS_AUTH_TYPE"
else
unset OS_AUTH_TYPE
_clearaccountconf SAVED_OS_AUTH_TYPE
fi
_debug "OS_APPLICATION_CREDENTIAL_ID" "$OS_APPLICATION_CREDENTIAL_ID"
if [ -n "$OS_APPLICATION_CREDENTIAL_ID" ]; then
export OS_APPLICATION_CREDENTIAL_ID
_saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_ID "$OS_APPLICATION_CREDENTIAL_ID"
else
unset OS_APPLICATION_CREDENTIAL_ID
_clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_ID
fi
_secure_debug "OS_APPLICATION_CREDENTIAL_SECRET" "$OS_APPLICATION_CREDENTIAL_SECRET"
if [ -n "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then
export OS_APPLICATION_CREDENTIAL_SECRET
_saveaccountconf_mutable OS_APPLICATION_CREDENTIAL_SECRET "$OS_APPLICATION_CREDENTIAL_SECRET"
else
unset OS_APPLICATION_CREDENTIAL_SECRET
_clearaccountconf SAVED_OS_APPLICATION_CREDENTIAL_SECRET
fi
_debug "OS_USERNAME" "$OS_USERNAME"
if [ -n "$OS_USERNAME" ]; then
export OS_USERNAME
_saveaccountconf_mutable OS_USERNAME "$OS_USERNAME"
else
unset OS_USERNAME
_clearaccountconf SAVED_OS_USERNAME
fi
_secure_debug "OS_PASSWORD" "$OS_PASSWORD"
if [ -n "$OS_PASSWORD" ]; then
export OS_PASSWORD
_saveaccountconf_mutable OS_PASSWORD "$OS_PASSWORD"
else
unset OS_PASSWORD
_clearaccountconf SAVED_OS_PASSWORD
fi
_debug "OS_PROJECT_NAME" "$OS_PROJECT_NAME"
if [ -n "$OS_PROJECT_NAME" ]; then
export OS_PROJECT_NAME
_saveaccountconf_mutable OS_PROJECT_NAME "$OS_PROJECT_NAME"
else
unset OS_PROJECT_NAME
_clearaccountconf SAVED_OS_PROJECT_NAME
fi
_debug "OS_PROJECT_ID" "$OS_PROJECT_ID"
if [ -n "$OS_PROJECT_ID" ]; then
export OS_PROJECT_ID
_saveaccountconf_mutable OS_PROJECT_ID "$OS_PROJECT_ID"
else
unset OS_PROJECT_ID
_clearaccountconf SAVED_OS_PROJECT_ID
fi
_debug "OS_USER_DOMAIN_NAME" "$OS_USER_DOMAIN_NAME"
if [ -n "$OS_USER_DOMAIN_NAME" ]; then
export OS_USER_DOMAIN_NAME
_saveaccountconf_mutable OS_USER_DOMAIN_NAME "$OS_USER_DOMAIN_NAME"
else
unset OS_USER_DOMAIN_NAME
_clearaccountconf SAVED_OS_USER_DOMAIN_NAME
fi
_debug "OS_USER_DOMAIN_ID" "$OS_USER_DOMAIN_ID"
if [ -n "$OS_USER_DOMAIN_ID" ]; then
export OS_USER_DOMAIN_ID
_saveaccountconf_mutable OS_USER_DOMAIN_ID "$OS_USER_DOMAIN_ID"
else
unset OS_USER_DOMAIN_ID
_clearaccountconf SAVED_OS_USER_DOMAIN_ID
fi
_debug "OS_PROJECT_DOMAIN_NAME" "$OS_PROJECT_DOMAIN_NAME"
if [ -n "$OS_PROJECT_DOMAIN_NAME" ]; then
export OS_PROJECT_DOMAIN_NAME
_saveaccountconf_mutable OS_PROJECT_DOMAIN_NAME "$OS_PROJECT_DOMAIN_NAME"
else
unset OS_PROJECT_DOMAIN_NAME
_clearaccountconf SAVED_OS_PROJECT_DOMAIN_NAME
fi
_debug "OS_PROJECT_DOMAIN_ID" "$OS_PROJECT_DOMAIN_ID"
if [ -n "$OS_PROJECT_DOMAIN_ID" ]; then
export OS_PROJECT_DOMAIN_ID
_saveaccountconf_mutable OS_PROJECT_DOMAIN_ID "$OS_PROJECT_DOMAIN_ID"
else
unset OS_PROJECT_DOMAIN_ID
_clearaccountconf SAVED_OS_PROJECT_DOMAIN_ID
fi
if [ "$OS_AUTH_TYPE" = "v3applicationcredential" ]; then
# Application Credential auth
if [ -z "$OS_APPLICATION_CREDENTIAL_ID" ] || [ -z "$OS_APPLICATION_CREDENTIAL_SECRET" ]; then
_err "When using OpenStack application credentials, OS_APPLICATION_CREDENTIAL_ID"
_err "and OS_APPLICATION_CREDENTIAL_SECRET must be set."
_err "Please check your credentials and try again."
return 1
fi
else
# Password auth
if [ -z "$OS_USERNAME" ] || [ -z "$OS_PASSWORD" ]; then
_err "OpenStack username or password not found."
_err "Please check your credentials and try again."
return 1
fi
if [ -z "$OS_PROJECT_NAME" ] && [ -z "$OS_PROJECT_ID" ]; then
_err "When using password authentication, OS_PROJECT_NAME or"
_err "OS_PROJECT_ID must be set."
_err "Please check your credentials and try again."
return 1
fi
fi
return 0
}

234
deploy/panos.sh Normal file
View File

@ -0,0 +1,234 @@
#!/usr/bin/env sh
# Script to deploy certificates to Palo Alto Networks PANOS via API
# Note PANOS API KEY and IP address needs to be set prior to running.
# The following variables exported from environment will be used.
# If not set then values previously saved in domain.conf file are used.
#
# Firewall admin with superuser and IP address is required.
#
# REQURED:
# export PANOS_HOST=""
# export PANOS_USER="" #User *MUST* have Commit and Import Permissions in XML API for Admin Role
# export PANOS_PASS=""
#
# OPTIONAL
# export PANOS_TEMPLATE="" #Template Name of panorama managed devices
#
# The script will automatically generate a new API key if
# no key is found, or if a saved key has expired or is invalid.
# This function is to parse the XML response from the firewall
parse_response() {
type=$2
if [ "$type" = 'keygen' ]; then
status=$(echo "$1" | sed 's/^.*\(['\'']\)\([a-z]*\)'\''.*/\2/g')
if [ "$status" = "success" ]; then
panos_key=$(echo "$1" | sed 's/^.*\(<key>\)\(.*\)<\/key>.*/\2/g')
_panos_key=$panos_key
else
message="PAN-OS Key could not be set."
fi
else
status=$(echo "$1" | tr -d '\n' | sed 's/^.*"\([a-z]*\)".*/\1/g')
message=$(echo "$1" | tr -d '\n' | sed 's/.*\(<result>\|<msg>\|<line>\)\([^<]*\).*/\2/g')
_debug "Firewall message: $message"
if [ "$type" = 'keytest' ] && [ "$status" != "success" ]; then
_debug "**** API Key has EXPIRED or is INVALID ****"
unset _panos_key
fi
fi
return 0
}
#This function is used to deploy to the firewall
deployer() {
content=""
type=$1 # Types are keytest, keygen, cert, key, commit
panos_url="https://$_panos_host/api/"
#Test API Key by performing a lookup
if [ "$type" = 'keytest' ]; then
_debug "**** Testing saved API Key ****"
_H1="Content-Type: application/x-www-form-urlencoded"
# Get Version Info to test key
content="type=version&key=$_panos_key"
## Exclude all scopes for the empty commit
#_exclude_scope="<policy-and-objects>exclude</policy-and-objects><device-and-network>exclude</device-and-network><shared-object>exclude</shared-object>"
#content="type=commit&action=partial&key=$_panos_key&cmd=<commit><partial>$_exclude_scope<admin><member>acmekeytest</member></admin></partial></commit>"
fi
# Generate API Key
if [ "$type" = 'keygen' ]; then
_debug "**** Generating new API Key ****"
_H1="Content-Type: application/x-www-form-urlencoded"
content="type=keygen&user=$_panos_user&password=$_panos_pass"
# content="$content${nl}--$delim${nl}Content-Disposition: form-data; type=\"keygen\"; user=\"$_panos_user\"; password=\"$_panos_pass\"${nl}Content-Type: application/octet-stream${nl}${nl}"
fi
# Deploy Cert or Key
if [ "$type" = 'cert' ] || [ "$type" = 'key' ]; then
_debug "**** Deploying $type ****"
#Generate DELIM
delim="-----MultipartDelimiter$(date "+%s%N")"
nl="\015\012"
#Set Header
export _H1="Content-Type: multipart/form-data; boundary=$delim"
if [ "$type" = 'cert' ]; then
panos_url="${panos_url}?type=import"
content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\ncertificate"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
if [ "$_panos_template" ]; then
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl\"\r\n\r\n$_panos_template"
fi
fi
if [ "$type" = 'key' ]; then
panos_url="${panos_url}?type=import"
content="--$delim${nl}Content-Disposition: form-data; name=\"category\"\r\n\r\nprivate-key"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"certificate-name\"\r\n\r\n$_cdomain"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n123456"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cdomain.key")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
if [ "$_panos_template" ]; then
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl\"\r\n\r\n$_panos_template"
fi
fi
#Close multipart
content="$content${nl}--$delim--${nl}${nl}"
#Convert CRLF
content=$(printf %b "$content")
fi
# Commit changes
if [ "$type" = 'commit' ]; then
_debug "**** Committing changes ****"
export _H1="Content-Type: application/x-www-form-urlencoded"
#Check for force commit - will commit ALL uncommited changes to the firewall. Use with caution!
if [ "$FORCE" ]; then
_debug "Force switch detected. Committing ALL changes to the firewall."
cmd=$(printf "%s" "<commit><partial><force><admin><member>$_panos_user</member></admin></force></partial></commit>" | _url_encode)
else
_exclude_scope="<policy-and-objects>exclude</policy-and-objects><device-and-network>exclude</device-and-network>"
cmd=$(printf "%s" "<commit><partial>$_exclude_scope<admin><member>$_panos_user</member></admin></partial></commit>" | _url_encode)
fi
content="type=commit&action=partial&key=$_panos_key&cmd=$cmd"
fi
response=$(_post "$content" "$panos_url" "" "POST")
parse_response "$response" "$type"
# Saving response to variables
response_status=$status
_debug response_status "$response_status"
if [ "$response_status" = "success" ]; then
_debug "Successfully deployed $type"
return 0
else
_err "Deploy of type $type failed. Try deploying with --debug to troubleshoot."
_debug "$message"
return 1
fi
}
# This is the main function that will call the other functions to deploy everything.
panos_deploy() {
_cdomain=$(echo "$1" | sed 's/*/WILDCARD_/g') #Wildcard Safe Filename
_ckey="$2"
_cfullchain="$5"
# VALID FILE CHECK
if [ ! -f "$_ckey" ] || [ ! -f "$_cfullchain" ]; then
_err "Unable to find a valid key and/or cert. If this is an ECDSA/ECC cert, use the --ecc flag when deploying."
return 1
fi
# PANOS_HOST
if [ "$PANOS_HOST" ]; then
_debug "Detected ENV variable PANOS_HOST. Saving to file."
_savedeployconf PANOS_HOST "$PANOS_HOST" 1
else
_debug "Attempting to load variable PANOS_HOST from file."
_getdeployconf PANOS_HOST
fi
# PANOS USER
if [ "$PANOS_USER" ]; then
_debug "Detected ENV variable PANOS_USER. Saving to file."
_savedeployconf PANOS_USER "$PANOS_USER" 1
else
_debug "Attempting to load variable PANOS_USER from file."
_getdeployconf PANOS_USER
fi
# PANOS_PASS
if [ "$PANOS_PASS" ]; then
_debug "Detected ENV variable PANOS_PASS. Saving to file."
_savedeployconf PANOS_PASS "$PANOS_PASS" 1
else
_debug "Attempting to load variable PANOS_PASS from file."
_getdeployconf PANOS_PASS
fi
# PANOS_KEY
_getdeployconf PANOS_KEY
if [ "$PANOS_KEY" ]; then
_debug "Detected saved key."
_panos_key=$PANOS_KEY
else
_debug "No key detected"
unset _panos_key
fi
# PANOS_TEMPLATE
if [ "$PANOS_TEMPLATE" ]; then
_debug "Detected ENV variable PANOS_TEMPLATE. Saving to file."
_savedeployconf PANOS_TEMPLATE "$PANOS_TEMPLATE" 1
else
_debug "Attempting to load variable PANOS_TEMPLATE from file."
_getdeployconf PANOS_TEMPLATE
fi
#Store variables
_panos_host=$PANOS_HOST
_panos_user=$PANOS_USER
_panos_pass=$PANOS_PASS
_panos_template=$PANOS_TEMPLATE
#Test API Key if found. If the key is invalid, the variable _panos_key will be unset.
if [ "$_panos_host" ] && [ "$_panos_key" ]; then
_debug "**** Testing API KEY ****"
deployer keytest
fi
# Check for valid variables
if [ -z "$_panos_host" ]; then
_err "No host found. If this is your first time deploying, please set PANOS_HOST in ENV variables. You can delete it after you have successfully deployed the certs."
return 1
elif [ -z "$_panos_user" ]; then
_err "No user found. If this is your first time deploying, please set PANOS_USER in ENV variables. You can delete it after you have successfully deployed the certs."
return 1
elif [ -z "$_panos_pass" ]; then
_err "No password found. If this is your first time deploying, please set PANOS_PASS in ENV variables. You can delete it after you have successfully deployed the certs."
return 1
else
# Generate a new API key if no valid API key is found
if [ -z "$_panos_key" ]; then
_debug "**** Generating new PANOS API KEY ****"
deployer keygen
_savedeployconf PANOS_KEY "$_panos_key" 1
fi
# Confirm that a valid key was generated
if [ -z "$_panos_key" ]; then
_err "Unable to generate an API key. The user and pass may be invalid or not authorized to generate a new key. Please check the PANOS_USER and PANOS_PASS credentials and try again"
return 1
else
deployer cert
deployer key
deployer commit
fi
fi
}

123
deploy/peplink.sh Normal file
View File

@ -0,0 +1,123 @@
#!/usr/bin/env sh
# Script to deploy cert to Peplink Routers
#
# The following environment variables must be set:
#
# PEPLINK_Hostname - Peplink hostname
# PEPLINK_Username - Peplink username to login
# PEPLINK_Password - Peplink password to login
#
# The following environmental variables may be set if you don't like their
# default values:
#
# PEPLINK_Certtype - Certificate type to target for replacement
# defaults to "webadmin", can be one of:
# * "chub" (ContentHub)
# * "openvpn" (OpenVPN CA)
# * "portal" (Captive Portal SSL)
# * "webadmin" (Web Admin SSL)
# * "webproxy" (Proxy Root CA)
# * "wwan_ca" (Wi-Fi WAN CA)
# * "wwan_client" (Wi-Fi WAN Client)
# PEPLINK_Scheme - defaults to "https"
# PEPLINK_Port - defaults to "443"
#
#returns 0 means success, otherwise error.
######## Public functions #####################
_peplink_get_cookie_data() {
grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
}
#domain keyfile certfile cafile fullchain
peplink_deploy() {
_cdomain="$1"
_ckey="$2"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _cfullchain "$_cfullchain"
_debug _ckey "$_ckey"
# Get Hostname, Username and Password, but don't save until we successfully authenticate
_getdeployconf PEPLINK_Hostname
_getdeployconf PEPLINK_Username
_getdeployconf PEPLINK_Password
if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then
_err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set"
return 1
fi
_debug2 PEPLINK_Hostname "$PEPLINK_Hostname"
_debug2 PEPLINK_Username "$PEPLINK_Username"
_secure_debug2 PEPLINK_Password "$PEPLINK_Password"
# Optional certificate type, scheme, and port for Peplink
_getdeployconf PEPLINK_Certtype
_getdeployconf PEPLINK_Scheme
_getdeployconf PEPLINK_Port
# Don't save the certificate type until we verify it exists and is supported
_savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme"
_savedeployconf PEPLINK_Port "$PEPLINK_Port"
# Default vaules for certificate type, scheme, and port
[ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin"
[ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https"
[ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443"
_debug2 PEPLINK_Certtype "$PEPLINK_Certtype"
_debug2 PEPLINK_Scheme "$PEPLINK_Scheme"
_debug2 PEPLINK_Port "$PEPLINK_Port"
_base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port"
_debug _base_url "$_base_url"
# Login, get the auth token from the cookie
_info "Logging into $PEPLINK_Hostname:$PEPLINK_Port"
encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)"
encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)"
response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi")
auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER")
_debug3 response "$response"
_debug auth_token "$auth_token"
if [ -z "$auth_token" ]; then
_err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme."
_err "Check your username and password."
return 1
fi
_H1="Cookie: $auth_token"
export _H1
_debug2 H1 "${_H1}"
# Now that we know the hostnameusername and password are good, save them
_savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname"
_savedeployconf PEPLINK_Username "$PEPLINK_Username"
_savedeployconf PEPLINK_Password "$PEPLINK_Password"
_info "Generate form POST request"
encoded_key="$(_url_encode <"$_ckey")"
encoded_fullchain="$(_url_encode <"$_cfullchain")"
body="cert_type=$PEPLINK_Certtype&cert_uid=&section=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain"
_debug3 body "$body"
_info "Upload $PEPLINK_Certtype certificate to the Peplink"
response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi")
_debug3 response "$response"
if echo "$response" | grep 'Success' >/dev/null; then
# We've verified this certificate type is valid, so save it
_savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype"
_info "Certificate was updated"
return 0
else
_err "Unable to update certificate, error code $response"
return 1
fi
}

132
deploy/proxmoxve.sh Normal file
View File

@ -0,0 +1,132 @@
#!/usr/bin/env sh
# Deploy certificates to a proxmox virtual environment node using the API.
#
# Environment variables that can be set are:
# `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to
# _cdomain.
# `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on.
# Defaults to 8006.
# `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to.
# Defaults to the host portion of the server
# domain name.
# `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root.
# `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates
# with. Defaults to pam.
# `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the
# user account. Defaults to acme.
# `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required.
proxmoxve_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug2 _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
# "Sane" defaults.
_getdeployconf DEPLOY_PROXMOXVE_SERVER
if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then
_target_hostname="$_cdomain"
else
_target_hostname="$DEPLOY_PROXMOXVE_SERVER"
_savedeployconf DEPLOY_PROXMOXVE_SERVER "$DEPLOY_PROXMOXVE_SERVER"
fi
_debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname"
_getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT
if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then
_target_port="8006"
else
_target_port="$DEPLOY_PROXMOXVE_SERVER_PORT"
_savedeployconf DEPLOY_PROXMOXVE_SERVER_PORT "$DEPLOY_PROXMOXVE_SERVER_PORT"
fi
_debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port"
_getdeployconf DEPLOY_PROXMOXVE_NODE_NAME
if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then
_node_name=$(echo "$_target_hostname" | cut -d. -f1)
else
_node_name="$DEPLOY_PROXMOXVE_NODE_NAME"
_savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME"
fi
_debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name"
# Complete URL.
_target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom"
_debug TARGET_URL "$_target_url"
# More "sane" defaults.
_getdeployconf DEPLOY_PROXMOXVE_USER
if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then
_proxmoxve_user="root"
else
_proxmoxve_user="$DEPLOY_PROXMOXVE_USER"
_savedeployconf DEPLOY_PROXMOXVE_USER "$DEPLOY_PROXMOXVE_USER"
fi
_debug2 DEPLOY_PROXMOXVE_USER "$_proxmoxve_user"
_getdeployconf DEPLOY_PROXMOXVE_USER_REALM
if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then
_proxmoxve_user_realm="pam"
else
_proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM"
_savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALM"
fi
_debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm"
_getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME
if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then
_proxmoxve_api_token_name="acme"
else
_proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME"
_savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME "$DEPLOY_PROXMOXVE_API_TOKEN_NAME"
fi
_debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name"
# This is required.
_getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY
if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ]; then
_err "API key not provided."
return 1
else
_proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
_savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
fi
_debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY "$_proxmoxve_api_token_key"
# PVE API Token header value. Used in "Authorization: PVEAPIToken".
_proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}"
_debug2 "Auth Header" "$_proxmoxve_header_api_token"
# Ugly. I hate putting heredocs inside functions because heredocs don't
# account for whitespace correctly but it _does_ work and is several times
# cleaner than anything else I had here.
#
# This dumps the json payload to a variable that should be passable to the
# _psot function.
_json_payload=$(
cat <<HEREDOC
{
"certificates": "$(tr '\n' ':' <"$_cfullchain" | sed 's/:/\\n/g')",
"key": "$(tr '\n' ':' <"$_ckey" | sed 's/:/\\n/g')",
"node":"$_node_name",
"restart":"1",
"force":"1"
}
HEREDOC
)
_debug2 Payload "$_json_payload"
_info "Push certificates to server"
export HTTPS_INSECURE=1
export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}"
_post "$_json_payload" "$_target_url" "" POST "application/json"
}

View File

@ -6,6 +6,8 @@
# export QINIU_AK="QINIUACCESSKEY" # export QINIU_AK="QINIUACCESSKEY"
# export QINIU_SK="QINIUSECRETKEY" # export QINIU_SK="QINIUSECRETKEY"
# export QINIU_CDN_DOMAIN="cdn.example.com" # export QINIU_CDN_DOMAIN="cdn.example.com"
# If you have more than one domain, just
# export QINIU_CDN_DOMAIN="cdn1.example.com cdn2.example.com"
QINIU_API_BASE="https://api.qiniu.com" QINIU_API_BASE="https://api.qiniu.com"
@ -51,7 +53,7 @@ qiniu_deploy() {
sslcert_access_token="$(_make_access_token "$sslcert_path")" sslcert_access_token="$(_make_access_token "$sslcert_path")"
_debug sslcert_access_token "$sslcert_access_token" _debug sslcert_access_token "$sslcert_access_token"
export _H1="Authorization: QBox $sslcert_access_token" export _H1="Authorization: QBox $sslcert_access_token"
sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64 "multiline") sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64)
if ! _contains "$sslcert_response" "certID"; then if ! _contains "$sslcert_response" "certID"; then
_err "Error in creating certificate:" _err "Error in creating certificate:"
@ -67,21 +69,23 @@ qiniu_deploy() {
_debug certId "$_certId" _debug certId "$_certId"
## update domain ssl config ## update domain ssl config
update_path="/domain/$QINIU_CDN_DOMAIN/httpsconf"
update_body="{\"certid\":$_certId,\"forceHttps\":false}" update_body="{\"certid\":$_certId,\"forceHttps\":false}"
for domain in $QINIU_CDN_DOMAIN; do
update_path="/domain/$domain/httpsconf"
update_access_token="$(_make_access_token "$update_path")" update_access_token="$(_make_access_token "$update_path")"
_debug update_access_token "$update_access_token" _debug update_access_token "$update_access_token"
export _H1="Authorization: QBox $update_access_token" export _H1="Authorization: QBox $update_access_token"
update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64 "multiline") update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64)
if _contains "$update_response" "error"; then if _contains "$update_response" "error"; then
_err "Error in updating domain httpsconf:" _err "Error in updating domain $domain httpsconf:"
_err "$update_response" _err "$update_response"
return 1 return 1
fi fi
_debug update_response "$update_response" _debug update_response "$update_response"
_info "Certificate successfully deployed" _info "Domain $domain certificate has been deployed successfully"
done
return 0 return 0
} }

View File

@ -23,6 +23,7 @@
# ```sh # ```sh
# export ROUTER_OS_USERNAME=certuser # export ROUTER_OS_USERNAME=certuser
# export ROUTER_OS_HOST=router.example.com # export ROUTER_OS_HOST=router.example.com
# export ROUTER_OS_PORT=22
# #
# acme.sh --deploy -d ftp.example.com --deploy-hook routeros # acme.sh --deploy -d ftp.example.com --deploy-hook routeros
# ``` # ```
@ -48,6 +49,16 @@
# One optional thing to do as well is to create a script that updates # One optional thing to do as well is to create a script that updates
# all the required services and run that script in a single command. # all the required services and run that script in a single command.
# #
# To adopt parameters to `scp` and/or `ssh` set the optional
# `ROUTER_OS_SSH_CMD` and `ROUTER_OS_SCP_CMD` variables accordingly,
# see ssh(1) and scp(1) for parameters to those commands.
#
# Example:
# ```ssh
# export ROUTER_OS_SSH_CMD="ssh -i /acme.sh/.ssh/router.example.com -o UserKnownHostsFile=/acme.sh/.ssh/known_hosts"
# export ROUTER_OS_SCP_CMD="scp -i /acme.sh/.ssh/router.example.com -o UserKnownHostsFile=/acme.sh/.ssh/known_hosts"
# ````
#
# returns 0 means success, otherwise error. # returns 0 means success, otherwise error.
######## Public functions ##################### ######## Public functions #####################
@ -59,6 +70,7 @@ routeros_deploy() {
_ccert="$3" _ccert="$3"
_cca="$4" _cca="$4"
_cfullchain="$5" _cfullchain="$5"
_err_code=0
_debug _cdomain "$_cdomain" _debug _cdomain "$_cdomain"
_debug _ckey "$_ckey" _debug _ckey "$_ckey"
@ -66,46 +78,127 @@ routeros_deploy() {
_debug _cca "$_cca" _debug _cca "$_cca"
_debug _cfullchain "$_cfullchain" _debug _cfullchain "$_cfullchain"
_getdeployconf ROUTER_OS_HOST
if [ -z "$ROUTER_OS_HOST" ]; then if [ -z "$ROUTER_OS_HOST" ]; then
_debug "Using _cdomain as ROUTER_OS_HOST, please set if not correct." _debug "Using _cdomain as ROUTER_OS_HOST, please set if not correct."
ROUTER_OS_HOST="$_cdomain" ROUTER_OS_HOST="$_cdomain"
fi fi
_getdeployconf ROUTER_OS_USERNAME
if [ -z "$ROUTER_OS_USERNAME" ]; then if [ -z "$ROUTER_OS_USERNAME" ]; then
_err "Need to set the env variable ROUTER_OS_USERNAME" _err "Need to set the env variable ROUTER_OS_USERNAME"
return 1 return 1
fi fi
_getdeployconf ROUTER_OS_PORT
if [ -z "$ROUTER_OS_PORT" ]; then
_debug "Using default port 22 as ROUTER_OS_PORT, please set if not correct."
ROUTER_OS_PORT=22
fi
_getdeployconf ROUTER_OS_SSH_CMD
if [ -z "$ROUTER_OS_SSH_CMD" ]; then
_debug "Use default ssh setup."
ROUTER_OS_SSH_CMD="ssh -p $ROUTER_OS_PORT"
fi
_getdeployconf ROUTER_OS_SCP_CMD
if [ -z "$ROUTER_OS_SCP_CMD" ]; then
_debug "USe default scp setup."
ROUTER_OS_SCP_CMD="scp -P $ROUTER_OS_PORT"
fi
_getdeployconf ROUTER_OS_ADDITIONAL_SERVICES
if [ -z "$ROUTER_OS_ADDITIONAL_SERVICES" ]; then if [ -z "$ROUTER_OS_ADDITIONAL_SERVICES" ]; then
_debug "Not enabling additional services" _debug "Not enabling additional services"
ROUTER_OS_ADDITIONAL_SERVICES="" ROUTER_OS_ADDITIONAL_SERVICES=""
fi fi
_info "Trying to push key '$_ckey' to router" _savedeployconf ROUTER_OS_HOST "$ROUTER_OS_HOST"
scp "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key" _savedeployconf ROUTER_OS_USERNAME "$ROUTER_OS_USERNAME"
_info "Trying to push cert '$_cfullchain' to router" _savedeployconf ROUTER_OS_PORT "$ROUTER_OS_PORT"
scp "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer" _savedeployconf ROUTER_OS_SSH_CMD "$ROUTER_OS_SSH_CMD"
DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=admin policy=ftp,read,write,password,sensitive _savedeployconf ROUTER_OS_SCP_CMD "$ROUTER_OS_SCP_CMD"
source=\"## generated by routeros deploy script in acme.sh _savedeployconf ROUTER_OS_ADDITIONAL_SERVICES "$ROUTER_OS_ADDITIONAL_SERVICES"
\n/certificate remove [ find name=$_cdomain.cer_0 ]
\n/certificate remove [ find name=$_cdomain.cer_1 ] # push key to routeros
\ndelay 1 if ! _scp_certificate "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key"; then
\n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\" return $_err_code
\n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\" fi
\ndelay 1
\n/file remove $_cdomain.cer # push certificate chain to routeros
\n/file remove $_cdomain.key if ! _scp_certificate "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer"; then
\ndelay 2 return $_err_code
\n/ip service set www-ssl certificate=$_cdomain.cer_0 fi
\n$ROUTER_OS_ADDITIONAL_SERVICES
DEPLOY_SCRIPT_CMD=":do {/system script remove \"LECertDeploy-$_cdomain\" } on-error={ }; \
/system script add name=\"LECertDeploy-$_cdomain\" owner=$ROUTER_OS_USERNAME \
comment=\"generated by routeros deploy script in acme.sh\" \
source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\
\n/certificate remove [ find name=$_cdomain.cer_1 ];\
\n/certificate remove [ find name=$_cdomain.cer_2 ];\
\ndelay 1;\
\n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\";\
\n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\";\
\ndelay 1;\
\n:do {/file remove $_cdomain.cer; } on-error={ }\
\n:do {/file remove $_cdomain.key; } on-error={ }\
\ndelay 2;\
\n/ip service set www-ssl certificate=$_cdomain.cer_0;\
\n$ROUTER_OS_ADDITIONAL_SERVICES;\
\n\" \n\"
" "
# shellcheck disable=SC2029
ssh "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "$DEPLOY_SCRIPT_CMD" if ! _ssh_remote_cmd "$DEPLOY_SCRIPT_CMD"; then
# shellcheck disable=SC2029 return $_err_code
ssh "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script run \"LE Cert Deploy - $_cdomain\"" fi
# shellcheck disable=SC2029
ssh "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script remove \"LE Cert Deploy - $_cdomain\"" if ! _ssh_remote_cmd "/system script run \"LECertDeploy-$_cdomain\""; then
return $_err_code
fi
if ! _ssh_remote_cmd "/system script remove \"LECertDeploy-$_cdomain\""; then
return $_err_code
fi
return 0 return 0
} }
# inspired by deploy/ssh.sh
_ssh_remote_cmd() {
_cmd="$1"
_secure_debug "Remote commands to execute: $_cmd"
_info "Submitting sequence of commands to routeros"
# quotations in bash cmd below intended. Squash travis spellcheck error
# shellcheck disable=SC2029
$ROUTER_OS_SSH_CMD "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "$_cmd"
_err_code="$?"
if [ "$_err_code" != "0" ]; then
_err "Error code $_err_code returned from routeros"
fi
return $_err_code
}
_scp_certificate() {
_src="$1"
_dst="$2"
_secure_debug "scp '$_src' to '$_dst'"
_info "Push key '$_src' to routeros"
$ROUTER_OS_SCP_CMD "$_src" "$_dst"
_err_code="$?"
if [ "$_err_code" != "0" ]; then
_err "Error code $_err_code returned from scp"
fi
return $_err_code
}

View File

@ -12,15 +12,19 @@
# Only a username is required. All others are optional. # Only a username is required. All others are optional.
# #
# The following examples are for QNAP NAS running QTS 4.2 # The following examples are for QNAP NAS running QTS 4.2
# export DEPLOY_SSH_CMD="" # defaults to ssh # export DEPLOY_SSH_CMD="" # defaults to "ssh -T"
# export DEPLOY_SSH_USER="admin" # required # export DEPLOY_SSH_USER="admin" # required
# export DEPLOY_SSH_SERVER="qnap" # defaults to domain name # export DEPLOY_SSH_SERVER="host1 host2:8022 192.168.0.1:9022" # defaults to domain name, support multiple servers with optional port
# export DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem" # export DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem"
# export DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem" # export DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem"
# export DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem" # export DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem"
# export DEPLOY_SSH_FULLCHAIN="" # export DEPLOY_SSH_FULLCHAIN=""
# export DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart" # export DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart"
# export DEPLOY_SSH_BACKUP="" # yes or no, default to yes # export DEPLOY_SSH_BACKUP="" # yes or no, default to yes or previously saved value
# export DEPLOY_SSH_BACKUP_PATH=".acme_ssh_deploy" # path on remote system. Defaults to .acme_ssh_deploy
# export DEPLOY_SSH_MULTI_CALL="" # yes or no, default to no or previously saved value
# export DEPLOY_SSH_USE_SCP="" yes or no, default to no
# export DEPLOY_SSH_SCP_CMD="" defaults to "scp -q"
# #
######## Public functions ##################### ######## Public functions #####################
@ -31,15 +35,7 @@ ssh_deploy() {
_ccert="$3" _ccert="$3"
_cca="$4" _cca="$4"
_cfullchain="$5" _cfullchain="$5"
_cmdstr="" _deploy_ssh_servers=""
_homedir='~'
_backupprefix="$_homedir/.acme_ssh_deploy/$_cdomain-backup"
_backupdir="$_backupprefix-$(_utc_date | tr ' ' '-')"
if [ -f "$DOMAIN_CONF" ]; then
# shellcheck disable=SC1090
. "$DOMAIN_CONF"
fi
_debug _cdomain "$_cdomain" _debug _cdomain "$_cdomain"
_debug _ckey "$_ckey" _debug _ckey "$_ckey"
@ -48,136 +44,163 @@ ssh_deploy() {
_debug _cfullchain "$_cfullchain" _debug _cfullchain "$_cfullchain"
# USER is required to login by SSH to remote host. # USER is required to login by SSH to remote host.
_migratedeployconf Le_Deploy_ssh_user DEPLOY_SSH_USER
_getdeployconf DEPLOY_SSH_USER
_debug2 DEPLOY_SSH_USER "$DEPLOY_SSH_USER"
if [ -z "$DEPLOY_SSH_USER" ]; then if [ -z "$DEPLOY_SSH_USER" ]; then
if [ -z "$Le_Deploy_ssh_user" ]; then
_err "DEPLOY_SSH_USER not defined." _err "DEPLOY_SSH_USER not defined."
return 1 return 1
fi fi
else _savedeployconf DEPLOY_SSH_USER "$DEPLOY_SSH_USER"
Le_Deploy_ssh_user="$DEPLOY_SSH_USER"
_savedomainconf Le_Deploy_ssh_user "$Le_Deploy_ssh_user"
fi
# SERVER is optional. If not provided then use _cdomain # SERVER is optional. If not provided then use _cdomain
if [ -n "$DEPLOY_SSH_SERVER" ]; then _migratedeployconf Le_Deploy_ssh_server DEPLOY_SSH_SERVER
Le_Deploy_ssh_server="$DEPLOY_SSH_SERVER" _getdeployconf DEPLOY_SSH_SERVER
_savedomainconf Le_Deploy_ssh_server "$Le_Deploy_ssh_server" _debug2 DEPLOY_SSH_SERVER "$DEPLOY_SSH_SERVER"
elif [ -z "$Le_Deploy_ssh_server" ]; then if [ -z "$DEPLOY_SSH_SERVER" ]; then
Le_Deploy_ssh_server="$_cdomain" DEPLOY_SSH_SERVER="$_cdomain"
fi fi
_savedeployconf DEPLOY_SSH_SERVER "$DEPLOY_SSH_SERVER"
# CMD is optional. If not provided then use ssh # CMD is optional. If not provided then use ssh
if [ -n "$DEPLOY_SSH_CMD" ]; then _migratedeployconf Le_Deploy_ssh_cmd DEPLOY_SSH_CMD
Le_Deploy_ssh_cmd="$DEPLOY_SSH_CMD" _getdeployconf DEPLOY_SSH_CMD
_savedomainconf Le_Deploy_ssh_cmd "$Le_Deploy_ssh_cmd" _debug2 DEPLOY_SSH_CMD "$DEPLOY_SSH_CMD"
elif [ -z "$Le_Deploy_ssh_cmd" ]; then if [ -z "$DEPLOY_SSH_CMD" ]; then
Le_Deploy_ssh_cmd="ssh" DEPLOY_SSH_CMD="ssh -T"
fi fi
_savedeployconf DEPLOY_SSH_CMD "$DEPLOY_SSH_CMD"
# BACKUP is optional. If not provided then default to yes # BACKUP is optional. If not provided then default to previously saved value or yes.
if [ "$DEPLOY_SSH_BACKUP" = "no" ]; then _migratedeployconf Le_Deploy_ssh_backup DEPLOY_SSH_BACKUP
Le_Deploy_ssh_backup="no" _getdeployconf DEPLOY_SSH_BACKUP
elif [ -z "$Le_Deploy_ssh_backup" ]; then _debug2 DEPLOY_SSH_BACKUP "$DEPLOY_SSH_BACKUP"
Le_Deploy_ssh_backup="yes" if [ -z "$DEPLOY_SSH_BACKUP" ]; then
DEPLOY_SSH_BACKUP="yes"
fi fi
_savedomainconf Le_Deploy_ssh_backup "$Le_Deploy_ssh_backup" _savedeployconf DEPLOY_SSH_BACKUP "$DEPLOY_SSH_BACKUP"
_info "Deploy certificates to remote server $Le_Deploy_ssh_user@$Le_Deploy_ssh_server" # BACKUP_PATH is optional. If not provided then default to previously saved value or .acme_ssh_deploy
_migratedeployconf Le_Deploy_ssh_backup_path DEPLOY_SSH_BACKUP_PATH
_getdeployconf DEPLOY_SSH_BACKUP_PATH
_debug2 DEPLOY_SSH_BACKUP_PATH "$DEPLOY_SSH_BACKUP_PATH"
if [ -z "$DEPLOY_SSH_BACKUP_PATH" ]; then
DEPLOY_SSH_BACKUP_PATH=".acme_ssh_deploy"
fi
_savedeployconf DEPLOY_SSH_BACKUP_PATH "$DEPLOY_SSH_BACKUP_PATH"
# MULTI_CALL is optional. If not provided then default to previously saved
# value (which may be undefined... equivalent to "no").
_migratedeployconf Le_Deploy_ssh_multi_call DEPLOY_SSH_MULTI_CALL
_getdeployconf DEPLOY_SSH_MULTI_CALL
_debug2 DEPLOY_SSH_MULTI_CALL "$DEPLOY_SSH_MULTI_CALL"
if [ -z "$DEPLOY_SSH_MULTI_CALL" ]; then
DEPLOY_SSH_MULTI_CALL="no"
fi
_savedeployconf DEPLOY_SSH_MULTI_CALL "$DEPLOY_SSH_MULTI_CALL"
# KEYFILE is optional. # KEYFILE is optional.
# If provided then private key will be copied to provided filename. # If provided then private key will be copied to provided filename.
_migratedeployconf Le_Deploy_ssh_keyfile DEPLOY_SSH_KEYFILE
_getdeployconf DEPLOY_SSH_KEYFILE
_debug2 DEPLOY_SSH_KEYFILE "$DEPLOY_SSH_KEYFILE"
if [ -n "$DEPLOY_SSH_KEYFILE" ]; then if [ -n "$DEPLOY_SSH_KEYFILE" ]; then
Le_Deploy_ssh_keyfile="$DEPLOY_SSH_KEYFILE" _savedeployconf DEPLOY_SSH_KEYFILE "$DEPLOY_SSH_KEYFILE"
_savedomainconf Le_Deploy_ssh_keyfile "$Le_Deploy_ssh_keyfile"
fi
if [ -n "$Le_Deploy_ssh_keyfile" ]; then
if [ "$Le_Deploy_ssh_backup" = "yes" ]; then
# backup file we are about to overwrite.
_cmdstr="$_cmdstr cp $Le_Deploy_ssh_keyfile $_backupdir >/dev/null;"
fi
# copy new certificate into file.
_cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $Le_Deploy_ssh_keyfile;"
_info "will copy private key to remote file $Le_Deploy_ssh_keyfile"
fi fi
# CERTFILE is optional. # CERTFILE is optional.
# If provided then certificate will be copied or appended to provided filename. # If provided then certificate will be copied or appended to provided filename.
_migratedeployconf Le_Deploy_ssh_certfile DEPLOY_SSH_CERTFILE
_getdeployconf DEPLOY_SSH_CERTFILE
_debug2 DEPLOY_SSH_CERTFILE "$DEPLOY_SSH_CERTFILE"
if [ -n "$DEPLOY_SSH_CERTFILE" ]; then if [ -n "$DEPLOY_SSH_CERTFILE" ]; then
Le_Deploy_ssh_certfile="$DEPLOY_SSH_CERTFILE" _savedeployconf DEPLOY_SSH_CERTFILE "$DEPLOY_SSH_CERTFILE"
_savedomainconf Le_Deploy_ssh_certfile "$Le_Deploy_ssh_certfile"
fi
if [ -n "$Le_Deploy_ssh_certfile" ]; then
_pipe=">"
if [ "$Le_Deploy_ssh_certfile" = "$Le_Deploy_ssh_keyfile" ]; then
# if filename is same as previous file then append.
_pipe=">>"
elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
# backup file we are about to overwrite.
_cmdstr="$_cmdstr cp $Le_Deploy_ssh_certfile $_backupdir >/dev/null;"
fi
# copy new certificate into file.
_cmdstr="$_cmdstr echo \"$(cat "$_ccert")\" $_pipe $Le_Deploy_ssh_certfile;"
_info "will copy certificate to remote file $Le_Deploy_ssh_certfile"
fi fi
# CAFILE is optional. # CAFILE is optional.
# If provided then CA intermediate certificate will be copied or appended to provided filename. # If provided then CA intermediate certificate will be copied or appended to provided filename.
_migratedeployconf Le_Deploy_ssh_cafile DEPLOY_SSH_CAFILE
_getdeployconf DEPLOY_SSH_CAFILE
_debug2 DEPLOY_SSH_CAFILE "$DEPLOY_SSH_CAFILE"
if [ -n "$DEPLOY_SSH_CAFILE" ]; then if [ -n "$DEPLOY_SSH_CAFILE" ]; then
Le_Deploy_ssh_cafile="$DEPLOY_SSH_CAFILE" _savedeployconf DEPLOY_SSH_CAFILE "$DEPLOY_SSH_CAFILE"
_savedomainconf Le_Deploy_ssh_cafile "$Le_Deploy_ssh_cafile"
fi
if [ -n "$Le_Deploy_ssh_cafile" ]; then
_pipe=">"
if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] \
|| [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then
# if filename is same as previous file then append.
_pipe=">>"
elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
# backup file we are about to overwrite.
_cmdstr="$_cmdstr cp $Le_Deploy_ssh_cafile $_backupdir >/dev/null;"
fi
# copy new certificate into file.
_cmdstr="$_cmdstr echo \"$(cat "$_cca")\" $_pipe $Le_Deploy_ssh_cafile;"
_info "will copy CA file to remote file $Le_Deploy_ssh_cafile"
fi fi
# FULLCHAIN is optional. # FULLCHAIN is optional.
# If provided then fullchain certificate will be copied or appended to provided filename. # If provided then fullchain certificate will be copied or appended to provided filename.
_migratedeployconf Le_Deploy_ssh_fullchain DEPLOY_SSH_FULLCHAIN
_getdeployconf DEPLOY_SSH_FULLCHAIN
_debug2 DEPLOY_SSH_FULLCHAIN "$DEPLOY_SSH_FULLCHAIN"
if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then
Le_Deploy_ssh_fullchain="$DEPLOY_SSH_FULLCHAIN" _savedeployconf DEPLOY_SSH_FULLCHAIN "$DEPLOY_SSH_FULLCHAIN"
_savedomainconf Le_Deploy_ssh_fullchain "$Le_Deploy_ssh_fullchain"
fi
if [ -n "$Le_Deploy_ssh_fullchain" ]; then
_pipe=">"
if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] \
|| [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ] \
|| [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then
# if filename is same as previous file then append.
_pipe=">>"
elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
# backup file we are about to overwrite.
_cmdstr="$_cmdstr cp $Le_Deploy_ssh_fullchain $_backupdir >/dev/null;"
fi
# copy new certificate into file.
_cmdstr="$_cmdstr echo \"$(cat "$_cfullchain")\" $_pipe $Le_Deploy_ssh_fullchain;"
_info "will copy fullchain to remote file $Le_Deploy_ssh_fullchain"
fi fi
# REMOTE_CMD is optional. # REMOTE_CMD is optional.
# If provided then this command will be executed on remote host. # If provided then this command will be executed on remote host.
_migratedeployconf Le_Deploy_ssh_remote_cmd DEPLOY_SSH_REMOTE_CMD
_getdeployconf DEPLOY_SSH_REMOTE_CMD
_debug2 DEPLOY_SSH_REMOTE_CMD "$DEPLOY_SSH_REMOTE_CMD"
if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then
Le_Deploy_ssh_remote_cmd="$DEPLOY_SSH_REMOTE_CMD" _savedeployconf DEPLOY_SSH_REMOTE_CMD "$DEPLOY_SSH_REMOTE_CMD"
_savedomainconf Le_Deploy_ssh_remote_cmd "$Le_Deploy_ssh_remote_cmd"
fi
if [ -n "$Le_Deploy_ssh_remote_cmd" ]; then
_cmdstr="$_cmdstr $Le_Deploy_ssh_remote_cmd;"
_info "Will execute remote command $Le_Deploy_ssh_remote_cmd"
fi fi
if [ -z "$_cmdstr" ]; then # USE_SCP is optional. If not provided then default to previously saved
_err "No remote commands to excute. Failed to deploy certificates to remote server" # value (which may be undefined... equivalent to "no").
return 1 _getdeployconf DEPLOY_SSH_USE_SCP
elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then _debug2 DEPLOY_SSH_USE_SCP "$DEPLOY_SSH_USE_SCP"
if [ -z "$DEPLOY_SSH_USE_SCP" ]; then
DEPLOY_SSH_USE_SCP="no"
fi
_savedeployconf DEPLOY_SSH_USE_SCP "$DEPLOY_SSH_USE_SCP"
# SCP_CMD is optional. If not provided then use scp
_getdeployconf DEPLOY_SSH_SCP_CMD
_debug2 DEPLOY_SSH_SCP_CMD "$DEPLOY_SSH_SCP_CMD"
if [ -z "$DEPLOY_SSH_SCP_CMD" ]; then
DEPLOY_SSH_SCP_CMD="scp -q"
fi
_savedeployconf DEPLOY_SSH_SCP_CMD "$DEPLOY_SSH_SCP_CMD"
if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then
DEPLOY_SSH_MULTI_CALL="yes"
_info "Using scp as alternate method for copying files. Multicall Mode is implicit"
elif [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
_info "Using MULTI_CALL mode... Required commands sent in multiple calls to remote host"
else
_info "Required commands batched and sent in single call to remote host"
fi
_deploy_ssh_servers="$DEPLOY_SSH_SERVER"
for DEPLOY_SSH_SERVER in $_deploy_ssh_servers; do
_ssh_deploy
done
}
_ssh_deploy() {
_err_code=0
_cmdstr=""
_backupprefix=""
_backupdir=""
_local_cert_file=""
_local_ca_file=""
_local_full_file=""
case $DEPLOY_SSH_SERVER in
*:*)
_host=${DEPLOY_SSH_SERVER%:*}
_port=${DEPLOY_SSH_SERVER##*:}
;;
*)
_host=$DEPLOY_SSH_SERVER
_port=
;;
esac
_info "Deploy certificates to remote server $DEPLOY_SSH_USER@$_host:$_port"
if [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
_backupprefix="$DEPLOY_SSH_BACKUP_PATH/$_cdomain-backup"
_backupdir="$_backupprefix-$(_utc_date | tr ' ' '-')"
# run cleanup on the backup directory, erase all older # run cleanup on the backup directory, erase all older
# than 180 days (15552000 seconds). # than 180 days (15552000 seconds).
_cmdstr="{ now=\"\$(date -u +%s)\"; for fn in $_backupprefix*; \ _cmdstr="{ now=\"\$(date -u +%s)\"; for fn in $_backupprefix*; \
@ -188,18 +211,252 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
_cmdstr="mkdir -p $_backupdir; $_cmdstr" _cmdstr="mkdir -p $_backupdir; $_cmdstr"
_info "Backup of old certificate files will be placed in remote directory $_backupdir" _info "Backup of old certificate files will be placed in remote directory $_backupdir"
_info "Backup directories erased after 180 days." _info "Backup directories erased after 180 days."
if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
if ! _ssh_remote_cmd "$_cmdstr"; then
return $_err_code
fi
_cmdstr=""
fi
fi fi
_secure_debug "Remote commands to execute: " "$_cmdstr" if [ -n "$DEPLOY_SSH_KEYFILE" ]; then
_info "Submitting sequence of commands to remote server by ssh" if [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
# backup file we are about to overwrite.
_cmdstr="$_cmdstr cp $DEPLOY_SSH_KEYFILE $_backupdir >/dev/null;"
if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
if ! _ssh_remote_cmd "$_cmdstr"; then
return $_err_code
fi
_cmdstr=""
fi
fi
# copy new key into file.
if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then
# scp the file
if ! _scp_remote_cmd "$_ckey" "$DEPLOY_SSH_KEYFILE"; then
return $_err_code
fi
else
# ssh echo to the file
_cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $DEPLOY_SSH_KEYFILE;"
_info "will copy private key to remote file $DEPLOY_SSH_KEYFILE"
if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
if ! _ssh_remote_cmd "$_cmdstr"; then
return $_err_code
fi
_cmdstr=""
fi
fi
fi
if [ -n "$DEPLOY_SSH_CERTFILE" ]; then
_pipe=">"
if [ "$DEPLOY_SSH_CERTFILE" = "$DEPLOY_SSH_KEYFILE" ]; then
# if filename is same as previous file then append.
_pipe=">>"
elif [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
# backup file we are about to overwrite.
_cmdstr="$_cmdstr cp $DEPLOY_SSH_CERTFILE $_backupdir >/dev/null;"
if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
if ! _ssh_remote_cmd "$_cmdstr"; then
return $_err_code
fi
_cmdstr=""
fi
fi
# copy new certificate into file.
if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then
# scp the file
_local_cert_file=$(_mktemp)
if [ "$DEPLOY_SSH_CERTFILE" = "$DEPLOY_SSH_KEYFILE" ]; then
cat "$_ckey" >>"$_local_cert_file"
fi
cat "$_ccert" >>"$_local_cert_file"
if ! _scp_remote_cmd "$_local_cert_file" "$DEPLOY_SSH_CERTFILE"; then
return $_err_code
fi
else
# ssh echo to the file
_cmdstr="$_cmdstr echo \"$(cat "$_ccert")\" $_pipe $DEPLOY_SSH_CERTFILE;"
_info "will copy certificate to remote file $DEPLOY_SSH_CERTFILE"
if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
if ! _ssh_remote_cmd "$_cmdstr"; then
return $_err_code
fi
_cmdstr=""
fi
fi
fi
if [ -n "$DEPLOY_SSH_CAFILE" ]; then
_pipe=">"
if [ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_KEYFILE" ] ||
[ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_CERTFILE" ]; then
# if filename is same as previous file then append.
_pipe=">>"
elif [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
# backup file we are about to overwrite.
_cmdstr="$_cmdstr cp $DEPLOY_SSH_CAFILE $_backupdir >/dev/null;"
if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
if ! _ssh_remote_cmd "$_cmdstr"; then
return $_err_code
fi
_cmdstr=""
fi
fi
# copy new certificate into file.
if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then
# scp the file
_local_ca_file=$(_mktemp)
if [ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_KEYFILE" ]; then
cat "$_ckey" >>"$_local_ca_file"
fi
if [ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_CERTFILE" ]; then
cat "$_ccert" >>"$_local_ca_file"
fi
cat "$_cca" >>"$_local_ca_file"
if ! _scp_remote_cmd "$_local_ca_file" "$DEPLOY_SSH_CAFILE"; then
return $_err_code
fi
else
# ssh echo to the file
_cmdstr="$_cmdstr echo \"$(cat "$_cca")\" $_pipe $DEPLOY_SSH_CAFILE;"
_info "will copy CA file to remote file $DEPLOY_SSH_CAFILE"
if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
if ! _ssh_remote_cmd "$_cmdstr"; then
return $_err_code
fi
_cmdstr=""
fi
fi
fi
if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then
_pipe=">"
if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_KEYFILE" ] ||
[ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CERTFILE" ] ||
[ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CAFILE" ]; then
# if filename is same as previous file then append.
_pipe=">>"
elif [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
# backup file we are about to overwrite.
_cmdstr="$_cmdstr cp $DEPLOY_SSH_FULLCHAIN $_backupdir >/dev/null;"
if [ "$DEPLOY_SSH_FULLCHAIN" = "yes" ]; then
if ! _ssh_remote_cmd "$_cmdstr"; then
return $_err_code
fi
_cmdstr=""
fi
fi
# copy new certificate into file.
if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then
# scp the file
_local_full_file=$(_mktemp)
if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_KEYFILE" ]; then
cat "$_ckey" >>"$_local_full_file"
fi
if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CERTFILE" ]; then
cat "$_ccert" >>"$_local_full_file"
fi
if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CAFILE" ]; then
cat "$_cca" >>"$_local_full_file"
fi
cat "$_cfullchain" >>"$_local_full_file"
if ! _scp_remote_cmd "$_local_full_file" "$DEPLOY_SSH_FULLCHAIN"; then
return $_err_code
fi
else
# ssh echo to the file
_cmdstr="$_cmdstr echo \"$(cat "$_cfullchain")\" $_pipe $DEPLOY_SSH_FULLCHAIN;"
_info "will copy fullchain to remote file $DEPLOY_SSH_FULLCHAIN"
if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
if ! _ssh_remote_cmd "$_cmdstr"; then
return $_err_code
fi
_cmdstr=""
fi
fi
fi
# cleanup local files if any
if [ -f "$_local_cert_file" ]; then
rm -f "$_local_cert_file"
fi
if [ -f "$_local_ca_file" ]; then
rm -f "$_local_ca_file"
fi
if [ -f "$_local_full_file" ]; then
rm -f "$_local_full_file"
fi
if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then
_cmdstr="$_cmdstr $DEPLOY_SSH_REMOTE_CMD;"
_info "Will execute remote command $DEPLOY_SSH_REMOTE_CMD"
if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
if ! _ssh_remote_cmd "$_cmdstr"; then
return $_err_code
fi
_cmdstr=""
fi
fi
# if commands not all sent in multiple calls then all commands sent in a single SSH call now...
if [ -n "$_cmdstr" ]; then
if ! _ssh_remote_cmd "$_cmdstr"; then
return $_err_code
fi
fi
# cleanup in case all is ok
return 0
}
#cmd
_ssh_remote_cmd() {
_cmd="$1"
_ssh_cmd="$DEPLOY_SSH_CMD"
if [ -n "$_port" ]; then
_ssh_cmd="$_ssh_cmd -p $_port"
fi
_secure_debug "Remote commands to execute: $_cmd"
_info "Submitting sequence of commands to remote server by $_ssh_cmd"
# quotations in bash cmd below intended. Squash travis spellcheck error # quotations in bash cmd below intended. Squash travis spellcheck error
# shellcheck disable=SC2029 # shellcheck disable=SC2029
$Le_Deploy_ssh_cmd -T "$Le_Deploy_ssh_user@$Le_Deploy_ssh_server" sh -c "'$_cmdstr'" $_ssh_cmd "$DEPLOY_SSH_USER@$_host" sh -c "'$_cmd'"
_ret="$?" _err_code="$?"
if [ "$_ret" != "0" ]; then if [ "$_err_code" != "0" ]; then
_err "Error code $_ret returned from $Le_Deploy_ssh_cmd" _err "Error code $_err_code returned from ssh"
fi fi
return $_ret return $_err_code
}
# cmd scp
_scp_remote_cmd() {
_src=$1
_dest=$2
_scp_cmd="$DEPLOY_SSH_SCP_CMD"
if [ -n "$_port" ]; then
_scp_cmd="$_scp_cmd -P $_port"
fi
_secure_debug "Remote copy source $_src to destination $_dest"
_info "Submitting secure copy by $_scp_cmd"
$_scp_cmd "$_src" "$DEPLOY_SSH_USER"@"$_host":"$_dest"
_err_code="$?"
if [ "$_err_code" != "0" ]; then
_err "Error code $_err_code returned from scp"
fi
return $_err_code
} }

445
deploy/synology_dsm.sh Normal file
View File

@ -0,0 +1,445 @@
#!/bin/bash
################################################################################
# ACME.sh 3rd party deploy plugin for Synology DSM
################################################################################
# Authors: Brian Hartvigsen (creator), https://github.com/tresni
# Martin Arndt (contributor), https://troublezone.net/
# Updated: 2023-07-03
# Issues: https://github.com/acmesh-official/acme.sh/issues/2727
################################################################################
# Usage (shown values are the examples):
# 1. Set required environment variables:
# - use automatically created temp admin user to authenticate
# export SYNO_USE_TEMP_ADMIN=1
# - or provide your own admin user credential to authenticate
# 1. export SYNO_USERNAME="adminUser"
# 2. export SYNO_PASSWORD="adminPassword"
# 2. Set optional environment variables
# - common optional variables
# - export SYNO_SCHEME="http" - defaults to "http"
# - export SYNO_HOSTNAME="localhost" - defaults to "localhost"
# - export SYNO_PORT="5000" - defaults to "5000"
# - export SYNO_CREATE=1 - to allow creating the cert if it doesn't exist
# - export SYNO_CERTIFICATE="" - to replace a specific cert by its
# description
# - temp admin optional variables
# - export SYNO_LOCAL_HOSTNAME=1 - if set to 1, force to treat hostname is
# targeting current local machine (since
# this method only locally supported)
# - exsiting admin 2FA-OTP optional variables
# - export SYNO_OTP_CODE="XXXXXX" - if set, script won't require to
# interactive input the OTP code
# - export SYNO_DEVICE_NAME="CertRenewal" - if set, script won't require to
# interactive input the device name
# - export SYNO_DEVICE_ID="" - (deprecated, auth with OTP code instead)
# required for omitting 2FA-OTP
# 3. Run command:
# acme.sh --deploy --deploy-hook synology_dsm -d example.com
################################################################################
# Dependencies:
# - curl
# - synouser & synogroup & synosetkeyvalue (Required for SYNO_USE_TEMP_ADMIN=1)
################################################################################
# Return value:
# 0 means success, otherwise error.
################################################################################
########## Public functions ####################################################
#domain keyfile certfile cafile fullchain
synology_dsm_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_debug _cdomain "$_cdomain"
# Get username and password, but don't save until we authenticated successfully
_migratedeployconf SYNO_Username SYNO_USERNAME
_migratedeployconf SYNO_Password SYNO_PASSWORD
_migratedeployconf SYNO_Device_ID SYNO_DEVICE_ID
_migratedeployconf SYNO_Device_Name SYNO_DEVICE_NAME
_getdeployconf SYNO_USERNAME
_getdeployconf SYNO_PASSWORD
_getdeployconf SYNO_DEVICE_ID
_getdeployconf SYNO_DEVICE_NAME
# Prepare to use temp admin if SYNO_USE_TEMP_ADMIN is set
_getdeployconf SYNO_USE_TEMP_ADMIN
_check2cleardeployconfexp SYNO_USE_TEMP_ADMIN
_debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
if ! _exists synouser || ! _exists synogroup || ! _exists synosetkeyvalue; then
_err "Missing required tools to creat temp admin user, please set SYNO_USERNAME and SYNO_PASSWORD instead."
_err "Notice: temp admin user authorization method only supports local deployment on DSM."
return 1
fi
if synouser --help 2>&1 | grep -q 'Permission denied'; then
_err "For creating temp admin user, the deploy script must be run as root."
return 1
fi
[ -n "$SYNO_USERNAME" ] || _savedeployconf SYNO_USERNAME ""
[ -n "$SYNO_PASSWORD" ] || _savedeployconf SYNO_PASSWORD ""
_debug "Setting temp admin user credential..."
SYNO_USERNAME=sc-acmesh-tmp
SYNO_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16)
# Set 2FA-OTP settings to empty consider they won't be needed.
SYNO_DEVICE_ID=
SYNO_DEVICE_NAME=
SYNO_OTP_CODE=
else
_debug2 SYNO_USERNAME "$SYNO_USERNAME"
_secure_debug2 SYNO_PASSWORD "$SYNO_PASSWORD"
_debug2 SYNO_DEVICE_NAME "$SYNO_DEVICE_NAME"
_secure_debug2 SYNO_DEVICE_ID "$SYNO_DEVICE_ID"
fi
if [ -z "$SYNO_USERNAME" ] || [ -z "$SYNO_PASSWORD" ]; then
_err "You must set either SYNO_USE_TEMP_ADMIN, or set both SYNO_USERNAME and SYNO_PASSWORD."
return 1
fi
# Optional scheme, hostname and port for Synology DSM
_migratedeployconf SYNO_Scheme SYNO_SCHEME
_migratedeployconf SYNO_Hostname SYNO_HOSTNAME
_migratedeployconf SYNO_Port SYNO_PORT
_getdeployconf SYNO_SCHEME
_getdeployconf SYNO_HOSTNAME
_getdeployconf SYNO_PORT
# Default values for scheme, hostname and port
# Defaulting to localhost and http, because it's localhost…
[ -n "$SYNO_SCHEME" ] || SYNO_SCHEME=http
[ -n "$SYNO_HOSTNAME" ] || SYNO_HOSTNAME=localhost
[ -n "$SYNO_PORT" ] || SYNO_PORT=5000
_savedeployconf SYNO_SCHEME "$SYNO_SCHEME"
_savedeployconf SYNO_HOSTNAME "$SYNO_HOSTNAME"
_savedeployconf SYNO_PORT "$SYNO_PORT"
_debug2 SYNO_SCHEME "$SYNO_SCHEME"
_debug2 SYNO_HOSTNAME "$SYNO_HOSTNAME"
_debug2 SYNO_PORT "$SYNO_PORT"
# Get the certificate description, but don't save it until we verify it's real
_migratedeployconf SYNO_Certificate SYNO_CERTIFICATE "base64"
_getdeployconf SYNO_CERTIFICATE
_check2cleardeployconfexp SYNO_CERTIFICATE
_debug SYNO_CERTIFICATE "${SYNO_CERTIFICATE:-}"
# shellcheck disable=SC1003 # We are not trying to escape a single quote
if printf "%s" "$SYNO_CERTIFICATE" | grep '\\'; then
_err "Do not use a backslash (\) in your certificate description"
return 1
fi
_debug "Getting API version..."
_base_url="$SYNO_SCHEME://$SYNO_HOSTNAME:$SYNO_PORT"
_debug _base_url "$_base_url"
response=$(_get "$_base_url/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth")
api_path=$(echo "$response" | grep "SYNO.API.Auth" | sed -n 's/.*"path" *: *"\([^"]*\)".*/\1/p')
api_version=$(echo "$response" | grep "SYNO.API.Auth" | sed -n 's/.*"maxVersion" *: *\([0-9]*\).*/\1/p')
_debug3 response "$response"
_debug3 api_path "$api_path"
_debug3 api_version "$api_version"
# Login, get the session ID and SynoToken from JSON
_info "Logging into $SYNO_HOSTNAME:$SYNO_PORT..."
encoded_username="$(printf "%s" "$SYNO_USERNAME" | _url_encode)"
encoded_password="$(printf "%s" "$SYNO_PASSWORD" | _url_encode)"
# ## START ## - DEPRECATED, for backward compatibility
_getdeployconf SYNO_TOTP_SECRET
if [ -n "$SYNO_TOTP_SECRET" ]; then
_info "WARNING: Usage of SYNO_TOTP_SECRET is deprecated!"
_info " See synology_dsm.sh script or ACME.sh Wiki page for details:"
_info " https://github.com/acmesh-official/acme.sh/wiki/Synology-NAS-Guide"
if ! _exists oathtool; then
_err "oathtool could not be found, install oathtool to use SYNO_TOTP_SECRET"
return 1
fi
DEPRECATED_otp_code="$(oathtool --base32 --totp "$SYNO_TOTP_SECRET" 2>/dev/null)"
if [ -z "$SYNO_DEVICE_ID" ]; then
_getdeployconf SYNO_DID
[ -n "$SYNO_DID" ] || SYNO_DEVICE_ID="$SYNO_DID"
fi
if [ -n "$SYNO_DEVICE_ID" ]; then
_H1="Cookie: did=$SYNO_DEVICE_ID"
export _H1
_debug3 H1 "${_H1}"
fi
response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$DEPRECATED_otp_code&device_name=certrenewal&device_id=$SYNO_DEVICE_ID" "$_base_url/webapi/$api_path?enable_syno_token=yes")
_debug3 response "$response"
# ## END ## - DEPRECATED, for backward compatibility
# If SYNO_DEVICE_ID or SYNO_OTP_CODE is set, we treat current account enabled 2FA-OTP.
# Notice that if SYNO_USE_TEMP_ADMIN=1, both variables will be unset
else
if [ -n "$SYNO_DEVICE_ID" ] || [ -n "$SYNO_OTP_CODE" ]; then
response='{"error":{"code":403}}'
# Assume the current account disabled 2FA-OTP, try to log in right away.
else
if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
_getdeployconf SYNO_LOCAL_HOSTNAME
_debug SYNO_LOCAL_HOSTNAME "${SYNO_LOCAL_HOSTNAME:-}"
if [ "$SYNO_LOCAL_HOSTNAME" != "1" ] && [ "$SYNO_LOCAL_HOSTNAME" == "$SYNO_HOSTNAME" ]; then
if [ "$SYNO_HOSTNAME" != "localhost" ] && [ "$SYNO_HOSTNAME" != "127.0.0.1" ]; then
_err "SYNO_USE_TEMP_ADMIN=1 only support local deployment, though if you are sure that the hostname $SYNO_HOSTNAME is targeting to your **current local machine**, execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun."
return 1
fi
fi
_debug "Creating temp admin user in Synology DSM..."
if synogroup --help | grep -q '\-\-memberadd '; then
_temp_admin_create "$SYNO_USERNAME" "$SYNO_PASSWORD"
synogroup --memberadd administrators "$SYNO_USERNAME" >/dev/null
elif synogroup --help | grep -q '\-\-member '; then
# For supporting DSM 6.x which only has `--member` parameter.
cur_admins=$(synogroup --get administrators | awk -F '[][]' '/Group Members/,0{if(NF>1)printf "%s ", $2}')
if [ -n "$cur_admins" ]; then
_temp_admin_create "$SYNO_USERNAME" "$SYNO_PASSWORD"
_secure_debug3 admin_users "$cur_admins$SYNO_USERNAME"
# shellcheck disable=SC2086
synogroup --member administrators $cur_admins $SYNO_USERNAME >/dev/null
else
_err "The tool synogroup may be broken, please set SYNO_USERNAME and SYNO_PASSWORD instead."
return 1
fi
else
_err "Unsupported synogroup tool detected, please set SYNO_USERNAME and SYNO_PASSWORD instead."
return 1
fi
# havig a workaround to temporary disable enforce 2FA-OTP, will restore
# it soon (after a single request), though if any accident occurs like
# unexpected interruption, this setting can be easily reverted manually.
otp_enforce_option=$(synogetkeyvalue /etc/synoinfo.conf otp_enforce_option)
if [ -n "$otp_enforce_option" ] && [ "${otp_enforce_option:-"none"}" != "none" ]; then
synosetkeyvalue /etc/synoinfo.conf otp_enforce_option none
_info "Enforcing 2FA-OTP has been disabled to complete temp admin authentication."
_info "Notice: it will be restored soon, if not, you can restore it manually via Control Panel."
_info "previous_otp_enforce_option" "$otp_enforce_option"
else
otp_enforce_option=""
fi
fi
response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes")
if [ -n "$SYNO_USE_TEMP_ADMIN" ] && [ -n "$otp_enforce_option" ]; then
synosetkeyvalue /etc/synoinfo.conf otp_enforce_option "$otp_enforce_option"
_info "Restored previous enforce 2FA-OTP option."
fi
_debug3 response "$response"
fi
fi
error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*')
_debug2 error_code "$error_code"
# Account has 2FA-OTP enabled, since error 403 reported.
# https://global.download.synology.com/download/Document/Software/DeveloperGuide/Os/DSM/All/enu/DSM_Login_Web_API_Guide_enu.pdf
if [ "$error_code" == "403" ]; then
if [ -z "$SYNO_DEVICE_NAME" ]; then
printf "Enter device name or leave empty for default (CertRenewal): "
read -r SYNO_DEVICE_NAME
[ -n "$SYNO_DEVICE_NAME" ] || SYNO_DEVICE_NAME="CertRenewal"
fi
if [ -n "$SYNO_DEVICE_ID" ]; then
# Omit OTP code with SYNO_DEVICE_ID.
response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&device_name=$SYNO_DEVICE_NAME&device_id=$SYNO_DEVICE_ID")
_secure_debug3 response "$response"
else
# Require the OTP code if still unset.
if [ -z "$SYNO_OTP_CODE" ]; then
printf "Enter OTP code for user '%s': " "$SYNO_USERNAME"
read -r SYNO_OTP_CODE
fi
_secure_debug SYNO_OTP_CODE "${SYNO_OTP_CODE:-}"
if [ -z "$SYNO_OTP_CODE" ]; then
response='{"error":{"code":404}}'
else
response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&enable_device_token=yes&device_name=$SYNO_DEVICE_NAME&otp_code=$SYNO_OTP_CODE")
_secure_debug3 response "$response"
id_property='device_id'
[ "${api_version}" -gt '6' ] || id_property='did'
SYNO_DEVICE_ID=$(echo "$response" | grep "$id_property" | sed -n 's/.*"'$id_property'" *: *"\([^"]*\).*/\1/p')
_secure_debug2 SYNO_DEVICE_ID "$SYNO_DEVICE_ID"
fi
fi
error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*')
_debug2 error_code "$error_code"
fi
if [ -n "$error_code" ]; then
if [ "$error_code" == "403" ] && [ -n "$SYNO_DEVICE_ID" ]; then
_cleardeployconf SYNO_DEVICE_ID
_err "Failed to authenticate with SYNO_DEVICE_ID (may expired or invalid), please try again in a new terminal window."
elif [ "$error_code" == "404" ]; then
_err "Failed to authenticate with provided 2FA-OTP code, please try again in a new terminal window."
elif [ "$error_code" == "406" ]; then
if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
_err "Failed with unexcepted error, please report this by providing full log with '--debug 3'."
else
_err "Enforce auth with 2FA-OTP enabled, please configure the user to enable 2FA-OTP to continue."
fi
elif [ "$error_code" == "400" ]; then
_err "Failed to authenticate, no such account or incorrect password."
elif [ "$error_code" == "401" ]; then
_err "Failed to authenticate with a non-existent account."
elif [ "$error_code" == "408" ] || [ "$error_code" == "409" ] || [ "$error_code" == "410" ]; then
_err "Failed to authenticate, the account password has expired or must be changed."
else
_err "Failed to authenticate with error: $error_code."
fi
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
return 1
fi
sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')
token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
_debug "Session ID" "$sid"
_debug SynoToken "$token"
if [ -z "$sid" ] || [ -z "$token" ]; then
# Still can't get necessary info even got no errors, may Synology have API updated?
_err "Unable to authenticate to $_base_url, you may report this by providing full log with '--debug 3'."
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
return 1
fi
_H1="X-SYNO-TOKEN: $token"
export _H1
_debug2 H1 "${_H1}"
# Now that we know the username and password are good, save them if not in temp admin mode.
if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
_cleardeployconf SYNO_USERNAME
_cleardeployconf SYNO_PASSWORD
_cleardeployconf SYNO_DEVICE_ID
_cleardeployconf SYNO_DEVICE_NAME
_savedeployconf SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
_savedeployconf SYNO_LOCAL_HOSTNAME "$SYNO_HOSTNAME"
else
_savedeployconf SYNO_USERNAME "$SYNO_USERNAME"
_savedeployconf SYNO_PASSWORD "$SYNO_PASSWORD"
_savedeployconf SYNO_DEVICE_ID "$SYNO_DEVICE_ID"
_savedeployconf SYNO_DEVICE_NAME "$SYNO_DEVICE_NAME"
fi
_info "Getting certificates in Synology DSM..."
response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
_debug3 response "$response"
escaped_certificate="$(printf "%s" "$SYNO_CERTIFICATE" | sed 's/\([].*^$[]\)/\\\1/g;s/"/\\\\"/g')"
_debug escaped_certificate "$escaped_certificate"
id=$(echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\"id\":\"\([^\"]*\).*/\1/p")
_debug2 id "$id"
error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*')
_debug2 error_code "$error_code"
if [ -n "$error_code" ]; then
if [ "$error_code" -eq 105 ]; then
_err "Current user is not administrator and does not have sufficient permission for deploying."
else
_err "Failed to fetch certificate info: $error_code, please try again or contact Synology to learn more."
fi
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
return 1
fi
_migratedeployconf SYNO_Create SYNO_CREATE
_getdeployconf SYNO_CREATE
_debug2 SYNO_CREATE "$SYNO_CREATE"
if [ -z "$id" ] && [ -z "$SYNO_CREATE" ]; then
_err "Unable to find certificate: $SYNO_CERTIFICATE and $SYNO_CREATE is not set."
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
return 1
fi
# We've verified this certificate description is a thing, so save it
_savedeployconf SYNO_CERTIFICATE "$SYNO_CERTIFICATE" "base64"
_info "Generating form POST request..."
nl="\0015\0012"
delim="--------------------------$(_utc_date | tr -d -- '-: ')"
content="--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")\0012"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_ccert")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ccert")\0012"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\0012"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_CERTIFICATE}"
if echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then
_debug2 default "This is the default certificate"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}true"
else
_debug2 default "This is NOT the default certificate"
fi
content="$content${nl}--$delim--${nl}"
content="$(printf "%b_" "$content")"
content="${content%_}" # protect trailing \n
_info "Upload certificate to the Synology DSM."
response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token&_sid=$sid" "" "POST" "multipart/form-data; boundary=${delim}")
_debug3 response "$response"
if ! echo "$response" | grep '"error":' >/dev/null; then
if echo "$response" | grep '"restart_httpd":true' >/dev/null; then
_info "Restart HTTP services succeeded."
else
_info "Restart HTTP services failed."
fi
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
_logout
return 0
else
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
_err "Unable to update certificate, got error response: $response."
_logout
return 1
fi
}
#################### Private functions below ##################################
_logout() {
# Logout CERT user only to not occupy a permanent session, e.g. in DSM's "Connected Users" widget (based on previous variables)
response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=logout&_sid=$sid")
_debug3 response "$response"
}
_temp_admin_create() {
_username="$1"
_password="$2"
synouser --del "$_username" >/dev/null 2>/dev/null
synouser --add "$_username" "$_password" "" 0 "scruelt@hotmail.com" 0 >/dev/null
}
_temp_admin_cleanup() {
_flag=$1
_username=$2
if [ -n "${_flag}" ]; then
_debug "Cleanuping temp admin info..."
synouser --del "$_username" >/dev/null
fi
}
#_cleardeployconf key
_cleardeployconf() {
_cleardomainconf "SAVED_$1"
}
# key
_check2cleardeployconfexp() {
_key="$1"
_clear_key="CLEAR_$_key"
# Clear saved settings if explicitly requested
if [ -n "$(eval echo \$"$_clear_key")" ]; then
_debug2 "$_key: value cleared from config, exported value will be ignored."
_cleardeployconf "$_key"
eval "$_key"=
export "$_key"=
eval SAVED_"$_key"=
export SAVED_"$_key"=
fi
}

223
deploy/truenas.sh Normal file
View File

@ -0,0 +1,223 @@
#!/usr/bin/env sh
# Here is a scipt to deploy the cert to your TrueNAS using the REST API.
# https://www.truenas.com/docs/hub/additional-topics/api/rest_api.html
#
# Written by Frank Plass github@f-plass.de
# https://github.com/danb35/deploy-freenas/blob/master/deploy_freenas.py
# Thanks to danb35 for your template!
#
# Following environment variables must be set:
#
# export DEPLOY_TRUENAS_APIKEY="<API_KEY_GENERATED_IN_THE_WEB_UI"
#
# The following environmental variables may be set if you don't like their
# default values:
#
# DEPLOY_TRUENAS_HOSTNAME - defaults to localhost
# DEPLOY_TRUENAS_SCHEME - defaults to http, set alternatively to https
#
#returns 0 means success, otherwise error.
######## Public functions #####################
#domain keyfile certfile cafile fullchain
truenas_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
_getdeployconf DEPLOY_TRUENAS_APIKEY
if [ -z "$DEPLOY_TRUENAS_APIKEY" ]; then
_err "TrueNAS API key not found, please set the DEPLOY_TRUENAS_APIKEY environment variable."
return 1
fi
_secure_debug2 DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY"
# Optional hostname, scheme for TrueNAS
_getdeployconf DEPLOY_TRUENAS_HOSTNAME
_getdeployconf DEPLOY_TRUENAS_SCHEME
# default values for hostname and scheme
[ -n "${DEPLOY_TRUENAS_HOSTNAME}" ] || DEPLOY_TRUENAS_HOSTNAME="localhost"
[ -n "${DEPLOY_TRUENAS_SCHEME}" ] || DEPLOY_TRUENAS_SCHEME="http"
_debug2 DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME"
_debug2 DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME"
_api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0"
_debug _api_url "$_api_url"
_H1="Authorization: Bearer $DEPLOY_TRUENAS_APIKEY"
_secure_debug3 _H1 "$_H1"
_info "Testing Connection TrueNAS"
_response=$(_get "$_api_url/system/state")
_info "TrueNAS system state: $_response."
if [ -z "$_response" ]; then
_err "Unable to authenticate to $_api_url."
_err 'Check your connection settings are correct, e.g.'
_err 'DEPLOY_TRUENAS_HOSTNAME="192.168.x.y" or DEPLOY_TRUENAS_HOSTNAME="truenas.example.com".'
_err 'DEPLOY_TRUENAS_SCHEME="https" or DEPLOY_TRUENAS_SCHEME="http".'
_err "Verify your TrueNAS API key is valid and set correctly, e.g. DEPLOY_TRUENAS_APIKEY=xxxx...."
return 1
fi
_savedeployconf DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY"
_savedeployconf DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME"
_savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME"
_info "Getting current active certificate from TrueNAS"
_response=$(_get "$_api_url/system/general")
_active_cert_id=$(echo "$_response" | grep -B2 '"name":' | grep 'id' | tr -d -- '"id: ,')
_active_cert_name=$(echo "$_response" | grep '"name":' | sed -n 's/.*: "\(.\{1,\}\)",$/\1/p')
_param_httpsredirect=$(echo "$_response" | grep '"ui_httpsredirect":' | sed -n 's/.*": \(.\{1,\}\),$/\1/p')
_debug Active_UI_Certificate_ID "$_active_cert_id"
_debug Active_UI_Certificate_Name "$_active_cert_name"
_debug Active_UI_http_redirect "$_param_httpsredirect"
if [ "$DEPLOY_TRUENAS_SCHEME" = "http" ] && [ "$_param_httpsredirect" = "true" ]; then
_info "HTTP->HTTPS redirection is enabled"
_info "Setting DEPLOY_TRUENAS_SCHEME to 'https'"
DEPLOY_TRUENAS_SCHEME="https"
_api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0"
_savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME"
fi
_info "Uploading new certificate to TrueNAS"
_certname="Letsencrypt_$(_utc_date | tr ' ' '_' | tr -d -- ':')"
_debug3 _certname "$_certname"
_certData="{\"create_type\": \"CERTIFICATE_CREATE_IMPORTED\", \"name\": \"${_certname}\", \"certificate\": \"$(_json_encode <"$_cfullchain")\", \"privatekey\": \"$(_json_encode <"$_ckey")\"}"
_add_cert_result="$(_post "$_certData" "$_api_url/certificate" "" "POST" "application/json")"
_debug3 _add_cert_result "$_add_cert_result"
_info "Fetching list of installed certificates"
_cert_list=$(_get "$_api_url/system/general/ui_certificate_choices")
_cert_id=$(echo "$_cert_list" | grep "$_certname" | sed -n 's/.*"\([0-9]\{1,\}\)".*$/\1/p')
_debug3 _cert_id "$_cert_id"
_info "Current activate certificate ID: $_cert_id"
_activateData="{\"ui_certificate\": \"${_cert_id}\"}"
_activate_result="$(_post "$_activateData" "$_api_url/system/general" "" "PUT" "application/json")"
_debug3 _activate_result "$_activate_result"
_info "Checking if WebDAV certificate is the same as the TrueNAS web UI"
_webdav_list=$(_get "$_api_url/webdav")
_webdav_cert_id=$(echo "$_webdav_list" | grep '"certssl":' | tr -d -- '"certsl: ,')
if [ "$_webdav_cert_id" = "$_active_cert_id" ]; then
_info "Updating the WebDAV certificate"
_debug _webdav_cert_id "$_webdav_cert_id"
_webdav_data="{\"certssl\": \"${_cert_id}\"}"
_activate_webdav_cert="$(_post "$_webdav_data" "$_api_url/webdav" "" "PUT" "application/json")"
_webdav_new_cert_id=$(echo "$_activate_webdav_cert" | _json_decode | grep '"certssl":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p')
if [ "$_webdav_new_cert_id" -eq "$_cert_id" ]; then
_info "WebDAV certificate updated successfully"
else
_err "Unable to set WebDAV certificate"
_debug3 _activate_webdav_cert "$_activate_webdav_cert"
_debug3 _webdav_new_cert_id "$_webdav_new_cert_id"
return 1
fi
_debug3 _webdav_new_cert_id "$_webdav_new_cert_id"
else
_info "WebDAV certificate is not configured or is not the same as TrueNAS web UI"
fi
_info "Checking if FTP certificate is the same as the TrueNAS web UI"
_ftp_list=$(_get "$_api_url/ftp")
_ftp_cert_id=$(echo "$_ftp_list" | grep '"ssltls_certificate":' | tr -d -- '"certislfa:_ ,')
if [ "$_ftp_cert_id" = "$_active_cert_id" ]; then
_info "Updating the FTP certificate"
_debug _ftp_cert_id "$_ftp_cert_id"
_ftp_data="{\"ssltls_certificate\": \"${_cert_id}\"}"
_activate_ftp_cert="$(_post "$_ftp_data" "$_api_url/ftp" "" "PUT" "application/json")"
_ftp_new_cert_id=$(echo "$_activate_ftp_cert" | _json_decode | grep '"ssltls_certificate":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p')
if [ "$_ftp_new_cert_id" -eq "$_cert_id" ]; then
_info "FTP certificate updated successfully"
else
_err "Unable to set FTP certificate"
_debug3 _activate_ftp_cert "$_activate_ftp_cert"
_debug3 _ftp_new_cert_id "$_ftp_new_cert_id"
return 1
fi
_debug3 _activate_ftp_cert "$_activate_ftp_cert"
else
_info "FTP certificate is not configured or is not the same as TrueNAS web UI"
fi
_info "Checking if S3 certificate is the same as the TrueNAS web UI"
_s3_list=$(_get "$_api_url/s3")
_s3_cert_id=$(echo "$_s3_list" | grep '"certificate":' | tr -d -- '"certifa:_ ,')
if [ "$_s3_cert_id" = "$_active_cert_id" ]; then
_info "Updating the S3 certificate"
_debug _s3_cert_id "$_s3_cert_id"
_s3_data="{\"certificate\": \"${_cert_id}\"}"
_activate_s3_cert="$(_post "$_s3_data" "$_api_url/s3" "" "PUT" "application/json")"
_s3_new_cert_id=$(echo "$_activate_s3_cert" | _json_decode | grep '"certificate":' | sed -n 's/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p')
if [ "$_s3_new_cert_id" -eq "$_cert_id" ]; then
_info "S3 certificate updated successfully"
else
_err "Unable to set S3 certificate"
_debug3 _activate_s3_cert "$_activate_s3_cert"
_debug3 _s3_new_cert_id "$_s3_new_cert_id"
return 1
fi
_debug3 _activate_s3_cert "$_activate_s3_cert"
else
_info "S3 certificate is not configured or is not the same as TrueNAS web UI"
fi
_info "Checking if any chart release Apps is using the same certificate as TrueNAS web UI. Tool 'jq' is required"
if _exists jq; then
_info "Query all chart release"
_release_list=$(_get "$_api_url/chart/release")
_related_name_list=$(printf "%s" "$_release_list" | jq -r "[.[] | {name,certId: .config.ingress?.main.tls[]?.scaleCert} | select(.certId==$_active_cert_id) | .name ] | unique")
_release_length=$(printf "%s" "$_related_name_list" | jq -r "length")
_info "Found $_release_length related chart release in list: $_related_name_list"
for i in $(seq 0 $((_release_length - 1))); do
_release_name=$(echo "$_related_name_list" | jq -r ".[$i]")
_info "Updating certificate from $_active_cert_id to $_cert_id for chart release: $_release_name"
#Read the chart release configuration
_chart_config=$(printf "%s" "$_release_list" | jq -r ".[] | select(.name==\"$_release_name\")")
#Replace the old certificate id with the new one in path .config.ingress.main.tls[].scaleCert. Then update .config.ingress
_updated_chart_config=$(printf "%s" "$_chart_config" | jq "(.config.ingress?.main.tls[]? | select(.scaleCert==$_active_cert_id) | .scaleCert ) |= $_cert_id | .config.ingress ")
_update_chart_result="$(_post "{\"values\" : { \"ingress\" : $_updated_chart_config } }" "$_api_url/chart/release/id/$_release_name" "" "PUT" "application/json")"
_debug3 _update_chart_result "$_update_chart_result"
done
else
_info "Tool 'jq' does not exists, skip chart release checking"
fi
_info "Deleting old certificate"
_delete_result="$(_post "" "$_api_url/certificate/id/$_active_cert_id" "" "DELETE" "application/json")"
_debug3 _delete_result "$_delete_result"
_info "Reloading TrueNAS web UI"
_restart_UI=$(_get "$_api_url/system/general/ui_restart")
_debug2 _restart_UI "$_restart_UI"
if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ]; then
return 0
else
_err "Certificate update was not succesful, please try again with --debug"
return 1
fi
}

View File

@ -1,12 +1,52 @@
#!/usr/bin/env sh #!/usr/bin/env sh
#Here is a script to deploy cert to unifi server. # Here is a script to deploy cert on a Unifi Controller or Cloud Key device.
# It supports:
# - self-hosted Unifi Controller
# - Unifi Cloud Key (Gen1/2/2+)
# - Unifi Cloud Key running UnifiOS (v2.0.0+, Gen2/2+ only)
# - Unifi Dream Machine
# This has not been tested on other "all-in-one" devices such as
# UDM Pro or Unifi Express.
#
# OS Version v2.0.0+
# Network Application version 7.0.0+
# OS version ~3.1 removed java and keytool from the UnifiOS.
# Using PKCS12 format keystore appears to work fine.
#
# Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3359
#returns 0 means success, otherwise error. #returns 0 means success, otherwise error.
# The deploy-hook automatically detects standard Unifi installations
# for each of the supported environments. Most users should not need
# to set any of these variables, but if you are running a self-hosted
# Controller with custom locations, set these as necessary before running
# the deploy hook. (Defaults shown below.)
#
# Settings for Unifi Controller:
# Location of Java keystore or unifi.keystore.jks file:
#DEPLOY_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore" #DEPLOY_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore"
# Keystore password (built into Unifi Controller, not a user-set password):
#DEPLOY_UNIFI_KEYPASS="aircontrolenterprise" #DEPLOY_UNIFI_KEYPASS="aircontrolenterprise"
# Command to restart Unifi Controller:
#DEPLOY_UNIFI_RELOAD="service unifi restart" #DEPLOY_UNIFI_RELOAD="service unifi restart"
#
# Settings for Unifi Cloud Key Gen1 (nginx admin pages):
# Directory where cloudkey.crt and cloudkey.key live:
#DEPLOY_UNIFI_CLOUDKEY_CERTDIR="/etc/ssl/private"
# Command to restart maintenance pages and Controller
# (same setting as above, default is updated when running on Cloud Key Gen1):
#DEPLOY_UNIFI_RELOAD="service nginx restart && service unifi restart"
#
# Settings for UnifiOS (Cloud Key Gen2):
# Directory where unifi-core.crt and unifi-core.key live:
#DEPLOY_UNIFI_CORE_CONFIG="/data/unifi-core/config/"
# Command to restart unifi-core:
#DEPLOY_UNIFI_RELOAD="systemctl restart unifi-core"
#
# At least one of DEPLOY_UNIFI_KEYSTORE, DEPLOY_UNIFI_CLOUDKEY_CERTDIR,
# or DEPLOY_UNIFI_CORE_CONFIG must exist to receive the deployed certs.
######## Public functions ##################### ######## Public functions #####################
@ -24,77 +64,203 @@ unifi_deploy() {
_debug _cca "$_cca" _debug _cca "$_cca"
_debug _cfullchain "$_cfullchain" _debug _cfullchain "$_cfullchain"
if ! _exists keytool; then _getdeployconf DEPLOY_UNIFI_KEYSTORE
_err "keytool not found" _getdeployconf DEPLOY_UNIFI_KEYPASS
return 1 _getdeployconf DEPLOY_UNIFI_CLOUDKEY_CERTDIR
fi _getdeployconf DEPLOY_UNIFI_CORE_CONFIG
_getdeployconf DEPLOY_UNIFI_RELOAD
DEFAULT_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore" _debug2 DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE"
_unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-$DEFAULT_UNIFI_KEYSTORE}" _debug2 DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS"
DEFAULT_UNIFI_KEYPASS="aircontrolenterprise" _debug2 DEPLOY_UNIFI_CLOUDKEY_CERTDIR "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR"
_unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-$DEFAULT_UNIFI_KEYPASS}" _debug2 DEPLOY_UNIFI_CORE_CONFIG "$DEPLOY_UNIFI_CORE_CONFIG"
DEFAULT_UNIFI_RELOAD="service unifi restart" _debug2 DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD"
_reload="${DEPLOY_UNIFI_RELOAD:-$DEFAULT_UNIFI_RELOAD}"
# Space-separated list of environments detected and installed:
_services_updated=""
# Default reload commands accumulated as we auto-detect environments:
_reload_cmd=""
# Unifi Controller environment (self hosted or any Cloud Key) --
# auto-detect by file /usr/lib/unifi/data/keystore
_unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-/usr/lib/unifi/data/keystore}"
if [ -f "$_unifi_keystore" ]; then
_debug _unifi_keystore "$_unifi_keystore" _debug _unifi_keystore "$_unifi_keystore"
if [ ! -f "$_unifi_keystore" ]; then if ! _exists keytool; then
if [ -z "$DEPLOY_UNIFI_KEYSTORE" ]; then _do_keytool=0
_err "unifi keystore is not found, please define DEPLOY_UNIFI_KEYSTORE" _info "Installing certificate for Unifi Controller (PKCS12 keystore)."
return 1
else else
_err "It seems that the specified unifi keystore is not valid, please check." _do_keytool=1
return 1 _info "Installing certificate for Unifi Controller (Java keystore)"
fi
fi fi
if [ ! -w "$_unifi_keystore" ]; then if [ ! -w "$_unifi_keystore" ]; then
_err "The file $_unifi_keystore is not writable, please change the permission." _err "The file $_unifi_keystore is not writable, please change the permission."
return 1 return 1
fi fi
_info "Generate import pkcs12" _unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-aircontrolenterprise}"
_debug "Generate import pkcs12"
_import_pkcs12="$(_mktemp)" _import_pkcs12="$(_mktemp)"
_debug "_toPkcs $_import_pkcs12 $_ckey $_ccert $_cca $_unifi_keypass unifi root"
_toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root
# shellcheck disable=SC2181
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
_err "Oops, error creating import pkcs12, please report bug to us." _err "Error generating pkcs12. Please re-run with --debug and report a bug."
return 1 return 1
fi fi
_info "Modify unifi keystore: $_unifi_keystore" # Save the existing keystore in case something goes wrong.
mv -f "${_unifi_keystore}" "${_unifi_keystore}"_original
_info "Previous keystore saved to ${_unifi_keystore}_original."
if [ "$_do_keytool" -eq 1 ]; then
_debug "Import into keystore: $_unifi_keystore"
if keytool -importkeystore \ if keytool -importkeystore \
-deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \ -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \
-srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \ -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \
-alias unifi -noprompt; then -alias unifi -noprompt; then
_info "Import keystore success!" _debug "Import keystore success!"
rm "$_import_pkcs12"
else else
_err "Import unifi keystore error, please report bug to us." _err "Error importing into Unifi Java keystore."
_err "Please re-run with --debug and report a bug."
_info "Restoring original keystore."
mv -f "${_unifi_keystore}"_original "${_unifi_keystore}"
rm "$_import_pkcs12" rm "$_import_pkcs12"
return 1 return 1
fi fi
else
_debug "Copying new keystore to $_unifi_keystore"
cp -f "$_import_pkcs12" "$_unifi_keystore"
fi
_info "Run reload: $_reload" # Update unifi service for certificate cipher compatibility
if eval "$_reload"; then if ${ACME_OPENSSL_BIN:-openssl} pkcs12 \
-in "$_import_pkcs12" \
-password pass:aircontrolenterprise \
-nokeys | ${ACME_OPENSSL_BIN:-openssl} x509 -text \
-noout | grep -i "signature" | grep -iq ecdsa >/dev/null 2>&1; then
cp -f /usr/lib/unifi/data/system.properties /usr/lib/unifi/data/system.properties_original
_info "Updating system configuration for cipher compatibility."
_info "Saved original system config to /usr/lib/unifi/data/system.properties_original"
sed -i '/unifi\.https\.ciphers/d' /usr/lib/unifi/data/system.properties
echo "unifi.https.ciphers=ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES128-GCM-SHA256" >>/usr/lib/unifi/data/system.properties
sed -i '/unifi\.https\.sslEnabledProtocols/d' /usr/lib/unifi/data/system.properties
echo "unifi.https.sslEnabledProtocols=TLSv1.3,TLSv1.2" >>/usr/lib/unifi/data/system.properties
_info "System configuration updated."
fi
rm "$_import_pkcs12"
# Restarting unifi-core will bring up unifi, doing it out of order results in
# a certificate error, and breaks wifiman.
# Restart if we aren't doing unifi-core, otherwise stop for later restart.
if systemctl -q is-active unifi; then
if [ ! -f "${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}/unifi-core.key" ]; then
_reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi"
else
_reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl stop unifi"
fi
fi
_services_updated="${_services_updated} unifi"
_info "Install Unifi Controller certificate success!"
elif [ "$DEPLOY_UNIFI_KEYSTORE" ]; then
_err "The specified DEPLOY_UNIFI_KEYSTORE='$DEPLOY_UNIFI_KEYSTORE' is not valid, please check."
return 1
fi
# Cloud Key environment (non-UnifiOS -- nginx serves admin pages) --
# auto-detect by file /etc/ssl/private/cloudkey.key:
_cloudkey_certdir="${DEPLOY_UNIFI_CLOUDKEY_CERTDIR:-/etc/ssl/private}"
if [ -f "${_cloudkey_certdir}/cloudkey.key" ]; then
_info "Installing certificate for Cloud Key Gen1 (nginx admin pages)"
_debug _cloudkey_certdir "$_cloudkey_certdir"
if [ ! -w "$_cloudkey_certdir" ]; then
_err "The directory $_cloudkey_certdir is not writable; please check permissions."
return 1
fi
# Cloud Key expects to load the keystore from /etc/ssl/private/unifi.keystore.jks.
# Normally /usr/lib/unifi/data/keystore is a symlink there (so the keystore was
# updated above), but if not, we don't know how to handle this installation:
if ! cmp -s "$_unifi_keystore" "${_cloudkey_certdir}/unifi.keystore.jks"; then
_err "Unsupported Cloud Key configuration: keystore not found at '${_cloudkey_certdir}/unifi.keystore.jks'"
return 1
fi
cat "$_cfullchain" >"${_cloudkey_certdir}/cloudkey.crt"
cat "$_ckey" >"${_cloudkey_certdir}/cloudkey.key"
(cd "$_cloudkey_certdir" && tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks)
if systemctl -q is-active nginx; then
_reload_cmd="${_reload_cmd:+$_reload_cmd && }service nginx restart"
fi
_info "Install Cloud Key Gen1 certificate success!"
_services_updated="${_services_updated} nginx"
elif [ "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" ]; then
_err "The specified DEPLOY_UNIFI_CLOUDKEY_CERTDIR='$DEPLOY_UNIFI_CLOUDKEY_CERTDIR' is not valid, please check."
return 1
fi
# UnifiOS environment -- auto-detect by /data/unifi-core/config/unifi-core.key:
_unifi_core_config="${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}"
if [ -f "${_unifi_core_config}/unifi-core.key" ]; then
_info "Installing certificate for UnifiOS"
_debug _unifi_core_config "$_unifi_core_config"
if [ ! -w "$_unifi_core_config" ]; then
_err "The directory $_unifi_core_config is not writable; please check permissions."
return 1
fi
# Save the existing certs in case something goes wrong.
cp -f "${_unifi_core_config}"/unifi-core.crt "${_unifi_core_config}"/unifi-core_original.crt
cp -f "${_unifi_core_config}"/unifi-core.key "${_unifi_core_config}"/unifi-core_original.key
_info "Previous certificate and key saved to ${_unifi_core_config}/unifi-core_original.crt/key."
cat "$_cfullchain" >"${_unifi_core_config}/unifi-core.crt"
cat "$_ckey" >"${_unifi_core_config}/unifi-core.key"
if systemctl -q is-active unifi-core; then
_reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi-core"
fi
_info "Install UnifiOS certificate success!"
_services_updated="${_services_updated} unifi-core"
elif [ "$DEPLOY_UNIFI_CORE_CONFIG" ]; then
_err "The specified DEPLOY_UNIFI_CORE_CONFIG='$DEPLOY_UNIFI_CORE_CONFIG' is not valid, please check."
return 1
fi
if [ -z "$_services_updated" ]; then
# None of the Unifi environments were auto-detected, so no deployment has occurred
# (and none of DEPLOY_UNIFI_{KEYSTORE,CLOUDKEY_CERTDIR,CORE_CONFIG} were set).
_err "Unable to detect Unifi environment in standard location."
_err "(This deploy hook must be run on the Unifi device, not a remote machine.)"
_err "For non-standard Unifi installations, set DEPLOY_UNIFI_KEYSTORE,"
_err "DEPLOY_UNIFI_CLOUDKEY_CERTDIR, and/or DEPLOY_UNIFI_CORE_CONFIG as appropriate."
return 1
fi
_reload_cmd="${DEPLOY_UNIFI_RELOAD:-$_reload_cmd}"
if [ -z "$_reload_cmd" ]; then
_err "Certificates were installed for services:${_services_updated},"
_err "but none appear to be active. Please set DEPLOY_UNIFI_RELOAD"
_err "to a command that will restart the necessary services."
return 1
fi
_info "Reload services (this may take some time): $_reload_cmd"
if eval "$_reload_cmd"; then
_info "Reload success!" _info "Reload success!"
if [ "$DEPLOY_UNIFI_KEYSTORE" ]; then
_savedomainconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE"
else
_cleardomainconf DEPLOY_UNIFI_KEYSTORE
fi
if [ "$DEPLOY_UNIFI_KEYPASS" ]; then
_savedomainconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS"
else
_cleardomainconf DEPLOY_UNIFI_KEYPASS
fi
if [ "$DEPLOY_UNIFI_RELOAD" ]; then
_savedomainconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD"
else
_cleardomainconf DEPLOY_UNIFI_RELOAD
fi
return 0
else else
_err "Reload error" _err "Reload error"
return 1 return 1
fi fi
return 0
# Successful, so save all (non-default) config:
_savedeployconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE"
_savedeployconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS"
_savedeployconf DEPLOY_UNIFI_CLOUDKEY_CERTDIR "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR"
_savedeployconf DEPLOY_UNIFI_CORE_CONFIG "$DEPLOY_UNIFI_CORE_CONFIG"
_savedeployconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD"
return 0
} }

131
deploy/vault.sh Normal file
View File

@ -0,0 +1,131 @@
#!/usr/bin/env sh
# Here is a script to deploy cert to hashicorp vault using curl
# (https://www.vaultproject.io/)
#
# it requires following environment variables:
#
# VAULT_PREFIX - this contains the prefix path in vault
# VAULT_ADDR - vault requires this to find your vault server
# VAULT_SAVE_TOKEN - set to anything if you want to save the token
# VAULT_RENEW_TOKEN - set to anything if you want to renew the token to default TTL before deploying
# VAULT_KV_V2 - set to anything if you are using v2 of the kv engine
#
# additionally, you need to ensure that VAULT_TOKEN is avialable
# to access the vault server
#returns 0 means success, otherwise error.
######## Public functions #####################
#domain keyfile certfile cafile fullchain
vault_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
# validate required env vars
_getdeployconf VAULT_PREFIX
if [ -z "$VAULT_PREFIX" ]; then
_err "VAULT_PREFIX needs to be defined (contains prefix path in vault)"
return 1
fi
_savedeployconf VAULT_PREFIX "$VAULT_PREFIX"
_getdeployconf VAULT_ADDR
if [ -z "$VAULT_ADDR" ]; then
_err "VAULT_ADDR needs to be defined (contains vault connection address)"
return 1
fi
_savedeployconf VAULT_ADDR "$VAULT_ADDR"
_getdeployconf VAULT_SAVE_TOKEN
_savedeployconf VAULT_SAVE_TOKEN "$VAULT_SAVE_TOKEN"
_getdeployconf VAULT_RENEW_TOKEN
_savedeployconf VAULT_RENEW_TOKEN "$VAULT_RENEW_TOKEN"
_getdeployconf VAULT_KV_V2
_savedeployconf VAULT_KV_V2 "$VAULT_KV_V2"
_getdeployconf VAULT_TOKEN
if [ -z "$VAULT_TOKEN" ]; then
_err "VAULT_TOKEN needs to be defined"
return 1
fi
if [ -n "$VAULT_SAVE_TOKEN" ]; then
_savedeployconf VAULT_TOKEN "$VAULT_TOKEN"
fi
_migratedeployconf FABIO VAULT_FABIO_MODE
# JSON does not allow multiline strings.
# So replacing new-lines with "\n" here
_ckey=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$2")
_ccert=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$3")
_cca=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$4")
_cfullchain=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$5")
export _H1="X-Vault-Token: $VAULT_TOKEN"
if [ -n "$VAULT_RENEW_TOKEN" ]; then
URL="$VAULT_ADDR/v1/auth/token/renew-self"
_info "Renew the Vault token to default TTL"
if ! _post "" "$URL" >/dev/null; then
_err "Failed to renew the Vault token"
return 1
fi
fi
URL="$VAULT_ADDR/v1/$VAULT_PREFIX/$_cdomain"
if [ -n "$VAULT_FABIO_MODE" ]; then
_info "Writing certificate and key to $URL in Fabio mode"
if [ -n "$VAULT_KV_V2" ]; then
_post "{ \"data\": {\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"} }" "$URL" >/dev/null || return 1
else
_post "{\"cert\": \"$_cfullchain\", \"key\": \"$_ckey\"}" "$URL" >/dev/null || return 1
fi
else
if [ -n "$VAULT_KV_V2" ]; then
_info "Writing certificate to $URL/cert.pem"
_post "{\"data\": {\"value\": \"$_ccert\"}}" "$URL/cert.pem" >/dev/null || return 1
_info "Writing key to $URL/cert.key"
_post "{\"data\": {\"value\": \"$_ckey\"}}" "$URL/cert.key" >/dev/null || return 1
_info "Writing CA certificate to $URL/ca.pem"
_post "{\"data\": {\"value\": \"$_cca\"}}" "$URL/ca.pem" >/dev/null || return 1
_info "Writing full-chain certificate to $URL/fullchain.pem"
_post "{\"data\": {\"value\": \"$_cfullchain\"}}" "$URL/fullchain.pem" >/dev/null || return 1
else
_info "Writing certificate to $URL/cert.pem"
_post "{\"value\": \"$_ccert\"}" "$URL/cert.pem" >/dev/null || return 1
_info "Writing key to $URL/cert.key"
_post "{\"value\": \"$_ckey\"}" "$URL/cert.key" >/dev/null || return 1
_info "Writing CA certificate to $URL/ca.pem"
_post "{\"value\": \"$_cca\"}" "$URL/ca.pem" >/dev/null || return 1
_info "Writing full-chain certificate to $URL/fullchain.pem"
_post "{\"value\": \"$_cfullchain\"}" "$URL/fullchain.pem" >/dev/null || return 1
fi
# To make it compatible with the wrong ca path `chain.pem` which was used in former versions
if _contains "$(_get "$URL/chain.pem")" "-----BEGIN CERTIFICATE-----"; then
_err "The CA certificate has moved from chain.pem to ca.pem, if you don't depend on chain.pem anymore, you can delete it to avoid this warning"
_info "Updating CA certificate to $URL/chain.pem for backward compatibility"
if [ -n "$VAULT_KV_V2" ]; then
_post "{\"data\": {\"value\": \"$_cca\"}}" "$URL/chain.pem" >/dev/null || return 1
else
_post "{\"value\": \"$_cca\"}" "$URL/chain.pem" >/dev/null || return 1
fi
fi
fi
}

View File

@ -8,6 +8,8 @@
# #
# VAULT_PREFIX - this contains the prefix path in vault # VAULT_PREFIX - this contains the prefix path in vault
# VAULT_ADDR - vault requires this to find your vault server # VAULT_ADDR - vault requires this to find your vault server
# VAULT_SAVE_TOKEN - set to anything if you want to save the token
# VAULT_RENEW_TOKEN - set to anything if you want to renew the token to default TTL before deploying
# #
# additionally, you need to ensure that VAULT_TOKEN is avialable or # additionally, you need to ensure that VAULT_TOKEN is avialable or
# `vault auth` has applied the appropriate authorization for the vault binary # `vault auth` has applied the appropriate authorization for the vault binary
@ -33,29 +35,70 @@ vault_cli_deploy() {
_debug _cfullchain "$_cfullchain" _debug _cfullchain "$_cfullchain"
# validate required env vars # validate required env vars
_getdeployconf VAULT_PREFIX
if [ -z "$VAULT_PREFIX" ]; then if [ -z "$VAULT_PREFIX" ]; then
_err "VAULT_PREFIX needs to be defined (contains prefix path in vault)" _err "VAULT_PREFIX needs to be defined (contains prefix path in vault)"
return 1 return 1
fi fi
_savedeployconf VAULT_PREFIX "$VAULT_PREFIX"
_getdeployconf VAULT_ADDR
if [ -z "$VAULT_ADDR" ]; then if [ -z "$VAULT_ADDR" ]; then
_err "VAULT_ADDR needs to be defined (contains vault connection address)" _err "VAULT_ADDR needs to be defined (contains vault connection address)"
return 1 return 1
fi fi
_savedeployconf VAULT_ADDR "$VAULT_ADDR"
VAULT_CMD=$(which vault) _getdeployconf VAULT_SAVE_TOKEN
_savedeployconf VAULT_SAVE_TOKEN "$VAULT_SAVE_TOKEN"
_getdeployconf VAULT_RENEW_TOKEN
_savedeployconf VAULT_RENEW_TOKEN "$VAULT_RENEW_TOKEN"
_getdeployconf VAULT_TOKEN
if [ -z "$VAULT_TOKEN" ]; then
_err "VAULT_TOKEN needs to be defined"
return 1
fi
if [ -n "$VAULT_SAVE_TOKEN" ]; then
_savedeployconf VAULT_TOKEN "$VAULT_TOKEN"
fi
_migratedeployconf FABIO VAULT_FABIO_MODE
VAULT_CMD=$(command -v vault)
if [ ! $? ]; then if [ ! $? ]; then
_err "cannot find vault binary!" _err "cannot find vault binary!"
return 1 return 1
fi fi
if [ -n "$FABIO" ]; then if [ -n "$VAULT_RENEW_TOKEN" ]; then
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}" cert=@"$_cfullchain" key=@"$_ckey" || return 1 _info "Renew the Vault token to default TTL"
if ! $VAULT_CMD token renew; then
_err "Failed to renew the Vault token"
return 1
fi
fi
if [ -n "$VAULT_FABIO_MODE" ]; then
_info "Writing certificate and key to ${VAULT_PREFIX}/${_cdomain} in Fabio mode"
$VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}" cert=@"$_cfullchain" key=@"$_ckey" || return 1
else else
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1 _info "Writing certificate to ${VAULT_PREFIX}/${_cdomain}/cert.pem"
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1 $VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1 _info "Writing key to ${VAULT_PREFIX}/${_cdomain}/cert.key"
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1 $VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
_info "Writing CA certificate to ${VAULT_PREFIX}/${_cdomain}/ca.pem"
$VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}/ca.pem" value=@"$_cca" || return 1
_info "Writing full-chain certificate to ${VAULT_PREFIX}/${_cdomain}/fullchain.pem"
$VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
# To make it compatible with the wrong ca path `chain.pem` which was used in former versions
if $VAULT_CMD kv get "${VAULT_PREFIX}/${_cdomain}/chain.pem" >/dev/null; then
_err "The CA certificate has moved from chain.pem to ca.pem, if you don't depend on chain.pem anymore, you can delete it to avoid this warning"
_info "Updating CA certificate to ${VAULT_PREFIX}/${_cdomain}/chain.pem for backward compatibility"
$VAULT_CMD kv put "${VAULT_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
fi
fi fi
} }

View File

@ -65,9 +65,9 @@ vsftpd_deploy() {
cp "$_vsftpd_conf" "$_backup_conf" cp "$_vsftpd_conf" "$_backup_conf"
_info "Modify vsftpd conf: $_vsftpd_conf" _info "Modify vsftpd conf: $_vsftpd_conf"
if _setopt "$_vsftpd_conf" "rsa_cert_file" "=" "$_real_fullchain" \ if _setopt "$_vsftpd_conf" "rsa_cert_file" "=" "$_real_fullchain" &&
&& _setopt "$_vsftpd_conf" "rsa_private_key_file" "=" "$_real_key" \ _setopt "$_vsftpd_conf" "rsa_private_key_file" "=" "$_real_key" &&
&& _setopt "$_vsftpd_conf" "ssl_enable" "=" "YES"; then _setopt "$_vsftpd_conf" "ssl_enable" "=" "YES"; then
_info "Set config success!" _info "Set config success!"
else else
_err "Config vsftpd server error, please report bug to us." _err "Config vsftpd server error, please report bug to us."
@ -106,5 +106,5 @@ vsftpd_deploy() {
fi fi
return 1 return 1
fi fi
return 0
} }

View File

@ -2,5 +2,5 @@
DNS api usage: DNS api usage:
https://github.com/Neilpang/acme.sh/wiki/dnsapi https://github.com/acmesh-official/acme.sh/wiki/dnsapi

268
dnsapi/dns_1984hosting.sh Executable file
View File

@ -0,0 +1,268 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_1984hosting_info='1984.hosting
Domains: 1984.is
Site: 1984.hosting
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_1984hosting
Options:
One984HOSTING_Username Username
One984HOSTING_Password Password
Issues: github.com/acmesh-official/acme.sh/issues/2851
Author: Adrian Fedoreanu
'
######## Public functions #####################
# Usage: dns_1984hosting_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
# Add a text record.
dns_1984hosting_add() {
fulldomain=$1
txtvalue=$2
_info "Add TXT record using 1984Hosting."
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
if ! _1984hosting_login; then
_err "1984Hosting login failed for user $One984HOSTING_Username. Check $HTTP_HEADER file."
return 1
fi
_debug "First detect the root zone."
if ! _get_root "$fulldomain"; then
_err "Invalid domain '$fulldomain'."
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug "Add TXT record $fulldomain with value '$txtvalue'."
value="$(printf '%s' "$txtvalue" | _url_encode)"
url="https://1984.hosting/domains/entry/"
postdata="entry=new"
postdata="$postdata&type=TXT"
postdata="$postdata&ttl=900"
postdata="$postdata&zone=$_domain"
postdata="$postdata&host=$_sub_domain"
postdata="$postdata&rdata=%22$value%22"
_debug2 postdata "$postdata"
_authpost "$postdata" "$url"
if _contains "$_response" '"haserrors": true'; then
_err "1984Hosting failed to add TXT record for $_sub_domain bad RC from _post."
return 1
elif _contains "$_response" "html>"; then
_err "1984Hosting failed to add TXT record for $_sub_domain. Check $HTTP_HEADER file."
return 1
elif _contains "$_response" '"auth": false'; then
_err "1984Hosting failed to add TXT record for $_sub_domain. Invalid or expired cookie."
return 1
fi
_info "Added acme challenge TXT record for $fulldomain at 1984Hosting."
return 0
}
# Usage: fulldomain txtvalue
# Remove the txt record after validation.
dns_1984hosting_rm() {
fulldomain=$1
txtvalue=$2
_info "Delete TXT record using 1984Hosting."
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
if ! _1984hosting_login; then
_err "1984Hosting login failed for user $One984HOSTING_Username. Check $HTTP_HEADER file."
return 1
fi
_debug "First detect the root zone."
if ! _get_root "$fulldomain"; then
_err "Invalid domain '$fulldomain'."
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug "Delete $fulldomain TXT record."
url="https://1984.hosting/domains"
if ! _get_zone_id "$url" "$_domain"; then
_err "Invalid zone '$_domain'."
return 1
fi
_htmlget "$url/$_zone_id" "$txtvalue"
entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')"
_debug2 entry_id "$entry_id"
if [ -z "$entry_id" ]; then
_err "Error getting TXT entry_id for $1."
return 1
fi
_authpost "entry=$entry_id" "$url/delentry/"
if ! _contains "$_response" '"ok": true'; then
_err "1984Hosting failed to delete TXT record for $entry_id bad RC from _post."
return 1
fi
_info "Deleted acme challenge TXT record for $fulldomain at 1984Hosting."
return 0
}
#################### Private functions below ##################################
_1984hosting_login() {
if ! _check_credentials; then return 1; fi
if _check_cookies; then
_debug "Already logged in."
return 0
fi
_debug "Login to 1984Hosting as user $One984HOSTING_Username."
username=$(printf '%s' "$One984HOSTING_Username" | _url_encode)
password=$(printf '%s' "$One984HOSTING_Password" | _url_encode)
url="https://1984.hosting/api/auth/"
_get "https://1984.hosting/accounts/login/" | grep "csrfmiddlewaretoken"
csrftoken="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'csrftoken=[^;]*;' | tr -d ';')"
sessionid="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'sessionid=[^;]*;' | tr -d ';')"
if [ -z "$csrftoken" ] || [ -z "$sessionid" ]; then
_err "One or more cookies are empty: '$csrftoken', '$sessionid'."
return 1
fi
export _H1="Cookie: $csrftoken; $sessionid"
export _H2="Referer: https://1984.hosting/accounts/login/"
csrf_header=$(echo "$csrftoken" | sed 's/csrftoken=//' | _head_n 1)
export _H3="X-CSRFToken: $csrf_header"
response="$(_post "username=$username&password=$password&otpkey=" $url)"
response="$(echo "$response" | _normalizeJson)"
_debug2 response "$response"
if _contains "$response" '"loggedin": true'; then
One984HOSTING_SESSIONID_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'sessionid=[^;]*;' | tr -d ';')"
One984HOSTING_CSRFTOKEN_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'csrftoken=[^;]*;' | tr -d ';')"
export One984HOSTING_SESSIONID_COOKIE
export One984HOSTING_CSRFTOKEN_COOKIE
_saveaccountconf_mutable One984HOSTING_Username "$One984HOSTING_Username"
_saveaccountconf_mutable One984HOSTING_Password "$One984HOSTING_Password"
_saveaccountconf_mutable One984HOSTING_SESSIONID_COOKIE "$One984HOSTING_SESSIONID_COOKIE"
_saveaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE "$One984HOSTING_CSRFTOKEN_COOKIE"
return 0
fi
return 1
}
_check_credentials() {
One984HOSTING_Username="${One984HOSTING_Username:-$(_readaccountconf_mutable One984HOSTING_Username)}"
One984HOSTING_Password="${One984HOSTING_Password:-$(_readaccountconf_mutable One984HOSTING_Password)}"
if [ -z "$One984HOSTING_Username" ] || [ -z "$One984HOSTING_Password" ]; then
One984HOSTING_Username=""
One984HOSTING_Password=""
_clearaccountconf_mutable One984HOSTING_Username
_clearaccountconf_mutable One984HOSTING_Password
_err "You haven't specified 1984Hosting username or password yet."
_err "Please export as One984HOSTING_Username / One984HOSTING_Password and try again."
return 1
fi
return 0
}
_check_cookies() {
One984HOSTING_SESSIONID_COOKIE="${One984HOSTING_SESSIONID_COOKIE:-$(_readaccountconf_mutable One984HOSTING_SESSIONID_COOKIE)}"
One984HOSTING_CSRFTOKEN_COOKIE="${One984HOSTING_CSRFTOKEN_COOKIE:-$(_readaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE)}"
if [ -z "$One984HOSTING_SESSIONID_COOKIE" ] || [ -z "$One984HOSTING_CSRFTOKEN_COOKIE" ]; then
_debug "No cached cookie(s) found."
return 1
fi
_authget "https://1984.hosting/api/auth/"
if _contains "$_response" '"ok": true'; then
_debug "Cached cookies still valid."
return 0
fi
_debug "Cached cookies no longer valid. Clearing cookies."
One984HOSTING_SESSIONID_COOKIE=""
One984HOSTING_CSRFTOKEN_COOKIE=""
_clearaccountconf_mutable One984HOSTING_SESSIONID_COOKIE
_clearaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE
return 1
}
# _acme-challenge.www.domain.com
# Returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
_get_root() {
domain="$1"
i=1
p=1
while true; do
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
# not valid
if [ -z "$h" ]; then
return 1
fi
_authget "https://1984.hosting/domains/zonestatus/$h/?cached=no"
if _contains "$_response" '"ok": true'; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain="$h"
return 0
fi
p=$i
i=$(_math "$i" + 1)
done
return 1
}
# Usage: _get_zone_id url domain.com
# Returns zone id for domain.com
_get_zone_id() {
url=$1
domain=$2
_htmlget "$url" "$domain"
_zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+' | _head_n 1)"
_debug2 _zone_id "$_zone_id"
if [ -z "$_zone_id" ]; then
_err "Error getting _zone_id for $2."
return 1
fi
return 0
}
# Add extra headers to request
_authget() {
export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE; $One984HOSTING_SESSIONID_COOKIE"
_response=$(_get "$1" | _normalizeJson)
_debug2 _response "$_response"
}
# Truncate huge HTML response
_htmlget() {
export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE; $One984HOSTING_SESSIONID_COOKIE"
_response=$(_get "$1" | grep "$2")
if _contains "$_response" "@$2"; then
_response=$(echo "$_response" | grep -v "[@]" | _head_n 1)
fi
_debug2 _response "$_response"
}
# Add extra headers to request
_authpost() {
url="https://1984.hosting/domains"
_get_zone_id "$url" "$_domain"
csrf_header="$(echo "$One984HOSTING_CSRFTOKEN_COOKIE" | _egrep_o "=[^=][0-9a-zA-Z]*" | tr -d "=")"
export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE; $One984HOSTING_SESSIONID_COOKIE"
export _H2="Referer: https://1984.hosting/domains/$_zone_id"
export _H3="X-CSRFToken: $csrf_header"
_response="$(_post "$1" "$2" | _normalizeJson)"
_debug2 _response "$_response"
}

69
dnsapi/dns_acmedns.sh Normal file → Executable file
View File

@ -1,31 +1,70 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# # shellcheck disable=SC2034
#Author: Wolfgang Ebner dns_acmedns_info='acme-dns Server API
#Report Bugs here: https://github.com/webner/acme.sh The acme-dns is a limited DNS server with RESTful API to handle ACME DNS challenges.
# Site: github.com/joohoi/acme-dns
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_acmedns
Options:
ACMEDNS_USERNAME Username. Optional.
ACMEDNS_PASSWORD Password. Optional.
ACMEDNS_SUBDOMAIN Subdomain. Optional.
ACMEDNS_BASE_URL API endpoint. Default: "https://auth.acme-dns.io".
Issues: github.com/dampfklon/acme.sh
Author: Wolfgang Ebner, Sven Neubuaer
'
######## Public functions ##################### ######## Public functions #####################
#Usage: dns_acmedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" #Usage: dns_acmedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
# Used to add txt record
dns_acmedns_add() { dns_acmedns_add() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
_info "Using acme-dns" _info "Using acme-dns"
_debug fulldomain "$fulldomain" _debug "fulldomain $fulldomain"
_debug txtvalue "$txtvalue" _debug "txtvalue $txtvalue"
ACMEDNS_UPDATE_URL="${ACMEDNS_UPDATE_URL:-$(_readaccountconf_mutable ACMEDNS_UPDATE_URL)}" #for compatiblity from account conf
ACMEDNS_USERNAME="${ACMEDNS_USERNAME:-$(_readaccountconf_mutable ACMEDNS_USERNAME)}" ACMEDNS_USERNAME="${ACMEDNS_USERNAME:-$(_readaccountconf_mutable ACMEDNS_USERNAME)}"
_clearaccountconf_mutable ACMEDNS_USERNAME
ACMEDNS_PASSWORD="${ACMEDNS_PASSWORD:-$(_readaccountconf_mutable ACMEDNS_PASSWORD)}" ACMEDNS_PASSWORD="${ACMEDNS_PASSWORD:-$(_readaccountconf_mutable ACMEDNS_PASSWORD)}"
_clearaccountconf_mutable ACMEDNS_PASSWORD
ACMEDNS_SUBDOMAIN="${ACMEDNS_SUBDOMAIN:-$(_readaccountconf_mutable ACMEDNS_SUBDOMAIN)}" ACMEDNS_SUBDOMAIN="${ACMEDNS_SUBDOMAIN:-$(_readaccountconf_mutable ACMEDNS_SUBDOMAIN)}"
_clearaccountconf_mutable ACMEDNS_SUBDOMAIN
if [ "$ACMEDNS_UPDATE_URL" = "" ]; then ACMEDNS_BASE_URL="${ACMEDNS_BASE_URL:-$(_readdomainconf ACMEDNS_BASE_URL)}"
ACMEDNS_UPDATE_URL="https://auth.acme-dns.io/update" ACMEDNS_USERNAME="${ACMEDNS_USERNAME:-$(_readdomainconf ACMEDNS_USERNAME)}"
ACMEDNS_PASSWORD="${ACMEDNS_PASSWORD:-$(_readdomainconf ACMEDNS_PASSWORD)}"
ACMEDNS_SUBDOMAIN="${ACMEDNS_SUBDOMAIN:-$(_readdomainconf ACMEDNS_SUBDOMAIN)}"
if [ "$ACMEDNS_BASE_URL" = "" ]; then
ACMEDNS_BASE_URL="https://auth.acme-dns.io"
fi fi
_saveaccountconf_mutable ACMEDNS_UPDATE_URL "$ACMEDNS_UPDATE_URL" ACMEDNS_UPDATE_URL="$ACMEDNS_BASE_URL/update"
_saveaccountconf_mutable ACMEDNS_USERNAME "$ACMEDNS_USERNAME" ACMEDNS_REGISTER_URL="$ACMEDNS_BASE_URL/register"
_saveaccountconf_mutable ACMEDNS_PASSWORD "$ACMEDNS_PASSWORD"
_saveaccountconf_mutable ACMEDNS_SUBDOMAIN "$ACMEDNS_SUBDOMAIN" if [ -z "$ACMEDNS_USERNAME" ] || [ -z "$ACMEDNS_PASSWORD" ]; then
response="$(_post "" "$ACMEDNS_REGISTER_URL" "" "POST")"
_debug response "$response"
ACMEDNS_USERNAME=$(echo "$response" | sed -n 's/^{.*\"username\":[ ]*\"\([^\"]*\)\".*}/\1/p')
_debug "received username: $ACMEDNS_USERNAME"
ACMEDNS_PASSWORD=$(echo "$response" | sed -n 's/^{.*\"password\":[ ]*\"\([^\"]*\)\".*}/\1/p')
_debug "received password: $ACMEDNS_PASSWORD"
ACMEDNS_SUBDOMAIN=$(echo "$response" | sed -n 's/^{.*\"subdomain\":[ ]*\"\([^\"]*\)\".*}/\1/p')
_debug "received subdomain: $ACMEDNS_SUBDOMAIN"
ACMEDNS_FULLDOMAIN=$(echo "$response" | sed -n 's/^{.*\"fulldomain\":[ ]*\"\([^\"]*\)\".*}/\1/p')
_info "##########################################################"
_info "# Create $fulldomain CNAME $ACMEDNS_FULLDOMAIN DNS entry #"
_info "##########################################################"
_info "Press enter to continue... "
read -r _
fi
_savedomainconf ACMEDNS_BASE_URL "$ACMEDNS_BASE_URL"
_savedomainconf ACMEDNS_USERNAME "$ACMEDNS_USERNAME"
_savedomainconf ACMEDNS_PASSWORD "$ACMEDNS_PASSWORD"
_savedomainconf ACMEDNS_SUBDOMAIN "$ACMEDNS_SUBDOMAIN"
export _H1="X-Api-User: $ACMEDNS_USERNAME" export _H1="X-Api-User: $ACMEDNS_USERNAME"
export _H2="X-Api-Key: $ACMEDNS_PASSWORD" export _H2="X-Api-Key: $ACMEDNS_PASSWORD"
@ -48,8 +87,8 @@ dns_acmedns_rm() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
_info "Using acme-dns" _info "Using acme-dns"
_debug fulldomain "$fulldomain" _debug "fulldomain $fulldomain"
_debug txtvalue "$txtvalue" _debug "txtvalue $txtvalue"
} }
#################### Private functions below ################################## #################### Private functions below ##################################

18
dnsapi/dns_acmeproxy.sh Normal file → Executable file
View File

@ -1,9 +1,17 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
## Acmeproxy DNS provider to be used with acmeproxy (http://github.com/mdbraber/acmeproxy) dns_acmeproxy_info='AcmeProxy Server API
## API integration by Maarten den Braber AcmeProxy can be used to as a single host in your network to request certificates through a DNS API.
## Clients can connect with the one AcmeProxy host so you do not need to store DNS API credentials on every single host.
## Report any bugs via https://github.com/mdbraber/acme.sh Site: github.com/mdbraber/acmeproxy
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_acmeproxy
Options:
ACMEPROXY_ENDPOINT API Endpoint
ACMEPROXY_USERNAME Username
ACMEPROXY_PASSWORD Password
Issues: github.com/acmesh-official/acme.sh/issues/2251
Author: Maarten den Braber
'
dns_acmeproxy_add() { dns_acmeproxy_add() {
fulldomain="${1}" fulldomain="${1}"

View File

@ -1,6 +1,13 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
#ACTIVE24_Token="sdfsdfsdfljlbjkljlkjsdfoiwje" dns_active24_info='Active24.com
Site: Active24.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_active24
Options:
ACTIVE24_Token API Token
Issues: github.com/acmesh-official/acme.sh/issues/2059
Author: Milan Pála
'
ACTIVE24_Api="https://api.active24.com" ACTIVE24_Api="https://api.active24.com"
@ -76,10 +83,10 @@ _get_root() {
return 1 return 1
fi fi
i=2 i=1
p=1 p=1
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug "h" "$h" _debug "h" "$h"
if [ -z "$h" ]; then if [ -z "$h" ]; then
#not valid #not valid
@ -87,7 +94,7 @@ _get_root() {
fi fi
if _contains "$response" "\"$h\"" >/dev/null; then if _contains "$response" "\"$h\"" >/dev/null; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h _domain=$h
return 0 return 0
fi fi

View File

@ -1,12 +1,13 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
# dns_ad_info='AlwaysData.com
#AD_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" Site: AlwaysData.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ad
#This is the Alwaysdata api wrapper for acme.sh Options:
# AD_API_KEY API Key
#Author: Paul Koppen Issues: github.com/acmesh-official/acme.sh/pull/503
#Report Bugs here: https://github.com/wpk-/acme.sh Author: Paul Koppen
'
AD_API_URL="https://$AD_API_KEY:@api.alwaysdata.com/v1" AD_API_URL="https://$AD_API_KEY:@api.alwaysdata.com/v1"
@ -94,7 +95,7 @@ _get_root() {
if _ad_rest GET "domain/"; then if _ad_rest GET "domain/"; then
response="$(echo "$response" | tr -d "\n" | sed 's/{/\n&/g')" response="$(echo "$response" | tr -d "\n" | sed 's/{/\n&/g')"
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h" _debug h "$h"
if [ -z "$h" ]; then if [ -z "$h" ]; then
#not valid #not valid
@ -105,7 +106,7 @@ _get_root() {
if [ "$hostedzone" ]; then if [ "$hostedzone" ]; then
_domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ )
if [ "$_domain_id" ]; then if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h _domain=$h
return 0 return 0
fi fi

View File

@ -1,27 +1,27 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
dns_ali_info='AlibabaCloud.com
Domains: Aliyun.com
Site: AlibabaCloud.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ali
Options:
Ali_Key API Key
Ali_Secret API Secret
'
Ali_API="https://alidns.aliyuncs.com/" # NOTICE:
# This file is referenced by Alibaba Cloud Services deploy hooks
# https://github.com/acmesh-official/acme.sh/pull/5205#issuecomment-2357867276
# Be careful when modifying this file, especially when making breaking changes for common functions
#Ali_Key="LTqIA87hOKdjevsf5" Ali_DNS_API="https://alidns.aliyuncs.com/"
#Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2"
#Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" #Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_ali_add() { dns_ali_add() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}" _prepare_ali_credentials || return 1
Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then
Ali_Key=""
Ali_Secret=""
_err "You don't specify aliyun api key and secret yet."
return 1
fi
#save the api key and secret to the account conf file.
_saveaccountconf_mutable Ali_Key "$Ali_Key"
_saveaccountconf_mutable Ali_Secret "$Ali_Secret"
_debug "First detect the root zone" _debug "First detect the root zone"
if ! _get_root "$fulldomain"; then if ! _get_root "$fulldomain"; then
@ -46,14 +46,74 @@ dns_ali_rm() {
_clean _clean
} }
#################### Private functions below ################################## #################### Alibaba Cloud common functions below ####################
_prepare_ali_credentials() {
Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then
Ali_Key=""
Ali_Secret=""
_err "You don't specify aliyun api key and secret yet."
return 1
fi
#save the api key and secret to the account conf file.
_saveaccountconf_mutable Ali_Key "$Ali_Key"
_saveaccountconf_mutable Ali_Secret "$Ali_Secret"
}
# act ign mtd
_ali_rest() {
act="$1"
ign="$2"
mtd="${3:-GET}"
signature=$(printf "%s" "$mtd&%2F&$(printf "%s" "$query" | _url_encode upper-hex)" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64)
signature=$(printf "%s" "$signature" | _url_encode upper-hex)
url="$endpoint?Signature=$signature"
if [ "$mtd" = "GET" ]; then
url="$url&$query"
response="$(_get "$url")"
else
response="$(_post "$query" "$url" "" "$mtd" "application/x-www-form-urlencoded")"
fi
_ret="$?"
_debug2 response "$response"
if [ "$_ret" != "0" ]; then
_err "Error <$act>"
return 1
fi
if [ -z "$ign" ]; then
message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")"
if [ "$message" ]; then
_err "$message"
return 1
fi
fi
}
_ali_nonce() {
#_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31
#Not so good...
date +"%s%N" | sed 's/%N//g'
}
_timestamp() {
date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ"
}
#################### Private functions below ####################
_get_root() { _get_root() {
domain=$1 domain=$1
i=2 i=1
p=1 p=1
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
if [ -z "$h" ]; then if [ -z "$h" ]; then
#not valid #not valid
return 1 return 1
@ -65,7 +125,7 @@ _get_root() {
fi fi
if _contains "$response" "PageNumber"; then if _contains "$response" "PageNumber"; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_debug _sub_domain "$_sub_domain" _debug _sub_domain "$_sub_domain"
_domain="$h" _domain="$h"
_debug _domain "$_domain" _debug _domain "$_domain"
@ -77,52 +137,10 @@ _get_root() {
return 1 return 1
} }
_ali_rest() {
signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64)
signature=$(_ali_urlencode "$signature")
url="$Ali_API?$query&Signature=$signature"
if ! response="$(_get "$url")"; then
_err "Error <$1>"
return 1
fi
_debug2 response "$response"
if [ -z "$2" ]; then
message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")"
if [ "$message" ]; then
_err "$message"
return 1
fi
fi
}
_ali_urlencode() {
_str="$1"
_str_len=${#_str}
_u_i=1
while [ "$_u_i" -le "$_str_len" ]; do
_str_c="$(printf "%s" "$_str" | cut -c "$_u_i")"
case $_str_c in [a-zA-Z0-9.~_-])
printf "%s" "$_str_c"
;;
*)
printf "%%%02X" "'$_str_c"
;;
esac
_u_i="$(_math "$_u_i" + 1)"
done
}
_ali_nonce() {
#_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31
#Not so good...
date +"%s%N"
}
_check_exist_query() { _check_exist_query() {
_qdomain="$1" _qdomain="$1"
_qsubdomain="$2" _qsubdomain="$2"
endpoint=$Ali_DNS_API
query='' query=''
query=$query'AccessKeyId='$Ali_Key query=$query'AccessKeyId='$Ali_Key
query=$query'&Action=DescribeDomainRecords' query=$query'&Action=DescribeDomainRecords'
@ -138,6 +156,7 @@ _check_exist_query() {
} }
_add_record_query() { _add_record_query() {
endpoint=$Ali_DNS_API
query='' query=''
query=$query'AccessKeyId='$Ali_Key query=$query'AccessKeyId='$Ali_Key
query=$query'&Action=AddDomainRecord' query=$query'&Action=AddDomainRecord'
@ -154,6 +173,7 @@ _add_record_query() {
} }
_delete_record_query() { _delete_record_query() {
endpoint=$Ali_DNS_API
query='' query=''
query=$query'AccessKeyId='$Ali_Key query=$query'AccessKeyId='$Ali_Key
query=$query'&Action=DeleteDomainRecord' query=$query'&Action=DeleteDomainRecord'
@ -167,6 +187,7 @@ _delete_record_query() {
} }
_describe_records_query() { _describe_records_query() {
endpoint=$Ali_DNS_API
query='' query=''
query=$query'AccessKeyId='$Ali_Key query=$query'AccessKeyId='$Ali_Key
query=$query'&Action=DescribeDomainRecords' query=$query'&Action=DescribeDomainRecords'
@ -181,6 +202,7 @@ _describe_records_query() {
_clean() { _clean() {
_check_exist_query "$_domain" "$_sub_domain" _check_exist_query "$_domain" "$_sub_domain"
# do not correct grammar here
if ! _ali_rest "Check exist records" "ignore"; then if ! _ali_rest "Check exist records" "ignore"; then
return 1 return 1
fi fi
@ -196,7 +218,3 @@ _clean() {
fi fi
} }
_timestamp() {
date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ"
}

185
dnsapi/dns_alviy.sh Normal file
View File

@ -0,0 +1,185 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_alviy_info='Alviy.com
Site: Alviy.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_alviy
Options:
Alviy_token API token. Get it from the https://cloud.alviy.com/token
Issues: github.com/acmesh-official/acme.sh/issues/5115
'
Alviy_Api="https://cloud.alviy.com/api/v1"
######## Public functions #####################
#Usage: dns_alviy_add _acme-challenge.www.domain.com "content"
dns_alviy_add() {
fulldomain=$1
txtvalue=$2
Alviy_token="${Alviy_token:-$(_readaccountconf_mutable Alviy_token)}"
if [ -z "$Alviy_token" ]; then
Alviy_token=""
_err "Please specify Alviy token."
return 1
fi
#save the api key and email to the account conf file.
_saveaccountconf_mutable Alviy_token "$Alviy_token"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug "Getting existing records"
if _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then
_info "This record already exists, skipping"
return 0
fi
_add_data="{\"content\":\"$txtvalue\",\"type\":\"TXT\"}"
_debug2 _add_data "$_add_data"
_info "Adding record"
if _alviy_rest POST "zone/$_domain/domain/$fulldomain/" "$_add_data"; then
_debug "Checking updated records of '${fulldomain}'"
if ! _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then
_err "TXT record '${txtvalue}' for '${fulldomain}', value wasn't set!"
return 1
fi
else
_err "Add txt record error, value '${txtvalue}' for '${fulldomain}' was not set."
return 1
fi
_sleep 10
_info "Added TXT record '${txtvalue}' for '${fulldomain}'."
return 0
}
#fulldomain
dns_alviy_rm() {
fulldomain=$1
txtvalue=$2
Alviy_token="${Alviy_token:-$(_readaccountconf_mutable Alviy_token)}"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
if ! _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then
_info "The record does not exist, skip"
return 0
fi
_add_data=""
uuid=$(echo "$response" | tr "{" "\n" | grep "$txtvalue" | tr "," "\n" | grep uuid | cut -d \" -f4)
# delete record
_debug "Delete TXT record for '${fulldomain}'"
if ! _alviy_rest DELETE "zone/$_domain/record/$uuid" "{\"confirm\":1}"; then
_err "Cannot delete empty TXT record for '$fulldomain'"
return 1
fi
_info "The record '$fulldomain'='$txtvalue' deleted"
}
#################### Private functions below ##################################
#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
_get_root() {
domain=$1
i=3
a="init"
while [ -n "$a" ]; do
a=$(printf "%s" "$domain" | cut -d . -f $i-)
i=$((i + 1))
done
n=$((i - 3))
h=$(printf "%s" "$domain" | cut -d . -f $n-)
if [ -z "$h" ]; then
#not valid
_alviy_rest GET "zone/$domain/"
_debug "can't get host from $domain"
return 1
fi
if ! _alviy_rest GET "zone/$h/"; then
return 1
fi
if _contains "$response" '"code":"NOT_FOUND"'; then
_debug "$h not found"
else
s=$((n - 1))
_sub_domain=$(printf "%s" "$domain" | cut -d . -f -$s)
_domain="$h"
return 0
fi
return 1
}
_alviy_txt_exists() {
zone=$1
domain=$2
content_data=$3
_debug "Getting existing records"
if ! _alviy_rest GET "zone/$zone/domain/$domain/TXT/"; then
_info "The record does not exist"
return 1
fi
if ! _contains "$response" "$3"; then
_info "The record has other value"
return 1
fi
# GOOD code return - TRUE function
return 0
}
_alviy_rest() {
method=$1
path="$2"
content_data="$3"
_debug "$path"
export _H1="Authorization: Bearer $Alviy_token"
export _H2="Content-Type: application/json"
if [ "$content_data" ] || [ "$method" = "DELETE" ]; then
_debug "data ($method): " "$content_data"
response="$(_post "$content_data" "$Alviy_Api/$path" "" "$method")"
else
response="$(_get "$Alviy_Api/$path")"
fi
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
if [ "$_code" = "401" ]; then
_err "It seems that your api key or secret is not correct."
return 1
fi
if [ "$_code" != "200" ]; then
_err "API call error ($method): $path Response code $_code"
fi
if [ "$?" != "0" ]; then
_err "error on rest call ($method): $path. Response:"
_err "$response"
return 1
fi
_debug2 response "$response"
return 0
}

152
dnsapi/dns_anx.sh Normal file
View File

@ -0,0 +1,152 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_anx_info='Anexia.com CloudDNS
Site: Anexia.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_anx
Options:
ANX_Token API Token
Issues: github.com/acmesh-official/acme.sh/issues/3238
'
ANX_API='https://engine.anexia-it.com/api/clouddns/v1'
######## Public functions #####################
dns_anx_add() {
fulldomain=$1
txtvalue=$2
_info "Using ANX CDNS API"
ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
if [ "$ANX_Token" ]; then
_saveaccountconf_mutable ANX_Token "$ANX_Token"
else
_err "You didn't specify a ANEXIA Engine API token."
return 1
fi
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
# Always add records, wildcard need two records with the same name
_anx_rest POST "zone.json/${_domain}/records" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"rdata\":\"$txtvalue\"}"
if _contains "$response" "$txtvalue"; then
return 0
else
return 1
fi
}
dns_anx_rm() {
fulldomain=$1
txtvalue=$2
_info "Using ANX CDNS API"
ANX_Token="${ANX_Token:-$(_readaccountconf_mutable ANX_Token)}"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_get_record_id
if _is_uuid "$_record_id"; then
if ! _anx_rest DELETE "zone.json/${_domain}/records/$_record_id"; then
_err "Delete record"
return 1
fi
else
_info "No record found."
fi
echo "$response" | tr -d " " | grep \"status\":\"OK\" >/dev/null
}
#################### Private functions below ##################################
_is_uuid() {
pattern='^\{?[A-Z0-9a-z]{8}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{4}-[A-Z0-9a-z]{12}\}?$'
if echo "$1" | _egrep_o "$pattern" >/dev/null; then
return 0
fi
return 1
}
_get_record_id() {
_debug subdomain "$_sub_domain"
_debug domain "$_domain"
if _anx_rest GET "zone.json/${_domain}/records?name=$_sub_domain&type=TXT"; then
_debug response "$response"
if _contains "$response" "\"name\":\"$_sub_domain\"" >/dev/null; then
_record_id=$(printf "%s\n" "$response" | _egrep_o "\[.\"identifier\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
else
_record_id=''
fi
else
_err "Search existing record"
fi
}
_anx_rest() {
m=$1
ep="$2"
data="$3"
_debug "$ep"
export _H1="Content-Type: application/json"
export _H2="Authorization: Token $ANX_Token"
if [ "$m" != "GET" ]; then
_debug data "$data"
response="$(_post "$data" "${ANX_API}/$ep" "" "$m")"
else
response="$(_get "${ANX_API}/$ep")"
fi
# shellcheck disable=SC2181
if [ "$?" != "0" ]; then
_err "error $ep"
return 1
fi
_debug response "$response"
return 0
}
_get_root() {
domain=$1
i=1
p=1
while true; do
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h"
if [ -z "$h" ]; then
#not valid
return 1
fi
_anx_rest GET "zone.json/${h}"
if _contains "$response" "\"name\":\"$h\""; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h
return 0
fi
p=$i
i=$(_math "$i" + 1)
done
return 1
}

177
dnsapi/dns_artfiles.sh Normal file
View File

@ -0,0 +1,177 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_artfiles_info='ArtFiles.de
Site: ArtFiles.de
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_artfiles
Options:
AF_API_USERNAME API Username
AF_API_PASSWORD API Password
Issues: github.com/acmesh-official/acme.sh/issues/4718
Author: Martin Arndt <https://troublezone.net/>
'
########## API configuration ###################################################
AF_API_SUCCESS='status":"OK'
AF_URL_DCP='https://dcp.c.artfiles.de/api/'
AF_URL_DNS=${AF_URL_DCP}'dns/{*}_dns.html?domain='
AF_URL_DOMAINS=${AF_URL_DCP}'domain/get_domains.html'
########## Public functions ####################################################
# Adds a new TXT record for given ACME challenge value & domain.
# Usage: dns_artfiles_add _acme-challenge.www.example.com "ACME challenge value"
dns_artfiles_add() {
domain="$1"
txtValue="$2"
_info 'Using ArtFiles.de DNS addition API…'
_debug 'Domain' "$domain"
_debug 'txtValue' "$txtValue"
_set_credentials
_saveaccountconf_mutable 'AF_API_USERNAME' "$AF_API_USERNAME"
_saveaccountconf_mutable 'AF_API_PASSWORD' "$AF_API_PASSWORD"
_set_headers
_get_zone "$domain"
_dns 'GET'
if ! _contains "$response" 'TXT'; then
_err 'Retrieving TXT records failed.'
return 1
fi
_clean_records
_dns 'SET' "$(printf -- '%s\n_acme-challenge "%s"' "$response" "$txtValue")"
if ! _contains "$response" "$AF_API_SUCCESS"; then
_err 'Adding ACME challenge value failed.'
return 1
fi
}
# Removes the existing TXT record for given ACME challenge value & domain.
# Usage: dns_artfiles_rm _acme-challenge.www.example.com "ACME challenge value"
dns_artfiles_rm() {
domain="$1"
txtValue="$2"
_info 'Using ArtFiles.de DNS removal API…'
_debug 'Domain' "$domain"
_debug 'txtValue' "$txtValue"
_set_credentials
_set_headers
_get_zone "$domain"
if ! _dns 'GET'; then
return 1
fi
if ! _contains "$response" "$txtValue"; then
_err 'Retrieved TXT records are missing given ACME challenge value.'
return 1
fi
_clean_records
response="$(printf -- '%s' "$response" | sed '/_acme-challenge "'"$txtValue"'"/d')"
_dns 'SET' "$response"
if ! _contains "$response" "$AF_API_SUCCESS"; then
_err 'Removing ACME challenge value failed.'
return 1
fi
}
########## Private functions ###################################################
# Cleans awful TXT records response of ArtFiles's API & pretty prints it.
# Usage: _clean_records
_clean_records() {
_info 'Cleaning TXT records…'
# Extract TXT part, strip trailing quote sign (ACME.sh API guidelines forbid
# usage of SED's GNU extensions, hence couldn't omit it via regex), strip '\'
# from '\"' & turn '\n' into real LF characters.
# Yup, awful API to use - but that's all we got to get this working, so… ;)
_debug2 'Raw ' "$response"
response="$(printf -- '%s' "$response" | sed 's/^.*TXT":"\([^}]*\).*$/\1/;s/,".*$//;s/.$//;s/\\"/"/g;s/\\n/\n/g')"
_debug2 'Clean' "$response"
}
# Executes an HTTP GET or POST request for getting or setting DNS records,
# containing given payload upon POST.
# Usage: _dns [GET | SET] [payload]
_dns() {
_info 'Executing HTTP request…'
action="$1"
payload="$(printf -- '%s' "$2" | _url_encode)"
url="$(printf -- '%s%s' "$AF_URL_DNS" "$domain" | sed 's/{\*}/'"$(printf -- '%s' "$action" | _lower_case)"'/')"
if [ "$action" = 'SET' ]; then
_debug2 'Payload' "$payload"
response="$(_post '' "$url&TXT=$payload" '' 'POST' 'application/x-www-form-urlencoded')"
else
response="$(_get "$url" '' 10)"
fi
if ! _contains "$response" "$AF_API_SUCCESS"; then
_err "DNS API error: $response"
return 1
fi
_debug 'Response' "$response"
return 0
}
# Gets the root domain zone for given domain.
# Usage: _get_zone _acme-challenge.www.example.com
_get_zone() {
fqdn="$1"
domains="$(_get "$AF_URL_DOMAINS" '' 10)"
_info 'Getting domain zone…'
_debug2 'FQDN' "$fqdn"
_debug2 'Domains' "$domains"
while _contains "$fqdn" "."; do
if _contains "$domains" "$fqdn"; then
domain="$fqdn"
_info "Found root domain zone: $domain"
break
else
fqdn="${fqdn#*.}"
_debug2 'FQDN' "$fqdn"
fi
done
if [ "$domain" = "$fqdn" ]; then
return 0
fi
_err 'Couldn'\''t find root domain zone.'
return 1
}
# Sets the credentials for accessing ArtFiles's API
# Usage: _set_credentials
_set_credentials() {
_info 'Setting credentials…'
AF_API_USERNAME="${AF_API_USERNAME:-$(_readaccountconf_mutable AF_API_USERNAME)}"
AF_API_PASSWORD="${AF_API_PASSWORD:-$(_readaccountconf_mutable AF_API_PASSWORD)}"
if [ -z "$AF_API_USERNAME" ] || [ -z "$AF_API_PASSWORD" ]; then
_err 'Missing ArtFiles.de username and/or password.'
_err 'Please ensure both are set via export command & try again.'
return 1
fi
}
# Adds the HTTP Authorization & Content-Type headers to a follow-up request.
# Usage: _set_headers
_set_headers() {
_info 'Setting headers…'
encoded="$(printf -- '%s:%s' "$AF_API_USERNAME" "$AF_API_PASSWORD" | _base64)"
export _H1="Authorization: Basic $encoded"
export _H2='Content-Type: application/json'
}

156
dnsapi/dns_arvan.sh Normal file
View File

@ -0,0 +1,156 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_arvan_info='ArvanCloud.ir
Site: ArvanCloud.ir
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_arvan
Options:
Arvan_Token API Token
Issues: github.com/acmesh-official/acme.sh/issues/2796
Author: Vahid Fardi
'
ARVAN_API_URL="https://napi.arvancloud.ir/cdn/4.0/domains"
######## Public functions #####################
#Usage: dns_arvan_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_arvan_add() {
fulldomain=$1
txtvalue=$2
_info "Using Arvan"
Arvan_Token="${Arvan_Token:-$(_readaccountconf_mutable Arvan_Token)}"
if [ -z "$Arvan_Token" ]; then
_err "You didn't specify \"Arvan_Token\" token yet."
_err "You can get yours from here https://npanel.arvancloud.ir/profile/api-keys"
return 1
fi
#save the api token to the account conf file.
_saveaccountconf_mutable Arvan_Token "$Arvan_Token"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _domain_id "$_domain_id"
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_info "Adding record"
if _arvan_rest POST "$_domain/dns-records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":{\"text\":\"$txtvalue\"},\"ttl\":120}"; then
if _contains "$response" "$txtvalue"; then
_info "response id is $response"
_info "Added, OK"
return 0
elif _contains "$response" "Record Data is duplicate"; then
_info "Already exists, OK"
return 0
else
_err "Add txt record error."
return 1
fi
fi
_err "Add txt record error."
return 0
}
#Usage: fulldomain txtvalue
#Remove the txt record after validation.
dns_arvan_rm() {
fulldomain=$1
txtvalue=$2
_info "Using Arvan"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
Arvan_Token="${Arvan_Token:-$(_readaccountconf_mutable Arvan_Token)}"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _domain_id "$_domain_id"
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug "Getting txt records"
_arvan_rest GET "${_domain}/dns-records"
if ! printf "%s" "$response" | grep \"current_page\":1 >/dev/null; then
_err "Error on Arvan Api"
_err "Please create a github issue with debbug log"
return 1
fi
_record_id=$(echo "$response" | _egrep_o ".\"id\":\"[^\"]*\",\"type\":\"txt\",\"name\":\"_acme-challenge\",\"value\":{\"text\":\"$txtvalue\"}" | cut -d : -f 2 | cut -d , -f 1 | tr -d \")
if ! _arvan_rest "DELETE" "${_domain}/dns-records/${_record_id}"; then
_err "Error on Arvan Api"
return 1
fi
_debug "$response"
_contains "$response" 'dns record deleted'
return 0
}
#################### Private functions below ##################################
#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
# _domain_id=sdjkglgdfewsdfg
_get_root() {
domain=$1
i=2
p=1
while true; do
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h"
if [ -z "$h" ]; then
#not valid
return 1
fi
if ! _arvan_rest GET "$h"; then
return 1
fi
if _contains "$response" "\"domain\":\"$h\""; then
_domain_id=$(echo "$response" | cut -d : -f 3 | cut -d , -f 1 | tr -d \")
if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h
return 0
fi
return 1
fi
p=$i
i=$(_math "$i" + 1)
done
return 1
}
_arvan_rest() {
mtd="$1"
ep="$2"
data="$3"
token_trimmed=$(echo "$Arvan_Token" | tr -d '"')
export _H1="Authorization: $token_trimmed"
if [ "$mtd" = "DELETE" ]; then
#DELETE Request shouldn't have Content-Type
_debug data "$data"
response="$(_post "$data" "$ARVAN_API_URL/$ep" "" "$mtd")"
elif [ "$mtd" = "POST" ]; then
export _H2="Content-Type: application/json"
export _H3="Accept: application/json"
_debug data "$data"
response="$(_post "$data" "$ARVAN_API_URL/$ep" "" "$mtd")"
else
response="$(_get "$ARVAN_API_URL/$ep$data")"
fi
return 0
}

177
dnsapi/dns_aurora.sh Normal file
View File

@ -0,0 +1,177 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_aurora_info='versio.nl AuroraDNS
Domains: pcextreme.nl
Site: versio.nl
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_aurora
Options:
AURORA_Key API Key
AURORA_Secret API Secret
Issues: github.com/acmesh-official/acme.sh/issues/3459
Author: Jasper Zonneveld
'
AURORA_Api="https://api.auroradns.eu"
######## Public functions #####################
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_aurora_add() {
fulldomain=$1
txtvalue=$2
AURORA_Key="${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}"
AURORA_Secret="${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}"
if [ -z "$AURORA_Key" ] || [ -z "$AURORA_Secret" ]; then
AURORA_Key=""
AURORA_Secret=""
_err "You didn't specify an Aurora api key and secret yet."
_err "You can get yours from here https://cp.pcextreme.nl/auroradns/users."
return 1
fi
#save the api key and secret to the account conf file.
_saveaccountconf_mutable AURORA_Key "$AURORA_Key"
_saveaccountconf_mutable AURORA_Secret "$AURORA_Secret"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _domain_id "$_domain_id"
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_info "Adding record"
if _aurora_rest POST "zones/$_domain_id/records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":300}"; then
if _contains "$response" "$txtvalue"; then
_info "Added, OK"
return 0
elif _contains "$response" "RecordExistsError"; then
_info "Already exists, OK"
return 0
else
_err "Add txt record error."
return 1
fi
fi
_err "Add txt record error."
return 1
}
#fulldomain txtvalue
dns_aurora_rm() {
fulldomain=$1
txtvalue=$2
AURORA_Key="${AURORA_Key:-$(_readaccountconf_mutable AURORA_Key)}"
AURORA_Secret="${AURORA_Secret:-$(_readaccountconf_mutable AURORA_Secret)}"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _domain_id "$_domain_id"
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug "Getting records"
_aurora_rest GET "zones/${_domain_id}/records"
if ! _contains "$response" "$txtvalue"; then
_info "Don't need to remove."
else
records=$(echo "$response" | _normalizeJson | tr -d "[]" | sed "s/},{/}|{/g" | tr "|" "\n")
if [ "$(echo "$records" | wc -l)" -le 2 ]; then
_err "Can not parse records."
return 1
fi
record_id=$(echo "$records" | grep "\"type\": *\"TXT\"" | grep "\"name\": *\"$_sub_domain\"" | grep "\"content\": *\"$txtvalue\"" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ")
_debug "record_id" "$record_id"
if [ -z "$record_id" ]; then
_err "Can not get record id to remove."
return 1
fi
if ! _aurora_rest DELETE "zones/$_domain_id/records/$record_id"; then
_err "Delete record error."
return 1
fi
fi
return 0
}
#################### Private functions below ##################################
#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
# _domain_id=sdjkglgdfewsdfg
_get_root() {
domain=$1
i=1
p=1
while true; do
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h"
if [ -z "$h" ]; then
#not valid
return 1
fi
if ! _aurora_rest GET "zones/$h"; then
return 1
fi
if _contains "$response" "\"name\": \"$h\""; then
_domain_id=$(echo "$response" | _normalizeJson | tr -d "{}" | tr "," "\n" | grep "\"id\": *\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ")
_debug _domain_id "$_domain_id"
if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h
return 0
fi
return 1
fi
p=$i
i=$(_math "$i" + 1)
done
return 1
}
_aurora_rest() {
m=$1
ep="$2"
data="$3"
_debug "$ep"
key_trimmed=$(echo "$AURORA_Key" | tr -d '"')
secret_trimmed=$(echo "$AURORA_Secret" | tr -d '"')
timestamp=$(date -u +"%Y%m%dT%H%M%SZ")
signature=$(printf "%s/%s%s" "$m" "$ep" "$timestamp" | _hmac sha256 "$(printf "%s" "$secret_trimmed" | _hex_dump | tr -d " ")" | _base64)
authorization=$(printf "AuroraDNSv1 %s" "$(printf "%s:%s" "$key_trimmed" "$signature" | _base64)")
export _H1="Content-Type: application/json; charset=UTF-8"
export _H2="X-AuroraDNS-Date: $timestamp"
export _H3="Authorization: $authorization"
if [ "$m" != "GET" ]; then
_debug data "$data"
response="$(_post "$data" "$AURORA_Api/$ep" "" "$m")"
else
response="$(_get "$AURORA_Api/$ep")"
fi
if [ "$?" != "0" ]; then
_err "error $ep"
return 1
fi
_debug2 response "$response"
return 0
}

View File

@ -1,16 +1,15 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*- # shellcheck disable=SC2034
dns_autodns_info='InternetX autoDNS
# This is the InternetX autoDNS xml api wrapper for acme.sh InternetX autoDNS XML API
# Author: auerswald@gmail.com Site: InternetX.com/autodns/
# Created: 2018-01-14 Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_autodns
# Options:
# export AUTODNS_USER="username" AUTODNS_USER Username
# export AUTODNS_PASSWORD="password" AUTODNS_PASSWORD Password
# export AUTODNS_CONTEXT="context" AUTODNS_CONTEXT Context
# Author: <auerswald@gmail.com>
# Usage: '
# acme.sh --issue --dns dns_autodns -d example.com
AUTODNS_API="https://gateway.autodns.com" AUTODNS_API="https://gateway.autodns.com"
@ -111,7 +110,7 @@ _get_autodns_zone() {
p=1 p=1
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h" _debug h "$h"
if [ -z "$h" ]; then if [ -z "$h" ]; then
@ -129,7 +128,7 @@ _get_autodns_zone() {
if _contains "$autodns_response" "<summary>1</summary>" >/dev/null; then if _contains "$autodns_response" "<summary>1</summary>" >/dev/null; then
_zone="$(echo "$autodns_response" | _egrep_o '<name>[^<]*</name>' | cut -d '>' -f 2 | cut -d '<' -f 1)" _zone="$(echo "$autodns_response" | _egrep_o '<name>[^<]*</name>' | cut -d '>' -f 2 | cut -d '<' -f 1)"
_system_ns="$(echo "$autodns_response" | _egrep_o '<system_ns>[^<]*</system_ns>' | cut -d '>' -f 2 | cut -d '<' -f 1)" _system_ns="$(echo "$autodns_response" | _egrep_o '<system_ns>[^<]*</system_ns>' | cut -d '>' -f 2 | cut -d '<' -f 1)"
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
return 0 return 0
fi fi

View File

@ -1,16 +1,20 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
dns_aws_info='Amazon AWS Route53 domain API
Site: docs.aws.amazon.com/route53/
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_aws
Options:
AWS_ACCESS_KEY_ID API Key ID
AWS_SECRET_ACCESS_KEY API Secret
'
# # All `_sleep` commands are included to avoid Route53 throttling, see
#AWS_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje" # https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests
#
#AWS_SECRET_ACCESS_KEY="xxxxxxx"
#This is the Amazon Route53 api wrapper for acme.sh
AWS_HOST="route53.amazonaws.com" AWS_HOST="route53.amazonaws.com"
AWS_URL="https://$AWS_HOST" AWS_URL="https://$AWS_HOST"
AWS_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API" AWS_WIKI="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Amazon-Route53-API"
######## Public functions ##################### ######## Public functions #####################
@ -21,6 +25,7 @@ dns_aws_add() {
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}" AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}"
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}" AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}"
AWS_DNS_SLOWRATE="${AWS_DNS_SLOWRATE:-$(_readaccountconf_mutable AWS_DNS_SLOWRATE)}"
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
_use_container_role || _use_instance_role _use_container_role || _use_instance_role
@ -29,7 +34,7 @@ dns_aws_add() {
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
AWS_ACCESS_KEY_ID="" AWS_ACCESS_KEY_ID=""
AWS_SECRET_ACCESS_KEY="" AWS_SECRET_ACCESS_KEY=""
_err "You haven't specifed the aws route53 api key id and and api key secret yet." _err "You haven't specified the aws route53 api key id and and api key secret yet."
_err "Please create your key and try again. see $(__green $AWS_WIKI)" _err "Please create your key and try again. see $(__green $AWS_WIKI)"
return 1 return 1
fi fi
@ -38,11 +43,13 @@ dns_aws_add() {
if [ -z "$_using_role" ]; then if [ -z "$_using_role" ]; then
_saveaccountconf_mutable AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID" _saveaccountconf_mutable AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID"
_saveaccountconf_mutable AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY" _saveaccountconf_mutable AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY"
_saveaccountconf_mutable AWS_DNS_SLOWRATE "$AWS_DNS_SLOWRATE"
fi fi
_debug "First detect the root zone" _debug "First detect the root zone"
if ! _get_root "$fulldomain"; then if ! _get_root "$fulldomain"; then
_err "invalid domain" _err "invalid domain"
_sleep 1
return 1 return 1
fi fi
_debug _domain_id "$_domain_id" _debug _domain_id "$_domain_id"
@ -51,6 +58,7 @@ dns_aws_add() {
_info "Getting existing records for $fulldomain" _info "Getting existing records for $fulldomain"
if ! aws_rest GET "2013-04-01$_domain_id/rrset" "name=$fulldomain&type=TXT"; then if ! aws_rest GET "2013-04-01$_domain_id/rrset" "name=$fulldomain&type=TXT"; then
_sleep 1
return 1 return 1
fi fi
@ -63,6 +71,7 @@ dns_aws_add() {
if [ "$_resource_record" ] && _contains "$response" "$txtvalue"; then if [ "$_resource_record" ] && _contains "$response" "$txtvalue"; then
_info "The TXT record already exists. Skipping." _info "The TXT record already exists. Skipping."
_sleep 1
return 0 return 0
fi fi
@ -72,9 +81,16 @@ dns_aws_add() {
if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
_info "TXT record updated successfully." _info "TXT record updated successfully."
return 0 if [ -n "$AWS_DNS_SLOWRATE" ]; then
_info "Slow rate activated: sleeping for $AWS_DNS_SLOWRATE seconds"
_sleep "$AWS_DNS_SLOWRATE"
else
_sleep 1
fi fi
return 0
fi
_sleep 1
return 1 return 1
} }
@ -85,6 +101,7 @@ dns_aws_rm() {
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}" AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}"
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}" AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}"
AWS_DNS_SLOWRATE="${AWS_DNS_SLOWRATE:-$(_readaccountconf_mutable AWS_DNS_SLOWRATE)}"
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
_use_container_role || _use_instance_role _use_container_role || _use_instance_role
@ -93,6 +110,7 @@ dns_aws_rm() {
_debug "First detect the root zone" _debug "First detect the root zone"
if ! _get_root "$fulldomain"; then if ! _get_root "$fulldomain"; then
_err "invalid domain" _err "invalid domain"
_sleep 1
return 1 return 1
fi fi
_debug _domain_id "$_domain_id" _debug _domain_id "$_domain_id"
@ -101,6 +119,7 @@ dns_aws_rm() {
_info "Getting existing records for $fulldomain" _info "Getting existing records for $fulldomain"
if ! aws_rest GET "2013-04-01$_domain_id/rrset" "name=$fulldomain&type=TXT"; then if ! aws_rest GET "2013-04-01$_domain_id/rrset" "name=$fulldomain&type=TXT"; then
_sleep 1
return 1 return 1
fi fi
@ -109,6 +128,7 @@ dns_aws_rm() {
_debug "_resource_record" "$_resource_record" _debug "_resource_record" "$_resource_record"
else else
_debug "no records exist, skip" _debug "no records exist, skip"
_sleep 1
return 0 return 0
fi fi
@ -116,50 +136,45 @@ dns_aws_rm() {
if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then
_info "TXT record deleted successfully." _info "TXT record deleted successfully."
return 0 if [ -n "$AWS_DNS_SLOWRATE" ]; then
_info "Slow rate activated: sleeping for $AWS_DNS_SLOWRATE seconds"
_sleep "$AWS_DNS_SLOWRATE"
else
_sleep 1
fi fi
return 0
fi
_sleep 1
return 1 return 1
} }
#################### Private functions below ################################## #################### Private functions below ##################################
_get_root() { _get_root() {
domain=$1 domain=$1
i=2 i=1
p=1 p=1
if aws_rest GET "2013-04-01/hostedzone"; then # iterate over names (a.b.c.d -> b.c.d -> c.d -> d)
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100 | sed 's/\./\\./g')
_debug2 "Checking domain: $h" _debug "Checking domain: $h"
if [ -z "$h" ]; then if [ -z "$h" ]; then
if _contains "$response" "<IsTruncated>true</IsTruncated>" && _contains "$response" "<NextMarker>"; then _error "invalid domain"
_debug "IsTruncated"
_nextMarker="$(echo "$response" | _egrep_o "<NextMarker>.*</NextMarker>" | cut -d '>' -f 2 | cut -d '<' -f 1)"
_debug "NextMarker" "$_nextMarker"
if aws_rest GET "2013-04-01/hostedzone" "marker=$_nextMarker"; then
_debug "Truncated request OK"
i=2
p=1
continue
else
_err "Truncated request error."
fi
fi
#not valid
_err "Invalid domain"
return 1 return 1
fi fi
# iterate over paginated result for list_hosted_zones
aws_rest GET "2013-04-01/hostedzone"
while true; do
if _contains "$response" "<Name>$h.</Name>"; then if _contains "$response" "<Name>$h.</Name>"; then
hostedzone="$(echo "$response" | sed 's/<HostedZone>/#&/g' | tr '#' '\n' | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<PrivateZone>false<.PrivateZone>.*<.HostedZone>")" hostedzone="$(echo "$response" | tr -d '\n' | sed 's/<HostedZone>/#&/g' | tr '#' '\n' | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<PrivateZone>false<.PrivateZone>.*<.HostedZone>")"
_debug hostedzone "$hostedzone" _debug hostedzone "$hostedzone"
if [ "$hostedzone" ]; then if [ "$hostedzone" ]; then
_domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "<Id>.*<.Id>" | head -n 1 | _egrep_o ">.*<" | tr -d "<>") _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "<Id>.*<.Id>" | head -n 1 | _egrep_o ">.*<" | tr -d "<>")
if [ "$_domain_id" ]; then if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h _domain=$h
return 0 return 0
fi fi
@ -167,10 +182,19 @@ _get_root() {
return 1 return 1
fi fi
fi fi
if _contains "$response" "<IsTruncated>true</IsTruncated>" && _contains "$response" "<NextMarker>"; then
_debug "IsTruncated"
_nextMarker="$(echo "$response" | _egrep_o "<NextMarker>.*</NextMarker>" | cut -d '>' -f 2 | cut -d '<' -f 1)"
_debug "NextMarker" "$_nextMarker"
else
break
fi
_debug "Checking domain: $h - Next Page "
aws_rest GET "2013-04-01/hostedzone" "marker=$_nextMarker"
done
p=$i p=$i
i=$(_math "$i" + 1) i=$(_math "$i" + 1)
done done
fi
return 1 return 1
} }
@ -184,24 +208,40 @@ _use_container_role() {
} }
_use_instance_role() { _use_instance_role() {
_url="http://169.254.169.254/latest/meta-data/iam/security-credentials/" _instance_role_name_url="http://169.254.169.254/latest/meta-data/iam/security-credentials/"
_debug "_url" "$_url"
if ! _get "$_url" true 1 | _head_n 1 | grep -Fq 200; then if _get "$_instance_role_name_url" true 1 | _head_n 1 | grep -Fq 401; then
_debug "Using IMDSv2"
_token_url="http://169.254.169.254/latest/api/token"
export _H1="X-aws-ec2-metadata-token-ttl-seconds: 21600"
_token="$(_post "" "$_token_url" "" "PUT")"
_secure_debug3 "_token" "$_token"
if [ -z "$_token" ]; then
_debug "Unable to fetch IMDSv2 token from instance metadata"
return 1
fi
export _H1="X-aws-ec2-metadata-token: $_token"
fi
if ! _get "$_instance_role_name_url" true 1 | _head_n 1 | grep -Fq 200; then
_debug "Unable to fetch IAM role from instance metadata" _debug "Unable to fetch IAM role from instance metadata"
return 1 return 1
fi fi
_aws_role=$(_get "$_url" "" 1)
_debug "_aws_role" "$_aws_role" _instance_role_name=$(_get "$_instance_role_name_url" "" 1)
_use_metadata "$_url$_aws_role" _debug "_instance_role_name" "$_instance_role_name"
_use_metadata "$_instance_role_name_url$_instance_role_name" "$_token"
} }
_use_metadata() { _use_metadata() {
export _H1="X-aws-ec2-metadata-token: $2"
_aws_creds="$( _aws_creds="$(
_get "$1" "" 1 \ _get "$1" "" 1 |
| _normalizeJson \ _normalizeJson |
| tr '{,}' '\n' \ tr '{,}' '\n' |
| while read -r _line; do while read -r _line; do
_key="$(echo "${_line%%:*}" | tr -d '"')" _key="$(echo "${_line%%:*}" | tr -d '\"')"
_value="${_line#*:}" _value="${_line#*:}"
_debug3 "_key" "$_key" _debug3 "_key" "$_key"
_secure_debug3 "_value" "$_value" _secure_debug3 "_value" "$_value"
@ -210,8 +250,8 @@ _use_metadata() {
SecretAccessKey) echo "AWS_SECRET_ACCESS_KEY=$_value" ;; SecretAccessKey) echo "AWS_SECRET_ACCESS_KEY=$_value" ;;
Token) echo "AWS_SESSION_TOKEN=$_value" ;; Token) echo "AWS_SESSION_TOKEN=$_value" ;;
esac esac
done \ done |
| paste -sd' ' - paste -sd' ' -
)" )"
_secure_debug "_aws_creds" "$_aws_creds" _secure_debug "_aws_creds" "$_aws_creds"

208
dnsapi/dns_azion.sh Normal file
View File

@ -0,0 +1,208 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_azion_info='Azion.om
Site: Azion.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_azion
Options:
AZION_Email Email
AZION_Password Password
Issues: github.com/acmesh-official/acme.sh/issues/3555
'
AZION_Api="https://api.azionapi.net"
######## Public functions ########
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
# Used to add txt record
dns_azion_add() {
fulldomain=$1
txtvalue=$2
_debug "Detect the root zone"
if ! _get_root "$fulldomain"; then
_err "Domain not found"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug _domain_id "$_domain_id"
_info "Add or update record"
_get_record "$_domain_id" "$_sub_domain"
if [ "$record_id" ]; then
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [$answers_list, \"$txtvalue\"], \"ttl\": 20}"
if _azion_rest PUT "intelligent_dns/$_domain_id/records/$record_id" "$_payload"; then
if _contains "$response" "$txtvalue"; then
_info "Record updated."
return 0
fi
fi
else
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [\"$txtvalue\"], \"ttl\": 20}"
if _azion_rest POST "intelligent_dns/$_domain_id/records" "$_payload"; then
if _contains "$response" "$txtvalue"; then
_info "Record added."
return 0
fi
fi
fi
_err "Failed to add or update record."
return 1
}
# Usage: fulldomain txtvalue
# Used to remove the txt record after validation
dns_azion_rm() {
fulldomain=$1
txtvalue=$2
_debug "Detect the root zone"
if ! _get_root "$fulldomain"; then
_err "Domain not found"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug _domain_id "$_domain_id"
_info "Removing record"
_get_record "$_domain_id" "$_sub_domain"
if [ "$record_id" ]; then
if _azion_rest DELETE "intelligent_dns/$_domain_id/records/$record_id"; then
_info "Record removed."
return 0
else
_err "Failed to remove record."
return 1
fi
else
_info "Record not found or already removed."
return 0
fi
}
#################### Private functions below ##################################
# Usage: _acme-challenge.www.domain.com
# returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
# _domain_id=sdjkglgdfewsdfg
_get_root() {
domain=$1
i=1
p=1
if ! _azion_rest GET "intelligent_dns"; then
return 1
fi
while true; do
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h"
if [ -z "$h" ]; then
# not valid
return 1
fi
if _contains "$response" "\"domain\":\"$h\""; then
_domain_id=$(echo "$response" | tr '{' "\n" | grep "\"domain\":\"$h\"" | _egrep_o "\"id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \")
_debug _domain_id "$_domain_id"
if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h
return 0
fi
return 1
fi
p=$i
i=$(_math "$i" + 1)
done
return 1
}
_get_record() {
_domain_id=$1
_record=$2
if ! _azion_rest GET "intelligent_dns/$_domain_id/records"; then
return 1
fi
if _contains "$response" "\"entry\":\"$_record\""; then
_json_record=$(echo "$response" | tr '{' "\n" | grep "\"entry\":\"$_record\"")
if [ "$_json_record" ]; then
record_id=$(echo "$_json_record" | _egrep_o "\"record_id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \")
answers_list=$(echo "$_json_record" | _egrep_o "\"answers_list\":\[.*\]" | _head_n 1 | cut -d : -f 2 | tr -d \[\])
return 0
fi
return 1
fi
return 1
}
_get_token() {
AZION_Email="${AZION_Email:-$(_readaccountconf_mutable AZION_Email)}"
AZION_Password="${AZION_Password:-$(_readaccountconf_mutable AZION_Password)}"
if ! _contains "$AZION_Email" "@"; then
_err "It seems that the AZION_Email is not a valid email address. Revalidate your environments."
return 1
fi
if [ -z "$AZION_Email" ] || [ -z "$AZION_Password" ]; then
_err "You didn't specified a AZION_Email/AZION_Password to generate Azion token."
return 1
fi
_saveaccountconf_mutable AZION_Email "$AZION_Email"
_saveaccountconf_mutable AZION_Password "$AZION_Password"
_basic_auth=$(printf "%s:%s" "$AZION_Email" "$AZION_Password" | _base64)
_debug _basic_auth "$_basic_auth"
export _H1="Accept: application/json; version=3"
export _H2="Content-Type: application/json"
export _H3="Authorization: Basic $_basic_auth"
response="$(_post "" "$AZION_Api/tokens" "" "POST")"
if _contains "$response" "\"token\":\"" >/dev/null; then
_azion_token=$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
export AZION_Token="$_azion_token"
else
_err "Failed to generate Azion token"
return 1
fi
}
_azion_rest() {
_method=$1
_uri="$2"
_data="$3"
if [ -z "$AZION_Token" ]; then
_get_token
fi
_debug2 token "$AZION_Token"
export _H1="Accept: application/json; version=3"
export _H2="Content-Type: application/json"
export _H3="Authorization: token $AZION_Token"
if [ "$_method" != "GET" ]; then
_debug _data "$_data"
response="$(_post "$_data" "$AZION_Api/$_uri" "" "$_method")"
else
response="$(_get "$AZION_Api/$_uri")"
fi
_debug2 response "$response"
if [ "$?" != "0" ]; then
_err "error $_method $_uri $_data"
return 1
fi
return 0
}

View File

@ -1,23 +1,31 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
dns_azure_info='Azure
Site: Azure.microsoft.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_azure
Options:
AZUREDNS_SUBSCRIPTIONID Subscription ID
AZUREDNS_TENANTID Tenant ID
AZUREDNS_APPID App ID. App ID of the service principal
AZUREDNS_CLIENTSECRET Client Secret. Secret from creating the service principal
AZUREDNS_MANAGEDIDENTITY Use Managed Identity. Use Managed Identity assigned to a resource instead of a service principal. "true"/"false"
'
WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-use-Azure-DNS" wiki=https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Azure-DNS
######## Public functions ##################### ######## Public functions #####################
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" # Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
# Used to add txt record # Used to add txt record
# #
# Ref: https://docs.microsoft.com/en-us/rest/api/dns/recordsets/createorupdate # Ref: https://learn.microsoft.com/en-us/rest/api/dns/record-sets/create-or-update?view=rest-dns-2018-05-01&tabs=HTTP
# #
dns_azure_add() { dns_azure_add() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
AZUREDNS_SUBSCRIPTIONID="${AZUREDNS_SUBSCRIPTIONID:-$(_readaccountconf_mutable AZUREDNS_SUBSCRIPTIONID)}" AZUREDNS_SUBSCRIPTIONID="${AZUREDNS_SUBSCRIPTIONID:-$(_readaccountconf_mutable AZUREDNS_SUBSCRIPTIONID)}"
AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}"
AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}"
AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}"
if [ -z "$AZUREDNS_SUBSCRIPTIONID" ]; then if [ -z "$AZUREDNS_SUBSCRIPTIONID" ]; then
AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_SUBSCRIPTIONID=""
AZUREDNS_TENANTID="" AZUREDNS_TENANTID=""
@ -26,6 +34,22 @@ dns_azure_add() {
_err "You didn't specify the Azure Subscription ID" _err "You didn't specify the Azure Subscription ID"
return 1 return 1
fi fi
#save subscription id to account conf file.
_saveaccountconf_mutable AZUREDNS_SUBSCRIPTIONID "$AZUREDNS_SUBSCRIPTIONID"
AZUREDNS_MANAGEDIDENTITY="${AZUREDNS_MANAGEDIDENTITY:-$(_readaccountconf_mutable AZUREDNS_MANAGEDIDENTITY)}"
if [ "$AZUREDNS_MANAGEDIDENTITY" = true ]; then
_info "Using Azure managed identity"
#save managed identity as preferred authentication method, clear service principal credentials from conf file.
_saveaccountconf_mutable AZUREDNS_MANAGEDIDENTITY "$AZUREDNS_MANAGEDIDENTITY"
_saveaccountconf_mutable AZUREDNS_TENANTID ""
_saveaccountconf_mutable AZUREDNS_APPID ""
_saveaccountconf_mutable AZUREDNS_CLIENTSECRET ""
else
_info "You didn't ask to use Azure managed identity, checking service principal credentials"
AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}"
AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}"
AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}"
if [ -z "$AZUREDNS_TENANTID" ]; then if [ -z "$AZUREDNS_TENANTID" ]; then
AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_SUBSCRIPTIONID=""
@ -53,13 +77,15 @@ dns_azure_add() {
_err "You didn't specify the Azure Client Secret" _err "You didn't specify the Azure Client Secret"
return 1 return 1
fi fi
#save account details to account conf file.
_saveaccountconf_mutable AZUREDNS_SUBSCRIPTIONID "$AZUREDNS_SUBSCRIPTIONID" #save account details to account conf file, don't opt in for azure manages identity check.
_saveaccountconf_mutable AZUREDNS_MANAGEDIDENTITY "false"
_saveaccountconf_mutable AZUREDNS_TENANTID "$AZUREDNS_TENANTID" _saveaccountconf_mutable AZUREDNS_TENANTID "$AZUREDNS_TENANTID"
_saveaccountconf_mutable AZUREDNS_APPID "$AZUREDNS_APPID" _saveaccountconf_mutable AZUREDNS_APPID "$AZUREDNS_APPID"
_saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET"
fi
accesstoken=$(_azure_getaccess_token "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET")
if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then
_err "invalid domain" _err "invalid domain"
@ -109,17 +135,13 @@ dns_azure_add() {
# Usage: fulldomain txtvalue # Usage: fulldomain txtvalue
# Used to remove the txt record after validation # Used to remove the txt record after validation
# #
# Ref: https://docs.microsoft.com/en-us/rest/api/dns/recordsets/delete # Ref: https://learn.microsoft.com/en-us/rest/api/dns/record-sets/delete?view=rest-dns-2018-05-01&tabs=HTTP
# #
dns_azure_rm() { dns_azure_rm() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
AZUREDNS_SUBSCRIPTIONID="${AZUREDNS_SUBSCRIPTIONID:-$(_readaccountconf_mutable AZUREDNS_SUBSCRIPTIONID)}" AZUREDNS_SUBSCRIPTIONID="${AZUREDNS_SUBSCRIPTIONID:-$(_readaccountconf_mutable AZUREDNS_SUBSCRIPTIONID)}"
AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}"
AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}"
AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}"
if [ -z "$AZUREDNS_SUBSCRIPTIONID" ]; then if [ -z "$AZUREDNS_SUBSCRIPTIONID" ]; then
AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_SUBSCRIPTIONID=""
AZUREDNS_TENANTID="" AZUREDNS_TENANTID=""
@ -129,6 +151,15 @@ dns_azure_rm() {
return 1 return 1
fi fi
AZUREDNS_MANAGEDIDENTITY="${AZUREDNS_MANAGEDIDENTITY:-$(_readaccountconf_mutable AZUREDNS_MANAGEDIDENTITY)}"
if [ "$AZUREDNS_MANAGEDIDENTITY" = true ]; then
_info "Using Azure managed identity"
else
_info "You didn't ask to use Azure managed identity, checking service principal credentials"
AZUREDNS_TENANTID="${AZUREDNS_TENANTID:-$(_readaccountconf_mutable AZUREDNS_TENANTID)}"
AZUREDNS_APPID="${AZUREDNS_APPID:-$(_readaccountconf_mutable AZUREDNS_APPID)}"
AZUREDNS_CLIENTSECRET="${AZUREDNS_CLIENTSECRET:-$(_readaccountconf_mutable AZUREDNS_CLIENTSECRET)}"
if [ -z "$AZUREDNS_TENANTID" ]; then if [ -z "$AZUREDNS_TENANTID" ]; then
AZUREDNS_SUBSCRIPTIONID="" AZUREDNS_SUBSCRIPTIONID=""
AZUREDNS_TENANTID="" AZUREDNS_TENANTID=""
@ -155,8 +186,9 @@ dns_azure_rm() {
_err "You didn't specify the Azure Client Secret" _err "You didn't specify the Azure Client Secret"
return 1 return 1
fi fi
fi
accesstoken=$(_azure_getaccess_token "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET")
if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then
_err "invalid domain" _err "invalid domain"
@ -172,7 +204,7 @@ dns_azure_rm() {
_azure_rest GET "$acmeRecordURI" "" "$accesstoken" _azure_rest GET "$acmeRecordURI" "" "$accesstoken"
timestamp="$(_time)" timestamp="$(_time)"
if [ "$_code" = "200" ]; then if [ "$_code" = "200" ]; then
vlist="$(echo "$response" | _egrep_o "\"value\"\\s*:\\s*\\[\\s*\"[^\"]*\"\\s*]" | cut -d : -f 2 | tr -d "[]\"" | grep -v "$txtvalue")" vlist="$(echo "$response" | _egrep_o "\"value\"\\s*:\\s*\\[\\s*\"[^\"]*\"\\s*]" | cut -d : -f 2 | tr -d "[]\"" | grep -v -- "$txtvalue")"
values="" values=""
comma="" comma=""
for v in $vlist; do for v in $vlist; do
@ -235,10 +267,10 @@ _azure_rest() {
if [ "$_code" = "401" ]; then if [ "$_code" = "401" ]; then
# we have an invalid access token set to expired # we have an invalid access token set to expired
_saveaccountconf_mutable AZUREDNS_TOKENVALIDTO "0" _saveaccountconf_mutable AZUREDNS_TOKENVALIDTO "0"
_err "access denied make sure your Azure settings are correct. See $WIKI" _err "Access denied. Invalid access token. Make sure your Azure settings are correct. See: $wiki"
return 1 return 1
fi fi
# See https://docs.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#general-rest-and-retry-guidelines for retryable HTTP codes # See https://learn.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#general-rest-and-retry-guidelines for retryable HTTP codes
if [ "$_ret" != "0" ] || [ -z "$_code" ] || [ "$_code" = "408" ] || [ "$_code" = "500" ] || [ "$_code" = "503" ] || [ "$_code" = "504" ]; then if [ "$_ret" != "0" ] || [ -z "$_code" ] || [ "$_code" = "408" ] || [ "$_code" = "500" ] || [ "$_code" = "503" ] || [ "$_code" = "504" ]; then
_request_retry_times="$(_math "$_request_retry_times" + 1)" _request_retry_times="$(_math "$_request_retry_times" + 1)"
_info "REST call error $_code retrying $ep in $_request_retry_times s" _info "REST call error $_code retrying $ep in $_request_retry_times s"
@ -256,11 +288,12 @@ _azure_rest() {
return 0 return 0
} }
## Ref: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service#request-an-access-token ## Ref: https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow#request-an-access-token
_azure_getaccess_token() { _azure_getaccess_token() {
tenantID=$1 managedIdentity=$1
clientID=$2 tenantID=$2
clientSecret=$3 clientID=$3
clientSecret=$4
accesstoken="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" accesstoken="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}"
expires_on="${AZUREDNS_TOKENVALIDTO:-$(_readaccountconf_mutable AZUREDNS_TOKENVALIDTO)}" expires_on="${AZUREDNS_TOKENVALIDTO:-$(_readaccountconf_mutable AZUREDNS_TOKENVALIDTO)}"
@ -278,9 +311,16 @@ _azure_getaccess_token() {
fi fi
_debug "getting new bearer token" _debug "getting new bearer token"
if [ "$managedIdentity" = true ]; then
# https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http
export _H1="Metadata: true"
response="$(_get http://169.254.169.254/metadata/identity/oauth2/token\?api-version=2018-02-01\&resource=https://management.azure.com/)"
response="$(echo "$response" | _normalizeJson)"
accesstoken=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
expires_on=$(echo "$response" | _egrep_o "\"expires_on\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
else
export _H1="accept: application/json" export _H1="accept: application/json"
export _H2="Content-Type: application/x-www-form-urlencoded" export _H2="Content-Type: application/x-www-form-urlencoded"
body="resource=$(printf "%s" 'https://management.core.windows.net/' | _url_encode)&client_id=$(printf "%s" "$clientID" | _url_encode)&client_secret=$(printf "%s" "$clientSecret" | _url_encode)&grant_type=client_credentials" body="resource=$(printf "%s" 'https://management.core.windows.net/' | _url_encode)&client_id=$(printf "%s" "$clientID" | _url_encode)&client_secret=$(printf "%s" "$clientSecret" | _url_encode)&grant_type=client_credentials"
_secure_debug2 "data $body" _secure_debug2 "data $body"
response="$(_post "$body" "https://login.microsoftonline.com/$tenantID/oauth2/token" "" "POST")" response="$(_post "$body" "https://login.microsoftonline.com/$tenantID/oauth2/token" "" "POST")"
@ -289,9 +329,10 @@ _azure_getaccess_token() {
response="$(echo "$response" | _normalizeJson)" response="$(echo "$response" | _normalizeJson)"
accesstoken=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") accesstoken=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
expires_on=$(echo "$response" | _egrep_o "\"expires_on\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") expires_on=$(echo "$response" | _egrep_o "\"expires_on\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
fi
if [ -z "$accesstoken" ]; then if [ -z "$accesstoken" ]; then
_err "no acccess token received. Check your Azure settings see $WIKI" _err "No acccess token received. Check your Azure settings. See: $wiki"
return 1 return 1
fi fi
if [ "$_ret" != "0" ]; then if [ "$_ret" != "0" ]; then
@ -311,15 +352,18 @@ _get_root() {
i=1 i=1
p=1 p=1
## Ref: https://docs.microsoft.com/en-us/rest/api/dns/zones/list ## Ref: https://learn.microsoft.com/en-us/rest/api/dns/zones/list?view=rest-dns-2018-05-01&tabs=HTTP
## returns up to 100 zones in one response therefore handling more results is not not implemented ## returns up to 100 zones in one response. Handling more results is not implemented
## (ZoneListResult with continuation token for the next page of results) ## (ZoneListResult with continuation token for the next page of results)
## Per https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits#dns-limits you are limited to 100 Zone/subscriptions anyways ##
## TODO: handle more than 100 results, as per:
## https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#azure-dns-limits
## The new limit is 250 Public DNS zones per subscription, while the old limit was only 100
## ##
_azure_rest GET "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Network/dnszones?\$top=500&api-version=2017-09-01" "" "$accesstoken" _azure_rest GET "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Network/dnszones?\$top=500&api-version=2017-09-01" "" "$accesstoken"
# Find matching domain name in Json response # Find matching domain name in Json response
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug2 "Checking domain: $h" _debug2 "Checking domain: $h"
if [ -z "$h" ]; then if [ -z "$h" ]; then
#not valid #not valid
@ -334,7 +378,7 @@ _get_root() {
#create the record at the domain apex (@) if only the domain name was provided as --domain-alias #create the record at the domain apex (@) if only the domain name was provided as --domain-alias
_sub_domain="@" _sub_domain="@"
else else
_sub_domain=$(echo "$domain" | cut -d . -f 1-$p) _sub_domain=$(echo "$domain" | cut -d . -f 1-"$p")
fi fi
_domain=$h _domain=$h
return 0 return 0

88
dnsapi/dns_bookmyname.sh Normal file
View File

@ -0,0 +1,88 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_bookmyname_info='BookMyName.com
Site: BookMyName.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bookmyname
Options:
BOOKMYNAME_USERNAME Username
BOOKMYNAME_PASSWORD Password
Issues: github.com/acmesh-official/acme.sh/issues/3209
Author: Neilpang
'
######## Public functions #####################
# BookMyName urls:
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=add&value="XXXXXXXX"'
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=remove&value="XXXXXXXX"'
# Output:
#good: update done, cid 123456, domain id 456789, type txt, ip XXXXXXXX
#good: remove done 1, cid 123456, domain id 456789, ttl 300, type txt, ip XXXXXXXX
# Be careful, BMN DNS servers can be slow to pick up changes; using dnssleep is thus advised.
# Usage:
# export BOOKMYNAME_USERNAME="ABCDE-FREE"
# export BOOKMYNAME_PASSWORD="MyPassword"
# /usr/local/ssl/acme.sh/acme.sh --dns dns_bookmyname --dnssleep 600 --issue -d domain.tld
#Usage: dns_bookmyname_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_bookmyname_add() {
fulldomain=$1
txtvalue=$2
_info "Using bookmyname"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}"
BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}"
if [ -z "$BOOKMYNAME_USERNAME" ] || [ -z "$BOOKMYNAME_PASSWORD" ]; then
BOOKMYNAME_USERNAME=""
BOOKMYNAME_PASSWORD=""
_err "You didn't specify BookMyName username and password yet."
_err "Please specify them and try again."
return 1
fi
#save the credentials to the account conf file.
_saveaccountconf_mutable BOOKMYNAME_USERNAME "$BOOKMYNAME_USERNAME"
_saveaccountconf_mutable BOOKMYNAME_PASSWORD "$BOOKMYNAME_PASSWORD"
uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/"
data="?hostname=${fulldomain}&type=TXT&ttl=300&do=add&value=${txtvalue}"
result="$(_get "${uri}${data}")"
_debug "Result: $result"
if ! _startswith "$result" 'good: update done, cid '; then
_err "Can't add $fulldomain"
return 1
fi
}
#Usage: fulldomain txtvalue
#Remove the txt record after validation.
dns_bookmyname_rm() {
fulldomain=$1
txtvalue=$2
_info "Using bookmyname"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}"
BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}"
uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/"
data="?hostname=${fulldomain}&type=TXT&ttl=300&do=remove&value=${txtvalue}"
result="$(_get "${uri}${data}")"
_debug "Result: $result"
if ! _startswith "$result" 'good: remove done 1, cid '; then
_info "Can't remove $fulldomain"
fi
}
#################### Private functions below ##################################

245
dnsapi/dns_bunny.sh Normal file
View File

@ -0,0 +1,245 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_bunny_info='Bunny.net
Site: Bunny.net/dns/
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bunny
Options:
BUNNY_API_KEY API Key
Issues: github.com/acmesh-official/acme.sh/issues/4296
Author: <nosilver4u@ewww.io>
'
##################### Public functions #####################
## Create the text record for validation.
## Usage: fulldomain txtvalue
## EG: "_acme-challenge.www.other.domain.com" "XKrxpRBosdq0HG9i01zxXp5CPBs"
dns_bunny_add() {
fulldomain="$(echo "$1" | _lower_case)"
txtvalue=$2
BUNNY_API_KEY="${BUNNY_API_KEY:-$(_readaccountconf_mutable BUNNY_API_KEY)}"
# Check if API Key is set
if [ -z "$BUNNY_API_KEY" ]; then
BUNNY_API_KEY=""
_err "You did not specify Bunny.net API key."
_err "Please export BUNNY_API_KEY and try again."
return 1
fi
_info "Using Bunny.net dns validation - add record"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
## save the env vars (key and domain split location) for later automated use
_saveaccountconf_mutable BUNNY_API_KEY "$BUNNY_API_KEY"
## split the domain for Bunny API
if ! _get_base_domain "$fulldomain"; then
_err "domain not found in your account for addition"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug _domain_id "$_domain_id"
## Set the header with our post type and auth key
export _H1="Accept: application/json"
export _H2="AccessKey: $BUNNY_API_KEY"
export _H3="Content-Type: application/json"
PURL="https://api.bunny.net/dnszone/$_domain_id/records"
PBODY='{"Id":'$_domain_id',"Type":3,"Name":"'$_sub_domain'","Value":"'$txtvalue'","ttl":120}'
_debug PURL "$PURL"
_debug PBODY "$PBODY"
## the create request - POST
## args: BODY, URL, [need64, httpmethod]
response="$(_post "$PBODY" "$PURL" "" "PUT")"
## check response
if [ "$?" != "0" ]; then
_err "error in response: $response"
return 1
fi
_debug2 response "$response"
## finished correctly
return 0
}
## Remove the txt record after validation.
## Usage: fulldomain txtvalue
## EG: "_acme-challenge.www.other.domain.com" "XKrxpRBosdq0HG9i01zxXp5CPBs"
dns_bunny_rm() {
fulldomain="$(echo "$1" | _lower_case)"
txtvalue=$2
BUNNY_API_KEY="${BUNNY_API_KEY:-$(_readaccountconf_mutable BUNNY_API_KEY)}"
# Check if API Key Exists
if [ -z "$BUNNY_API_KEY" ]; then
BUNNY_API_KEY=""
_err "You did not specify Bunny.net API key."
_err "Please export BUNNY_API_KEY and try again."
return 1
fi
_info "Using Bunny.net dns validation - remove record"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
## split the domain for Bunny API
if ! _get_base_domain "$fulldomain"; then
_err "Domain not found in your account for TXT record removal"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug _domain_id "$_domain_id"
## Set the header with our post type and key auth key
export _H1="Accept: application/json"
export _H2="AccessKey: $BUNNY_API_KEY"
## get URL for the list of DNS records
GURL="https://api.bunny.net/dnszone/$_domain_id"
## 1) Get the domain/zone records
## the fetch request - GET
## args: URL, [onlyheader, timeout]
domain_list="$(_get "$GURL")"
## check response
if [ "$?" != "0" ]; then
_err "error in domain_list response: $domain_list"
return 1
fi
_debug2 domain_list "$domain_list"
## 2) search through records
## check for what we are looking for: "Type":3,"Value":"$txtvalue","Name":"$_sub_domain"
record="$(echo "$domain_list" | _egrep_o "\"Id\"\s*\:\s*\"*[0-9]+\"*,\s*\"Type\"[^}]*\"Value\"\s*\:\s*\"$txtvalue\"[^}]*\"Name\"\s*\:\s*\"$_sub_domain\"")"
if [ -n "$record" ]; then
## We found records
rec_ids="$(echo "$record" | _egrep_o "Id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")"
_debug rec_ids "$rec_ids"
if [ -n "$rec_ids" ]; then
echo "$rec_ids" | while IFS= read -r rec_id; do
## delete the record
## delete URL for removing the one we dont want
DURL="https://api.bunny.net/dnszone/$_domain_id/records/$rec_id"
## the removal request - DELETE
## args: BODY, URL, [need64, httpmethod]
response="$(_post "" "$DURL" "" "DELETE")"
## check response (sort of)
if [ "$?" != "0" ]; then
_err "error in remove response: $response"
return 1
fi
_debug2 response "$response"
done
fi
fi
## finished correctly
return 0
}
##################### Private functions below #####################
## Split the domain provided into the "base domain" and the "start prefix".
## This function searches for the longest subdomain in your account
## for the full domain given and splits it into the base domain (zone)
## and the prefix/record to be added/removed
## USAGE: fulldomain
## EG: "_acme-challenge.two.three.four.domain.com"
## returns
## _sub_domain="_acme-challenge.two"
## _domain="three.four.domain.com" *IF* zone "three.four.domain.com" exists
## _domain_id=234
## if only "domain.com" exists it will return
## _sub_domain="_acme-challenge.two.three.four"
## _domain="domain.com"
## _domain_id=234
_get_base_domain() {
# args
fulldomain="$(echo "$1" | _lower_case)"
_debug fulldomain "$fulldomain"
# domain max legal length = 253
MAX_DOM=255
page=1
## get a list of domains for the account to check thru
## Set the headers
export _H1="Accept: application/json"
export _H2="AccessKey: $BUNNY_API_KEY"
_debug BUNNY_API_KEY "$BUNNY_API_KEY"
## get URL for the list of domains
## may get: "links":{"pages":{"last":".../v2/domains/DOM/records?page=2","next":".../v2/domains/DOM/records?page=2"}}
DOMURL="https://api.bunny.net/dnszone"
## while we dont have a matching domain we keep going
while [ -z "$found" ]; do
## get the domain list (current page)
domain_list="$(_get "$DOMURL")"
## check response
if [ "$?" != "0" ]; then
_err "error in domain_list response: $domain_list"
return 1
fi
_debug2 domain_list "$domain_list"
i=1
while [ "$i" -gt 0 ]; do
## get next longest domain
_domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM")
## check we got something back from our cut (or are we at the end)
if [ -z "$_domain" ]; then
break
fi
## we got part of a domain back - grep it out
found="$(echo "$domain_list" | _egrep_o "\"Id\"\s*:\s*\"*[0-9]+\"*,\s*\"Domain\"\s*\:\s*\"$_domain\"")"
## check if it exists
if [ -n "$found" ]; then
## exists - exit loop returning the parts
sub_point=$(_math "$i" - 1)
_sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point")
_domain_id="$(echo "$found" | _egrep_o "Id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")"
_debug _domain_id "$_domain_id"
_debug _domain "$_domain"
_debug _sub_domain "$_sub_domain"
found=""
return 0
fi
## increment cut point $i
i=$(_math "$i" + 1)
done
if [ -z "$found" ]; then
page=$(_math "$page" + 1)
nextpage="https://api.bunny.net/dnszone?page=$page"
## Find the next page if we don't have a match.
hasnextpage="$(echo "$domain_list" | _egrep_o "\"HasMoreItems\"\s*:\s*true")"
if [ -z "$hasnextpage" ]; then
_err "No record and no nextpage in Bunny.net domain search."
found=""
return 1
fi
_debug2 nextpage "$nextpage"
DOMURL="$nextpage"
fi
done
## We went through the entire domain zone list and didn't find one that matched.
## If we ever get here, something is broken in the code...
_err "Domain not found in Bunny.net account, but we should never get here!"
found=""
return 1
}

View File

@ -1,12 +1,16 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
# dns_cf_info='CloudFlare
#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" Site: CloudFlare.com
# Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cf
#CF_Email="xxxx@sss.com" Options:
CF_Key API Key
#CF_Token="xxxx" CF_Email Your account email
#CF_Account_ID="xxxx" OptionsAlt:
CF_Token API Token
CF_Account_ID Account ID
CF_Zone_ID Zone ID. Optional.
'
CF_Api="https://api.cloudflare.com/client/v4" CF_Api="https://api.cloudflare.com/client/v4"
@ -19,12 +23,21 @@ dns_cf_add() {
CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}" CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}" CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
CF_Zone_ID="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}" CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}" CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
if [ "$CF_Token" ]; then if [ "$CF_Token" ]; then
if [ "$CF_Zone_ID" ]; then
_savedomainconf CF_Token "$CF_Token"
_savedomainconf CF_Account_ID "$CF_Account_ID"
_savedomainconf CF_Zone_ID "$CF_Zone_ID"
else
_saveaccountconf_mutable CF_Token "$CF_Token" _saveaccountconf_mutable CF_Token "$CF_Token"
_saveaccountconf_mutable CF_Account_ID "$CF_Account_ID" _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID"
_clearaccountconf_mutable CF_Zone_ID
_clearaccountconf CF_Zone_ID
fi
else else
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
CF_Key="" CF_Key=""
@ -42,6 +55,14 @@ dns_cf_add() {
#save the api key and email to the account conf file. #save the api key and email to the account conf file.
_saveaccountconf_mutable CF_Key "$CF_Key" _saveaccountconf_mutable CF_Key "$CF_Key"
_saveaccountconf_mutable CF_Email "$CF_Email" _saveaccountconf_mutable CF_Email "$CF_Email"
_clearaccountconf_mutable CF_Token
_clearaccountconf_mutable CF_Account_ID
_clearaccountconf_mutable CF_Zone_ID
_clearaccountconf CF_Token
_clearaccountconf CF_Account_ID
_clearaccountconf CF_Zone_ID
fi fi
_debug "First detect the root zone" _debug "First detect the root zone"
@ -56,7 +77,7 @@ dns_cf_add() {
_debug "Getting txt records" _debug "Getting txt records"
_cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain" _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain"
if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then if ! echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
_err "Error" _err "Error"
return 1 return 1
fi fi
@ -91,6 +112,7 @@ dns_cf_rm() {
CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}" CF_Token="${CF_Token:-$(_readaccountconf_mutable CF_Token)}"
CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}" CF_Account_ID="${CF_Account_ID:-$(_readaccountconf_mutable CF_Account_ID)}"
CF_Zone_ID="${CF_Zone_ID:-$(_readaccountconf_mutable CF_Zone_ID)}"
CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}" CF_Key="${CF_Key:-$(_readaccountconf_mutable CF_Key)}"
CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}" CF_Email="${CF_Email:-$(_readaccountconf_mutable CF_Email)}"
@ -106,17 +128,17 @@ dns_cf_rm() {
_debug "Getting txt records" _debug "Getting txt records"
_cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue" _cf_rest GET "zones/${_domain_id}/dns_records?type=TXT&name=$fulldomain&content=$txtvalue"
if ! printf "%s" "$response" | grep \"success\":true >/dev/null; then if ! echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
_err "Error" _err "Error: $response"
return 1 return 1
fi fi
count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2) count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ")
_debug count "$count" _debug count "$count"
if [ "$count" = "0" ]; then if [ "$count" = "0" ]; then
_info "Don't need to remove." _info "Don't need to remove."
else else
record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1) record_id=$(echo "$response" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ")
_debug "record_id" "$record_id" _debug "record_id" "$record_id"
if [ -z "$record_id" ]; then if [ -z "$record_id" ]; then
_err "Can not get record id to remove." _err "Can not get record id to remove."
@ -126,7 +148,7 @@ dns_cf_rm() {
_err "Delete record error." _err "Delete record error."
return 1 return 1
fi fi
_contains "$response" '"success":true' echo "$response" | tr -d " " | grep \"success\":true >/dev/null
fi fi
} }
@ -141,8 +163,30 @@ _get_root() {
domain=$1 domain=$1
i=1 i=1
p=1 p=1
# Use Zone ID directly if provided
if [ "$CF_Zone_ID" ]; then
if ! _cf_rest GET "zones/$CF_Zone_ID"; then
return 1
else
if echo "$response" | tr -d " " | grep \"success\":true >/dev/null; then
_domain=$(echo "$response" | _egrep_o "\"name\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | _head_n 1 | tr -d " ")
if [ "$_domain" ]; then
_cutlength=$((${#domain} - ${#_domain} - 1))
_sub_domain=$(printf "%s" "$domain" | cut -c "1-$_cutlength")
_domain_id=$CF_Zone_ID
return 0
else
return 1
fi
else
return 1
fi
fi
fi
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h" _debug h "$h"
if [ -z "$h" ]; then if [ -z "$h" ]; then
#not valid #not valid
@ -160,9 +204,9 @@ _get_root() {
fi fi
if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_count":1'; then if _contains "$response" "\"name\":\"$h\"" || _contains "$response" '"total_count":1'; then
_domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") _domain_id=$(echo "$response" | _egrep_o "\[.\"id\": *\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \" | tr -d " ")
if [ "$_domain_id" ]; then if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h _domain=$h
return 0 return 0
fi fi

202
dnsapi/dns_clouddns.sh Executable file
View File

@ -0,0 +1,202 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_clouddns_info='vshosting.cz CloudDNS
Site: github.com/vshosting/clouddns
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_clouddns
Options:
CLOUDDNS_EMAIL Email
CLOUDDNS_PASSWORD Password
CLOUDDNS_CLIENT_ID Client ID
Issues: github.com/acmesh-official/acme.sh/issues/2699
Author: Radek Sprta <sprta@vshosting.cz>
'
CLOUDDNS_API='https://admin.vshosting.cloud/clouddns'
CLOUDDNS_LOGIN_API='https://admin.vshosting.cloud/api/public/auth/login'
######## Public functions #####################
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_clouddns_add() {
fulldomain=$1
txtvalue=$2
_debug "fulldomain" "$fulldomain"
CLOUDDNS_CLIENT_ID="${CLOUDDNS_CLIENT_ID:-$(_readaccountconf_mutable CLOUDDNS_CLIENT_ID)}"
CLOUDDNS_EMAIL="${CLOUDDNS_EMAIL:-$(_readaccountconf_mutable CLOUDDNS_EMAIL)}"
CLOUDDNS_PASSWORD="${CLOUDDNS_PASSWORD:-$(_readaccountconf_mutable CLOUDDNS_PASSWORD)}"
if [ -z "$CLOUDDNS_PASSWORD" ] || [ -z "$CLOUDDNS_EMAIL" ] || [ -z "$CLOUDDNS_CLIENT_ID" ]; then
CLOUDDNS_CLIENT_ID=""
CLOUDDNS_EMAIL=""
CLOUDDNS_PASSWORD=""
_err "You didn't specify a CloudDNS password, email and client ID yet."
return 1
fi
if ! _contains "$CLOUDDNS_EMAIL" "@"; then
_err "It seems that the CLOUDDNS_EMAIL=$CLOUDDNS_EMAIL is not a valid email address."
_err "Please check and retry."
return 1
fi
# Save CloudDNS client id, email and password to config file
_saveaccountconf_mutable CLOUDDNS_CLIENT_ID "$CLOUDDNS_CLIENT_ID"
_saveaccountconf_mutable CLOUDDNS_EMAIL "$CLOUDDNS_EMAIL"
_saveaccountconf_mutable CLOUDDNS_PASSWORD "$CLOUDDNS_PASSWORD"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "Invalid domain"
return 1
fi
_debug _domain_id "$_domain_id"
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
# Add TXT record
data="{\"type\":\"TXT\",\"name\":\"$fulldomain.\",\"value\":\"$txtvalue\",\"domainId\":\"$_domain_id\"}"
if _clouddns_api POST "record-txt" "$data"; then
if _contains "$response" "$txtvalue"; then
_info "Added, OK"
elif _contains "$response" '"code":4136'; then
_info "Already exists, OK"
else
_err "Add TXT record error."
return 1
fi
fi
_debug "Publishing record changes"
_clouddns_api PUT "domain/$_domain_id/publish" "{\"soaTtl\":300}"
}
# Usage: rm _acme-challenge.www.domain.com
dns_clouddns_rm() {
fulldomain=$1
_debug "fulldomain" "$fulldomain"
CLOUDDNS_CLIENT_ID="${CLOUDDNS_CLIENT_ID:-$(_readaccountconf_mutable CLOUDDNS_CLIENT_ID)}"
CLOUDDNS_EMAIL="${CLOUDDNS_EMAIL:-$(_readaccountconf_mutable CLOUDDNS_EMAIL)}"
CLOUDDNS_PASSWORD="${CLOUDDNS_PASSWORD:-$(_readaccountconf_mutable CLOUDDNS_PASSWORD)}"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "Invalid domain"
return 1
fi
_debug _domain_id "$_domain_id"
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
# Get record ID
_clouddns_api GET "domain/$_domain_id"
if _contains "$response" "lastDomainRecordList"; then
re="\"lastDomainRecordList\".*\"id\":\"([^\"}]*)\"[^}]*\"name\":\"$fulldomain.\","
_last_domains=$(echo "$response" | _egrep_o "$re")
re2="\"id\":\"([^\"}]*)\"[^}]*\"name\":\"$fulldomain.\","
_record_id=$(echo "$_last_domains" | _egrep_o "$re2" | _head_n 1 | cut -d : -f 2 | cut -d , -f 1 | tr -d "\"")
_debug _record_id "$_record_id"
else
_err "Could not retrieve record ID"
return 1
fi
_info "Removing record"
if _clouddns_api DELETE "record/$_record_id"; then
if _contains "$response" "\"error\":"; then
_err "Could not remove record"
return 1
fi
fi
_debug "Publishing record changes"
_clouddns_api PUT "domain/$_domain_id/publish" "{\"soaTtl\":300}"
}
#################### Private functions below ##################################
# Usage: _get_root _acme-challenge.www.domain.com
# Returns:
# _sub_domain=_acme-challenge.www
# _domain=domain.com
# _domain_id=sdjkglgdfewsdfg
_get_root() {
domain=$1
# Get domain root
data="{\"search\": [{\"name\": \"clientId\", \"operator\": \"eq\", \"value\": \"$CLOUDDNS_CLIENT_ID\"}]}"
_clouddns_api "POST" "domain/search" "$data"
domain_slice="$domain"
while [ -z "$domain_root" ]; do
if _contains "$response" "\"domainName\":\"$domain_slice\.\""; then
domain_root="$domain_slice"
_debug domain_root "$domain_root"
fi
domain_slice="$(echo "$domain_slice" | cut -d . -f 2-)"
done
# Get domain id
data="{\"search\": [{\"name\": \"clientId\", \"operator\": \"eq\", \"value\": \"$CLOUDDNS_CLIENT_ID\"}, \
{\"name\": \"domainName\", \"operator\": \"eq\", \"value\": \"$domain_root.\"}]}"
_clouddns_api "POST" "domain/search" "$data"
if _contains "$response" "\"id\":\""; then
re='domainType\":\"[^\"]*\",\"id\":\"([^\"]*)\",' # Match domain id
_domain_id=$(echo "$response" | _egrep_o "$re" | _head_n 1 | cut -d : -f 3 | tr -d "\",")
if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | sed "s/.$domain_root//")
_domain="$domain_root"
return 0
fi
_err 'Domain name not found on your CloudDNS account'
return 1
fi
return 1
}
# Usage: _clouddns_api GET domain/search '{"data": "value"}'
# Returns:
# response='{"message": "api response"}'
_clouddns_api() {
method=$1
endpoint="$2"
data="$3"
_debug endpoint "$endpoint"
if [ -z "$CLOUDDNS_TOKEN" ]; then
_clouddns_login
fi
_debug CLOUDDNS_TOKEN "$CLOUDDNS_TOKEN"
export _H1="Content-Type: application/json"
export _H2="Authorization: Bearer $CLOUDDNS_TOKEN"
if [ "$method" != "GET" ]; then
_debug data "$data"
response="$(_post "$data" "$CLOUDDNS_API/$endpoint" "" "$method" | tr -d '\t\r\n ')"
else
response="$(_get "$CLOUDDNS_API/$endpoint" | tr -d '\t\r\n ')"
fi
# shellcheck disable=SC2181
if [ "$?" != "0" ]; then
_err "Error $endpoint"
return 1
fi
_debug2 response "$response"
return 0
}
# Returns:
# CLOUDDNS_TOKEN=dslfje2rj23l
_clouddns_login() {
login_data="{\"email\": \"$CLOUDDNS_EMAIL\", \"password\": \"$CLOUDDNS_PASSWORD\"}"
response="$(_post "$login_data" "$CLOUDDNS_LOGIN_API" "" "POST" "Content-Type: application/json")"
if _contains "$response" "\"accessToken\":\""; then
CLOUDDNS_TOKEN=$(echo "$response" | _egrep_o "\"accessToken\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
export CLOUDDNS_TOKEN
else
echo 'Could not get CloudDNS access token; check your credentials'
return 1
fi
return 0
}

View File

@ -1,12 +1,18 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
dns_cloudns_info='ClouDNS.net
Site: ClouDNS.net
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cloudns
Options:
CLOUDNS_AUTH_ID Regular auth ID
CLOUDNS_SUB_AUTH_ID Sub auth ID
CLOUDNS_AUTH_PASSWORD Auth Password
Author: Boyan Peychev <boyan@cloudns.net>
'
# Author: Boyan Peychev <boyan at cloudns dot net>
# Repository: https://github.com/ClouDNS/acme.sh/
#CLOUDNS_AUTH_ID=XXXXX
#CLOUDNS_SUB_AUTH_ID=XXXXX
#CLOUDNS_AUTH_PASSWORD="YYYYYYYYY"
CLOUDNS_API="https://api.cloudns.net" CLOUDNS_API="https://api.cloudns.net"
DOMAIN_TYPE=
DOMAIN_MASTER=
######## Public functions ##################### ######## Public functions #####################
@ -61,15 +67,24 @@ dns_cloudns_rm() {
host="$(echo "$1" | sed "s/\.$zone\$//")" host="$(echo "$1" | sed "s/\.$zone\$//")"
record=$2 record=$2
_dns_cloudns_get_zone_info "$zone"
_debug "Type" "$DOMAIN_TYPE"
_debug "Cloud Master" "$DOMAIN_MASTER"
if _contains "$DOMAIN_TYPE" "cloud"; then
zone=$DOMAIN_MASTER
fi
_debug "ZONE" "$zone"
_dns_cloudns_http_api_call "dns/records.json" "domain-name=$zone&host=$host&type=TXT" _dns_cloudns_http_api_call "dns/records.json" "domain-name=$zone&host=$host&type=TXT"
if ! _contains "$response" "\"id\":"; then if ! _contains "$response" "\"id\":"; then
return 1 return 1
fi fi
for i in $(echo "$response" | tr '{' "\n" | grep "$record"); do for i in $(echo "$response" | tr '{' "\n" | grep -- "$record"); do
record_id=$(echo "$i" | tr ',' "\n" | grep -E '^"id"' | sed -re 's/^\"id\"\:\"([0-9]+)\"$/\1/g') record_id=$(echo "$i" | tr ',' "\n" | grep -E '^"id"' | sed -re 's/^\"id\"\:\"([0-9]+)\"$/\1/g')
if [ ! -z "$record_id" ]; then if [ -n "$record_id" ]; then
_debug zone "$zone" _debug zone "$zone"
_debug host "$host" _debug host "$host"
_debug record "$record" _debug record "$record"
@ -91,7 +106,7 @@ dns_cloudns_rm() {
#################### Private functions below ################################## #################### Private functions below ##################################
_dns_cloudns_init_check() { _dns_cloudns_init_check() {
if [ ! -z "$CLOUDNS_INIT_CHECK_COMPLETED" ]; then if [ -n "$CLOUDNS_INIT_CHECK_COMPLETED" ]; then
return 0 return 0
fi fi
@ -134,10 +149,22 @@ _dns_cloudns_init_check() {
return 0 return 0
} }
_dns_cloudns_get_zone_info() {
zone=$1
_dns_cloudns_http_api_call "dns/get-zone-info.json" "domain-name=$zone"
if ! _contains "$response" "\"status\":\"Failed\""; then
DOMAIN_TYPE=$(echo "$response" | _egrep_o '"type":"[^"]*"' | cut -d : -f 2 | tr -d '"')
if _contains "$DOMAIN_TYPE" "cloud"; then
DOMAIN_MASTER=$(echo "$response" | _egrep_o '"cloud-master":"[^"]*"' | cut -d : -f 2 | tr -d '"')
fi
fi
return 0
}
_dns_cloudns_get_zone_name() { _dns_cloudns_get_zone_name() {
i=2 i=2
while true; do while true; do
zoneForCheck=$(printf "%s" "$1" | cut -d . -f $i-100) zoneForCheck=$(printf "%s" "$1" | cut -d . -f "$i"-100)
if [ -z "$zoneForCheck" ]; then if [ -z "$zoneForCheck" ]; then
return 1 return 1
@ -164,7 +191,7 @@ _dns_cloudns_http_api_call() {
_debug CLOUDNS_SUB_AUTH_ID "$CLOUDNS_SUB_AUTH_ID" _debug CLOUDNS_SUB_AUTH_ID "$CLOUDNS_SUB_AUTH_ID"
_debug CLOUDNS_AUTH_PASSWORD "$CLOUDNS_AUTH_PASSWORD" _debug CLOUDNS_AUTH_PASSWORD "$CLOUDNS_AUTH_PASSWORD"
if [ ! -z "$CLOUDNS_SUB_AUTH_ID" ]; then if [ -n "$CLOUDNS_SUB_AUTH_ID" ]; then
auth_user="sub-auth-id=$CLOUDNS_SUB_AUTH_ID" auth_user="sub-auth-id=$CLOUDNS_SUB_AUTH_ID"
else else
auth_user="auth-id=$CLOUDNS_AUTH_ID" auth_user="auth-id=$CLOUDNS_AUTH_ID"

View File

@ -1,7 +1,14 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
# DNS API for acme.sh for Core-Networks (https://beta.api.core-networks.de/doc/). dns_cn_info='Core-Networks.de
# created by 5ll and francis Site: beta.api.Core-Networks.de/doc/
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cn
Options:
CN_User User
CN_Password Password
Issues: github.com/acmesh-official/acme.sh/issues/2142
Author: 5ll, francis
'
CN_API="https://beta.api.core-networks.de" CN_API="https://beta.api.core-networks.de"
@ -124,7 +131,7 @@ _cn_get_root() {
p=1 p=1
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h" _debug h "$h"
_debug _H1 "${_H1}" _debug _H1 "${_H1}"
@ -142,7 +149,7 @@ _cn_get_root() {
fi fi
if _contains "$_cn_zonelist" "\"name\":\"$h\"" >/dev/null; then if _contains "$_cn_zonelist" "\"name\":\"$h\"" >/dev/null; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h _domain=$h
return 0 return 0
else else

View File

@ -1,4 +1,15 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
dns_conoha_info='ConoHa.jp
Domains: ConoHa.io
Site: ConoHa.jp
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_conoha
Options:
CONOHA_Username Username
CONOHA_Password Password
CONOHA_TenantId TenantId
CONOHA_IdentityServiceApi Identity Service API. E.g. "https://identity.xxxx.conoha.io/v2.0"
'
CONOHA_DNS_EP_PREFIX_REGEXP="https://dns-service\." CONOHA_DNS_EP_PREFIX_REGEXP="https://dns-service\."
@ -115,9 +126,9 @@ dns_conoha_rm() {
return 1 return 1
fi fi
record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' \ record_id=$(printf "%s" "$response" | _egrep_o '{[^}]*}' |
| grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" \ grep '"type":"TXT"' | grep "\"data\":\"$txtvalue\"" | _egrep_o "\"id\":\"[^\"]*\"" |
| _head_n 1 | cut -d : -f 2 | tr -d \") _head_n 1 | cut -d : -f 2 | tr -d \")
if [ -z "$record_id" ]; then if [ -z "$record_id" ]; then
_err "Can not get record id to remove." _err "Can not get record id to remove."
return 1 return 1
@ -226,7 +237,7 @@ _get_root() {
i=2 i=2
p=1 p=1
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100). h=$(printf "%s" "$domain" | cut -d . -f "$i"-100).
_debug h "$h" _debug h "$h"
if [ -z "$h" ]; then if [ -z "$h" ]; then
#not valid #not valid
@ -240,7 +251,7 @@ _get_root() {
if _contains "$response" "\"name\":\"$h\"" >/dev/null; then if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \") _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | head -n 1 | cut -d : -f 2 | tr -d \")
if [ "$_domain_id" ]; then if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h _domain=$h
return 0 return 0
fi fi

182
dnsapi/dns_constellix.sh Normal file
View File

@ -0,0 +1,182 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_constellix_info='Constellix.com
Site: Constellix.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_constellix
Options:
CONSTELLIX_Key API Key
CONSTELLIX_Secret API Secret
Issues: github.com/acmesh-official/acme.sh/issues/2724
Author: Wout Decre <wout@canodus.be>
'
CONSTELLIX_Api="https://api.dns.constellix.com/v1"
######## Public functions #####################
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
# Used to add txt record
dns_constellix_add() {
fulldomain=$1
txtvalue=$2
CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}"
CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}"
if [ -z "$CONSTELLIX_Key" ] || [ -z "$CONSTELLIX_Secret" ]; then
_err "You did not specify the Contellix API key and secret yet."
return 1
fi
_saveaccountconf_mutable CONSTELLIX_Key "$CONSTELLIX_Key"
_saveaccountconf_mutable CONSTELLIX_Secret "$CONSTELLIX_Secret"
if ! _get_root "$fulldomain"; then
_err "Invalid domain"
return 1
fi
# The TXT record might already exist when working with wildcard certificates. In that case, update the record by adding the new value.
_debug "Search TXT record"
if _constellix_rest GET "domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}"; then
if printf -- "%s" "$response" | grep "{\"errors\":\[\"Requested record was not found\"\]}" >/dev/null; then
_info "Adding TXT record"
if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"add\":true,\"set\":{\"name\":\"${_sub_domain}\",\"ttl\":60,\"roundRobin\":[{\"value\":\"${txtvalue}\"}]}}]"; then
if printf -- "%s" "$response" | grep "{\"success\":\"1 record(s) added, 0 record(s) updated, 0 record(s) deleted\"}" >/dev/null; then
_info "Added"
return 0
else
_err "Error adding TXT record"
fi
fi
else
_record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]*" | cut -d ':' -f 2)
if _constellix_rest GET "domains/${_domain_id}/records/TXT/${_record_id}"; then
_new_rr_values=$(printf "%s\n" "$response" | _egrep_o '"roundRobin":\[[^]]*\]' | sed "s/\]$/,{\"value\":\"${txtvalue}\"}]/")
_debug _new_rr_values "$_new_rr_values"
_info "Updating TXT record"
if _constellix_rest PUT "domains/${_domain_id}/records/TXT/${_record_id}" "{\"name\":\"${_sub_domain}\",\"ttl\":60,${_new_rr_values}}"; then
if printf -- "%s" "$response" | grep "{\"success\":\"Record.*updated successfully\"}" >/dev/null; then
_info "Updated"
return 0
elif printf -- "%s" "$response" | grep "{\"errors\":\[\"Contents are identical\"\]}" >/dev/null; then
_info "Already exists, no need to update"
return 0
else
_err "Error updating TXT record"
fi
fi
fi
fi
fi
return 1
}
# Usage: fulldomain txtvalue
# Used to remove the txt record after validation
dns_constellix_rm() {
fulldomain=$1
txtvalue=$2
CONSTELLIX_Key="${CONSTELLIX_Key:-$(_readaccountconf_mutable CONSTELLIX_Key)}"
CONSTELLIX_Secret="${CONSTELLIX_Secret:-$(_readaccountconf_mutable CONSTELLIX_Secret)}"
if [ -z "$CONSTELLIX_Key" ] || [ -z "$CONSTELLIX_Secret" ]; then
_err "You did not specify the Contellix API key and secret yet."
return 1
fi
if ! _get_root "$fulldomain"; then
_err "Invalid domain"
return 1
fi
# The TXT record might have been removed already when working with some wildcard certificates.
_debug "Search TXT record"
if _constellix_rest GET "domains/${_domain_id}/records/TXT/search?exact=${_sub_domain}"; then
if printf -- "%s" "$response" | grep "{\"errors\":\[\"Requested record was not found\"\]}" >/dev/null; then
_info "Removed"
return 0
else
_info "Removing TXT record"
if _constellix_rest POST "domains/${_domain_id}/records" "[{\"type\":\"txt\",\"delete\":true,\"filter\":{\"field\":\"name\",\"op\":\"eq\",\"value\":\"${_sub_domain}\"}}]"; then
if printf -- "%s" "$response" | grep "{\"success\":\"0 record(s) added, 0 record(s) updated, 1 record(s) deleted\"}" >/dev/null; then
_info "Removed"
return 0
else
_err "Error removing TXT record"
fi
fi
fi
fi
return 1
}
#################### Private functions below ##################################
_get_root() {
domain=$1
i=2
p=1
_debug "Detecting root zone"
while true; do
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
if [ -z "$h" ]; then
return 1
fi
if ! _constellix_rest GET "domains/search?exact=$h"; then
return 1
fi
if _contains "$response" "\"name\":\"$h\""; then
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[0-9]*" | cut -d ':' -f 2)
if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d '.' -f 1-"$p")
_domain="$h"
_debug _domain_id "$_domain_id"
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
return 0
fi
return 1
fi
p=$i
i=$(_math "$i" + 1)
done
return 1
}
_constellix_rest() {
m=$1
ep="$2"
data="$3"
_debug "$ep"
rdate=$(date +"%s")"000"
hmac=$(printf "%s" "$rdate" | _hmac sha1 "$(printf "%s" "$CONSTELLIX_Secret" | _hex_dump | tr -d ' ')" | _base64)
export _H1="x-cnsdns-apiKey: $CONSTELLIX_Key"
export _H2="x-cnsdns-requestDate: $rdate"
export _H3="x-cnsdns-hmac: $hmac"
export _H4="Accept: application/json"
export _H5="Content-Type: application/json"
if [ "$m" != "GET" ]; then
_debug data "$data"
response="$(_post "$data" "$CONSTELLIX_Api/$ep" "" "$m")"
else
response="$(_get "$CONSTELLIX_Api/$ep")"
fi
if [ "$?" != "0" ]; then
_err "Error $ep"
return 1
fi
_debug response "$response"
return 0
}

160
dnsapi/dns_cpanel.sh Executable file
View File

@ -0,0 +1,160 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_cpanel_info='cPanel Server API
Manage DNS via cPanel Dashboard.
Site: cPanel.net
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_cpanel
Options:
cPanel_Username Username
cPanel_Apitoken API Token
cPanel_Hostname Server URL. E.g. "https://hostname:port"
Issues: github.com/acmesh-official/acme.sh/issues/3732
Author: Bjarne Saltbaek
'
######## Public functions #####################
# Used to add txt record
dns_cpanel_add() {
fulldomain=$1
txtvalue=$2
_info "Adding TXT record to cPanel based system"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
_debug cPanel_Username "$cPanel_Username"
_debug cPanel_Apitoken "$cPanel_Apitoken"
_debug cPanel_Hostname "$cPanel_Hostname"
if ! _cpanel_login; then
_err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file"
return 1
fi
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "No matching root domain for $fulldomain found"
return 1
fi
# adding entry
_info "Adding the entry"
stripped_fulldomain=$(echo "$fulldomain" | sed "s/.$_domain//")
_debug "Adding $stripped_fulldomain to $_domain zone"
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=add_zone_record&domain=$_domain&name=$stripped_fulldomain&type=TXT&txtdata=$txtvalue&ttl=1"
if _successful_update; then return 0; fi
_err "Couldn't create entry!"
return 1
}
# Usage: fulldomain txtvalue
# Used to remove the txt record after validation
dns_cpanel_rm() {
fulldomain=$1
txtvalue=$2
_info "Using cPanel based system"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
if ! _cpanel_login; then
_err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file"
return 1
fi
if ! _get_root; then
_err "No matching root domain for $fulldomain found"
return 1
fi
_findentry "$fulldomain" "$txtvalue"
if [ -z "$_id" ]; then
_info "Entry doesn't exist, nothing to delete"
return 0
fi
_debug "Deleting record..."
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=remove_zone_record&domain=$_domain&line=$_id"
# removing entry
_debug "_result is: $_result"
if _successful_update; then return 0; fi
_err "Couldn't delete entry!"
return 1
}
#################### Private functions below ##################################
_checkcredentials() {
cPanel_Username="${cPanel_Username:-$(_readaccountconf_mutable cPanel_Username)}"
cPanel_Apitoken="${cPanel_Apitoken:-$(_readaccountconf_mutable cPanel_Apitoken)}"
cPanel_Hostname="${cPanel_Hostname:-$(_readaccountconf_mutable cPanel_Hostname)}"
if [ -z "$cPanel_Username" ] || [ -z "$cPanel_Apitoken" ] || [ -z "$cPanel_Hostname" ]; then
cPanel_Username=""
cPanel_Apitoken=""
cPanel_Hostname=""
_err "You haven't specified cPanel username, apitoken and hostname yet."
_err "Please add credentials and try again."
return 1
fi
#save the credentials to the account conf file.
_saveaccountconf_mutable cPanel_Username "$cPanel_Username"
_saveaccountconf_mutable cPanel_Apitoken "$cPanel_Apitoken"
_saveaccountconf_mutable cPanel_Hostname "$cPanel_Hostname"
return 0
}
_cpanel_login() {
if ! _checkcredentials; then return 1; fi
if ! _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=CustInfo&cpanel_jsonapi_func=displaycontactinfo"; then
_err "cPanel login failed for user $cPanel_Username."
return 1
fi
return 0
}
_myget() {
#Adds auth header to request
export _H1="Authorization: cpanel $cPanel_Username:$cPanel_Apitoken"
_result=$(_get "$cPanel_Hostname/$1")
}
_get_root() {
_myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones'
_domains=$(echo "$_result" | _egrep_o '"[a-z0-9\.\-]*":\["; cPanel first' | cut -d':' -f1 | sed 's/"//g' | sed 's/{//g')
_debug "_result is: $_result"
_debug "_domains is: $_domains"
if [ -z "$_domains" ]; then
_err "Primary domain list not found!"
return 1
fi
for _domain in $_domains; do
_debug "Checking if $fulldomain ends with $_domain"
if (_endswith "$fulldomain" "$_domain"); then
_debug "Root domain: $_domain"
return 0
fi
done
return 1
}
_successful_update() {
if (echo "$_result" | _egrep_o 'data":\[[^]]*]' | grep -q '"newserial":null'); then return 1; fi
return 0
}
_findentry() {
_debug "In _findentry"
#returns id of dns entry, if it exists
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain"
_id=$(echo "$_result" | sed -e "s/},{/},\n{/g" | grep "$fulldomain" | grep "$txtvalue" | _egrep_o 'line":[0-9]+' | cut -d ':' -f 2)
_debug "_result is: $_result"
_debug "fulldomain. is $fulldomain."
_debug "txtvalue is $txtvalue"
_debug "_id is: $_id"
if [ -n "$_id" ]; then
_debug "Entry found with _id=$_id"
return 0
fi
return 1
}

165
dnsapi/dns_curanet.sh Normal file
View File

@ -0,0 +1,165 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_curanet_info='Curanet.dk
Domains: scannet.dk wannafind.dk dandomain.dk
Site: Curanet.dk
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_curanet
Options:
CURANET_AUTHCLIENTID Auth ClientID. Requires scope dns
CURANET_AUTHSECRET Auth Secret
Issues: github.com/acmesh-official/acme.sh/issues/3933
Author: Peter L. Hansen <peter@r12.dk>
'
CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains"
CURANET_AUTH_URL="https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token"
CURANET_ACCESS_TOKEN=""
######## Public functions #####################
#Usage: dns_curanet_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_curanet_add() {
fulldomain=$1
txtvalue=$2
_info "Using curanet"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}"
CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}"
if [ -z "$CURANET_AUTHCLIENTID" ] || [ -z "$CURANET_AUTHSECRET" ]; then
CURANET_AUTHCLIENTID=""
CURANET_AUTHSECRET=""
_err "You don't specify curanet api client and secret."
_err "Please create your auth info and try again."
return 1
fi
#save the credentials to the account conf file.
_saveaccountconf_mutable CURANET_AUTHCLIENTID "$CURANET_AUTHCLIENTID"
_saveaccountconf_mutable CURANET_AUTHSECRET "$CURANET_AUTHSECRET"
if ! _get_token; then
_err "Unable to get token"
return 1
fi
if ! _get_root "$fulldomain"; then
_err "Invalid domain"
return 1
fi
export _H1="Content-Type: application/json-patch+json"
export _H2="Accept: application/json"
export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN"
data="{\"name\": \"$fulldomain\",\"type\": \"TXT\",\"ttl\": 60,\"priority\": 0,\"data\": \"$txtvalue\"}"
response="$(_post "$data" "$CURANET_REST_URL/${_domain}/Records" "" "")"
if _contains "$response" "$txtvalue"; then
_debug "TXT record added OK"
else
_err "Unable to add TXT record"
return 1
fi
return 0
}
#Usage: fulldomain txtvalue
#Remove the txt record after validation.
dns_curanet_rm() {
fulldomain=$1
txtvalue=$2
_info "Using curanet"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
CURANET_AUTHCLIENTID="${CURANET_AUTHCLIENTID:-$(_readaccountconf_mutable CURANET_AUTHCLIENTID)}"
CURANET_AUTHSECRET="${CURANET_AUTHSECRET:-$(_readaccountconf_mutable CURANET_AUTHSECRET)}"
if ! _get_token; then
_err "Unable to get token"
return 1
fi
if ! _get_root "$fulldomain"; then
_err "Invalid domain"
return 1
fi
_debug "Getting current record list to identify TXT to delete"
export _H1="Content-Type: application/json"
export _H2="Accept: application/json"
export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN"
response="$(_get "$CURANET_REST_URL/${_domain}/Records" "" "")"
if ! _contains "$response" "$txtvalue"; then
_err "Unable to delete record (does not contain $txtvalue )"
return 1
fi
recordid=$(echo "$response" | _egrep_o "{\"id\":[0-9]+,\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":60,\"priority\":0,\"data\":\"..$txtvalue" | _egrep_o "id\":[0-9]+" | cut -c 5-)
if [ -z "$recordid" ]; then
_err "Unable to get recordid"
_debug "regex {\"id\":[0-9]+,\"name\":\"$fulldomain\",\"type\":\"TXT\",\"ttl\":60,\"priority\":0,\"data\":\"..$txtvalue"
_debug "response $response"
return 1
fi
_debug "Deleting recordID $recordid"
response="$(_post "" "$CURANET_REST_URL/${_domain}/Records/$recordid" "" "DELETE")"
return 0
}
#################### Private functions below ##################################
_get_token() {
response="$(_post "grant_type=client_credentials&client_id=$CURANET_AUTHCLIENTID&client_secret=$CURANET_AUTHSECRET&scope=dns" "$CURANET_AUTH_URL" "" "")"
if ! _contains "$response" "access_token"; then
_err "Unable get access token"
return 1
fi
CURANET_ACCESS_TOKEN=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]+" | cut -c 17-)
if [ -z "$CURANET_ACCESS_TOKEN" ]; then
_err "Unable to get token"
return 1
fi
return 0
}
#_acme-challenge.www.domain.com
#returns
# _domain=domain.com
# _domain_id=sdjkglgdfewsdfg
_get_root() {
domain=$1
i=1
while true; do
h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h"
if [ -z "$h" ]; then
#not valid
return 1
fi
export _H1="Content-Type: application/json"
export _H2="Accept: application/json"
export _H3="Authorization: Bearer $CURANET_ACCESS_TOKEN"
response="$(_get "$CURANET_REST_URL/$h/Records" "" "")"
if [ ! "$(echo "$response" | _egrep_o "Entity not found")" ]; then
_domain=$h
return 0
fi
i=$(_math "$i" + 1)
done
return 1
}

View File

@ -1,185 +0,0 @@
#!/usr/bin/env sh
# CloudXNS Domain api
#
#CX_Key="1234"
#
#CX_Secret="sADDsdasdgdsf"
CX_Api="https://www.cloudxns.net/api2"
#REST_API
######## Public functions #####################
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_cx_add() {
fulldomain=$1
txtvalue=$2
CX_Key="${CX_Key:-$(_readaccountconf_mutable CX_Key)}"
CX_Secret="${CX_Secret:-$(_readaccountconf_mutable CX_Secret)}"
if [ -z "$CX_Key" ] || [ -z "$CX_Secret" ]; then
CX_Key=""
CX_Secret=""
_err "You don't specify cloudxns.net api key or secret yet."
_err "Please create you key and try again."
return 1
fi
REST_API="$CX_Api"
#save the api key and email to the account conf file.
_saveaccountconf_mutable CX_Key "$CX_Key"
_saveaccountconf_mutable CX_Secret "$CX_Secret"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
add_record "$_domain" "$_sub_domain" "$txtvalue"
}
#fulldomain txtvalue
dns_cx_rm() {
fulldomain=$1
txtvalue=$2
CX_Key="${CX_Key:-$(_readaccountconf_mutable CX_Key)}"
CX_Secret="${CX_Secret:-$(_readaccountconf_mutable CX_Secret)}"
REST_API="$CX_Api"
if _get_root "$fulldomain"; then
record_id=""
existing_records "$_domain" "$_sub_domain" "$txtvalue"
if [ "$record_id" ]; then
_rest DELETE "record/$record_id/$_domain_id" "{}"
_info "Deleted record ${fulldomain}"
fi
fi
}
#usage: root sub
#return if the sub record already exists.
#echos the existing records count.
# '0' means doesn't exist
existing_records() {
_debug "Getting txt records"
root=$1
sub=$2
if ! _rest GET "record/$_domain_id?:domain_id?host_id=0&offset=0&row_num=100"; then
return 1
fi
seg=$(printf "%s\n" "$response" | _egrep_o '"record_id":[^{]*host":"'"$_sub_domain"'"[^}]*\}')
_debug seg "$seg"
if [ -z "$seg" ]; then
return 0
fi
if printf "%s" "$response" | grep '"type":"TXT"' >/dev/null; then
record_id=$(printf "%s\n" "$seg" | _egrep_o '"record_id":"[^"]*"' | cut -d : -f 2 | tr -d \" | _head_n 1)
_debug record_id "$record_id"
return 0
fi
}
#add the txt record.
#usage: root sub txtvalue
add_record() {
root=$1
sub=$2
txtvalue=$3
fulldomain="$sub.$root"
_info "Adding record"
if ! _rest POST "record" "{\"domain_id\": $_domain_id, \"host\":\"$_sub_domain\", \"value\":\"$txtvalue\", \"type\":\"TXT\",\"ttl\":600, \"line_id\":1}"; then
return 1
fi
return 0
}
#################### Private functions below ##################################
#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
# _domain_id=sdjkglgdfewsdfg
_get_root() {
domain=$1
i=2
p=1
if ! _rest GET "domain"; then
return 1
fi
while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
_debug h "$h"
if [ -z "$h" ]; then
#not valid
return 1
fi
if _contains "$response" "$h."; then
seg=$(printf "%s\n" "$response" | _egrep_o '"id":[^{]*"'"$h"'."[^}]*}')
_debug seg "$seg"
_domain_id=$(printf "%s\n" "$seg" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
_debug _domain_id "$_domain_id"
if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_debug _sub_domain "$_sub_domain"
_domain="$h"
_debug _domain "$_domain"
return 0
fi
return 1
fi
p="$i"
i=$(_math "$i" + 1)
done
return 1
}
#Usage: method URI data
_rest() {
m=$1
ep="$2"
_debug ep "$ep"
url="$REST_API/$ep"
_debug url "$url"
cdate=$(date -u "+%Y-%m-%d %H:%M:%S UTC")
_debug cdate "$cdate"
data="$3"
_debug data "$data"
sec="$CX_Key$url$data$cdate$CX_Secret"
_debug sec "$sec"
hmac=$(printf "%s" "$sec" | _digest md5 hex)
_debug hmac "$hmac"
export _H1="API-KEY: $CX_Key"
export _H2="API-REQUEST-DATE: $cdate"
export _H3="API-HMAC: $hmac"
export _H4="Content-Type: application/json"
if [ "$data" ]; then
response="$(_post "$data" "$url" "" "$m")"
else
response="$(_get "$url")"
fi
if [ "$?" != "0" ]; then
_err "error $ep"
return 1
fi
_debug2 response "$response"
_contains "$response" '"code":1'
}

View File

@ -1,40 +1,34 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
######## dns_cyon_info='cyon.ch
# Custom cyon.ch DNS API for use with [acme.sh](https://github.com/Neilpang/acme.sh) Site: cyon.ch
# Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cyon
# Usage: acme.sh --issue --dns dns_cyon -d www.domain.com Options:
# CY_Username Username
# Dependencies: CY_Password API Token
# ------------- CY_OTP_Secret OTP token. Only required if using 2FA
# - oathtool (When using 2 Factor Authentication) Issues: github.com/noplanman/cyon-api/issues
# Author: Armando Lüscher <armando@noplanman.ch>
# Issues: '
# -------
# Any issues / questions / suggestions can be posted here:
# https://github.com/noplanman/cyon-api/issues
#
# Author: Armando Lüscher <armando@noplanman.ch>
########
dns_cyon_add() { dns_cyon_add() {
_cyon_load_credentials \ _cyon_load_credentials &&
&& _cyon_load_parameters "$@" \ _cyon_load_parameters "$@" &&
&& _cyon_print_header "add" \ _cyon_print_header "add" &&
&& _cyon_login \ _cyon_login &&
&& _cyon_change_domain_env \ _cyon_change_domain_env &&
&& _cyon_add_txt \ _cyon_add_txt &&
&& _cyon_logout _cyon_logout
} }
dns_cyon_rm() { dns_cyon_rm() {
_cyon_load_credentials \ _cyon_load_credentials &&
&& _cyon_load_parameters "$@" \ _cyon_load_parameters "$@" &&
&& _cyon_print_header "delete" \ _cyon_print_header "delete" &&
&& _cyon_login \ _cyon_login &&
&& _cyon_change_domain_env \ _cyon_change_domain_env &&
&& _cyon_delete_txt \ _cyon_delete_txt &&
&& _cyon_logout _cyon_logout
} }
######################### #########################
@ -44,7 +38,7 @@ dns_cyon_rm() {
_cyon_load_credentials() { _cyon_load_credentials() {
# Convert loaded password to/from base64 as needed. # Convert loaded password to/from base64 as needed.
if [ "${CY_Password_B64}" ]; then if [ "${CY_Password_B64}" ]; then
CY_Password="$(printf "%s" "${CY_Password_B64}" | _dbase64 "multiline")" CY_Password="$(printf "%s" "${CY_Password_B64}" | _dbase64)"
elif [ "${CY_Password}" ]; then elif [ "${CY_Password}" ]; then
CY_Password_B64="$(printf "%s" "${CY_Password}" | _base64)" CY_Password_B64="$(printf "%s" "${CY_Password}" | _base64)"
fi fi
@ -66,7 +60,7 @@ _cyon_load_credentials() {
_debug "Save credentials to account.conf" _debug "Save credentials to account.conf"
_saveaccountconf CY_Username "${CY_Username}" _saveaccountconf CY_Username "${CY_Username}"
_saveaccountconf CY_Password_B64 "$CY_Password_B64" _saveaccountconf CY_Password_B64 "$CY_Password_B64"
if [ ! -z "${CY_OTP_Secret}" ]; then if [ -n "${CY_OTP_Secret}" ]; then
_saveaccountconf CY_OTP_Secret "$CY_OTP_Secret" _saveaccountconf CY_OTP_Secret "$CY_OTP_Secret"
else else
_clearaccountconf CY_OTP_Secret _clearaccountconf CY_OTP_Secret
@ -164,7 +158,7 @@ _cyon_login() {
# todo: instead of just checking if the env variable is defined, check if we actually need to do a 2FA auth request. # todo: instead of just checking if the env variable is defined, check if we actually need to do a 2FA auth request.
# 2FA authentication with OTP? # 2FA authentication with OTP?
if [ ! -z "${CY_OTP_Secret}" ]; then if [ -n "${CY_OTP_Secret}" ]; then
_info " - Authorising with OTP code..." _info " - Authorising with OTP code..."
if ! _exists oathtool; then if ! _exists oathtool; then

View File

@ -1,31 +1,14 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*- # shellcheck disable=SC2034
# vim: et ts=2 sw=2 dns_da_info='DirectAdmin Server API
# Site: DirectAdmin.com/api.php
# DirectAdmin 1.41.0 API Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_da
# The DirectAdmin interface has it's own Let's encrypt functionality, but this Options:
# script can be used to generate certificates for names which are not hosted on DA_Api API Server URL. E.g. "https://remoteUser:remotePassword@da.domain.tld:8443"
# DirectAdmin DA_Api_Insecure Insecure TLS. 0: check for cert validity, 1: always accept
# Issues: github.com/TigerP/acme.sh/issues
# User must provide login data and URL to DirectAdmin incl. port. '
# You can create login key, by using the Login Keys function
# ( https://da.example.com:8443/CMD_LOGIN_KEYS ), which only has access to
# - CMD_API_DNS_CONTROL
# - CMD_API_SHOW_DOMAINS
#
# See also https://www.directadmin.com/api.php and
# https://www.directadmin.com/features.php?id=1298
#
# Report bugs to https://github.com/TigerP/acme.sh/issues
#
# Values to export:
# export DA_Api="https://remoteUser:remotePassword@da.example.com:8443"
# export DA_Api_Insecure=1
#
# Set DA_Api_Insecure to 1 for insecure and 0 for secure -> difference is
# whether ssl cert is checked for validity (0) or whether it is just accepted
# (1)
#
######## Public functions ##################### ######## Public functions #####################
# Usage: dns_myapi_add _acme-challenge.www.example.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" # Usage: dns_myapi_add _acme-challenge.www.example.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
@ -78,7 +61,7 @@ _get_root() {
# response will contain "list[]=example.com&list[]=example.org" # response will contain "list[]=example.com&list[]=example.org"
_da_api CMD_API_SHOW_DOMAINS "" "${domain}" _da_api CMD_API_SHOW_DOMAINS "" "${domain}"
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h" _debug h "$h"
if [ -z "$h" ]; then if [ -z "$h" ]; then
# not valid # not valid
@ -86,7 +69,7 @@ _get_root() {
return 1 return 1
fi fi
if _contains "$response" "$h" >/dev/null; then if _contains "$response" "$h" >/dev/null; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h _domain=$h
return 0 return 0
fi fi

View File

@ -1,16 +1,13 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
#Created by RaidenII, to use DuckDNS's API to add/remove text records dns_ddnss_info='DDNSS.de
#modified by helbgd @ 03/13/2018 to support ddnss.de Site: DDNSS.de
#modified by mod242 @ 04/24/2018 to support different ddnss domains Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ddnss
#Please note: the Wildcard Feature must be turned on for the Host record Options:
#and the checkbox for TXT needs to be enabled DDNSS_Token API Token
Issues: github.com/acmesh-official/acme.sh/issues/2230
# Pass credentials before "acme.sh --issue --dns dns_ddnss ..." Author: RaidenII, helbgd, mod242
# -- '
# export DDNSS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
# --
#
DDNSS_DNS_API="https://ddnss.de/upd.php" DDNSS_DNS_API="https://ddnss.de/upd.php"
@ -77,7 +74,7 @@ dns_ddnss_rm() {
# Now remove the TXT record from DDNS DNS # Now remove the TXT record from DDNS DNS
_info "Trying to remove TXT record" _info "Trying to remove TXT record"
if _ddnss_rest GET "key=$DDNSS_Token&host=$_ddnss_domain&txtm=1&txt=."; then if _ddnss_rest GET "key=$DDNSS_Token&host=$_ddnss_domain&txtm=2"; then
if [ "$response" = "Updated 1 hostname." ]; then if [ "$response" = "Updated 1 hostname." ]; then
_info "TXT record has been successfully removed from your DDNSS domain." _info "TXT record has been successfully removed from your DDNSS domain."
return 0 return 0
@ -119,7 +116,7 @@ _ddnss_rest() {
# DDNSS uses GET to update domain info # DDNSS uses GET to update domain info
if [ "$method" = "GET" ]; then if [ "$method" = "GET" ]; then
response="$(_get "$url" | sed 's/<[a-zA-Z\/][^>]*>//g' | _tail_n 1)" response="$(_get "$url" | sed 's/<[a-zA-Z\/][^>]*>//g' | tr -s "\n" | _tail_n 1)"
else else
_err "Unsupported method" _err "Unsupported method"
return 1 return 1

View File

@ -1,11 +1,13 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# # shellcheck disable=SC2034
# deSEC.io Domain API dns_desec_info='deSEC.io
# Site: desec.readthedocs.io/en/latest/
# Author: Zheng Qian Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_desec
# Options:
# deSEC API doc DDNSS_Token API Token
# https://desec.readthedocs.io/en/latest/ Issues: github.com/acmesh-official/acme.sh/issues/2180
Author: Zheng Qian
'
REST_API="https://desec.io/api/v1/domains" REST_API="https://desec.io/api/v1/domains"
@ -20,21 +22,17 @@ dns_desec_add() {
_debug txtvalue "$txtvalue" _debug txtvalue "$txtvalue"
DEDYN_TOKEN="${DEDYN_TOKEN:-$(_readaccountconf_mutable DEDYN_TOKEN)}" DEDYN_TOKEN="${DEDYN_TOKEN:-$(_readaccountconf_mutable DEDYN_TOKEN)}"
DEDYN_NAME="${DEDYN_NAME:-$(_readaccountconf_mutable DEDYN_NAME)}"
if [ -z "$DEDYN_TOKEN" ] || [ -z "$DEDYN_NAME" ]; then if [ -z "$DEDYN_TOKEN" ]; then
DEDYN_TOKEN="" DEDYN_TOKEN=""
DEDYN_NAME="" _err "You did not specify DEDYN_TOKEN yet."
_err "You did not specify DEDYN_TOKEN and DEDYN_NAME yet."
_err "Please create your key and try again." _err "Please create your key and try again."
_err "e.g." _err "e.g."
_err "export DEDYN_TOKEN=d41d8cd98f00b204e9800998ecf8427e" _err "export DEDYN_TOKEN=d41d8cd98f00b204e9800998ecf8427e"
_err "export DEDYN_NAME=foobar.dedyn.io"
return 1 return 1
fi fi
#save the api token and name to the account conf file. #save the api token to the account conf file.
_saveaccountconf_mutable DEDYN_TOKEN "$DEDYN_TOKEN" _saveaccountconf_mutable DEDYN_TOKEN "$DEDYN_TOKEN"
_saveaccountconf_mutable DEDYN_NAME "$DEDYN_NAME"
_debug "First detect the root zone" _debug "First detect the root zone"
if ! _get_root "$fulldomain" "$REST_API/"; then if ! _get_root "$fulldomain" "$REST_API/"; then
@ -47,7 +45,7 @@ dns_desec_add() {
# Get existing TXT record # Get existing TXT record
_debug "Getting txt records" _debug "Getting txt records"
txtvalues="\"\\\"$txtvalue\\\"\"" txtvalues="\"\\\"$txtvalue\\\"\""
_desec_rest GET "$REST_API/$DEDYN_NAME/rrsets/$_sub_domain/TXT/" _desec_rest GET "$REST_API/$_domain/rrsets/$_sub_domain/TXT/"
if [ "$_code" = "200" ]; then if [ "$_code" = "200" ]; then
oldtxtvalues="$(echo "$response" | _egrep_o "\"records\":\\[\"\\S*\"\\]" | cut -d : -f 2 | tr -d "[]\\\\\"" | sed "s/,/ /g")" oldtxtvalues="$(echo "$response" | _egrep_o "\"records\":\\[\"\\S*\"\\]" | cut -d : -f 2 | tr -d "[]\\\\\"" | sed "s/,/ /g")"
@ -61,9 +59,9 @@ dns_desec_add() {
fi fi
_debug txtvalues "$txtvalues" _debug txtvalues "$txtvalues"
_info "Adding record" _info "Adding record"
body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":60}]" body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":3600}]"
if _desec_rest PUT "$REST_API/$DEDYN_NAME/rrsets/" "$body"; then if _desec_rest PUT "$REST_API/$_domain/rrsets/" "$body"; then
if _contains "$response" "$txtvalue"; then if _contains "$response" "$txtvalue"; then
_info "Added, OK" _info "Added, OK"
return 0 return 0
@ -87,16 +85,13 @@ dns_desec_rm() {
_debug txtvalue "$txtvalue" _debug txtvalue "$txtvalue"
DEDYN_TOKEN="${DEDYN_TOKEN:-$(_readaccountconf_mutable DEDYN_TOKEN)}" DEDYN_TOKEN="${DEDYN_TOKEN:-$(_readaccountconf_mutable DEDYN_TOKEN)}"
DEDYN_NAME="${DEDYN_NAME:-$(_readaccountconf_mutable DEDYN_NAME)}"
if [ -z "$DEDYN_TOKEN" ] || [ -z "$DEDYN_NAME" ]; then if [ -z "$DEDYN_TOKEN" ]; then
DEDYN_TOKEN="" DEDYN_TOKEN=""
DEDYN_NAME="" _err "You did not specify DEDYN_TOKEN yet."
_err "You did not specify DEDYN_TOKEN and DEDYN_NAME yet."
_err "Please create your key and try again." _err "Please create your key and try again."
_err "e.g." _err "e.g."
_err "export DEDYN_TOKEN=d41d8cd98f00b204e9800998ecf8427e" _err "export DEDYN_TOKEN=d41d8cd98f00b204e9800998ecf8427e"
_err "export DEDYN_NAME=foobar.dedyn.io"
return 1 return 1
fi fi
@ -112,7 +107,7 @@ dns_desec_rm() {
# Get existing TXT record # Get existing TXT record
_debug "Getting txt records" _debug "Getting txt records"
txtvalues="" txtvalues=""
_desec_rest GET "$REST_API/$DEDYN_NAME/rrsets/$_sub_domain/TXT/" _desec_rest GET "$REST_API/$_domain/rrsets/$_sub_domain/TXT/"
if [ "$_code" = "200" ]; then if [ "$_code" = "200" ]; then
oldtxtvalues="$(echo "$response" | _egrep_o "\"records\":\\[\"\\S*\"\\]" | cut -d : -f 2 | tr -d "[]\\\\\"" | sed "s/,/ /g")" oldtxtvalues="$(echo "$response" | _egrep_o "\"records\":\\[\"\\S*\"\\]" | cut -d : -f 2 | tr -d "[]\\\\\"" | sed "s/,/ /g")"
@ -130,8 +125,8 @@ dns_desec_rm() {
_debug txtvalues "$txtvalues" _debug txtvalues "$txtvalues"
_info "Deleting record" _info "Deleting record"
body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":60}]" body="[{\"subname\":\"$_sub_domain\", \"type\":\"TXT\", \"records\":[$txtvalues], \"ttl\":3600}]"
_desec_rest PUT "$REST_API/$DEDYN_NAME/rrsets/" "$body" _desec_rest PUT "$REST_API/$_domain/rrsets/" "$body"
if [ "$_code" = "200" ]; then if [ "$_code" = "200" ]; then
_info "Deleted, OK" _info "Deleted, OK"
return 0 return 0
@ -181,7 +176,7 @@ _get_root() {
i=2 i=2
p=1 p=1
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h" _debug h "$h"
if [ -z "$h" ]; then if [ -z "$h" ]; then
#not valid #not valid
@ -193,7 +188,7 @@ _get_root() {
fi fi
if _contains "$response" "\"name\":\"$h\"" >/dev/null; then if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h _domain=$h
return 0 return 0
fi fi

62
dnsapi/dns_df.sh Normal file
View File

@ -0,0 +1,62 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_df_info='DynDnsFree.de
Domains: dynup.de
Site: DynDnsFree.de
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_df
Options:
DF_user Username
DF_password Password
Issues: github.com/acmesh-official/acme.sh/issues/2897
Author: Thilo Gass <thilo.gass@gmail.com>
'
dyndnsfree_api="https://dynup.de/acme.php"
dns_df_add() {
fulldomain=$1
txt_value=$2
_info "Using DNS-01 dyndnsfree.de hook"
DF_user="${DF_user:-$(_readaccountconf_mutable DF_user)}"
DF_password="${DF_password:-$(_readaccountconf_mutable DF_password)}"
if [ -z "$DF_user" ] || [ -z "$DF_password" ]; then
DF_user=""
DF_password=""
_err "No auth details provided. Please set user credentials using the \$DF_user and \$DF_password environment variables."
return 1
fi
#save the api user and password to the account conf file.
_debug "Save user and password"
_saveaccountconf_mutable DF_user "$DF_user"
_saveaccountconf_mutable DF_password "$DF_password"
domain="$(printf "%s" "$fulldomain" | cut -d"." -f2-)"
get="$dyndnsfree_api?username=$DF_user&password=$DF_password&hostname=$domain&add_hostname=$fulldomain&txt=$txt_value"
if ! erg="$(_get "$get")"; then
_err "error Adding $fulldomain TXT: $txt_value"
return 1
fi
if _contains "$erg" "success"; then
_info "Success, TXT Added, OK"
else
_err "error Adding $fulldomain TXT: $txt_value erg: $erg"
return 1
fi
_debug "ok Auto $fulldomain TXT: $txt_value erg: $erg"
return 0
}
dns_df_rm() {
fulldomain=$1
txtvalue=$2
_info "TXT enrty in $fulldomain is deleted automatically"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
}

View File

@ -1,16 +1,12 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
## Will be called by acme.sh to add the txt record to your api system. dns_dgon_info='DigitalOcean.com
## returns 0 means success, otherwise error. Site: DigitalOcean.com/help/api/
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dgon
## Author: thewer <github at thewer.com> Options:
## GitHub: https://github.com/gitwer/acme.sh DO_API_KEY API Key
Author: <github@thewer.com>
## '
## Environment Variables Required:
##
## DO_API_KEY="75310dc4ca779ac39a19f6355db573b49ce92ae126553ebd61ac3a3ae34834cc"
##
##################### Public functions ##################### ##################### Public functions #####################
@ -22,7 +18,7 @@ dns_dgon_add() {
txtvalue=$2 txtvalue=$2
DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}" DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}"
# Check if API Key Exist # Check if API Key Exists
if [ -z "$DO_API_KEY" ]; then if [ -z "$DO_API_KEY" ]; then
DO_API_KEY="" DO_API_KEY=""
_err "You did not specify DigitalOcean API key." _err "You did not specify DigitalOcean API key."
@ -77,7 +73,7 @@ dns_dgon_rm() {
txtvalue=$2 txtvalue=$2
DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}" DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}"
# Check if API Key Exist # Check if API Key Exists
if [ -z "$DO_API_KEY" ]; then if [ -z "$DO_API_KEY" ]; then
DO_API_KEY="" DO_API_KEY=""
_err "You did not specify DigitalOcean API key." _err "You did not specify DigitalOcean API key."
@ -122,12 +118,12 @@ dns_dgon_rm() {
## check for what we are looking for: "type":"A","name":"$_sub_domain" ## check for what we are looking for: "type":"A","name":"$_sub_domain"
record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*[0-9]+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")" record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*[0-9]+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")"
if [ ! -z "$record" ]; then if [ -n "$record" ]; then
## we found records ## we found records
rec_ids="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")" rec_ids="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")"
_debug rec_ids "$rec_ids" _debug rec_ids "$rec_ids"
if [ ! -z "$rec_ids" ]; then if [ -n "$rec_ids" ]; then
echo "$rec_ids" | while IFS= read -r rec_id; do echo "$rec_ids" | while IFS= read -r rec_id; do
## delete the record ## delete the record
## delete URL for removing the one we dont want ## delete URL for removing the one we dont want
@ -192,6 +188,7 @@ _get_base_domain() {
## get URL for the list of domains ## get URL for the list of domains
## may get: "links":{"pages":{"last":".../v2/domains/DOM/records?page=2","next":".../v2/domains/DOM/records?page=2"}} ## may get: "links":{"pages":{"last":".../v2/domains/DOM/records?page=2","next":".../v2/domains/DOM/records?page=2"}}
DOMURL="https://api.digitalocean.com/v2/domains" DOMURL="https://api.digitalocean.com/v2/domains"
found=""
## while we dont have a matching domain we keep going ## while we dont have a matching domain we keep going
while [ -z "$found" ]; do while [ -z "$found" ]; do
@ -205,10 +202,8 @@ _get_base_domain() {
fi fi
_debug2 domain_list "$domain_list" _debug2 domain_list "$domain_list"
## for each shortening of our $fulldomain, check if it exists in the $domain_list i=1
## can never start on 1 (aka whole $fulldomain) as $fulldomain starts with "_acme-challenge" while [ "$i" -gt 0 ]; do
i=2
while [ $i -gt 0 ]; do
## get next longest domain ## get next longest domain
_domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM") _domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM")
## check we got something back from our cut (or are we at the end) ## check we got something back from our cut (or are we at the end)
@ -218,16 +213,16 @@ _get_base_domain() {
## we got part of a domain back - grep it out ## we got part of a domain back - grep it out
found="$(echo "$domain_list" | _egrep_o "\"name\"\s*\:\s*\"$_domain\"")" found="$(echo "$domain_list" | _egrep_o "\"name\"\s*\:\s*\"$_domain\"")"
## check if it exists ## check if it exists
if [ ! -z "$found" ]; then if [ -n "$found" ]; then
## exists - exit loop returning the parts ## exists - exit loop returning the parts
sub_point=$(_math $i - 1) sub_point=$(_math "$i" - 1)
_sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point") _sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point")
_debug _domain "$_domain" _debug _domain "$_domain"
_debug _sub_domain "$_sub_domain" _debug _sub_domain "$_sub_domain"
return 0 return 0
fi fi
## increment cut point $i ## increment cut point $i
i=$(_math $i + 1) i=$(_math "$i" + 1)
done done
if [ -z "$found" ]; then if [ -z "$found" ]; then

188
dnsapi/dns_dnsexit.sh Normal file
View File

@ -0,0 +1,188 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_dnsexit_info='DNSExit.com
Site: DNSExit.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsexit
Options:
DNSEXIT_API_KEY API Key
DNSEXIT_AUTH_USER Username
DNSEXIT_AUTH_PASS Password
Issues: github.com/acmesh-official/acme.sh/issues/4719
Author: Samuel Jimenez
'
DNSEXIT_API_URL="https://api.dnsexit.com/dns/"
DNSEXIT_HOSTS_URL="https://update.dnsexit.com/ipupdate/hosts.jsp"
######## Public functions #####################
#Usage: dns_dnsexit_add _acme-challenge.*.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_dnsexit_add() {
fulldomain=$1
txtvalue=$2
_info "Using DNSExit.com"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
_debug 'Load account auth'
if ! get_account_info; then
return 1
fi
_debug 'First detect the root zone'
if ! _get_root "$fulldomain"; then
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
if ! _dnsexit_rest "{\"domain\":\"$_domain\",\"add\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":0,\"overwrite\":false}}"; then
_err "$response"
return 1
fi
_debug2 _response "$response"
return 0
}
#Usage: fulldomain txtvalue
#Remove the txt record after validation.
dns_dnsexit_rm() {
fulldomain=$1
txtvalue=$2
_info "Using DNSExit.com"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
_debug 'Load account auth'
if ! get_account_info; then
return 1
fi
_debug 'First detect the root zone'
if ! _get_root "$fulldomain"; then
_err "$response"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
if ! _dnsexit_rest "{\"domain\":\"$_domain\",\"delete\":{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\"}}"; then
_err "$response"
return 1
fi
_debug2 _response "$response"
return 0
}
#################### Private functions below ##################################
#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
_get_root() {
domain=$1
i=1
while true; do
_domain=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$_domain"
if [ -z "$_domain" ]; then
return 1
fi
_debug login "$DNSEXIT_AUTH_USER"
_debug password "$DNSEXIT_AUTH_PASS"
_debug domain "$_domain"
_dnsexit_http "login=$DNSEXIT_AUTH_USER&password=$DNSEXIT_AUTH_PASS&domain=$_domain"
if _contains "$response" "0=$_domain"; then
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")"
return 0
else
_debug "Go to next level of $_domain"
fi
i=$(_math "$i" + 1)
done
return 1
}
_dnsexit_rest() {
m=POST
ep=""
data="$1"
_debug _dnsexit_rest "$ep"
_debug data "$data"
api_key_trimmed=$(echo "$DNSEXIT_API_KEY" | tr -d '"')
export _H1="apikey: $api_key_trimmed"
export _H2='Content-Type: application/json'
if [ "$m" != "GET" ]; then
_debug data "$data"
response="$(_post "$data" "$DNSEXIT_API_URL/$ep" "" "$m")"
else
response="$(_get "$DNSEXIT_API_URL/$ep")"
fi
if [ "$?" != "0" ]; then
_err "Error $ep"
return 1
fi
_debug2 response "$response"
return 0
}
_dnsexit_http() {
m=GET
param="$1"
_debug param "$param"
_debug get "$DNSEXIT_HOSTS_URL?$param"
response="$(_get "$DNSEXIT_HOSTS_URL?$param")"
_debug response "$response"
if [ "$?" != "0" ]; then
_err "Error $param"
return 1
fi
_debug2 response "$response"
return 0
}
get_account_info() {
DNSEXIT_API_KEY="${DNSEXIT_API_KEY:-$(_readaccountconf_mutable DNSEXIT_API_KEY)}"
if test -z "$DNSEXIT_API_KEY"; then
DNSEXIT_API_KEY=''
_err 'DNSEXIT_API_KEY was not exported'
return 1
fi
_saveaccountconf_mutable DNSEXIT_API_KEY "$DNSEXIT_API_KEY"
DNSEXIT_AUTH_USER="${DNSEXIT_AUTH_USER:-$(_readaccountconf_mutable DNSEXIT_AUTH_USER)}"
if test -z "$DNSEXIT_AUTH_USER"; then
DNSEXIT_AUTH_USER=""
_err 'DNSEXIT_AUTH_USER was not exported'
return 1
fi
_saveaccountconf_mutable DNSEXIT_AUTH_USER "$DNSEXIT_AUTH_USER"
DNSEXIT_AUTH_PASS="${DNSEXIT_AUTH_PASS:-$(_readaccountconf_mutable DNSEXIT_AUTH_PASS)}"
if test -z "$DNSEXIT_AUTH_PASS"; then
DNSEXIT_AUTH_PASS=""
_err 'DNSEXIT_AUTH_PASS was not exported'
return 1
fi
_saveaccountconf_mutable DNSEXIT_AUTH_PASS "$DNSEXIT_AUTH_PASS"
return 0
}

86
dnsapi/dns_dnshome.sh Executable file
View File

@ -0,0 +1,86 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_dnshome_info='dnsHome.de
Site: dnsHome.de
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnshome
Options:
DNSHOME_Subdomain Subdomain
DNSHOME_SubdomainPassword Subdomain Password
Issues: github.com/acmesh-official/acme.sh/issues/3819
Author: dnsHome.de https://github.com/dnsHome-de
'
# Usage: add subdomain.ddnsdomain.tld "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
# Used to add txt record
dns_dnshome_add() {
txtvalue=$2
DNSHOME_Subdomain="${DNSHOME_Subdomain:-$(_readdomainconf DNSHOME_Subdomain)}"
DNSHOME_SubdomainPassword="${DNSHOME_SubdomainPassword:-$(_readdomainconf DNSHOME_SubdomainPassword)}"
if [ -z "$DNSHOME_Subdomain" ] || [ -z "$DNSHOME_SubdomainPassword" ]; then
DNSHOME_Subdomain=""
DNSHOME_SubdomainPassword=""
_err "Please specify/export your dnsHome.de Subdomain and Password"
return 1
fi
#save the credentials to the account conf file.
_savedomainconf DNSHOME_Subdomain "$DNSHOME_Subdomain"
_savedomainconf DNSHOME_SubdomainPassword "$DNSHOME_SubdomainPassword"
DNSHOME_Api="https://$DNSHOME_Subdomain:$DNSHOME_SubdomainPassword@www.dnshome.de/dyndns.php"
_DNSHOME_rest POST "acme=add&txt=$txtvalue"
if ! echo "$response" | grep 'successfully' >/dev/null; then
_err "Error"
_err "$response"
return 1
fi
return 0
}
# Usage: txtvalue
# Used to remove the txt record after validation
dns_dnshome_rm() {
txtvalue=$2
DNSHOME_Subdomain="${DNSHOME_Subdomain:-$(_readdomainconf DNSHOME_Subdomain)}"
DNSHOME_SubdomainPassword="${DNSHOME_SubdomainPassword:-$(_readdomainconf DNSHOME_SubdomainPassword)}"
DNSHOME_Api="https://$DNSHOME_Subdomain:$DNSHOME_SubdomainPassword@www.dnshome.de/dyndns.php"
if [ -z "$DNSHOME_Subdomain" ] || [ -z "$DNSHOME_SubdomainPassword" ]; then
DNSHOME_Subdomain=""
DNSHOME_SubdomainPassword=""
_err "Please specify/export your dnsHome.de Subdomain and Password"
return 1
fi
_DNSHOME_rest POST "acme=rm&txt=$txtvalue"
if ! echo "$response" | grep 'successfully' >/dev/null; then
_err "Error"
_err "$response"
return 1
fi
return 0
}
#################### Private functions below ##################################
_DNSHOME_rest() {
method=$1
data="$2"
_debug "$data"
_debug data "$data"
response="$(_post "$data" "$DNSHOME_Api" "" "$method")"
if [ "$?" != "0" ]; then
_err "error $data"
return 1
fi
_debug2 response "$response"
return 0
}

View File

@ -1,12 +1,12 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
# DNSimple domain api dns_dnsimple_info='DNSimple.com
# https://github.com/pho3nixf1re/acme.sh/issues Site: DNSimple.com
# Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dnsimple
# This is your oauth token which can be acquired on the account page. Please Options:
# note that this must be an _account_ token and not a _user_ token. DNSimple_OAUTH_TOKEN OAuth Token
# https://dnsimple.com/a/<your account id>/account/access_tokens Issues: github.com/pho3nixf1re/acme.sh/issues
# DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje" '
DNSimple_API="https://api.dnsimple.com/v2" DNSimple_API="https://api.dnsimple.com/v2"
@ -92,7 +92,7 @@ _get_root() {
i=2 i=2
previous=1 previous=1
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
if [ -z "$h" ]; then if [ -z "$h" ]; then
# not valid # not valid
return 1 return 1
@ -105,7 +105,7 @@ _get_root() {
if _contains "$response" 'not found'; then if _contains "$response" 'not found'; then
_debug "$h not found" _debug "$h not found"
else else
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$previous) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$previous")
_domain="$h" _domain="$h"
_debug _domain "$_domain" _debug _domain "$_domain"

251
dnsapi/dns_dnsservices.sh Executable file
View File

@ -0,0 +1,251 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_dnsservices_info='DNS.Services
Site: DNS.Services
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsservices
Options:
DnsServices_Username Username
DnsServices_Password Password
Issues: github.com/acmesh-official/acme.sh/issues/4152
Author: Bjarke Bruun <bbruun@gmail.com>
'
DNSServices_API=https://dns.services/api
######## Public functions #####################
#Usage: dns_dnsservices_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_dnsservices_add() {
fulldomain="$1"
txtvalue="$2"
_info "Using dns.services to create ACME DNS challenge"
_debug2 add_fulldomain "$fulldomain"
_debug2 add_txtvalue "$txtvalue"
# Read username/password from environment or .acme.sh/accounts.conf
DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}"
DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}"
if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then
DnsServices_Username=""
DnsServices_Password=""
_err "You didn't specify dns.services api username and password yet."
_err "Set environment variables DnsServices_Username and DnsServices_Password"
return 1
fi
# Setup GET/POST/DELETE headers
_setup_headers
#save the credentials to the account conf file.
_saveaccountconf_mutable DnsServices_Username "$DnsServices_Username"
_saveaccountconf_mutable DnsServices_Password "$DnsServices_Password"
if ! _contains "$DnsServices_Username" "@"; then
_err "It seems that the username variable DnsServices_Username has not been set/left blank"
_err "or is not a valid email. Please correct and try again."
return 1
fi
if ! _get_root "${fulldomain}"; then
_err "Invalid domain ${fulldomain}"
return 1
fi
if ! createRecord "$fulldomain" "${txtvalue}"; then
_err "Error creating TXT record in domain $fulldomain in $rootZoneName"
return 1
fi
_debug2 challenge-created "Created $fulldomain"
return 0
}
#Usage: fulldomain txtvalue
#Description: Remove the txt record after validation.
dns_dnsservices_rm() {
fulldomain="$1"
txtvalue="$2"
_info "Using dns.services to remove DNS record $fulldomain TXT $txtvalue"
_debug rm_fulldomain "$fulldomain"
_debug rm_txtvalue "$txtvalue"
# Read username/password from environment or .acme.sh/accounts.conf
DnsServices_Username="${DnsServices_Username:-$(_readaccountconf_mutable DnsServices_Username)}"
DnsServices_Password="${DnsServices_Password:-$(_readaccountconf_mutable DnsServices_Password)}"
if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then
DnsServices_Username=""
DnsServices_Password=""
_err "You didn't specify dns.services api username and password yet."
_err "Set environment variables DnsServices_Username and DnsServices_Password"
return 1
fi
# Setup GET/POST/DELETE headers
_setup_headers
if ! _get_root "${fulldomain}"; then
_err "Invalid domain ${fulldomain}"
return 1
fi
_debug2 rm_rootDomainInfo "found root domain $rootZoneName for $fulldomain"
if ! deleteRecord "${fulldomain}" "${txtvalue}"; then
_err "Error removing record: $fulldomain TXT ${txtvalue}"
return 1
fi
return 0
}
#################### Private functions below ##################################
_setup_headers() {
# Set up API Headers for _get() and _post()
# The <function>_add or <function>_rm must have been called before to work
if [ -z "$DnsServices_Username" ] || [ -z "$DnsServices_Password" ]; then
_err "Could not setup BASIC authentication headers, they are missing"
return 1
fi
DnsServiceCredentials="$(printf "%s" "$DnsServices_Username:$DnsServices_Password" | _base64)"
export _H1="Authorization: Basic $DnsServiceCredentials"
export _H2="Content-Type: application/json"
# Just return if headers are set
return 0
}
_get_root() {
domain="$1"
_debug2 _get_root "Get the root domain of ${domain} for DNS API"
# Setup _get() and _post() headers
#_setup_headers
result=$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/dns")
result2="$(printf "%s\n" "$result" | tr '[' '\n' | grep '"name"')"
result3="$(printf "%s\n" "$result2" | tr '}' '\n' | grep '"name"' | sed "s,^\,,,g" | sed "s,$,},g")"
useResult=""
_debug2 _get_root "Got the following root domain(s) $result"
_debug2 _get_root "- JSON: $result"
if [ "$(printf "%s\n" "$result" | tr '}' '\n' | grep -c '"name"')" -gt "1" ]; then
checkMultiZones="true"
_debug2 _get_root "- multiple zones found"
else
checkMultiZones="false"
_debug2 _get_root "- single zone found"
fi
# Find/isolate the root zone to work with in createRecord() and deleteRecord()
rootZone=""
if [ "$checkMultiZones" = "true" ]; then
#rootZone=$(for x in $(printf "%s" "${result3}" | tr ',' '\n' | sed -n 's/.*"name":"\(.*\)",.*/\1/p'); do if [ "$(echo "$domain" | grep "$x")" != "" ]; then echo "$x"; fi; done)
rootZone=$(for x in $(printf "%s\n" "${result3}" | tr ',' '\n' | grep name | cut -d'"' -f4); do if [ "$(echo "$domain" | grep "$x")" != "" ]; then echo "$x"; fi; done)
if [ "$rootZone" != "" ]; then
_debug2 _rootZone "- root zone for $domain is $rootZone"
else
_err "Could not find root zone for $domain, is it correctly typed?"
return 1
fi
else
rootZone=$(echo "$result" | tr '}' '\n' | _egrep_o '"name":"[^"]*' | cut -d'"' -f4)
_debug2 _get_root "- only found 1 domain in API: $rootZone"
fi
if [ -z "$rootZone" ]; then
_err "Could not find root domain for $domain - is it correctly typed?"
return 1
fi
# Make sure we use the correct API zone data
useResult="$(printf "%s\n" "${result3}" tr ',' '\n' | grep "$rootZone")"
_debug2 _useResult "useResult=$useResult"
# Setup variables used by other functions to communicate with DNS.Services API
#zoneInfo=$(printf "%s\n" "$useResult" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"name":")([^"]*)"(.*)$,\2,g')
zoneInfo=$(printf "%s\n" "$useResult" | tr ',' '\n' | grep '"name"' | cut -d'"' -f4)
rootZoneName="$rootZone"
subDomainName="$(printf "%s\n" "$domain" | sed "s,\.$rootZone,,g")"
subDomainNameClean="$(printf "%s\n" "$domain" | sed "s,_acme-challenge.,,g")"
rootZoneDomainID=$(printf "%s\n" "$useResult" | tr ',' '\n' | grep domain_id | cut -d'"' -f4)
rootZoneServiceID=$(printf "%s\n" "$useResult" | tr ',' '\n' | grep service_id | cut -d'"' -f4)
_debug2 _zoneInfo "Zone info from API : $zoneInfo"
_debug2 _get_root "Root zone name : $rootZoneName"
_debug2 _get_root "Root zone domain ID : $rootZoneDomainID"
_debug2 _get_root "Root zone service ID: $rootZoneServiceID"
_debug2 _get_root "Sub domain : $subDomainName"
_debug _get_root "Found valid root domain $rootZone for $subDomainNameClean"
return 0
}
createRecord() {
fulldomain="$1"
txtvalue="$2"
# Get root domain information - needed for DNS.Services API communication
if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then
_get_root "$fulldomain"
fi
if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then
_err "Something happend - could not get the API zone information"
return 1
fi
_debug2 createRecord "CNAME TXT value is: $txtvalue"
# Prepare data to send to API
data="{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"${txtvalue}\", \"ttl\":\"10\"}"
_debug2 createRecord "data to API: $data"
result=$(_post "$data" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records" "" "POST")
_debug2 createRecord "result from API: $result"
if [ "$(echo "$result" | _egrep_o "\"success\":true")" = "" ]; then
_err "Failed to create TXT record $fulldomain with content $txtvalue in zone $rootZoneName"
_err "$result"
return 1
fi
_info "Record \"$fulldomain TXT $txtvalue\" has been created"
return 0
}
deleteRecord() {
fulldomain="$1"
txtvalue="$2"
_log deleteRecord "Deleting $fulldomain TXT $txtvalue record"
if [ -z "$rootZoneName" ] || [ -z "$rootZoneDomainID" ] || [ -z "$rootZoneServiceID" ]; then
_get_root "$fulldomain"
fi
result="$(_H1="$_H1" _H2="$_H2" _get "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID")"
#recordInfo="$(echo "$result" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}")"
#recordID="$(echo "$recordInfo" | sed -e 's/:{/:{\n/g' -e 's/},/\n},\n/g' | grep "${txtvalue}" | sed -E 's,.*(zones)(.*),\1\2,g' | sed -E 's,^(.*"id":")([^"]*)"(.*)$,\2,g')"
recordID="$(printf "%s\n" "$result" | tr '}' '\n' | grep -- "$txtvalue" | tr ',' '\n' | grep '"id"' | cut -d'"' -f4)"
_debug2 _recordID "recordID used for deletion of record: $recordID"
if [ -z "$recordID" ]; then
_info "Record $fulldomain TXT $txtvalue not found or already deleted"
return 0
else
_debug2 deleteRecord "Found recordID=$recordID"
fi
_debug2 deleteRecord "DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID"
_log "curl DELETE request $DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID"
result="$(_H1="$_H1" _H2="$_H2" _post "" "$DNSServices_API/service/$rootZoneServiceID/dns/$rootZoneDomainID/records/$recordID" "" "DELETE")"
_debug2 deleteRecord "API Delete result \"$result\""
_log "curl API Delete result \"$result\""
# Return OK regardless
return 0
}

View File

@ -1,148 +0,0 @@
#!/usr/bin/env sh
# DNS API for Domain-Offensive / Resellerinterface / Domainrobot
# Report bugs at https://github.com/seidler2547/acme.sh/issues
# set these environment variables to match your customer ID and password:
# DO_PID="KD-1234567"
# DO_PW="cdfkjl3n2"
DO_URL="https://soap.resellerinterface.de/"
######## Public functions #####################
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_do_add() {
fulldomain=$1
txtvalue=$2
if _dns_do_authenticate; then
_info "Adding TXT record to ${_domain} as ${fulldomain}"
_dns_do_soap createRR origin "${_domain}" name "${fulldomain}" type TXT data "${txtvalue}" ttl 300
if _contains "${response}" '>success<'; then
return 0
fi
_err "Could not create resource record, check logs"
fi
return 1
}
#fulldomain
dns_do_rm() {
fulldomain=$1
if _dns_do_authenticate; then
if _dns_do_list_rrs; then
_dns_do_had_error=0
for _rrid in ${_rr_list}; do
_info "Deleting resource record $_rrid for $_domain"
_dns_do_soap deleteRR origin "${_domain}" rrid "${_rrid}"
if ! _contains "${response}" '>success<'; then
_dns_do_had_error=1
_err "Could not delete resource record for ${_domain}, id ${_rrid}"
fi
done
return $_dns_do_had_error
fi
fi
return 1
}
#################### Private functions below ##################################
_dns_do_authenticate() {
_info "Authenticating as ${DO_PID}"
_dns_do_soap authPartner partner "${DO_PID}" password "${DO_PW}"
if _contains "${response}" '>success<'; then
_get_root "$fulldomain"
_debug "_domain $_domain"
return 0
else
_err "Authentication failed, are DO_PID and DO_PW set correctly?"
fi
return 1
}
_dns_do_list_rrs() {
_dns_do_soap getRRList origin "${_domain}"
if ! _contains "${response}" 'SOAP-ENC:Array'; then
_err "getRRList origin ${_domain} failed"
return 1
fi
_rr_list="$(echo "${response}" \
| tr -d "\n\r\t" \
| sed -e 's/<item xsi:type="ns2:Map">/\n/g' \
| grep ">$(_regexcape "$fulldomain")</value>" \
| sed -e 's/<\/item>/\n/g' \
| grep '>id</key><value' \
| _egrep_o '>[0-9]{1,16}<' \
| tr -d '><')"
[ "${_rr_list}" ]
}
_dns_do_soap() {
func="$1"
shift
# put the parameters to xml
body="<tns:${func} xmlns:tns=\"${DO_URL}\">"
while [ "$1" ]; do
_k="$1"
shift
_v="$1"
shift
body="$body<$_k>$_v</$_k>"
done
body="$body</tns:${func}>"
_debug2 "SOAP request ${body}"
# build SOAP XML
_xml='<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>'"$body"'</env:Body>
</env:Envelope>'
# set SOAP headers
export _H1="SOAPAction: ${DO_URL}#${func}"
if ! response="$(_post "${_xml}" "${DO_URL}")"; then
_err "Error <$1>"
return 1
fi
_debug2 "SOAP response $response"
# retrieve cookie header
_H2="$(_egrep_o 'Cookie: [^;]+' <"$HTTP_HEADER" | _head_n 1)"
export _H2
return 0
}
_get_root() {
domain=$1
i=1
_dns_do_soap getDomainList
_all_domains="$(echo "${response}" \
| tr -d "\n\r\t " \
| _egrep_o 'domain</key><value[^>]+>[^<]+' \
| sed -e 's/^domain<\/key><value[^>]*>//g')"
while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
if [ -z "$h" ]; then
return 1
fi
if _contains "${_all_domains}" "^$(_regexcape "$h")\$"; then
_domain="$h"
return 0
fi
i=$(_math $i + 1)
done
_debug "$domain not found"
return 1
}
_regexcape() {
echo "$1" | sed -e 's/\([]\.$*^[]\)/\\\1/g'
}

View File

@ -1,14 +1,16 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
dns_doapi_info='Domain-Offensive do.de
Official LetsEncrypt API for do.de / Domain-Offensive.
This API is also available to private customers/individuals.
Site: do.de
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_doapi
Options:
DO_LETOKEN LetsEncrypt Token
Issues: github.com/acmesh-official/acme.sh/issues/2057
'
# Official Let's Encrypt API for do.de / Domain-Offensive DO_API="https://my.do.de/api/letsencrypt"
#
# This is different from the dns_do adapter, because dns_do is only usable for enterprise customers
# This API is also available to private customers/individuals
#
# Provide the required LetsEncrypt token like this:
# DO_LETOKEN="FmD408PdqT1E269gUK57"
DO_API="https://www.do.de/api/letsencrypt"
######## Public functions ##################### ######## Public functions #####################

View File

@ -1,4 +1,13 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
dns_domeneshop_info='DomeneShop.no
Site: DomeneShop.no
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_domeneshop
Options:
DOMENESHOP_Token Token
DOMENESHOP_Secret Secret
Issues: github.com/acmesh-official/acme.sh/issues/2457
'
DOMENESHOP_Api_Endpoint="https://api.domeneshop.no/v0" DOMENESHOP_Api_Endpoint="https://api.domeneshop.no/v0"
@ -84,7 +93,7 @@ _get_domainid() {
i=2 i=2
p=1 p=1
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug "h" "$h" _debug "h" "$h"
if [ -z "$h" ]; then if [ -z "$h" ]; then
#not valid #not valid
@ -93,7 +102,7 @@ _get_domainid() {
if _contains "$response" "\"$h\"" >/dev/null; then if _contains "$response" "\"$h\"" >/dev/null; then
# We have found the domain name. # We have found the domain name.
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h _domain=$h
_domainid=$(printf "%s" "$response" | _egrep_o "[^{]*\"domain\":\"$_domain\"[^}]*" | _egrep_o "\"id\":[0-9]+" | cut -d : -f 2) _domainid=$(printf "%s" "$response" | _egrep_o "[^{]*\"domain\":\"$_domain\"[^}]*" | _egrep_o "\"id\":[0-9]+" | cut -d : -f 2)
return 0 return 0

View File

@ -1,10 +1,12 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
# Dnspod.cn Domain api dns_dp_info='DNSPod.cn
# Site: DNSPod.cn
#DP_Id="1234" Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dp
# Options:
#DP_Key="sADDsdasdgdsf" DP_Id Id
DP_Key Key
'
REST_API="https://dnsapi.cn" REST_API="https://dnsapi.cn"
@ -53,7 +55,7 @@ dns_dp_rm() {
return 1 return 1
fi fi
if ! _rest POST "Record.List" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain"; then if ! _rest POST "Record.List" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain"; then
_err "Record.Lis error." _err "Record.Lis error."
return 1 return 1
fi fi
@ -70,12 +72,12 @@ dns_dp_rm() {
return 1 return 1
fi fi
if ! _rest POST "Record.Remove" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&record_id=$record_id"; then if ! _rest POST "Record.Remove" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&record_id=$record_id"; then
_err "Record.Remove error." _err "Record.Remove error."
return 1 return 1
fi fi
_contains "$response" "Action completed successful" _contains "$response" "successful"
} }
@ -89,11 +91,11 @@ add_record() {
_info "Adding record" _info "Adding record"
if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认"; then if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=%E9%BB%98%E8%AE%A4"; then
return 1 return 1
fi fi
_contains "$response" "Action completed successful" || _contains "$response" "Domain record already exists" _contains "$response" "successful" || _contains "$response" "Domain record already exists"
} }
#################### Private functions below ################################## #################### Private functions below ##################################
@ -107,21 +109,21 @@ _get_root() {
i=2 i=2
p=1 p=1
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
if [ -z "$h" ]; then if [ -z "$h" ]; then
#not valid #not valid
return 1 return 1
fi fi
if ! _rest POST "Domain.Info" "login_token=$DP_Id,$DP_Key&format=json&domain=$h"; then if ! _rest POST "Domain.Info" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain=$h"; then
return 1 return 1
fi fi
if _contains "$response" "Action completed successful"; then if _contains "$response" "successful"; then
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
_debug _domain_id "$_domain_id" _debug _domain_id "$_domain_id"
if [ "$_domain_id" ]; then if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_debug _sub_domain "$_sub_domain" _debug _sub_domain "$_sub_domain"
_domain="$h" _domain="$h"
_debug _domain "$_domain" _debug _domain "$_domain"

View File

@ -1,10 +1,12 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
# Dnspod.com Domain api dns_dpi_info='DNSPod.com
# Site: DNSPod.com
#DPI_Id="1234" Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dpi
# Options:
#DPI_Key="sADDsdasdgdsf" DPI_Id Id
DPI_Key Key
'
REST_API="https://api.dnspod.com" REST_API="https://api.dnspod.com"
@ -53,7 +55,7 @@ dns_dpi_rm() {
return 1 return 1
fi fi
if ! _rest POST "Record.List" "user_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain"; then if ! _rest POST "Record.List" "login_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain"; then
_err "Record.Lis error." _err "Record.Lis error."
return 1 return 1
fi fi
@ -63,19 +65,19 @@ dns_dpi_rm() {
return 0 return 0
fi fi
record_id=$(echo "$response" | _egrep_o '{[^{]*"value":"'"$txtvalue"'"' | cut -d , -f 1 | cut -d : -f 2 | tr -d \") record_id=$(echo "$response" | tr "{" "\n" | grep -- "$txtvalue" | grep '^"id"' | cut -d : -f 2 | cut -d '"' -f 2)
_debug record_id "$record_id" _debug record_id "$record_id"
if [ -z "$record_id" ]; then if [ -z "$record_id" ]; then
_err "Can not get record id." _err "Can not get record id."
return 1 return 1
fi fi
if ! _rest POST "Record.Remove" "user_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&record_id=$record_id"; then if ! _rest POST "Record.Remove" "login_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&record_id=$record_id"; then
_err "Record.Remove error." _err "Record.Remove error."
return 1 return 1
fi fi
_contains "$response" "Action completed successful" _contains "$response" "Operation successful"
} }
@ -89,11 +91,11 @@ add_record() {
_info "Adding record" _info "Adding record"
if ! _rest POST "Record.Create" "user_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=default"; then if ! _rest POST "Record.Create" "login_token=$DPI_Id,$DPI_Key&format=json&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=default"; then
return 1 return 1
fi fi
_contains "$response" "Action completed successful" || _contains "$response" "Domain record already exists" _contains "$response" "Operation successful" || _contains "$response" "Domain record already exists"
} }
#################### Private functions below ################################## #################### Private functions below ##################################
@ -107,21 +109,21 @@ _get_root() {
i=2 i=2
p=1 p=1
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
if [ -z "$h" ]; then if [ -z "$h" ]; then
#not valid #not valid
return 1 return 1
fi fi
if ! _rest POST "Domain.Info" "user_token=$DPI_Id,$DPI_Key&format=json&domain=$h"; then if ! _rest POST "Domain.Info" "login_token=$DPI_Id,$DPI_Key&format=json&domain=$h"; then
return 1 return 1
fi fi
if _contains "$response" "Action completed successful"; then if _contains "$response" "Operation successful"; then
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \") _domain_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
_debug _domain_id "$_domain_id" _debug _domain_id "$_domain_id"
if [ "$_domain_id" ]; then if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_debug _sub_domain "$_sub_domain" _debug _sub_domain "$_sub_domain"
_domain="$h" _domain="$h"
_debug _domain "$_domain" _debug _domain "$_domain"

View File

@ -1,10 +1,14 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
dns_dreamhost_info='DreamHost.com
Site: DreamHost.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dreamhost
Options:
DH_API_KEY API Key
Issues: github.com/RhinoLance/acme.sh
Author: RhinoLance
'
#Author: RhinoLance
#Report Bugs here: https://github.com/RhinoLance/acme.sh
#
#define the api endpoint
DH_API_ENDPOINT="https://api.dreamhost.com/" DH_API_ENDPOINT="https://api.dreamhost.com/"
querystring="" querystring=""

View File

@ -1,18 +1,16 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
#Created by RaidenII, to use DuckDNS's API to add/remove text records dns_duckdns_info='DuckDNS.org
#06/27/2017 Site: www.DuckDNS.org
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns
# Pass credentials before "acme.sh --issue --dns dns_duckdns ..." Options:
# -- DuckDNS_Token API Token
# export DuckDNS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee" Author: RaidenII
# -- '
#
# Due to the fact that DuckDNS uses StartSSL as cert provider, --insecure may need to be used with acme.sh
DuckDNS_API="https://www.duckdns.org/update" DuckDNS_API="https://www.duckdns.org/update"
######## Public functions ##################### ######## Public functions ######################
#Usage: dns_duckdns_add _acme-challenge.domain.duckdns.org "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" #Usage: dns_duckdns_add _acme-challenge.domain.duckdns.org "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_duckdns_add() { dns_duckdns_add() {
@ -91,13 +89,12 @@ dns_duckdns_rm() {
#################### Private functions below ################################## #################### Private functions below ##################################
#fulldomain=_acme-challenge.domain.duckdns.org # fulldomain may be 'domain.duckdns.org' (if using --domain-alias) or '_acme-challenge.domain.duckdns.org'
#returns # either way, return 'domain'. (duckdns does not allow further subdomains and restricts domains to [a-z0-9-].)
# _duckdns_domain=domain
_duckdns_get_domain() { _duckdns_get_domain() {
# We'll extract the domain/username from full domain # We'll extract the domain/username from full domain
_duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '[.][^.][^.]*[.]duckdns.org' | cut -d . -f 2)" _duckdns_domain="$(printf "%s" "$fulldomain" | _lower_case | _egrep_o '^(_acme-challenge\.)?([a-z0-9-]+\.)+duckdns\.org' | sed -n 's/^\([^.]\{1,\}\.\)*\([a-z0-9-]\{1,\}\)\.duckdns\.org$/\2/p;')"
if [ -z "$_duckdns_domain" ]; then if [ -z "$_duckdns_domain" ]; then
_err "Error extracting the domain." _err "Error extracting the domain."
@ -113,16 +110,21 @@ _duckdns_rest() {
param="$2" param="$2"
_debug param "$param" _debug param "$param"
url="$DuckDNS_API?$param" url="$DuckDNS_API?$param"
if [ -n "$DEBUG" ] && [ "$DEBUG" -gt 0 ]; then
url="$url&verbose=true"
fi
_debug url "$url" _debug url "$url"
# DuckDNS uses GET to update domain info # DuckDNS uses GET to update domain info
if [ "$method" = "GET" ]; then if [ "$method" = "GET" ]; then
response="$(_get "$url")" response="$(_get "$url")"
_debug2 response "$response"
if [ -n "$DEBUG" ] && [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then
response="OK"
fi
else else
_err "Unsupported method" _err "Unsupported method"
return 1 return 1
fi fi
_debug2 response "$response"
return 0 return 0
} }

View File

@ -1,7 +1,13 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
#DD_API_User="xxxxx" dns_durabledns_info='DurableDNS.com
#DD_API_Key="xxxxxx" Site: DurableDNS.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_durabledns
Options:
DD_API_User API User
DD_API_Key API Key
Issues: github.com/acmesh-official/acme.sh/issues/2281
'
_DD_BASE="https://durabledns.com/services/dns" _DD_BASE="https://durabledns.com/services/dns"
@ -104,7 +110,7 @@ _get_root() {
i=1 i=1
p=1 p=1
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h" _debug h "$h"
if [ -z "$h" ]; then if [ -z "$h" ]; then
#not valid #not valid
@ -112,7 +118,7 @@ _get_root() {
fi fi
if _contains "$response" ">$h.</origin>"; then if _contains "$response" ">$h.</origin>"; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain=$h _domain=$h
return 0 return 0
fi fi

View File

@ -1,10 +1,16 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# # shellcheck disable=SC2034
# Dyn.com Domain API dns_dyn_info='Dyn.com
# Domains: dynect.net
# Author: Gerd Naschenweng Site: Dyn.com
# https://github.com/magicdude4eva Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dyn
# Options:
DYN_Customer Customer
DYN_Username API Username
DYN_Password Secret
Author: Gerd Naschenweng <https://github.com/magicdude4eva>
'
# Dyn Managed DNS API # Dyn Managed DNS API
# https://help.dyn.com/dns-api-knowledge-base/ # https://help.dyn.com/dns-api-knowledge-base/
# #
@ -20,13 +26,6 @@
# ZoneRemoveNode # ZoneRemoveNode
# ZonePublish # ZonePublish
# -- # --
#
# Pass credentials before "acme.sh --issue --dns dns_dyn ..."
# --
# export DYN_Customer="customer"
# export DYN_Username="apiuser"
# export DYN_Password="secret"
# --
DYN_API="https://api.dynect.net/REST" DYN_API="https://api.dynect.net/REST"

View File

@ -1,20 +1,21 @@
#!/usr/bin/env sh #!/usr/bin/env sh
# shellcheck disable=SC2034
dns_dynu_info='Dynu.com
Site: Dynu.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dynu
Options:
Dynu_ClientId Client ID
Dynu_Secret Secret
Issues: github.com/shar0119/acme.sh
Author: Dynu Systems Inc
'
#Client ID
#Dynu_ClientId="0b71cae7-a099-4f6b-8ddf-94571cdb760d"
#
#Secret
#Dynu_Secret="aCUEY4BDCV45KI8CSIC3sp2LKQ9"
#
#Token #Token
Dynu_Token="" Dynu_Token=""
# #
#Endpoint #Endpoint
Dynu_EndPoint="https://api.dynu.com/v2" Dynu_EndPoint="https://api.dynu.com/v2"
#
#Author: Dynu Systems, Inc.
#Report Bugs here: https://github.com/shar0119/acme.sh
#
######## Public functions ##################### ######## Public functions #####################
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" #Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
@ -125,7 +126,7 @@ _get_root() {
i=2 i=2
p=1 p=1
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f "$i"-100)
_debug h "$h" _debug h "$h"
if [ -z "$h" ]; then if [ -z "$h" ]; then
#not valid #not valid
@ -139,7 +140,7 @@ _get_root() {
if _contains "$response" "\"domainName\":\"$h\"" >/dev/null; then if _contains "$response" "\"domainName\":\"$h\"" >/dev/null; then
dnsId=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 2 | cut -d : -f 2) dnsId=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 2 | cut -d : -f 2)
_domain_name=$h _domain_name=$h
_node=$(printf "%s" "$domain" | cut -d . -f 1-$p) _node=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
return 0 return 0
fi fi
p=$i p=$i
@ -216,6 +217,10 @@ _dynu_authentication() {
_err "Authentication failed." _err "Authentication failed."
return 1 return 1
fi fi
if _contains "$response" "Authentication Exception"; then
_err "Authentication failed."
return 1
fi
if _contains "$response" "access_token"; then if _contains "$response" "access_token"; then
Dynu_Token=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 1 | cut -d : -f 2 | cut -d '"' -f 2) Dynu_Token=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 1 | cut -d : -f 2 | cut -d '"' -f 2)
fi fi

Some files were not shown because too many files have changed in this diff Show More