mirror of
https://github.com/plantroon/acme.sh.git
synced 2025-01-24 13:00:48 +00:00
Added Azion DNS API
This commit is contained in:
commit
184dde92a2
10
.github/workflows/DNS.yml
vendored
10
.github/workflows/DNS.yml
vendored
@ -59,7 +59,7 @@ jobs:
|
|||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- name: Set env file
|
- name: Set env file
|
||||||
run: |
|
run: |
|
||||||
cd ../acmetest
|
cd ../acmetest
|
||||||
if [ "${{ secrets.TokenName1}}" ] ; then
|
if [ "${{ secrets.TokenName1}}" ] ; then
|
||||||
echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> env.list
|
echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> env.list
|
||||||
fi
|
fi
|
||||||
@ -75,7 +75,7 @@ jobs:
|
|||||||
if [ "${{ secrets.TokenName5}}" ] ; then
|
if [ "${{ secrets.TokenName5}}" ] ; then
|
||||||
echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> env.list
|
echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> env.list
|
||||||
fi
|
fi
|
||||||
echo "TEST_DNS_NO_WILDCARD" >> env.list
|
echo "TEST_DNS_NO_WILDCARD" >> env.list
|
||||||
echo "TEST_DNS_SLEEP" >> env.list
|
echo "TEST_DNS_SLEEP" >> env.list
|
||||||
- name: Run acmetest
|
- name: Run acmetest
|
||||||
run: cd ../acmetest && ./rundocker.sh testall
|
run: cd ../acmetest && ./rundocker.sh testall
|
||||||
@ -226,8 +226,10 @@ jobs:
|
|||||||
- uses: vmactions/solaris-vm@v0.0.3
|
- uses: vmactions/solaris-vm@v0.0.3
|
||||||
with:
|
with:
|
||||||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
||||||
prepare: pkgutil -y -i socat curl
|
prepare: pkgutil -y -i socat
|
||||||
run: |
|
run: |
|
||||||
|
pkg set-mediator -v -I default@1.1 openssl
|
||||||
|
export PATH=/usr/gnu/bin:$PATH
|
||||||
if [ "${{ secrets.TokenName1}}" ] ; then
|
if [ "${{ secrets.TokenName1}}" ] ; then
|
||||||
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}
|
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}
|
||||||
fi
|
fi
|
||||||
@ -245,5 +247,3 @@ jobs:
|
|||||||
fi
|
fi
|
||||||
cd ../acmetest
|
cd ../acmetest
|
||||||
./letest.sh
|
./letest.sh
|
||||||
|
|
||||||
|
|
||||||
|
60
.github/workflows/FreeBSD.yml
vendored
Normal file
60
.github/workflows/FreeBSD.yml
vendored
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
name: FreeBSD
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- '*'
|
||||||
|
paths:
|
||||||
|
- '*.sh'
|
||||||
|
- '**.yml'
|
||||||
|
|
||||||
|
pull_request:
|
||||||
|
branches:
|
||||||
|
- dev
|
||||||
|
paths:
|
||||||
|
- '*.sh'
|
||||||
|
- '**.yml'
|
||||||
|
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
FreeBSD:
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- TEST_ACME_Server: ""
|
||||||
|
CA_ECDSA: ""
|
||||||
|
CA: ""
|
||||||
|
CA_EMAIL: ""
|
||||||
|
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||||
|
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||||
|
CA_EMAIL: "githubtest@acme.sh"
|
||||||
|
runs-on: macos-latest
|
||||||
|
env:
|
||||||
|
TEST_LOCAL: 1
|
||||||
|
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||||
|
CA: ${{ matrix.CA }}
|
||||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- uses: vmactions/cf-tunnel@v0.0.2
|
||||||
|
id: tunnel
|
||||||
|
with:
|
||||||
|
protocol: http
|
||||||
|
port: 8080
|
||||||
|
- name: Set envs
|
||||||
|
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
|
||||||
|
- name: Clone acmetest
|
||||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
|
- uses: vmactions/freebsd-vm@v0.1.4
|
||||||
|
with:
|
||||||
|
envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL'
|
||||||
|
nat: |
|
||||||
|
"8080": "80"
|
||||||
|
prepare: pkg install -y socat curl
|
||||||
|
usesh: true
|
||||||
|
run: |
|
||||||
|
cd ../acmetest \
|
||||||
|
&& ./letest.sh
|
||||||
|
|
||||||
|
|
214
.github/workflows/LetsEncrypt.yml
vendored
214
.github/workflows/LetsEncrypt.yml
vendored
@ -1,214 +0,0 @@
|
|||||||
name: LetsEncrypt
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- '*'
|
|
||||||
paths:
|
|
||||||
- '**.sh'
|
|
||||||
- '**.yml'
|
|
||||||
pull_request:
|
|
||||||
branches:
|
|
||||||
- dev
|
|
||||||
paths:
|
|
||||||
- '**.sh'
|
|
||||||
- '**.yml'
|
|
||||||
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
Ubuntu:
|
|
||||||
strategy:
|
|
||||||
matrix:
|
|
||||||
include:
|
|
||||||
- TEST_ACME_Server: ""
|
|
||||||
CA_ECDSA: ""
|
|
||||||
CA: ""
|
|
||||||
CA_EMAIL: ""
|
|
||||||
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
|
||||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
|
||||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
|
||||||
CA_EMAIL: "githubtest@acme.sh"
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
env:
|
|
||||||
TEST_LOCAL: 1
|
|
||||||
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
|
||||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
|
||||||
CA: ${{ matrix.CA }}
|
|
||||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- name: Install tools
|
|
||||||
run: sudo apt-get install -y socat
|
|
||||||
- name: Clone acmetest
|
|
||||||
run: |
|
|
||||||
cd .. \
|
|
||||||
&& git clone https://github.com/acmesh-official/acmetest.git \
|
|
||||||
&& cp -r acme.sh acmetest/
|
|
||||||
- name: Run acmetest
|
|
||||||
run: |
|
|
||||||
cd ../acmetest \
|
|
||||||
&& sudo --preserve-env ./letest.sh
|
|
||||||
|
|
||||||
MacOS:
|
|
||||||
strategy:
|
|
||||||
matrix:
|
|
||||||
include:
|
|
||||||
- TEST_ACME_Server: ""
|
|
||||||
CA_ECDSA: ""
|
|
||||||
CA: ""
|
|
||||||
CA_EMAIL: ""
|
|
||||||
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
|
||||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
|
||||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
|
||||||
CA_EMAIL: "githubtest@acme.sh"
|
|
||||||
runs-on: macos-latest
|
|
||||||
env:
|
|
||||||
TEST_LOCAL: 1
|
|
||||||
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
|
||||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
|
||||||
CA: ${{ matrix.CA }}
|
|
||||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- name: Install tools
|
|
||||||
run: brew install socat
|
|
||||||
- name: Clone acmetest
|
|
||||||
run: |
|
|
||||||
cd .. \
|
|
||||||
&& git clone https://github.com/acmesh-official/acmetest.git \
|
|
||||||
&& cp -r acme.sh acmetest/
|
|
||||||
- name: Run acmetest
|
|
||||||
run: |
|
|
||||||
cd ../acmetest \
|
|
||||||
&& sudo --preserve-env ./letest.sh
|
|
||||||
|
|
||||||
Windows:
|
|
||||||
strategy:
|
|
||||||
matrix:
|
|
||||||
include:
|
|
||||||
- TEST_ACME_Server: ""
|
|
||||||
CA_ECDSA: ""
|
|
||||||
CA: ""
|
|
||||||
CA_EMAIL: ""
|
|
||||||
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
|
||||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
|
||||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
|
||||||
CA_EMAIL: "githubtest@acme.sh"
|
|
||||||
runs-on: windows-latest
|
|
||||||
env:
|
|
||||||
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
|
||||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
|
||||||
CA: ${{ matrix.CA }}
|
|
||||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
|
||||||
TEST_LOCAL: 1
|
|
||||||
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port.
|
|
||||||
Le_HTTPPort: 8888
|
|
||||||
steps:
|
|
||||||
- name: Set git to use LF
|
|
||||||
run: |
|
|
||||||
git config --global core.autocrlf false
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- name: Install cygwin base packages with chocolatey
|
|
||||||
run: |
|
|
||||||
choco config get cacheLocation
|
|
||||||
choco install --no-progress cygwin
|
|
||||||
shell: cmd
|
|
||||||
- name: Install cygwin additional packages
|
|
||||||
run: |
|
|
||||||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
|
|
||||||
shell: cmd
|
|
||||||
- name: Set ENV
|
|
||||||
shell: cmd
|
|
||||||
run: |
|
|
||||||
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV%
|
|
||||||
- name: Check ENV
|
|
||||||
shell: cmd
|
|
||||||
run: |
|
|
||||||
echo "PATH=%PATH%"
|
|
||||||
- name: Clone acmetest
|
|
||||||
shell: cmd
|
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
|
||||||
- name: Run acmetest
|
|
||||||
shell: cmd
|
|
||||||
run: cd ../acmetest && bash.exe -c ./letest.sh
|
|
||||||
|
|
||||||
FreeBSD:
|
|
||||||
strategy:
|
|
||||||
matrix:
|
|
||||||
include:
|
|
||||||
- TEST_ACME_Server: ""
|
|
||||||
CA_ECDSA: ""
|
|
||||||
CA: ""
|
|
||||||
CA_EMAIL: ""
|
|
||||||
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
|
||||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
|
||||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
|
||||||
CA_EMAIL: "githubtest@acme.sh"
|
|
||||||
runs-on: macos-latest
|
|
||||||
env:
|
|
||||||
TEST_LOCAL: 1
|
|
||||||
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
|
||||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
|
||||||
CA: ${{ matrix.CA }}
|
|
||||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- uses: vmactions/cf-tunnel@v0.0.2
|
|
||||||
id: tunnel
|
|
||||||
with:
|
|
||||||
protocol: http
|
|
||||||
port: 8080
|
|
||||||
- name: Set envs
|
|
||||||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
|
|
||||||
- name: Clone acmetest
|
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
|
||||||
- uses: vmactions/freebsd-vm@v0.1.4
|
|
||||||
with:
|
|
||||||
envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL'
|
|
||||||
nat: |
|
|
||||||
"8080": "80"
|
|
||||||
prepare: pkg install -y socat curl
|
|
||||||
usesh: true
|
|
||||||
run: |
|
|
||||||
cd ../acmetest \
|
|
||||||
&& ./letest.sh
|
|
||||||
|
|
||||||
Solaris:
|
|
||||||
strategy:
|
|
||||||
matrix:
|
|
||||||
include:
|
|
||||||
- TEST_ACME_Server: ""
|
|
||||||
CA_ECDSA: ""
|
|
||||||
CA: ""
|
|
||||||
CA_EMAIL: ""
|
|
||||||
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
|
||||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
|
||||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
|
||||||
CA_EMAIL: "githubtest@acme.sh"
|
|
||||||
runs-on: macos-latest
|
|
||||||
env:
|
|
||||||
TEST_LOCAL: 1
|
|
||||||
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
|
||||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
|
||||||
CA: ${{ matrix.CA }}
|
|
||||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v2
|
|
||||||
- uses: vmactions/cf-tunnel@v0.0.2
|
|
||||||
id: tunnel
|
|
||||||
with:
|
|
||||||
protocol: http
|
|
||||||
port: 8080
|
|
||||||
- name: Set envs
|
|
||||||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
|
|
||||||
- name: Clone acmetest
|
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
|
||||||
- uses: vmactions/solaris-vm@v0.0.3
|
|
||||||
with:
|
|
||||||
envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL'
|
|
||||||
nat: |
|
|
||||||
"8080": "80"
|
|
||||||
prepare: pkgutil -y -i socat curl
|
|
||||||
run: |
|
|
||||||
cd ../acmetest \
|
|
||||||
&& ./letest.sh
|
|
||||||
|
|
6
.github/workflows/Linux.yml
vendored
6
.github/workflows/Linux.yml
vendored
@ -4,16 +4,18 @@ on:
|
|||||||
branches:
|
branches:
|
||||||
- '*'
|
- '*'
|
||||||
paths:
|
paths:
|
||||||
- '**.sh'
|
- '*.sh'
|
||||||
- '**.yml'
|
- '**.yml'
|
||||||
|
|
||||||
pull_request:
|
pull_request:
|
||||||
branches:
|
branches:
|
||||||
- dev
|
- dev
|
||||||
paths:
|
paths:
|
||||||
- '**.sh'
|
- '*.sh'
|
||||||
- '**.yml'
|
- '**.yml'
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
Linux:
|
Linux:
|
||||||
strategy:
|
strategy:
|
||||||
|
52
.github/workflows/MacOS.yml
vendored
Normal file
52
.github/workflows/MacOS.yml
vendored
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
name: MacOS
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- '*'
|
||||||
|
paths:
|
||||||
|
- '*.sh'
|
||||||
|
- '**.yml'
|
||||||
|
|
||||||
|
pull_request:
|
||||||
|
branches:
|
||||||
|
- dev
|
||||||
|
paths:
|
||||||
|
- '*.sh'
|
||||||
|
- '**.yml'
|
||||||
|
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
MacOS:
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- TEST_ACME_Server: ""
|
||||||
|
CA_ECDSA: ""
|
||||||
|
CA: ""
|
||||||
|
CA_EMAIL: ""
|
||||||
|
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||||
|
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||||
|
CA_EMAIL: "githubtest@acme.sh"
|
||||||
|
runs-on: macos-latest
|
||||||
|
env:
|
||||||
|
TEST_LOCAL: 1
|
||||||
|
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||||
|
CA: ${{ matrix.CA }}
|
||||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- name: Install tools
|
||||||
|
run: brew install socat
|
||||||
|
- name: Clone acmetest
|
||||||
|
run: |
|
||||||
|
cd .. \
|
||||||
|
&& git clone https://github.com/acmesh-official/acmetest.git \
|
||||||
|
&& cp -r acme.sh acmetest/
|
||||||
|
- name: Run acmetest
|
||||||
|
run: |
|
||||||
|
cd ../acmetest \
|
||||||
|
&& sudo --preserve-env ./letest.sh
|
||||||
|
|
||||||
|
|
4
.github/workflows/PebbleStrict.yml
vendored
4
.github/workflows/PebbleStrict.yml
vendored
@ -4,13 +4,13 @@ on:
|
|||||||
branches:
|
branches:
|
||||||
- '*'
|
- '*'
|
||||||
paths:
|
paths:
|
||||||
- '**.sh'
|
- '*.sh'
|
||||||
- '**.yml'
|
- '**.yml'
|
||||||
pull_request:
|
pull_request:
|
||||||
branches:
|
branches:
|
||||||
- dev
|
- dev
|
||||||
paths:
|
paths:
|
||||||
- '**.sh'
|
- '*.sh'
|
||||||
- '**.yml'
|
- '**.yml'
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
58
.github/workflows/Solaris.yml
vendored
Normal file
58
.github/workflows/Solaris.yml
vendored
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
name: Solaris
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- '*'
|
||||||
|
paths:
|
||||||
|
- '*.sh'
|
||||||
|
- '**.yml'
|
||||||
|
|
||||||
|
pull_request:
|
||||||
|
branches:
|
||||||
|
- dev
|
||||||
|
paths:
|
||||||
|
- '*.sh'
|
||||||
|
- '**.yml'
|
||||||
|
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
Solaris:
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- TEST_ACME_Server: ""
|
||||||
|
CA_ECDSA: ""
|
||||||
|
CA: ""
|
||||||
|
CA_EMAIL: ""
|
||||||
|
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||||
|
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||||
|
CA_EMAIL: "githubtest@acme.sh"
|
||||||
|
runs-on: macos-latest
|
||||||
|
env:
|
||||||
|
TEST_LOCAL: 1
|
||||||
|
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||||
|
CA: ${{ matrix.CA }}
|
||||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- uses: vmactions/cf-tunnel@v0.0.2
|
||||||
|
id: tunnel
|
||||||
|
with:
|
||||||
|
protocol: http
|
||||||
|
port: 8080
|
||||||
|
- name: Set envs
|
||||||
|
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
|
||||||
|
- name: Clone acmetest
|
||||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
|
- uses: vmactions/solaris-vm@v0.0.3
|
||||||
|
with:
|
||||||
|
envs: 'TEST_LOCAL TestingDomain ACME_DIRECTORY CA_ECDSA CA CA_EMAIL'
|
||||||
|
nat: |
|
||||||
|
"8080": "80"
|
||||||
|
prepare: pkgutil -y -i socat curl
|
||||||
|
run: |
|
||||||
|
cd ../acmetest \
|
||||||
|
&& ./letest.sh
|
||||||
|
|
52
.github/workflows/Ubuntu.yml
vendored
Normal file
52
.github/workflows/Ubuntu.yml
vendored
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
name: Ubuntu
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- '*'
|
||||||
|
paths:
|
||||||
|
- '*.sh'
|
||||||
|
- '**.yml'
|
||||||
|
|
||||||
|
pull_request:
|
||||||
|
branches:
|
||||||
|
- dev
|
||||||
|
paths:
|
||||||
|
- '*.sh'
|
||||||
|
- '**.yml'
|
||||||
|
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
Ubuntu:
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- TEST_ACME_Server: ""
|
||||||
|
CA_ECDSA: ""
|
||||||
|
CA: ""
|
||||||
|
CA_EMAIL: ""
|
||||||
|
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||||
|
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||||
|
CA_EMAIL: "githubtest@acme.sh"
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
env:
|
||||||
|
TEST_LOCAL: 1
|
||||||
|
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||||
|
CA: ${{ matrix.CA }}
|
||||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- name: Install tools
|
||||||
|
run: sudo apt-get install -y socat
|
||||||
|
- name: Clone acmetest
|
||||||
|
run: |
|
||||||
|
cd .. \
|
||||||
|
&& git clone https://github.com/acmesh-official/acmetest.git \
|
||||||
|
&& cp -r acme.sh acmetest/
|
||||||
|
- name: Run acmetest
|
||||||
|
run: |
|
||||||
|
cd ../acmetest \
|
||||||
|
&& sudo --preserve-env ./letest.sh
|
||||||
|
|
||||||
|
|
70
.github/workflows/Windows.yml
vendored
Normal file
70
.github/workflows/Windows.yml
vendored
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
name: Windows
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- '*'
|
||||||
|
paths:
|
||||||
|
- '*.sh'
|
||||||
|
- '**.yml'
|
||||||
|
|
||||||
|
pull_request:
|
||||||
|
branches:
|
||||||
|
- dev
|
||||||
|
paths:
|
||||||
|
- '*.sh'
|
||||||
|
- '**.yml'
|
||||||
|
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
Windows:
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
include:
|
||||||
|
- TEST_ACME_Server: ""
|
||||||
|
CA_ECDSA: ""
|
||||||
|
CA: ""
|
||||||
|
CA_EMAIL: ""
|
||||||
|
- TEST_ACME_Server: "https://acme.zerossl.com/v2/DV90"
|
||||||
|
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||||
|
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||||
|
CA_EMAIL: "githubtest@acme.sh"
|
||||||
|
runs-on: windows-latest
|
||||||
|
env:
|
||||||
|
ACME_DIRECTORY: ${{ matrix.TEST_ACME_Server }}
|
||||||
|
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||||
|
CA: ${{ matrix.CA }}
|
||||||
|
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||||
|
TEST_LOCAL: 1
|
||||||
|
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port.
|
||||||
|
Le_HTTPPort: 8888
|
||||||
|
steps:
|
||||||
|
- name: Set git to use LF
|
||||||
|
run: |
|
||||||
|
git config --global core.autocrlf false
|
||||||
|
- uses: actions/checkout@v2
|
||||||
|
- name: Install cygwin base packages with chocolatey
|
||||||
|
run: |
|
||||||
|
choco config get cacheLocation
|
||||||
|
choco install --no-progress cygwin
|
||||||
|
shell: cmd
|
||||||
|
- name: Install cygwin additional packages
|
||||||
|
run: |
|
||||||
|
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
|
||||||
|
shell: cmd
|
||||||
|
- name: Set ENV
|
||||||
|
shell: cmd
|
||||||
|
run: |
|
||||||
|
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV%
|
||||||
|
- name: Check ENV
|
||||||
|
shell: cmd
|
||||||
|
run: |
|
||||||
|
echo "PATH=%PATH%"
|
||||||
|
- name: Clone acmetest
|
||||||
|
shell: cmd
|
||||||
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
|
- name: Run acmetest
|
||||||
|
shell: cmd
|
||||||
|
run: cd ../acmetest && bash.exe -c ./letest.sh
|
||||||
|
|
||||||
|
|
||||||
|
|
31
README.md
31
README.md
@ -1,6 +1,11 @@
|
|||||||
# An ACME Shell script: acme.sh
|
# An ACME Shell script: acme.sh
|
||||||
|
|
||||||
![LetsEncrypt](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)
|
[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml)
|
||||||
|
[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml)
|
||||||
|
[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)
|
||||||
|
[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)
|
||||||
|
[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)
|
||||||
|
|
||||||
![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg)
|
![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg)
|
||||||
![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
|
![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
|
||||||
![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg)
|
![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg)
|
||||||
@ -57,11 +62,11 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
|
|||||||
|
|
||||||
| NO | Status| Platform|
|
| NO | Status| Platform|
|
||||||
|----|-------|---------|
|
|----|-------|---------|
|
||||||
|1|[![MacOS](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Mac OSX
|
|1|[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml)|Mac OSX
|
||||||
|2|[![Windows](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Windows (cygwin with curl, openssl and crontab included)
|
|2|[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)|Windows (cygwin with curl, openssl and crontab included)
|
||||||
|3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|FreeBSD
|
|3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml)|FreeBSD
|
||||||
|4|[![Solaris](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Solaris
|
|4|[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)|Solaris
|
||||||
|5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)| Ubuntu
|
|5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)| Ubuntu
|
||||||
|6|NA|pfsense
|
|6|NA|pfsense
|
||||||
|7|NA|OpenBSD
|
|7|NA|OpenBSD
|
||||||
|8|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian
|
|8|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian
|
||||||
@ -72,12 +77,13 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
|
|||||||
|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora
|
|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora
|
||||||
|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux
|
|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux
|
||||||
|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux
|
|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux
|
||||||
|16|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management)
|
|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia
|
||||||
|17|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111
|
|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux
|
||||||
|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia
|
|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux
|
||||||
|19|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
|
|19|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111
|
||||||
|20|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux
|
|20|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
|
||||||
|21|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux
|
|21|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management)
|
||||||
|
|
||||||
|
|
||||||
Check our [testing project](https://github.com/acmesh-official/acmetest):
|
Check our [testing project](https://github.com/acmesh-official/acmetest):
|
||||||
|
|
||||||
@ -88,6 +94,7 @@ https://github.com/acmesh-official/acmetest
|
|||||||
- [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)(default)
|
- [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)(default)
|
||||||
- Letsencrypt.org CA
|
- Letsencrypt.org CA
|
||||||
- [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA)
|
- [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA)
|
||||||
|
- [SSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA)
|
||||||
- [Pebble strict Mode](https://github.com/letsencrypt/pebble)
|
- [Pebble strict Mode](https://github.com/letsencrypt/pebble)
|
||||||
- Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA
|
- Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA
|
||||||
|
|
||||||
|
103
acme.sh
103
acme.sh
@ -29,18 +29,22 @@ CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory"
|
|||||||
CA_ZEROSSL="https://acme.zerossl.com/v2/DV90"
|
CA_ZEROSSL="https://acme.zerossl.com/v2/DV90"
|
||||||
_ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email"
|
_ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email"
|
||||||
|
|
||||||
|
CA_SSLCOM_RSA="https://acme.ssl.com/sslcom-dv-rsa"
|
||||||
|
CA_SSLCOM_ECC="https://acme.ssl.com/sslcom-dv-ecc"
|
||||||
|
|
||||||
DEFAULT_CA=$CA_ZEROSSL
|
DEFAULT_CA=$CA_ZEROSSL
|
||||||
DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST
|
DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST
|
||||||
|
|
||||||
CA_NAMES="
|
CA_NAMES="
|
||||||
|
ZeroSSL.com,zerossl
|
||||||
LetsEncrypt.org,letsencrypt
|
LetsEncrypt.org,letsencrypt
|
||||||
LetsEncrypt.org_test,letsencrypt_test,letsencrypttest
|
LetsEncrypt.org_test,letsencrypt_test,letsencrypttest
|
||||||
BuyPass.com,buypass
|
BuyPass.com,buypass
|
||||||
BuyPass.com_test,buypass_test,buypasstest
|
BuyPass.com_test,buypass_test,buypasstest
|
||||||
ZeroSSL.com,zerossl
|
SSL.com,sslcom
|
||||||
"
|
"
|
||||||
|
|
||||||
CA_SERVERS="$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_ZEROSSL"
|
CA_SERVERS="$CA_ZEROSSL,$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_SSLCOM_RSA"
|
||||||
|
|
||||||
DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)"
|
DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)"
|
||||||
|
|
||||||
@ -155,6 +159,8 @@ _REVOKE_WIKI="https://github.com/acmesh-official/acme.sh/wiki/revokecert"
|
|||||||
|
|
||||||
_ZEROSSL_WIKI="https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA"
|
_ZEROSSL_WIKI="https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA"
|
||||||
|
|
||||||
|
_SSLCOM_WIKI="https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA"
|
||||||
|
|
||||||
_SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server"
|
_SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server"
|
||||||
|
|
||||||
_PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain"
|
_PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain"
|
||||||
@ -1210,7 +1216,7 @@ _createcsr() {
|
|||||||
_debug2 csr "$csr"
|
_debug2 csr "$csr"
|
||||||
_debug2 csrconf "$csrconf"
|
_debug2 csrconf "$csrconf"
|
||||||
|
|
||||||
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment" >"$csrconf"
|
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\n" >"$csrconf"
|
||||||
|
|
||||||
if [ "$acmeValidationv1" ]; then
|
if [ "$acmeValidationv1" ]; then
|
||||||
domainlist="$(_idn "$domainlist")"
|
domainlist="$(_idn "$domainlist")"
|
||||||
@ -2617,15 +2623,44 @@ _initpath() {
|
|||||||
_ACME_SERVER_HOST="$(echo "$ACME_DIRECTORY" | cut -d : -f 2 | tr -s / | cut -d / -f 2)"
|
_ACME_SERVER_HOST="$(echo "$ACME_DIRECTORY" | cut -d : -f 2 | tr -s / | cut -d / -f 2)"
|
||||||
_debug2 "_ACME_SERVER_HOST" "$_ACME_SERVER_HOST"
|
_debug2 "_ACME_SERVER_HOST" "$_ACME_SERVER_HOST"
|
||||||
|
|
||||||
CA_DIR="$CA_HOME/$_ACME_SERVER_HOST"
|
_ACME_SERVER_PATH="$(echo "$ACME_DIRECTORY" | cut -d : -f 2- | tr -s / | cut -d / -f 3-)"
|
||||||
|
_debug2 "_ACME_SERVER_PATH" "$_ACME_SERVER_PATH"
|
||||||
|
|
||||||
|
CA_DIR="$CA_HOME/$_ACME_SERVER_HOST/$_ACME_SERVER_PATH"
|
||||||
_DEFAULT_CA_CONF="$CA_DIR/ca.conf"
|
_DEFAULT_CA_CONF="$CA_DIR/ca.conf"
|
||||||
|
|
||||||
if [ -z "$CA_CONF" ]; then
|
if [ -z "$CA_CONF" ]; then
|
||||||
CA_CONF="$_DEFAULT_CA_CONF"
|
CA_CONF="$_DEFAULT_CA_CONF"
|
||||||
fi
|
fi
|
||||||
_debug3 CA_CONF "$CA_CONF"
|
_debug3 CA_CONF "$CA_CONF"
|
||||||
|
|
||||||
|
_OLD_CADIR="$CA_HOME/$_ACME_SERVER_HOST"
|
||||||
|
_OLD_ACCOUNT_KEY="$_OLD_CADIR/account.key"
|
||||||
|
_OLD_ACCOUNT_JSON="$_OLD_CADIR/account.json"
|
||||||
|
_OLD_CA_CONF="$_OLD_CADIR/ca.conf"
|
||||||
|
|
||||||
|
_DEFAULT_ACCOUNT_KEY_PATH="$CA_DIR/account.key"
|
||||||
|
_DEFAULT_ACCOUNT_JSON_PATH="$CA_DIR/account.json"
|
||||||
|
if [ -z "$ACCOUNT_KEY_PATH" ]; then
|
||||||
|
ACCOUNT_KEY_PATH="$_DEFAULT_ACCOUNT_KEY_PATH"
|
||||||
|
if [ -f "$_OLD_ACCOUNT_KEY" ] && ! [ -f "$ACCOUNT_KEY_PATH" ]; then
|
||||||
|
mkdir -p "$CA_DIR"
|
||||||
|
mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$ACCOUNT_JSON_PATH" ]; then
|
||||||
|
ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH"
|
||||||
|
if [ -f "$_OLD_ACCOUNT_JSON" ] && ! [ -f "$ACCOUNT_JSON_PATH" ]; then
|
||||||
|
mkdir -p "$CA_DIR"
|
||||||
|
mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$_OLD_CA_CONF" ] && ! [ -f "$CA_CONF" ]; then
|
||||||
|
mkdir -p "$CA_DIR"
|
||||||
|
mv "$_OLD_CA_CONF" "$CA_CONF"
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -f "$CA_CONF" ]; then
|
if [ -f "$CA_CONF" ]; then
|
||||||
. "$CA_CONF"
|
. "$CA_CONF"
|
||||||
fi
|
fi
|
||||||
@ -2646,19 +2681,6 @@ _initpath() {
|
|||||||
HTTP_HEADER="$LE_CONFIG_HOME/http.header"
|
HTTP_HEADER="$LE_CONFIG_HOME/http.header"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_OLD_ACCOUNT_KEY="$LE_WORKING_DIR/account.key"
|
|
||||||
_OLD_ACCOUNT_JSON="$LE_WORKING_DIR/account.json"
|
|
||||||
|
|
||||||
_DEFAULT_ACCOUNT_KEY_PATH="$CA_DIR/account.key"
|
|
||||||
_DEFAULT_ACCOUNT_JSON_PATH="$CA_DIR/account.json"
|
|
||||||
if [ -z "$ACCOUNT_KEY_PATH" ]; then
|
|
||||||
ACCOUNT_KEY_PATH="$_DEFAULT_ACCOUNT_KEY_PATH"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$ACCOUNT_JSON_PATH" ]; then
|
|
||||||
ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH"
|
|
||||||
fi
|
|
||||||
|
|
||||||
_DEFAULT_CERT_HOME="$LE_CONFIG_HOME"
|
_DEFAULT_CERT_HOME="$LE_CONFIG_HOME"
|
||||||
if [ -z "$CERT_HOME" ]; then
|
if [ -z "$CERT_HOME" ]; then
|
||||||
CERT_HOME="$_DEFAULT_CERT_HOME"
|
CERT_HOME="$_DEFAULT_CERT_HOME"
|
||||||
@ -3489,15 +3511,6 @@ _regAccount() {
|
|||||||
_initAPI
|
_initAPI
|
||||||
|
|
||||||
mkdir -p "$CA_DIR"
|
mkdir -p "$CA_DIR"
|
||||||
if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then
|
|
||||||
_info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH"
|
|
||||||
mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then
|
|
||||||
_info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH"
|
|
||||||
mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
|
if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
|
||||||
if ! _create_account_key "$_reg_length"; then
|
if ! _create_account_key "$_reg_length"; then
|
||||||
@ -3635,16 +3648,6 @@ _regAccount() {
|
|||||||
updateaccount() {
|
updateaccount() {
|
||||||
_initpath
|
_initpath
|
||||||
|
|
||||||
if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then
|
|
||||||
_info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH"
|
|
||||||
mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then
|
|
||||||
_info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH"
|
|
||||||
mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
|
if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
|
||||||
_err "Account key is not found at: $ACCOUNT_KEY_PATH"
|
_err "Account key is not found at: $ACCOUNT_KEY_PATH"
|
||||||
return 1
|
return 1
|
||||||
@ -3687,16 +3690,6 @@ updateaccount() {
|
|||||||
deactivateaccount() {
|
deactivateaccount() {
|
||||||
_initpath
|
_initpath
|
||||||
|
|
||||||
if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then
|
|
||||||
_info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH"
|
|
||||||
mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then
|
|
||||||
_info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH"
|
|
||||||
mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
|
if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
|
||||||
_err "Account key is not found at: $ACCOUNT_KEY_PATH"
|
_err "Account key is not found at: $ACCOUNT_KEY_PATH"
|
||||||
return 1
|
return 1
|
||||||
@ -6638,9 +6631,10 @@ _checkSudo() {
|
|||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
#server
|
#server #keylength
|
||||||
_selectServer() {
|
_selectServer() {
|
||||||
_server="$1"
|
_server="$1"
|
||||||
|
_skeylength="$2"
|
||||||
_server_lower="$(echo "$_server" | _lower_case)"
|
_server_lower="$(echo "$_server" | _lower_case)"
|
||||||
_sindex=0
|
_sindex=0
|
||||||
for snames in $CA_NAMES; do
|
for snames in $CA_NAMES; do
|
||||||
@ -6651,6 +6645,9 @@ _selectServer() {
|
|||||||
if [ "$_server_lower" = "$sname" ]; then
|
if [ "$_server_lower" = "$sname" ]; then
|
||||||
_debug2 "_selectServer match $sname"
|
_debug2 "_selectServer match $sname"
|
||||||
_serverdir="$(_getfield "$CA_SERVERS" $_sindex)"
|
_serverdir="$(_getfield "$CA_SERVERS" $_sindex)"
|
||||||
|
if [ "$_serverdir" = "$CA_SSLCOM_RSA" ] && _isEccKey "$_skeylength"; then
|
||||||
|
_serverdir="$CA_SSLCOM_ECC"
|
||||||
|
fi
|
||||||
_debug "Selected server: $_serverdir"
|
_debug "Selected server: $_serverdir"
|
||||||
ACME_DIRECTORY="$_serverdir"
|
ACME_DIRECTORY="$_serverdir"
|
||||||
export ACME_DIRECTORY
|
export ACME_DIRECTORY
|
||||||
@ -6668,6 +6665,9 @@ _getCAShortName() {
|
|||||||
if [ -z "$caurl" ]; then
|
if [ -z "$caurl" ]; then
|
||||||
caurl="$DEFAULT_CA"
|
caurl="$DEFAULT_CA"
|
||||||
fi
|
fi
|
||||||
|
if [ "$CA_SSLCOM_ECC" = "$caurl" ]; then
|
||||||
|
caurl="$CA_SSLCOM_RSA" #just hack to get the short name
|
||||||
|
fi
|
||||||
caurl_lower="$(echo $caurl | _lower_case)"
|
caurl_lower="$(echo $caurl | _lower_case)"
|
||||||
_sindex=0
|
_sindex=0
|
||||||
for surl in $(echo "$CA_SERVERS" | _lower_case | tr , ' '); do
|
for surl in $(echo "$CA_SERVERS" | _lower_case | tr , ' '); do
|
||||||
@ -6882,7 +6882,6 @@ _process() {
|
|||||||
;;
|
;;
|
||||||
--server)
|
--server)
|
||||||
_server="$2"
|
_server="$2"
|
||||||
_selectServer "$_server"
|
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--debug)
|
--debug)
|
||||||
@ -6981,7 +6980,6 @@ _process() {
|
|||||||
Le_DNSSleep="$_dnssleep"
|
Le_DNSSleep="$_dnssleep"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
|
|
||||||
--keylength | -k)
|
--keylength | -k)
|
||||||
_keylength="$2"
|
_keylength="$2"
|
||||||
shift
|
shift
|
||||||
@ -6990,7 +6988,6 @@ _process() {
|
|||||||
_accountkeylength="$2"
|
_accountkeylength="$2"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
|
|
||||||
--cert-file | --certpath)
|
--cert-file | --certpath)
|
||||||
_cert_file="$2"
|
_cert_file="$2"
|
||||||
shift
|
shift
|
||||||
@ -7254,6 +7251,10 @@ _process() {
|
|||||||
shift 1
|
shift 1
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if [ "$_server" ]; then
|
||||||
|
_selectServer "$_server" "${_ecc:-$_keylength}"
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "${_CMD}" != "install" ]; then
|
if [ "${_CMD}" != "install" ]; then
|
||||||
if [ "$__INTERACTIVE" ] && ! _checkSudo; then
|
if [ "$__INTERACTIVE" ] && ! _checkSudo; then
|
||||||
if [ -z "$FORCE" ]; then
|
if [ -z "$FORCE" ]; then
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
#
|
#
|
||||||
#AZION_Username=""
|
#AZION_Email=""
|
||||||
#AZION_Password=""
|
#AZION_Password=""
|
||||||
#
|
#
|
||||||
|
|
||||||
@ -140,23 +140,23 @@ _get_record() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
_get_token() {
|
_get_token() {
|
||||||
AZION_Username="${AZION_Username:-$(_readaccountconf_mutable AZION_Username)}"
|
AZION_Email="${AZION_Email:-$(_readaccountconf_mutable AZION_Email)}"
|
||||||
AZION_Password="${AZION_Password:-$(_readaccountconf_mutable AZION_Password)}"
|
AZION_Password="${AZION_Password:-$(_readaccountconf_mutable AZION_Password)}"
|
||||||
|
|
||||||
if ! _contains "$AZION_Username" "@"; then
|
if ! _contains "$AZION_Email" "@"; then
|
||||||
_err "It seems that the AZION_Username is not a valid email address. Revalidate your environments."
|
_err "It seems that the AZION_Email is not a valid email address. Revalidate your environments."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$AZION_Username" ] || [ -z "$AZION_Password" ]; then
|
if [ -z "$AZION_Email" ] || [ -z "$AZION_Password" ]; then
|
||||||
_err "You didn't specified a AZION_Username/AZION_Password to generate Azion token."
|
_err "You didn't specified a AZION_Email/AZION_Password to generate Azion token."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_saveaccountconf_mutable AZION_Username "$AZION_Username"
|
_saveaccountconf_mutable AZION_Email "$AZION_Email"
|
||||||
_saveaccountconf_mutable AZION_Password "$AZION_Password"
|
_saveaccountconf_mutable AZION_Password "$AZION_Password"
|
||||||
|
|
||||||
_basic_auth=$(printf "%s:%s" "$AZION_Username" "$AZION_Password" | _base64)
|
_basic_auth=$(printf "%s:%s" "$AZION_Email" "$AZION_Password" | _base64)
|
||||||
_debug _basic_auth "$_basic_auth"
|
_debug _basic_auth "$_basic_auth"
|
||||||
|
|
||||||
export _H1="Accept: application/json; version=3"
|
export _H1="Accept: application/json; version=3"
|
||||||
|
324
dnsapi/dns_oci.sh
Normal file
324
dnsapi/dns_oci.sh
Normal file
@ -0,0 +1,324 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
#
|
||||||
|
# Acme.sh DNS API plugin for Oracle Cloud Infrastructure
|
||||||
|
# Copyright (c) 2021, Oracle and/or its affiliates
|
||||||
|
#
|
||||||
|
# The plugin will automatically use the default profile from an OCI SDK and CLI
|
||||||
|
# configuration file, if it exists.
|
||||||
|
#
|
||||||
|
# Alternatively, set the following environment variables:
|
||||||
|
# - OCI_CLI_TENANCY : OCID of tenancy that contains the target DNS zone
|
||||||
|
# - OCI_CLI_USER : OCID of user with permission to add/remove records from zones
|
||||||
|
# - OCI_CLI_REGION : Should point to the tenancy home region
|
||||||
|
#
|
||||||
|
# One of the following two variables is required:
|
||||||
|
# - OCI_CLI_KEY_FILE: Path to private API signing key file in PEM format; or
|
||||||
|
# - OCI_CLI_KEY : The private API signing key in PEM format
|
||||||
|
#
|
||||||
|
# NOTE: using an encrypted private key that needs a passphrase is not supported.
|
||||||
|
#
|
||||||
|
|
||||||
|
dns_oci_add() {
|
||||||
|
_fqdn="$1"
|
||||||
|
_rdata="$2"
|
||||||
|
|
||||||
|
if _get_oci_zone; then
|
||||||
|
|
||||||
|
_add_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"ttl\": 30,\"operation\":\"ADD\"}]}"
|
||||||
|
response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_add_record_body")
|
||||||
|
if [ "$response" ]; then
|
||||||
|
_info "Success: added TXT record for ${_sub_domain}.${_domain}."
|
||||||
|
else
|
||||||
|
_err "Error: failed to add TXT record for ${_sub_domain}.${_domain}."
|
||||||
|
_err "Check that the user has permission to add records to this zone."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
dns_oci_rm() {
|
||||||
|
_fqdn="$1"
|
||||||
|
_rdata="$2"
|
||||||
|
|
||||||
|
if _get_oci_zone; then
|
||||||
|
|
||||||
|
_remove_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"operation\":\"REMOVE\"}]}"
|
||||||
|
response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_remove_record_body")
|
||||||
|
if [ "$response" ]; then
|
||||||
|
_info "Success: removed TXT record for ${_sub_domain}.${_domain}."
|
||||||
|
else
|
||||||
|
_err "Error: failed to remove TXT record for ${_sub_domain}.${_domain}."
|
||||||
|
_err "Check that the user has permission to remove records from this zone."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
else
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#################### Private functions below ##################################
|
||||||
|
_get_oci_zone() {
|
||||||
|
|
||||||
|
if ! _oci_config; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if ! _get_zone "$_fqdn"; then
|
||||||
|
_err "Error: DNS Zone not found for $_fqdn in $OCI_CLI_TENANCY"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
_oci_config() {
|
||||||
|
|
||||||
|
_DEFAULT_OCI_CLI_CONFIG_FILE="$HOME/.oci/config"
|
||||||
|
OCI_CLI_CONFIG_FILE="${OCI_CLI_CONFIG_FILE:-$(_readaccountconf_mutable OCI_CLI_CONFIG_FILE)}"
|
||||||
|
|
||||||
|
if [ -z "$OCI_CLI_CONFIG_FILE" ]; then
|
||||||
|
OCI_CLI_CONFIG_FILE="$_DEFAULT_OCI_CLI_CONFIG_FILE"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$_DEFAULT_OCI_CLI_CONFIG_FILE" != "$OCI_CLI_CONFIG_FILE" ]; then
|
||||||
|
_saveaccountconf_mutable OCI_CLI_CONFIG_FILE "$OCI_CLI_CONFIG_FILE"
|
||||||
|
else
|
||||||
|
_clearaccountconf_mutable OCI_CLI_CONFIG_FILE
|
||||||
|
fi
|
||||||
|
|
||||||
|
_DEFAULT_OCI_CLI_PROFILE="DEFAULT"
|
||||||
|
OCI_CLI_PROFILE="${OCI_CLI_PROFILE:-$(_readaccountconf_mutable OCI_CLI_PROFILE)}"
|
||||||
|
if [ "$_DEFAULT_OCI_CLI_PROFILE" != "$OCI_CLI_PROFILE" ]; then
|
||||||
|
_saveaccountconf_mutable OCI_CLI_PROFILE "$OCI_CLI_PROFILE"
|
||||||
|
else
|
||||||
|
OCI_CLI_PROFILE="$_DEFAULT_OCI_CLI_PROFILE"
|
||||||
|
_clearaccountconf_mutable OCI_CLI_PROFILE
|
||||||
|
fi
|
||||||
|
|
||||||
|
OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}"
|
||||||
|
if [ "$OCI_CLI_TENANCY" ]; then
|
||||||
|
_saveaccountconf_mutable OCI_CLI_TENANCY "$OCI_CLI_TENANCY"
|
||||||
|
elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
|
||||||
|
_debug "Reading OCI_CLI_TENANCY value from: $OCI_CLI_CONFIG_FILE"
|
||||||
|
OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readini "$OCI_CLI_CONFIG_FILE" tenancy "$OCI_CLI_PROFILE")}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$OCI_CLI_TENANCY" ]; then
|
||||||
|
_err "Error: unable to read OCI_CLI_TENANCY from config file or environment variable."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}"
|
||||||
|
if [ "$OCI_CLI_USER" ]; then
|
||||||
|
_saveaccountconf_mutable OCI_CLI_USER "$OCI_CLI_USER"
|
||||||
|
elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
|
||||||
|
_debug "Reading OCI_CLI_USER value from: $OCI_CLI_CONFIG_FILE"
|
||||||
|
OCI_CLI_USER="${OCI_CLI_USER:-$(_readini "$OCI_CLI_CONFIG_FILE" user "$OCI_CLI_PROFILE")}"
|
||||||
|
fi
|
||||||
|
if [ -z "$OCI_CLI_USER" ]; then
|
||||||
|
_err "Error: unable to read OCI_CLI_USER from config file or environment variable."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}"
|
||||||
|
if [ "$OCI_CLI_REGION" ]; then
|
||||||
|
_saveaccountconf_mutable OCI_CLI_REGION "$OCI_CLI_REGION"
|
||||||
|
elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
|
||||||
|
_debug "Reading OCI_CLI_REGION value from: $OCI_CLI_CONFIG_FILE"
|
||||||
|
OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readini "$OCI_CLI_CONFIG_FILE" region "$OCI_CLI_PROFILE")}"
|
||||||
|
fi
|
||||||
|
if [ -z "$OCI_CLI_REGION" ]; then
|
||||||
|
_err "Error: unable to read OCI_CLI_REGION from config file or environment variable."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
OCI_CLI_KEY="${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}"
|
||||||
|
if [ -z "$OCI_CLI_KEY" ]; then
|
||||||
|
_clearaccountconf_mutable OCI_CLI_KEY
|
||||||
|
OCI_CLI_KEY_FILE="${OCI_CLI_KEY_FILE:-$(_readini "$OCI_CLI_CONFIG_FILE" key_file "$OCI_CLI_PROFILE")}"
|
||||||
|
if [ "$OCI_CLI_KEY_FILE" ] && [ -f "$OCI_CLI_KEY_FILE" ]; then
|
||||||
|
_debug "Reading OCI_CLI_KEY value from: $OCI_CLI_KEY_FILE"
|
||||||
|
OCI_CLI_KEY=$(_base64 <"$OCI_CLI_KEY_FILE")
|
||||||
|
_saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
_saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then
|
||||||
|
_err "Error: unable to find key file path in OCI config file or OCI_CLI_KEY_FILE."
|
||||||
|
_err "Error: unable to load private API signing key from OCI_CLI_KEY."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$(printf "%s\n" "$OCI_CLI_KEY" | wc -l)" -eq 1 ]; then
|
||||||
|
OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64 multiline)
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
# _get_zone(): retrieves the Zone name and OCID
|
||||||
|
#
|
||||||
|
# _sub_domain=_acme-challenge.www
|
||||||
|
# _domain=domain.com
|
||||||
|
# _domain_ociid=ocid1.dns-zone.oc1..
|
||||||
|
_get_zone() {
|
||||||
|
domain=$1
|
||||||
|
i=1
|
||||||
|
p=1
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||||
|
_debug h "$h"
|
||||||
|
if [ -z "$h" ]; then
|
||||||
|
# not valid
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_domain_id=$(_signed_request "GET" "/20180115/zones/$h" "" "id")
|
||||||
|
if [ "$_domain_id" ]; then
|
||||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||||
|
_domain=$h
|
||||||
|
|
||||||
|
_debug _domain_id "$_domain_id"
|
||||||
|
_debug _sub_domain "$_sub_domain"
|
||||||
|
_debug _domain "$_domain"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
p=$i
|
||||||
|
i=$(_math "$i" + 1)
|
||||||
|
done
|
||||||
|
return 1
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#Usage: privatekey
|
||||||
|
#Output MD5 fingerprint
|
||||||
|
_fingerprint() {
|
||||||
|
|
||||||
|
pkey="$1"
|
||||||
|
if [ -z "$pkey" ]; then
|
||||||
|
_usage "Usage: _fingerprint privkey"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf "%s" "$pkey" | ${ACME_OPENSSL_BIN:-openssl} rsa -pubout -outform DER 2>/dev/null | ${ACME_OPENSSL_BIN:-openssl} md5 -c | cut -d = -f 2 | tr -d ' '
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
_signed_request() {
|
||||||
|
|
||||||
|
_sig_method="$1"
|
||||||
|
_sig_target="$2"
|
||||||
|
_sig_body="$3"
|
||||||
|
_return_field="$4"
|
||||||
|
|
||||||
|
_key_fingerprint=$(_fingerprint "$OCI_CLI_KEY")
|
||||||
|
_sig_host="dns.$OCI_CLI_REGION.oraclecloud.com"
|
||||||
|
_sig_keyId="$OCI_CLI_TENANCY/$OCI_CLI_USER/$_key_fingerprint"
|
||||||
|
_sig_alg="rsa-sha256"
|
||||||
|
_sig_version="1"
|
||||||
|
_sig_now="$(LC_ALL=C \date -u "+%a, %d %h %Y %H:%M:%S GMT")"
|
||||||
|
|
||||||
|
_request_method=$(printf %s "$_sig_method" | _lower_case)
|
||||||
|
_curl_method=$(printf %s "$_sig_method" | _upper_case)
|
||||||
|
|
||||||
|
_request_target="(request-target): $_request_method $_sig_target"
|
||||||
|
_date_header="date: $_sig_now"
|
||||||
|
_host_header="host: $_sig_host"
|
||||||
|
|
||||||
|
_string_to_sign="$_request_target\n$_date_header\n$_host_header"
|
||||||
|
_sig_headers="(request-target) date host"
|
||||||
|
|
||||||
|
if [ "$_sig_body" ]; then
|
||||||
|
_secure_debug3 _sig_body "$_sig_body"
|
||||||
|
_sig_body_sha256="x-content-sha256: $(printf %s "$_sig_body" | _digest sha256)"
|
||||||
|
_sig_body_type="content-type: application/json"
|
||||||
|
_sig_body_length="content-length: ${#_sig_body}"
|
||||||
|
_string_to_sign="$_string_to_sign\n$_sig_body_sha256\n$_sig_body_type\n$_sig_body_length"
|
||||||
|
_sig_headers="$_sig_headers x-content-sha256 content-type content-length"
|
||||||
|
fi
|
||||||
|
|
||||||
|
_tmp_file=$(_mktemp)
|
||||||
|
if [ -f "$_tmp_file" ]; then
|
||||||
|
printf '%s' "$OCI_CLI_KEY" >"$_tmp_file"
|
||||||
|
_signature=$(printf '%b' "$_string_to_sign" | _sign "$_tmp_file" sha256 | tr -d '\r\n')
|
||||||
|
rm -f "$_tmp_file"
|
||||||
|
fi
|
||||||
|
|
||||||
|
_signed_header="Authorization: Signature version=\"$_sig_version\",keyId=\"$_sig_keyId\",algorithm=\"$_sig_alg\",headers=\"$_sig_headers\",signature=\"$_signature\""
|
||||||
|
_secure_debug3 _signed_header "$_signed_header"
|
||||||
|
|
||||||
|
if [ "$_curl_method" = "GET" ]; then
|
||||||
|
export _H1="$_date_header"
|
||||||
|
export _H2="$_signed_header"
|
||||||
|
_response="$(_get "https://${_sig_host}${_sig_target}")"
|
||||||
|
elif [ "$_curl_method" = "PATCH" ]; then
|
||||||
|
export _H1="$_date_header"
|
||||||
|
export _H2="$_sig_body_sha256"
|
||||||
|
export _H3="$_sig_body_type"
|
||||||
|
export _H4="$_sig_body_length"
|
||||||
|
export _H5="$_signed_header"
|
||||||
|
_response="$(_post "$_sig_body" "https://${_sig_host}${_sig_target}" "" "PATCH")"
|
||||||
|
else
|
||||||
|
_err "Unable to process method: $_curl_method."
|
||||||
|
fi
|
||||||
|
|
||||||
|
_ret="$?"
|
||||||
|
if [ "$_return_field" ]; then
|
||||||
|
_response="$(echo "$_response" | sed 's/\\\"//g'))"
|
||||||
|
_return=$(echo "${_response}" | _egrep_o "\"$_return_field\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"")
|
||||||
|
else
|
||||||
|
_return="$_response"
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf "%s" "$_return"
|
||||||
|
return $_ret
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
# file key [section]
|
||||||
|
_readini() {
|
||||||
|
_file="$1"
|
||||||
|
_key="$2"
|
||||||
|
_section="${3:-DEFAULT}"
|
||||||
|
|
||||||
|
_start_n=$(grep -n '\['"$_section"']' "$_file" | cut -d : -f 1)
|
||||||
|
_debug3 _start_n "$_start_n"
|
||||||
|
if [ -z "$_start_n" ]; then
|
||||||
|
_err "Can not find section: $_section"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_start_nn=$(_math "$_start_n" + 1)
|
||||||
|
_debug3 "_start_nn" "$_start_nn"
|
||||||
|
|
||||||
|
_left="$(sed -n "${_start_nn},99999p" "$_file")"
|
||||||
|
_debug3 _left "$_left"
|
||||||
|
_end="$(echo "$_left" | grep -n "^\[" | _head_n 1)"
|
||||||
|
_debug3 "_end" "$_end"
|
||||||
|
if [ "$_end" ]; then
|
||||||
|
_end_n=$(echo "$_end" | cut -d : -f 1)
|
||||||
|
_debug3 "_end_n" "$_end_n"
|
||||||
|
_seg_n=$(echo "$_left" | sed -n "1,${_end_n}p")
|
||||||
|
else
|
||||||
|
_seg_n="$_left"
|
||||||
|
fi
|
||||||
|
|
||||||
|
_debug3 "_seg_n" "$_seg_n"
|
||||||
|
_lineini="$(echo "$_seg_n" | grep "^ *$_key *= *")"
|
||||||
|
_inivalue="$(printf "%b" "$(eval "echo $_lineini | sed \"s/^ *${_key} *= *//g\"")")"
|
||||||
|
_debug2 _inivalue "$_inivalue"
|
||||||
|
echo "$_inivalue"
|
||||||
|
|
||||||
|
}
|
Loading…
x
Reference in New Issue
Block a user