Native PointHQ support

2024-11-08 15:31:45 +00:00 · 2019-01-08 15:49:09 +11:00 · 2019-01-08 15:49:09 +11:00 · 72ce37704b
commit 72ce37704b
parent 4420d073bb
2 changed files with 180 additions and 3 deletions
--- a/dnsapi/README.md
+++ b/dnsapi/README.md
@ -1,12 +1,12 @@
 # How to use DNS API

-If your dns provider doesn't provide api access, you can use our dns alias mode: 
+If your dns provider doesn't provide api access, you can use our dns alias mode:

 https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode

 ## 1. Use CloudFlare domain API to automatically issue cert

-First you need to login to your CloudFlare account to get your [API key](https://dash.cloudflare.com/profile). 
+First you need to login to your CloudFlare account to get your [API key](https://dash.cloudflare.com/profile).

 ```
 export CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
@ -891,7 +891,7 @@ acme.sh --issue --dns dns_loopia -d example.com -d *.example.com
 The username and password will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
 ## 45. Use ACME DNS API

-ACME DNS is a limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely. 
+ACME DNS is a limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
 https://github.com/joohoi/acme-dns

 ```
@ -1056,6 +1056,7 @@ Now you can issue a certificate.
 acme.sh --issue --dns dns_namecheap -d example.com -d *.example.com
 ```

+<<<<<<< HEAD
 ## 54. Use MyDNS.JP API

 First, register to MyDNS.JP and get MasterID and Password.
@ -1127,6 +1128,18 @@ acme.sh --issue --dns dns_exoscale -d example.com -d www.example.com

 The `EXOSCALE_API_KEY` and `EXOSCALE_SECRET_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.

+## 58. Using PointHQ API to issue certs
+
+Log into [PointHQ account management](https://app.pointhq.com/profile) and copy the API key from the page there.
+
+```export PointHQ_Key="apikeystringgoeshere"
+exportPointHQ_Email="accountemail@yourdomain.com"
+```
+
+You can then issue certs by using:
+```acme.sh --issue --dns dns_pointhq -d example.com -d www.example.com
+```
+
 # Use custom API

 If your API is not supported yet, you can write your own DNS API.
--- a/dnsapi/dns_pointhq.sh
+++ b/dnsapi/dns_pointhq.sh
@ -0,0 +1,164 @@
+#!/usr/bin/env sh
+
+#
+#PointHQ_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
+#
+#PointHQ_Email="xxxx@sss.com"
+
+PointHQ_Api="https://api.pointhq.com"
+
+########  Public functions #####################
+
+#Usage: add  _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_pointhq_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  PointHQ_Key="${PointHQ_Key:-$(_readaccountconf_mutable PointHQ_Key)}"
+  PointHQ_Email="${PointHQ_Email:-$(_readaccountconf_mutable PointHQ_Email)}"
+  if [ -z "$PointHQ_Key" ] || [ -z "$PointHQ_Email" ]; then
+    PointHQ_Key=""
+    PointHQ_Email=""
+    _err "You didn't specify a PointHQ API key and email yet."
+    _err "Please create the key and try again."
+    return 1
+  fi
+
+  if ! _contains "$PointHQ_Email" "@"; then
+    _err "It seems that the PointHQ_Email=$PointHQ_Email is not a valid email address."
+    _err "Please check and retry."
+    return 1
+  fi
+
+  #save the api key and email to the account conf file.
+  _saveaccountconf_mutable PointHQ_Key "$PointHQ_Key"
+  _saveaccountconf_mutable PointHQ_Email "$PointHQ_Email"
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _info "Adding record"
+  if _pointhq_rest POST "zones/$_domain/records" "{\"zone_record\": {\"name\":\"$_sub_domain\",\"record_type\":\"TXT\",\"data\":\"$txtvalue\",\"ttl\":3600}}"; then
+    if printf -- "%s" "$response" | grep "$fulldomain" >/dev/null; then
+      _info "Added, OK"
+      return 0
+    else
+      _err "Add txt record error."
+      return 1
+    fi
+  fi
+  _err "Add txt record error."
+  return 1
+}
+
+#fulldomain txtvalue
+dns_pointhq_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  PointHQ_Key="${PointHQ_Key:-$(_readaccountconf_mutable PointHQ_Key)}"
+  PointHQ_Email="${PointHQ_Email:-$(_readaccountconf_mutable PointHQ_Email)}"
+  if [ -z "$PointHQ_Key" ] || [ -z "$PointHQ_Email" ]; then
+    PointHQ_Key=""
+    PointHQ_Email=""
+    _err "You didn't specify a PointHQ API key and email yet."
+    _err "Please create the key and try again."
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "invalid domain"
+    return 1
+  fi
+  _debug _sub_domain "$_sub_domain"
+  _debug _domain "$_domain"
+
+  _debug "Getting txt records"
+  _pointhq_rest GET "zones/${_domain}/records?record_type=TXT&name=$_sub_domain"
+
+  if ! printf "%s" "$response" | grep "^\[" >/dev/null; then
+    _err "Error"
+    return 1
+  fi
+
+  if [ "$response" = "[]" ]; then
+    _info "No records to remove."
+  else
+    record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*" | cut -d : -f 2 | tr -d \" | head -n 1)
+    _debug "record_id" "$record_id"
+    if [ -z "$record_id" ]; then
+      _err "Can not get record id to remove."
+      return 1
+    fi
+    if ! _pointhq_rest DELETE "zones/$_domain/records/$record_id"; then
+      _err "Delete record error."
+      return 1
+    fi
+    _contains "$response" '"status":"OK"'
+  fi
+}
+
+####################  Private functions below ##################################
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+_get_root() {
+  domain=$1
+  i=2
+  p=1
+  while true; do
+    h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+    _debug h "$h"
+    if [ -z "$h" ]; then
+      #not valid
+      return 1
+    fi
+
+    if ! _pointhq_rest GET "zones"; then
+      return 1
+    fi
+
+    if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
+      _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+      _domain=$h
+      return 0
+    fi
+    p=$i
+    i=$(_math "$i" + 1)
+  done
+  return 1
+}
+
+_pointhq_rest() {
+  m=$1
+  ep="$2"
+  data="$3"
+  _debug "$ep"
+
+  _pointhq_auth=$(printf "%s:%s" "$PointHQ_Email" "$PointHQ_Key" | _base64)
+
+  export _H1="Authorization: Basic $_pointhq_auth"
+  export _H2="Content-Type: application/json"
+  export _H3="Accept: application/json"
+
+  if [ "$m" != "GET" ]; then
+    _debug data "$data"
+    response="$(_post "$data" "$PointHQ_Api/$ep" "" "$m")"
+  else
+    response="$(_get "$PointHQ_Api/$ep")"
+  fi
+
+  if [ "$?" != "0" ]; then
+    _err "error $ep"
+    return 1
+  fi
+  _debug2 response "$response"
+  return 0
+}