mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-11-08 23:41:45 +00:00
Merge remote-tracking branch 'upstream/master' into ssh-deploy
This commit is contained in:
commit
21f728f0ea
17
README.md
17
README.md
@ -136,13 +136,25 @@ root@v1:~# acme.sh -h
|
||||
acme.sh --issue -d example.com -w /home/wwwroot/example.com
|
||||
```
|
||||
|
||||
or:
|
||||
|
||||
```bash
|
||||
acme.sh --issue -d example.com -w /home/username/public_html
|
||||
```
|
||||
|
||||
or:
|
||||
|
||||
```bash
|
||||
acme.sh --issue -d example.com -w /var/www/html
|
||||
```
|
||||
|
||||
**Example 2:** Multiple domains in the same cert.
|
||||
|
||||
```bash
|
||||
acme.sh --issue -d example.com -d www.example.com -d cp.example.com -w /home/wwwroot/example.com
|
||||
```
|
||||
|
||||
The parameter `/home/wwwroot/example.com` is the web root folder. You **MUST** have `write access` to this folder.
|
||||
The parameter `/home/wwwroot/example.com` or `/home/username/public_html` or `/var/www/html` is the web root folder where you host your website files. You **MUST** have `write access` to this folder.
|
||||
|
||||
Second argument **"example.com"** is the main domain you want to issue the cert for.
|
||||
You must have at least one domain there.
|
||||
@ -292,6 +304,7 @@ You don't have to do anything manually!
|
||||
|
||||
1. CloudFlare.com API
|
||||
1. DNSPod.cn API
|
||||
1. DNSimple API
|
||||
1. CloudXNS.com API
|
||||
1. GoDaddy.com API
|
||||
1. OVH, kimsufi, soyoustart and runabove API
|
||||
@ -315,6 +328,8 @@ You don't have to do anything manually!
|
||||
1. ClouDNS.net API
|
||||
1. Infoblox NIOS API (https://www.infoblox.com/)
|
||||
1. VSCALE (https://vscale.io/)
|
||||
1. Dynu API (https://www.dynu.com)
|
||||
|
||||
|
||||
**More APIs coming soon...**
|
||||
|
||||
|
17
acme.sh
17
acme.sh
@ -166,7 +166,14 @@ _syslog() {
|
||||
fi
|
||||
_logclass="$1"
|
||||
shift
|
||||
logger -i -t "$PROJECT_NAME" -p "$_logclass" "$(_printargs "$@")" >/dev/null 2>&1
|
||||
if [ -z "$__logger_i" ]; then
|
||||
if _contains "$(logger --help 2>&1)" "-i"; then
|
||||
__logger_i="logger -i"
|
||||
else
|
||||
__logger_i="logger"
|
||||
fi
|
||||
fi
|
||||
$__logger_i -t "$PROJECT_NAME" -p "$_logclass" "$(_printargs "$@")" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
_log() {
|
||||
@ -2617,10 +2624,10 @@ _checkConf() {
|
||||
_isRealNginxConf() {
|
||||
_debug "_isRealNginxConf $1 $2"
|
||||
if [ -f "$2" ]; then
|
||||
for _fln in $(grep -n "^ *server_name.* $1" "$2" | cut -d : -f 1); do
|
||||
for _fln in $(tr "\t" ' ' <"$2" | grep -n "^ *server_name.* $1" | cut -d : -f 1); do
|
||||
_debug _fln "$_fln"
|
||||
if [ "$_fln" ]; then
|
||||
_start=$(cat "$2" | _head_n "$_fln" | grep -n "^ *server *{" | _tail_n 1)
|
||||
_start=$(tr "\t" ' ' <"$2" | _head_n "$_fln" | grep -n "^ *server *{" | _tail_n 1)
|
||||
_debug "_start" "$_start"
|
||||
_start_n=$(echo "$_start" | cut -d : -f 1)
|
||||
_start_nn=$(_math $_start_n + 1)
|
||||
@ -2629,8 +2636,8 @@ _isRealNginxConf() {
|
||||
|
||||
_left="$(sed -n "${_start_nn},99999p" "$2")"
|
||||
_debug2 _left "$_left"
|
||||
if echo "$_left" | grep -n "^ *server *{" >/dev/null; then
|
||||
_end=$(echo "$_left" | grep -n "^ *server *{" | _head_n 1)
|
||||
if echo "$_left" | tr "\t" ' ' | grep -n "^ *server *{" >/dev/null; then
|
||||
_end=$(echo "$_left" | tr "\t" ' ' | grep -n "^ *server *{" | _head_n 1)
|
||||
_debug "_end" "$_end"
|
||||
_end_n=$(echo "$_end" | cut -d : -f 1)
|
||||
_debug "_end_n" "$_end_n"
|
||||
|
@ -21,8 +21,11 @@ acme.sh --deploy -d example.com --deploy-hook cpanel
|
||||
## 2. Deploy ssl cert on kong proxy engine based on api.
|
||||
|
||||
Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
|
||||
Currently supports Kong-v0.10.x.
|
||||
|
||||
(TODO)
|
||||
```sh
|
||||
acme.sh --deploy -d ftp.example.com --deploy-hook kong
|
||||
```
|
||||
|
||||
## 3. Deploy the cert to remote server through SSH access.
|
||||
|
||||
|
@ -1,13 +1,7 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
# This deploy hook will deploy ssl cert on kong proxy engine based on api request_host parameter.
|
||||
# Note that ssl plugin should be available on Kong instance
|
||||
# The hook will match cdomain to request_host, in case of multiple domain it will always take the first
|
||||
# one (acme.sh behaviour).
|
||||
# If ssl config already exist it will update only cert and key not touching other parameter
|
||||
# If ssl config doesn't exist it will only upload cert and key and not set other parameter
|
||||
# Not that we deploy full chain
|
||||
# See https://getkong.org/plugins/dynamic-ssl/ for other options
|
||||
# If certificate already exist it will update only cert and key not touching other parameter
|
||||
# If certificate doesn't exist it will only upload cert and key and not set other parameter
|
||||
# Note that we deploy full chain
|
||||
# Written by Geoffroi Genot <ggenot@voxbone.com>
|
||||
|
||||
######## Public functions #####################
|
||||
@ -31,14 +25,15 @@ kong_deploy() {
|
||||
_debug _cca "$_cca"
|
||||
_debug _cfullchain "$_cfullchain"
|
||||
|
||||
#Get uuid linked to the domain
|
||||
uuid=$(_get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
|
||||
if [ -z "$uuid" ]; then
|
||||
_err "Unable to get Kong uuid for domain $_cdomain"
|
||||
_err "Make sure that KONG_URL is correctly configured"
|
||||
_err "Make sure that a Kong api request_host match the domain"
|
||||
_err "Kong url: $KONG_URL"
|
||||
return 1
|
||||
#Get ssl_uuid linked to the domain
|
||||
ssl_uuid=$(_get "$KONG_URL/certificates/$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
|
||||
if [ -z "$ssl_uuid" ]; then
|
||||
_debug "Unable to get Kong ssl_uuid for domain $_cdomain"
|
||||
_debug "Make sure that KONG_URL is correctly configured"
|
||||
_debug "Make sure that a Kong certificate match the sni"
|
||||
_debug "Kong url: $KONG_URL"
|
||||
_info "No existing certificate, creating..."
|
||||
#return 1
|
||||
fi
|
||||
#Save kong url if it's succesful (First run case)
|
||||
_saveaccountconf KONG_URL "$KONG_URL"
|
||||
@ -48,12 +43,14 @@ kong_deploy() {
|
||||
#Set Header
|
||||
_H1="Content-Type: multipart/form-data; boundary=$delim"
|
||||
#Generate data for request (Multipart/form-data with mixed content)
|
||||
#set name to ssl
|
||||
content="--$delim${nl}Content-Disposition: form-data; name=\"name\"${nl}${nl}ssl"
|
||||
if [ -z "$ssl_uuid" ]; then
|
||||
#set sni to domain
|
||||
content="--$delim${nl}Content-Disposition: form-data; name=\"snis\"${nl}${nl}$_cdomain"
|
||||
fi
|
||||
#add key
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
|
||||
#Add cert
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
|
||||
#Close multipart
|
||||
content="$content${nl}--$delim--${nl}"
|
||||
#Convert CRLF
|
||||
@ -61,17 +58,16 @@ kong_deploy() {
|
||||
#DEBUG
|
||||
_debug header "$_H1"
|
||||
_debug content "$content"
|
||||
#Check if ssl plugins is aready enabled (if not => POST else => PATCH)
|
||||
ssl_uuid=$(_get "$KONG_URL/apis/$uuid/plugins" | _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
|
||||
_debug ssl_uuid "$ssl_uuid"
|
||||
#Check if sslcreated (if not => POST else => PATCH)
|
||||
|
||||
if [ -z "$ssl_uuid" ]; then
|
||||
#Post certificate to Kong
|
||||
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST")
|
||||
response=$(_post "$content" "$KONG_URL/certificates" "" "POST")
|
||||
else
|
||||
#patch
|
||||
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH")
|
||||
response=$(_post "$content" "$KONG_URL/certificates/$ssl_uuid" "" "PATCH")
|
||||
fi
|
||||
if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then
|
||||
if ! [ "$(echo "$response" | _egrep_o "created_at")" = "created_at" ]; then
|
||||
_err "An error occurred with cert upload. Check response:"
|
||||
_err "$response"
|
||||
return 1
|
||||
|
@ -452,6 +452,47 @@ Ok, let's issue a cert now:
|
||||
acme.sh --issue --dns dns_vscale -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
## 24. Use Dynu API
|
||||
|
||||
First you need to create/obtain API credentials from your Dynu account. See: https://www.dynu.com/resources/api/documentation
|
||||
|
||||
```
|
||||
export Dynu_ClientId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
|
||||
export Dynu_Secret="yyyyyyyyyyyyyyyyyyyyyyyyy"
|
||||
```
|
||||
|
||||
Ok, let's issue a cert now:
|
||||
```
|
||||
acme.sh --issue --dns dns_dynu -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
The `Dynu_ClientId` and `Dynu_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||
|
||||
## 25. Use DNSimple API
|
||||
|
||||
First you need to login to your DNSimple account and generate a new oauth token.
|
||||
|
||||
https://dnsimple.com/a/{your account id}/account/access_tokens
|
||||
|
||||
Note that this is an _account_ token and not a user token. The account token is
|
||||
needed to infer the `account_id` used in requests. A user token will not be able
|
||||
to determine the correct account to use.
|
||||
|
||||
```
|
||||
export DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
||||
```
|
||||
|
||||
To issue the cert just specify the `dns_dnsimple` API.
|
||||
|
||||
```
|
||||
acme.sh --issue --dns dns_dnsimple -d example.com
|
||||
```
|
||||
|
||||
The `DNSimple_OAUTH_TOKEN` will be saved in `~/.acme.sh/account.conf` and will
|
||||
be reused when needed.
|
||||
|
||||
If you have any issues with this integration please report them to
|
||||
https://github.com/pho3nixf1re/acme.sh/issues.
|
||||
|
||||
# Use custom API
|
||||
|
||||
|
215
dnsapi/dns_dnsimple.sh
Normal file
215
dnsapi/dns_dnsimple.sh
Normal file
@ -0,0 +1,215 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
# DNSimple domain api
|
||||
# https://github.com/pho3nixf1re/acme.sh/issues
|
||||
#
|
||||
# This is your oauth token which can be acquired on the account page. Please
|
||||
# note that this must be an _account_ token and not a _user_ token.
|
||||
# https://dnsimple.com/a/<your account id>/account/access_tokens
|
||||
# DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje"
|
||||
|
||||
DNSimple_API="https://api.dnsimple.com/v2"
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
dns_dnsimple_add() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
if [ -z "$DNSimple_OAUTH_TOKEN" ]; then
|
||||
DNSimple_OAUTH_TOKEN=""
|
||||
_err "You have not set the dnsimple oauth token yet."
|
||||
_err "Please visit https://dnsimple.com/user to generate it."
|
||||
return 1
|
||||
fi
|
||||
|
||||
# save the oauth token for later
|
||||
_saveaccountconf DNSimple_OAUTH_TOKEN "$DNSimple_OAUTH_TOKEN"
|
||||
|
||||
if ! _get_account_id; then
|
||||
_err "failed to retrive account id"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "invalid domain"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_get_records "$_account_id" "$_domain" "$_sub_domain"
|
||||
|
||||
if [ "$_records_count" = "0" ]; then
|
||||
_info "Adding record"
|
||||
if _dnsimple_rest POST "$_account_id/zones/$_domain/records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
|
||||
if printf -- "%s" "$response" | grep "\"name\":\"$_sub_domain\"" >/dev/null; then
|
||||
_info "Added"
|
||||
return 0
|
||||
else
|
||||
_err "Unexpected response while adding text record."
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
_err "Add txt record error."
|
||||
else
|
||||
_info "Updating record"
|
||||
_extract_record_id "$_records" "$_sub_domain"
|
||||
|
||||
if _dnsimple_rest \
|
||||
PATCH \
|
||||
"$_account_id/zones/$_domain/records/$_record_id" \
|
||||
"{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
|
||||
|
||||
_info "Updated!"
|
||||
return 0
|
||||
fi
|
||||
|
||||
_err "Update error"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# fulldomain
|
||||
dns_dnsimple_rm() {
|
||||
fulldomain=$1
|
||||
|
||||
if ! _get_account_id; then
|
||||
_err "failed to retrive account id"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "invalid domain"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_get_records "$_account_id" "$_domain" "$_sub_domain"
|
||||
_extract_record_id "$_records" "$_sub_domain"
|
||||
|
||||
if [ "$_record_id" ]; then
|
||||
|
||||
if _dnsimple_rest DELETE "$_account_id/zones/$_domain/records/$_record_id"; then
|
||||
_info "removed record" "$_record_id"
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
|
||||
_err "failed to remove record" "$_record_id"
|
||||
return 1
|
||||
|
||||
}
|
||||
|
||||
#################### Private functions bellow ##################################
|
||||
# _acme-challenge.www.domain.com
|
||||
# returns
|
||||
# _sub_domain=_acme-challenge.www
|
||||
# _domain=domain.com
|
||||
_get_root() {
|
||||
domain=$1
|
||||
i=2
|
||||
previous=1
|
||||
while true; do
|
||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||
if [ -z "$h" ]; then
|
||||
# not valid
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _dnsimple_rest GET "$_account_id/zones/$h"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if _contains "$response" 'not found'; then
|
||||
_debug "$h not found"
|
||||
else
|
||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$previous)
|
||||
_domain="$h"
|
||||
|
||||
_debug _domain "$_domain"
|
||||
_debug _sub_domain "$_sub_domain"
|
||||
|
||||
return 0
|
||||
fi
|
||||
|
||||
previous="$i"
|
||||
i=$(_math "$i" + 1)
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
# returns _account_id
|
||||
_get_account_id() {
|
||||
_debug "retrive account id"
|
||||
if ! _dnsimple_rest GET "whoami"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if _contains "$response" "\"account\":null"; then
|
||||
_err "no account associated with this token"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if _contains "$response" "timeout"; then
|
||||
_err "timeout retrieving account id"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_account_id=$(printf "%s" "$response" | _egrep_o "\"id\":[^,]*,\"email\":" | cut -d: -f2 | cut -d, -f1)
|
||||
_debug _account_id "$_account_id"
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# returns
|
||||
# _records
|
||||
# _records_count
|
||||
_get_records() {
|
||||
account_id=$1
|
||||
domain=$2
|
||||
sub_domain=$3
|
||||
|
||||
_debug "fetching txt records"
|
||||
_dnsimple_rest GET "$account_id/zones/$domain/records?per_page=100"
|
||||
|
||||
if ! _contains "$response" "\"id\":"; then
|
||||
_err "failed to retrieve records"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_records_count=$(printf "%s" "$response" | _egrep_o "\"name\":\"$sub_domain\"" | wc -l | _egrep_o "[0-9]+")
|
||||
_records=$response
|
||||
_debug _records_count "$_records_count"
|
||||
}
|
||||
|
||||
# returns _record_id
|
||||
_extract_record_id() {
|
||||
_record_id=$(printf "%s" "$_records" | _egrep_o "\"id\":[^,]*,\"zone_id\":\"[^,]*\",\"parent_id\":null,\"name\":\"$_sub_domain\"" | cut -d: -f2 | cut -d, -f1)
|
||||
_debug "_record_id" "$_record_id"
|
||||
}
|
||||
|
||||
# returns response
|
||||
_dnsimple_rest() {
|
||||
method=$1
|
||||
path="$2"
|
||||
data="$3"
|
||||
request_url="$DNSimple_API/$path"
|
||||
_debug "$path"
|
||||
|
||||
export _H1="Accept: application/json"
|
||||
export _H2="Authorization: Bearer $DNSimple_OAUTH_TOKEN"
|
||||
|
||||
if [ "$data" ] || [ "$method" = "DELETE" ]; then
|
||||
_H1="Content-Type: application/json"
|
||||
_debug data "$data"
|
||||
response="$(_post "$data" "$request_url" "" "$method")"
|
||||
else
|
||||
response="$(_get "$request_url" "" "" "$method")"
|
||||
fi
|
||||
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "error $request_url"
|
||||
return 1
|
||||
fi
|
||||
_debug2 response "$response"
|
||||
return 0
|
||||
}
|
216
dnsapi/dns_dynu.sh
Normal file
216
dnsapi/dns_dynu.sh
Normal file
@ -0,0 +1,216 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
#Client ID
|
||||
#Dynu_ClientId="0b71cae7-a099-4f6b-8ddf-94571cdb760d"
|
||||
#
|
||||
#Secret
|
||||
#Dynu_Secret="aCUEY4BDCV45KI8CSIC3sp2LKQ9"
|
||||
#
|
||||
#Token
|
||||
Dynu_Token=""
|
||||
#
|
||||
#Endpoint
|
||||
Dynu_EndPoint="https://api.dynu.com/v1"
|
||||
#
|
||||
#Author: Dynu Systems, Inc.
|
||||
#Report Bugs here: https://github.com/shar0119/acme.sh
|
||||
#
|
||||
######## Public functions #####################
|
||||
|
||||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
dns_dynu_add() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
if [ -z "$Dynu_ClientId" ] || [ -z "$Dynu_Secret" ]; then
|
||||
Dynu_ClientId=""
|
||||
Dynu_Secret=""
|
||||
_err "Dynu client id and secret is not specified."
|
||||
_err "Please create you API client id and secret and try again."
|
||||
return 1
|
||||
fi
|
||||
|
||||
#save the client id and secret to the account conf file.
|
||||
_saveaccountconf Dynu_ClientId "$Dynu_ClientId"
|
||||
_saveaccountconf Dynu_Secret "$Dynu_Secret"
|
||||
|
||||
if [ -z "$Dynu_Token" ]; then
|
||||
_info "Getting Dynu token."
|
||||
if ! _dynu_authentication; then
|
||||
_err "Can not get token."
|
||||
fi
|
||||
fi
|
||||
|
||||
_debug "Detect root zone"
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "Invalid domain."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug _node "$_node"
|
||||
_debug _domain_name "$_domain_name"
|
||||
|
||||
_info "Creating TXT record."
|
||||
if ! _dynu_rest POST "dns/record/add" "{\"domain_name\":\"$_domain_name\",\"node_name\":\"$_node\",\"record_type\":\"TXT\",\"text_data\":\"$txtvalue\",\"state\":true,\"ttl\":90}"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _contains "$response" "text_data"; then
|
||||
_err "Could not add TXT record."
|
||||
return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
#Usage: rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
dns_dynu_rm() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
if [ -z "$Dynu_ClientId" ] || [ -z "$Dynu_Secret" ]; then
|
||||
Dynu_ClientId=""
|
||||
Dynu_Secret=""
|
||||
_err "Dynu client id and secret is not specified."
|
||||
_err "Please create you API client id and secret and try again."
|
||||
return 1
|
||||
fi
|
||||
|
||||
#save the client id and secret to the account conf file.
|
||||
_saveaccountconf Dynu_ClientId "$Dynu_ClientId"
|
||||
_saveaccountconf Dynu_Secret "$Dynu_Secret"
|
||||
|
||||
if [ -z "$Dynu_Token" ]; then
|
||||
_info "Getting Dynu token."
|
||||
if ! _dynu_authentication; then
|
||||
_err "Can not get token."
|
||||
fi
|
||||
fi
|
||||
|
||||
_debug "Detect root zone."
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "Invalid domain."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug _node "$_node"
|
||||
_debug _domain_name "$_domain_name"
|
||||
|
||||
_info "Checking for TXT record."
|
||||
if ! _get_recordid "$fulldomain" "$txtvalue"; then
|
||||
_err "Could not get TXT record id."
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ "$_dns_record_id" = "" ]; then
|
||||
_err "TXT record not found."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_info "Removing TXT record."
|
||||
if ! _delete_txt_record "$_dns_record_id"; then
|
||||
_err "Could not remove TXT record $_dns_record_id."
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
######## Private functions below ##################################
|
||||
#_acme-challenge.www.domain.com
|
||||
#returns
|
||||
# _node=_acme-challenge.www
|
||||
# _domain_name=domain.com
|
||||
_get_root() {
|
||||
domain=$1
|
||||
if ! _dynu_rest GET "dns/getroot/$domain"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _contains "$response" "domain_name"; then
|
||||
_debug "Domain name not found."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_domain_name=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 1 | cut -d : -f 2 | cut -d '"' -f 2)
|
||||
_node=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 3 | cut -d : -f 2 | cut -d '"' -f 2)
|
||||
return 0
|
||||
}
|
||||
|
||||
_get_recordid() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
if ! _dynu_rest GET "dns/record/get?hostname=$fulldomain&rrtype=TXT"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _contains "$response" "$txtvalue"; then
|
||||
_dns_record_id=0
|
||||
return 0
|
||||
fi
|
||||
|
||||
_dns_record_id=$(printf "%s" "$response" | _egrep_o "{[^}]*}" | grep "\"text_data\":\"$txtvalue\"" | _egrep_o ",[^,]*," | grep ',"id":' | tr -d ",," | cut -d : -f 2)
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
_delete_txt_record() {
|
||||
_dns_record_id=$1
|
||||
|
||||
if ! _dynu_rest GET "dns/record/delete/$_dns_record_id"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _contains "$response" "true"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
_dynu_rest() {
|
||||
m=$1
|
||||
ep="$2"
|
||||
data="$3"
|
||||
_debug "$ep"
|
||||
|
||||
export _H1="Authorization: Bearer $Dynu_Token"
|
||||
export _H2="Content-Type: application/json"
|
||||
|
||||
if [ "$data" ]; then
|
||||
_debug data "$data"
|
||||
response="$(_post "$data" "$Dynu_EndPoint/$ep" "" "$m")"
|
||||
else
|
||||
_info "Getting $Dynu_EndPoint/$ep"
|
||||
response="$(_get "$Dynu_EndPoint/$ep")"
|
||||
fi
|
||||
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "error $ep"
|
||||
return 1
|
||||
fi
|
||||
_debug2 response "$response"
|
||||
return 0
|
||||
}
|
||||
|
||||
_dynu_authentication() {
|
||||
realm="$(printf "%s" "$Dynu_ClientId:$Dynu_Secret" | _base64)"
|
||||
|
||||
export _H1="Authorization: Basic $realm"
|
||||
export _H2="Content-Type: application/json"
|
||||
|
||||
response="$(_get "$Dynu_EndPoint/oauth2/token")"
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "Authentication failed."
|
||||
return 1
|
||||
fi
|
||||
if _contains "$response" "accessToken"; then
|
||||
Dynu_Token=$(printf "%s" "$response" | tr -d "[]" | cut -d , -f 2 | cut -d : -f 2 | cut -d '"' -f 2)
|
||||
fi
|
||||
if _contains "$Dynu_Token" "null"; then
|
||||
Dynu_Token=""
|
||||
fi
|
||||
|
||||
_debug2 response "$response"
|
||||
return 0
|
||||
}
|
@ -119,7 +119,7 @@ dns_ovh_add() {
|
||||
|
||||
_info "Checking authentication"
|
||||
|
||||
response="$(_ovh_rest GET "domain/")"
|
||||
response="$(_ovh_rest GET "domain")"
|
||||
if _contains "$response" "INVALID_CREDENTIAL"; then
|
||||
_err "The consumer key is invalid: $OVH_CK"
|
||||
_err "Please retry to create a new one."
|
||||
@ -191,7 +191,7 @@ _ovh_authentication() {
|
||||
_H3=""
|
||||
_H4=""
|
||||
|
||||
_ovhdata='{"accessRules": [{"method": "GET","path": "/*"},{"method": "POST","path": "/*"},{"method": "PUT","path": "/*"},{"method": "DELETE","path": "/*"}],"redirection":"'$ovh_success'"}'
|
||||
_ovhdata='{"accessRules": [{"method": "GET","path": "/auth/time"},{"method": "GET","path": "/domain"},{"method": "GET","path": "/domain/zone/*"},{"method": "GET","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/record"},{"method": "POST","path": "/domain/zone/*/refresh"},{"method": "PUT","path": "/domain/zone/*/record/*"}],"redirection":"'$ovh_success'"}'
|
||||
|
||||
response="$(_post "$_ovhdata" "$OVH_API/auth/credential")"
|
||||
_debug3 response "$response"
|
||||
|
Loading…
Reference in New Issue
Block a user