Merge branch 'acmesh-official:master' into new-dns-provider-dns_dnsservices

This commit is contained in:
Bjarke Bruun 2022-07-07 20:33:32 +02:00 committed by GitHub
commit 6913b8beb5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 74 additions and 54 deletions

32
acme.sh
View File

@ -435,8 +435,10 @@ _secure_debug3() {
fi fi
} }
__USE_TR_RAW="$([ "$(echo "abc" | tr a-z A-Z 2>/dev/null)" = "ABC" ] && echo 1 || echo 0)"
_upper_case() { _upper_case() {
if _is_solaris; then if [ "$__USE_TR_RAW" = "0" ]; then
tr '[:lower:]' '[:upper:]' tr '[:lower:]' '[:upper:]'
else else
# shellcheck disable=SC2018,SC2019 # shellcheck disable=SC2018,SC2019
@ -445,7 +447,7 @@ _upper_case() {
} }
_lower_case() { _lower_case() {
if _is_solaris; then if [ "$__USE_TR_RAW" = "0" ]; then
tr '[:upper:]' '[:lower:]' tr '[:upper:]' '[:lower:]'
else else
# shellcheck disable=SC2018,SC2019 # shellcheck disable=SC2018,SC2019
@ -5752,7 +5754,9 @@ _installcert() {
if [ -f "$_real_cert" ] && [ ! "$_ACME_IS_RENEW" ]; then if [ -f "$_real_cert" ] && [ ! "$_ACME_IS_RENEW" ]; then
cp "$_real_cert" "$_backup_path/cert.bak" cp "$_real_cert" "$_backup_path/cert.bak"
fi fi
cat "$CERT_PATH" >"$_real_cert" || return 1 if [ "$CERT_PATH" != "$_real_cert" ]; then
cat "$CERT_PATH" >"$_real_cert" || return 1
fi
fi fi
if [ "$_real_ca" ]; then if [ "$_real_ca" ]; then
@ -5764,7 +5768,9 @@ _installcert() {
if [ -f "$_real_ca" ] && [ ! "$_ACME_IS_RENEW" ]; then if [ -f "$_real_ca" ] && [ ! "$_ACME_IS_RENEW" ]; then
cp "$_real_ca" "$_backup_path/ca.bak" cp "$_real_ca" "$_backup_path/ca.bak"
fi fi
cat "$CA_CERT_PATH" >"$_real_ca" || return 1 if [ "$CA_CERT_PATH" != "$_real_ca" ]; then
cat "$CA_CERT_PATH" >"$_real_ca" || return 1
fi
fi fi
fi fi
@ -5773,12 +5779,14 @@ _installcert() {
if [ -f "$_real_key" ] && [ ! "$_ACME_IS_RENEW" ]; then if [ -f "$_real_key" ] && [ ! "$_ACME_IS_RENEW" ]; then
cp "$_real_key" "$_backup_path/key.bak" cp "$_real_key" "$_backup_path/key.bak"
fi fi
if [ -f "$_real_key" ]; then if [ "$CERT_KEY_PATH" != "$_real_key" ]; then
cat "$CERT_KEY_PATH" >"$_real_key" || return 1 if [ -f "$_real_key" ]; then
else cat "$CERT_KEY_PATH" >"$_real_key" || return 1
touch "$_real_key" || return 1 else
chmod 600 "$_real_key" touch "$_real_key" || return 1
cat "$CERT_KEY_PATH" >"$_real_key" || return 1 chmod 600 "$_real_key"
cat "$CERT_KEY_PATH" >"$_real_key" || return 1
fi
fi fi
fi fi
@ -5787,7 +5795,9 @@ _installcert() {
if [ -f "$_real_fullchain" ] && [ ! "$_ACME_IS_RENEW" ]; then if [ -f "$_real_fullchain" ] && [ ! "$_ACME_IS_RENEW" ]; then
cp "$_real_fullchain" "$_backup_path/fullchain.bak" cp "$_real_fullchain" "$_backup_path/fullchain.bak"
fi fi
cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1 if [ "$_real_fullchain" != "$CERT_FULLCHAIN_PATH" ]; then
cat "$CERT_FULLCHAIN_PATH" >"$_real_fullchain" || return 1
fi
fi fi
if [ "$_reload_cmd" ]; then if [ "$_reload_cmd" ]; then

View File

@ -53,7 +53,7 @@ qiniu_deploy() {
sslcert_access_token="$(_make_access_token "$sslcert_path")" sslcert_access_token="$(_make_access_token "$sslcert_path")"
_debug sslcert_access_token "$sslcert_access_token" _debug sslcert_access_token "$sslcert_access_token"
export _H1="Authorization: QBox $sslcert_access_token" export _H1="Authorization: QBox $sslcert_access_token"
sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64 "multiline") sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64)
if ! _contains "$sslcert_response" "certID"; then if ! _contains "$sslcert_response" "certID"; then
_err "Error in creating certificate:" _err "Error in creating certificate:"
@ -75,7 +75,7 @@ qiniu_deploy() {
update_access_token="$(_make_access_token "$update_path")" update_access_token="$(_make_access_token "$update_path")"
_debug update_access_token "$update_access_token" _debug update_access_token "$update_access_token"
export _H1="Authorization: QBox $update_access_token" export _H1="Authorization: QBox $update_access_token"
update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64 "multiline") update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64)
if _contains "$update_response" "error"; then if _contains "$update_response" "error"; then
_err "Error in updating domain $domain httpsconf:" _err "Error in updating domain $domain httpsconf:"

View File

@ -155,31 +155,20 @@ _get_root() {
i=1 i=1
p=1 p=1
if aws_rest GET "2013-04-01/hostedzone"; then # iterate over names (a.b.c.d -> b.c.d -> c.d -> d)
while true; do while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100) h=$(printf "%s" "$domain" | cut -d . -f $i-100)
_debug2 "Checking domain: $h" _debug "Checking domain: $h"
if [ -z "$h" ]; then if [ -z "$h" ]; then
if _contains "$response" "<IsTruncated>true</IsTruncated>" && _contains "$response" "<NextMarker>"; then _error "invalid domain"
_debug "IsTruncated" return 1
_nextMarker="$(echo "$response" | _egrep_o "<NextMarker>.*</NextMarker>" | cut -d '>' -f 2 | cut -d '<' -f 1)" fi
_debug "NextMarker" "$_nextMarker"
if aws_rest GET "2013-04-01/hostedzone" "marker=$_nextMarker"; then
_debug "Truncated request OK"
i=2
p=1
continue
else
_err "Truncated request error."
fi
fi
#not valid
_err "Invalid domain"
return 1
fi
# iterate over paginated result for list_hosted_zones
aws_rest GET "2013-04-01/hostedzone"
while true; do
if _contains "$response" "<Name>$h.</Name>"; then if _contains "$response" "<Name>$h.</Name>"; then
hostedzone="$(echo "$response" | sed 's/<HostedZone>/#&/g' | tr '#' '\n' | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<PrivateZone>false<.PrivateZone>.*<.HostedZone>")" hostedzone="$(echo "$response" | tr -d '\n' | sed 's/<HostedZone>/#&/g' | tr '#' '\n' | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<PrivateZone>false<.PrivateZone>.*<.HostedZone>")"
_debug hostedzone "$hostedzone" _debug hostedzone "$hostedzone"
if [ "$hostedzone" ]; then if [ "$hostedzone" ]; then
_domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "<Id>.*<.Id>" | head -n 1 | _egrep_o ">.*<" | tr -d "<>") _domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "<Id>.*<.Id>" | head -n 1 | _egrep_o ">.*<" | tr -d "<>")
@ -192,10 +181,19 @@ _get_root() {
return 1 return 1
fi fi
fi fi
p=$i if _contains "$response" "<IsTruncated>true</IsTruncated>" && _contains "$response" "<NextMarker>"; then
i=$(_math "$i" + 1) _debug "IsTruncated"
_nextMarker="$(echo "$response" | _egrep_o "<NextMarker>.*</NextMarker>" | cut -d '>' -f 2 | cut -d '<' -f 1)"
_debug "NextMarker" "$_nextMarker"
else
break
fi
_debug "Checking domain: $h - Next Page "
aws_rest GET "2013-04-01/hostedzone" "marker=$_nextMarker"
done done
fi p=$i
i=$(_math "$i" + 1)
done
return 1 return 1
} }

View File

@ -32,7 +32,8 @@ dns_cf_add() {
else else
_saveaccountconf_mutable CF_Token "$CF_Token" _saveaccountconf_mutable CF_Token "$CF_Token"
_saveaccountconf_mutable CF_Account_ID "$CF_Account_ID" _saveaccountconf_mutable CF_Account_ID "$CF_Account_ID"
_saveaccountconf_mutable CF_Zone_ID "$CF_Zone_ID" _clearaccountconf_mutable CF_Zone_ID
_clearaccountconf CF_Zone_ID
fi fi
else else
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
@ -51,6 +52,14 @@ dns_cf_add() {
#save the api key and email to the account conf file. #save the api key and email to the account conf file.
_saveaccountconf_mutable CF_Key "$CF_Key" _saveaccountconf_mutable CF_Key "$CF_Key"
_saveaccountconf_mutable CF_Email "$CF_Email" _saveaccountconf_mutable CF_Email "$CF_Email"
_clearaccountconf_mutable CF_Token
_clearaccountconf_mutable CF_Account_ID
_clearaccountconf_mutable CF_Zone_ID
_clearaccountconf CF_Token
_clearaccountconf CF_Account_ID
_clearaccountconf CF_Zone_ID
fi fi
_debug "First detect the root zone" _debug "First detect the root zone"

View File

@ -44,7 +44,7 @@ dns_cyon_rm() {
_cyon_load_credentials() { _cyon_load_credentials() {
# Convert loaded password to/from base64 as needed. # Convert loaded password to/from base64 as needed.
if [ "${CY_Password_B64}" ]; then if [ "${CY_Password_B64}" ]; then
CY_Password="$(printf "%s" "${CY_Password_B64}" | _dbase64 "multiline")" CY_Password="$(printf "%s" "${CY_Password_B64}" | _dbase64)"
elif [ "${CY_Password}" ]; then elif [ "${CY_Password}" ]; then
CY_Password_B64="$(printf "%s" "${CY_Password}" | _base64)" CY_Password_B64="$(printf "%s" "${CY_Password}" | _base64)"
fi fi

View File

@ -98,7 +98,7 @@ _dns_gcloud_remove_rrs() {
--ttl="$ttl" \ --ttl="$ttl" \
--type=TXT \ --type=TXT \
--zone="$managedZone" \ --zone="$managedZone" \
--transaction-file="$tr"; then --transaction-file="$tr" --; then
_debug tr "$(cat "$tr")" _debug tr "$(cat "$tr")"
rm -r "$trd" rm -r "$trd"
_err "_dns_gcloud_remove_rrs: failed to remove RRs" _err "_dns_gcloud_remove_rrs: failed to remove RRs"
@ -113,7 +113,7 @@ _dns_gcloud_add_rrs() {
--ttl="$ttl" \ --ttl="$ttl" \
--type=TXT \ --type=TXT \
--zone="$managedZone" \ --zone="$managedZone" \
--transaction-file="$tr"; then --transaction-file="$tr" --; then
_debug tr "$(cat "$tr")" _debug tr "$(cat "$tr")"
rm -r "$trd" rm -r "$trd"
_err "_dns_gcloud_add_rrs: failed to add RRs" _err "_dns_gcloud_add_rrs: failed to add RRs"

View File

@ -259,7 +259,7 @@ _set_namecheap_TXT() {
_debug hosts "$hosts" _debug hosts "$hosts"
if [ -z "$hosts" ]; then if [ -z "$hosts" ]; then
_error "Hosts not found" _err "Hosts not found"
return 1 return 1
fi fi
@ -313,7 +313,7 @@ _del_namecheap_TXT() {
_debug hosts "$hosts" _debug hosts "$hosts"
if [ -z "$hosts" ]; then if [ -z "$hosts" ]; then
_error "Hosts not found" _err "Hosts not found"
return 1 return 1
fi fi

View File

@ -5,7 +5,8 @@
# #
# ULTRA_PWD="some_password_goes_here" # ULTRA_PWD="some_password_goes_here"
ULTRA_API="https://restapi.ultradns.com/v2/" ULTRA_API="https://api.ultradns.com/v3/"
ULTRA_AUTH_API="https://api.ultradns.com/v2/"
#Usage: add _acme-challenge.www.domain.com "some_long_string_of_characters_go_here_from_lets_encrypt" #Usage: add _acme-challenge.www.domain.com "some_long_string_of_characters_go_here_from_lets_encrypt"
dns_ultra_add() { dns_ultra_add() {
@ -121,7 +122,7 @@ _get_root() {
return 1 return 1
fi fi
if _contains "${response}" "${h}." >/dev/null; then if _contains "${response}" "${h}." >/dev/null; then
_domain_id=$(echo "$response" | _egrep_o "${h}") _domain_id=$(echo "$response" | _egrep_o "${h}" | head -1)
if [ "$_domain_id" ]; then if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain="${h}" _domain="${h}"
@ -142,23 +143,25 @@ _ultra_rest() {
ep="$2" ep="$2"
data="$3" data="$3"
_debug "$ep" _debug "$ep"
_debug TOKEN "${AUTH_TOKEN}" if [ -z "$AUTH_TOKEN" ]; then
_ultra_login
fi
_debug TOKEN "$AUTH_TOKEN"
_ultra_login
export _H1="Content-Type: application/json" export _H1="Content-Type: application/json"
export _H2="Authorization: Bearer ${AUTH_TOKEN}" export _H2="Authorization: Bearer $AUTH_TOKEN"
if [ "$m" != "GET" ]; then if [ "$m" != "GET" ]; then
_debug data "${data}" _debug data "$data"
response="$(_post "${data}" "${ULTRA_API}"/"${ep}" "" "${m}")" response="$(_post "$data" "$ULTRA_API$ep" "" "$m")"
else else
response="$(_get "$ULTRA_API/$ep")" response="$(_get "$ULTRA_API$ep")"
fi fi
} }
_ultra_login() { _ultra_login() {
export _H1="" export _H1=""
export _H2="" export _H2=""
AUTH_TOKEN=$(_post "grant_type=password&username=${ULTRA_USR}&password=${ULTRA_PWD}" "${ULTRA_API}authorization/token" | cut -d, -f3 | cut -d\" -f4) AUTH_TOKEN=$(_post "grant_type=password&username=${ULTRA_USR}&password=${ULTRA_PWD}" "${ULTRA_AUTH_API}authorization/token" | cut -d, -f3 | cut -d\" -f4)
export AUTH_TOKEN export AUTH_TOKEN
} }