mirror of
https://github.com/plantroon/acme.sh.git
synced 2025-01-13 15:40:57 +00:00
Revert "Syncing with the original repo (#2)"
This reverts commit c384ed960c138f4449e79293644c4d0ec937cef1.
This commit is contained in:
parent
c384ed960c
commit
8de3698b23
4
.github/workflows/DNS.yml
vendored
4
.github/workflows/DNS.yml
vendored
@ -184,7 +184,7 @@ jobs:
|
|||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- uses: vmactions/freebsd-vm@v0.1.2
|
- uses: vmactions/freebsd-vm@v0.0.7
|
||||||
with:
|
with:
|
||||||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
||||||
prepare: pkg install -y socat curl
|
prepare: pkg install -y socat curl
|
||||||
@ -223,7 +223,7 @@ jobs:
|
|||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- uses: vmactions/solaris-vm@v0.0.3
|
- uses: vmactions/solaris-vm@v0.0.1
|
||||||
with:
|
with:
|
||||||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
||||||
prepare: pkgutil -y -i socat curl
|
prepare: pkgutil -y -i socat curl
|
||||||
|
4
.github/workflows/LetsEncrypt.yml
vendored
4
.github/workflows/LetsEncrypt.yml
vendored
@ -111,7 +111,7 @@ jobs:
|
|||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- uses: vmactions/freebsd-vm@v0.1.2
|
- uses: vmactions/freebsd-vm@v0.0.7
|
||||||
with:
|
with:
|
||||||
envs: 'NGROK_TOKEN TEST_LOCAL'
|
envs: 'NGROK_TOKEN TEST_LOCAL'
|
||||||
prepare: pkg install -y socat curl
|
prepare: pkg install -y socat curl
|
||||||
@ -136,7 +136,7 @@ jobs:
|
|||||||
run: echo "TestingDomain=${{steps.ngrok.outputs.server}}" >> $GITHUB_ENV
|
run: echo "TestingDomain=${{steps.ngrok.outputs.server}}" >> $GITHUB_ENV
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- uses: vmactions/solaris-vm@v0.0.3
|
- uses: vmactions/solaris-vm@v0.0.1
|
||||||
with:
|
with:
|
||||||
envs: 'TEST_LOCAL TestingDomain'
|
envs: 'TEST_LOCAL TestingDomain'
|
||||||
nat: |
|
nat: |
|
||||||
|
98
acme.sh
98
acme.sh
@ -562,16 +562,8 @@ if _exists xargs && [ "$(printf %s '\\x41' | xargs printf)" = 'A' ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
_h2b() {
|
_h2b() {
|
||||||
if _exists xxd; then
|
if _exists xxd && xxd -r -p 2>/dev/null; then
|
||||||
if _contains "$(xxd --help 2>&1)" "assumes -c30"; then
|
return
|
||||||
if xxd -r -p -c 9999 2>/dev/null; then
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
if xxd -r -p 2>/dev/null; then
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
hex=$(cat)
|
hex=$(cat)
|
||||||
@ -1132,7 +1124,7 @@ _createkey() {
|
|||||||
|
|
||||||
if _isEccKey "$length"; then
|
if _isEccKey "$length"; then
|
||||||
_debug "Using ec name: $eccname"
|
_debug "Using ec name: $eccname"
|
||||||
if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -noout -genkey 2>/dev/null)"; then
|
if _opkey="$(${ACME_OPENSSL_BIN:-openssl} ecparam -name "$eccname" -genkey 2>/dev/null)"; then
|
||||||
echo "$_opkey" >"$f"
|
echo "$_opkey" >"$f"
|
||||||
else
|
else
|
||||||
_err "error ecc key name: $eccname"
|
_err "error ecc key name: $eccname"
|
||||||
@ -1140,11 +1132,7 @@ _createkey() {
|
|||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
_debug "Using RSA: $length"
|
_debug "Using RSA: $length"
|
||||||
__traditional=""
|
if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa "$length" 2>/dev/null)"; then
|
||||||
if _contains "$(${ACME_OPENSSL_BIN:-openssl} help genrsa 2>&1)" "-traditional"; then
|
|
||||||
__traditional="-traditional"
|
|
||||||
fi
|
|
||||||
if _opkey="$(${ACME_OPENSSL_BIN:-openssl} genrsa $__traditional "$length" 2>/dev/null)"; then
|
|
||||||
echo "$_opkey" >"$f"
|
echo "$_opkey" >"$f"
|
||||||
else
|
else
|
||||||
_err "error rsa key: $length"
|
_err "error rsa key: $length"
|
||||||
@ -2133,12 +2121,6 @@ _send_signed_request() {
|
|||||||
_sleep $_sleep_retry_sec
|
_sleep $_sleep_retry_sec
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
if _contains "$_body" "The Replay Nonce is not recognized"; then
|
|
||||||
_info "The replay Nonce is not valid, let's get a new one, Sleeping $_sleep_retry_sec seconds."
|
|
||||||
_CACHED_NONCE=""
|
|
||||||
_sleep $_sleep_retry_sec
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
done
|
done
|
||||||
@ -2297,13 +2279,6 @@ _clearaccountconf() {
|
|||||||
_clear_conf "$ACCOUNT_CONF_PATH" "$1"
|
_clear_conf "$ACCOUNT_CONF_PATH" "$1"
|
||||||
}
|
}
|
||||||
|
|
||||||
#key
|
|
||||||
_clearaccountconf_mutable() {
|
|
||||||
_clearaccountconf "SAVED_$1"
|
|
||||||
#remove later
|
|
||||||
_clearaccountconf "$1"
|
|
||||||
}
|
|
||||||
|
|
||||||
#_savecaconf key value
|
#_savecaconf key value
|
||||||
_savecaconf() {
|
_savecaconf() {
|
||||||
_save_conf "$CA_CONF" "$1" "$2"
|
_save_conf "$CA_CONF" "$1" "$2"
|
||||||
@ -4034,42 +4009,12 @@ _check_dns_entries() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#file
|
#file
|
||||||
_get_chain_issuers() {
|
_get_cert_issuers() {
|
||||||
_cfile="$1"
|
_cfile="$1"
|
||||||
if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -help 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then
|
if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then
|
||||||
${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep -i 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
|
${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
|
||||||
else
|
else
|
||||||
_cindex=1
|
${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
|
||||||
for _startn in $(grep -n -- "$BEGIN_CERT" "$_cfile" | cut -d : -f 1); do
|
|
||||||
_endn="$(grep -n -- "$END_CERT" "$_cfile" | cut -d : -f 1 | _head_n $_cindex | _tail_n 1)"
|
|
||||||
_debug2 "_startn" "$_startn"
|
|
||||||
_debug2 "_endn" "$_endn"
|
|
||||||
if [ "$DEBUG" ]; then
|
|
||||||
_debug2 "cert$_cindex" "$(sed -n "$_startn,${_endn}p" "$_cfile")"
|
|
||||||
fi
|
|
||||||
sed -n "$_startn,${_endn}p" "$_cfile" | ${ACME_OPENSSL_BIN:-openssl} x509 -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 | sed "s/ *\(.*\)/\1/"
|
|
||||||
_cindex=$(_math $_cindex + 1)
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
|
||||||
_get_chain_subjects() {
|
|
||||||
_cfile="$1"
|
|
||||||
if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -help 2>&1)" "Usage: crl2pkcs7" || _contains "$(${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 help 2>&1)" "unknown option help"; then
|
|
||||||
${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep -i 'Subject:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
|
|
||||||
else
|
|
||||||
_cindex=1
|
|
||||||
for _startn in $(grep -n -- "$BEGIN_CERT" "$_cfile" | cut -d : -f 1); do
|
|
||||||
_endn="$(grep -n -- "$END_CERT" "$_cfile" | cut -d : -f 1 | _head_n $_cindex | _tail_n 1)"
|
|
||||||
_debug2 "_startn" "$_startn"
|
|
||||||
_debug2 "_endn" "$_endn"
|
|
||||||
if [ "$DEBUG" ]; then
|
|
||||||
_debug2 "cert$_cindex" "$(sed -n "$_startn,${_endn}p" "$_cfile")"
|
|
||||||
fi
|
|
||||||
sed -n "$_startn,${_endn}p" "$_cfile" | ${ACME_OPENSSL_BIN:-openssl} x509 -text -noout | grep -i 'Subject:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 | sed "s/ *\(.*\)/\1/"
|
|
||||||
_cindex=$(_math $_cindex + 1)
|
|
||||||
done
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -4077,12 +4022,14 @@ _get_chain_subjects() {
|
|||||||
_match_issuer() {
|
_match_issuer() {
|
||||||
_cfile="$1"
|
_cfile="$1"
|
||||||
_missuer="$2"
|
_missuer="$2"
|
||||||
_fissuers="$(_get_chain_issuers $_cfile)"
|
_fissuers="$(_get_cert_issuers $_cfile)"
|
||||||
_debug2 _fissuers "$_fissuers"
|
_debug2 _fissuers "$_fissuers"
|
||||||
_rootissuer="$(echo "$_fissuers" | _lower_case | _tail_n 1)"
|
if _contains "$_fissuers" "$_missuer"; then
|
||||||
_debug2 _rootissuer "$_rootissuer"
|
return 0
|
||||||
|
fi
|
||||||
|
_fissuers="$(echo "$_fissuers" | _lower_case)"
|
||||||
_missuer="$(echo "$_missuer" | _lower_case)"
|
_missuer="$(echo "$_missuer" | _lower_case)"
|
||||||
_contains "$_rootissuer" "$_missuer"
|
_contains "$_fissuers" "$_missuer"
|
||||||
}
|
}
|
||||||
|
|
||||||
#webroot, domain domainlist keylength
|
#webroot, domain domainlist keylength
|
||||||
@ -4856,9 +4803,6 @@ $_authorizations_map"
|
|||||||
_split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH"
|
_split_cert_chain "$CERT_PATH" "$CERT_FULLCHAIN_PATH" "$CA_CERT_PATH"
|
||||||
|
|
||||||
if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then
|
if [ "$_preferred_chain" ] && [ -f "$CERT_FULLCHAIN_PATH" ]; then
|
||||||
if [ "$DEBUG" ]; then
|
|
||||||
_debug "default chain issuers: " "$(_get_chain_issuers "$CERT_FULLCHAIN_PATH")"
|
|
||||||
fi
|
|
||||||
if ! _match_issuer "$CERT_FULLCHAIN_PATH" "$_preferred_chain"; then
|
if ! _match_issuer "$CERT_FULLCHAIN_PATH" "$_preferred_chain"; then
|
||||||
rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)"
|
rels="$(echo "$responseHeaders" | tr -d ' <>' | grep -i "^link:" | grep -i 'rel="alternate"' | cut -d : -f 2- | cut -d ';' -f 1)"
|
||||||
_debug2 "rels" "$rels"
|
_debug2 "rels" "$rels"
|
||||||
@ -4874,22 +4818,13 @@ $_authorizations_map"
|
|||||||
_relca="$CA_CERT_PATH.alt"
|
_relca="$CA_CERT_PATH.alt"
|
||||||
echo "$response" >"$_relcert"
|
echo "$response" >"$_relcert"
|
||||||
_split_cert_chain "$_relcert" "$_relfullchain" "$_relca"
|
_split_cert_chain "$_relcert" "$_relfullchain" "$_relca"
|
||||||
if [ "$DEBUG" ]; then
|
|
||||||
_debug "rel chain issuers: " "$(_get_chain_issuers "$_relfullchain")"
|
|
||||||
fi
|
|
||||||
if _match_issuer "$_relfullchain" "$_preferred_chain"; then
|
if _match_issuer "$_relfullchain" "$_preferred_chain"; then
|
||||||
_info "Matched issuer in: $rel"
|
_info "Matched issuer in: $rel"
|
||||||
cat $_relcert >"$CERT_PATH"
|
cat $_relcert >"$CERT_PATH"
|
||||||
cat $_relfullchain >"$CERT_FULLCHAIN_PATH"
|
cat $_relfullchain >"$CERT_FULLCHAIN_PATH"
|
||||||
cat $_relca >"$CA_CERT_PATH"
|
cat $_relca >"$CA_CERT_PATH"
|
||||||
rm -f "$_relcert"
|
|
||||||
rm -f "$_relfullchain"
|
|
||||||
rm -f "$_relca"
|
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
rm -f "$_relcert"
|
|
||||||
rm -f "$_relfullchain"
|
|
||||||
rm -f "$_relca"
|
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -5287,7 +5222,6 @@ signcsr() {
|
|||||||
_renew_hook="${10}"
|
_renew_hook="${10}"
|
||||||
_local_addr="${11}"
|
_local_addr="${11}"
|
||||||
_challenge_alias="${12}"
|
_challenge_alias="${12}"
|
||||||
_preferred_chain="${13}"
|
|
||||||
|
|
||||||
_csrsubj=$(_readSubjectFromCSR "$_csrfile")
|
_csrsubj=$(_readSubjectFromCSR "$_csrfile")
|
||||||
if [ "$?" != "0" ]; then
|
if [ "$?" != "0" ]; then
|
||||||
@ -5334,7 +5268,7 @@ signcsr() {
|
|||||||
_info "Copy csr to: $CSR_PATH"
|
_info "Copy csr to: $CSR_PATH"
|
||||||
cp "$_csrfile" "$CSR_PATH"
|
cp "$_csrfile" "$CSR_PATH"
|
||||||
|
|
||||||
issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias" "$_preferred_chain"
|
issue "$_csrW" "$_csrsubj" "$_csrdomainlist" "$_csrkeylength" "$_real_cert" "$_real_key" "$_real_ca" "$_reload_cmd" "$_real_fullchain" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_addr" "$_challenge_alias"
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -7431,7 +7365,7 @@ _process() {
|
|||||||
deploy "$_domain" "$_deploy_hook" "$_ecc"
|
deploy "$_domain" "$_deploy_hook" "$_ecc"
|
||||||
;;
|
;;
|
||||||
signcsr)
|
signcsr)
|
||||||
signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias" "$_preferred_chain"
|
signcsr "$_csr" "$_webroot" "$_cert_file" "$_key_file" "$_ca_file" "$_reloadcmd" "$_fullchain_file" "$_pre_hook" "$_post_hook" "$_renew_hook" "$_local_address" "$_challenge_alias"
|
||||||
;;
|
;;
|
||||||
showcsr)
|
showcsr)
|
||||||
showcsr "$_csr" "$_domain"
|
showcsr "$_csr" "$_domain"
|
||||||
|
220
deploy/unifi.sh
220
deploy/unifi.sh
@ -1,43 +1,12 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
# Here is a script to deploy cert on a Unifi Controller or Cloud Key device.
|
#Here is a script to deploy cert to unifi server.
|
||||||
# It supports:
|
|
||||||
# - self-hosted Unifi Controller
|
|
||||||
# - Unifi Cloud Key (Gen1/2/2+)
|
|
||||||
# - Unifi Cloud Key running UnifiOS (v2.0.0+, Gen2/2+ only)
|
|
||||||
# Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3359
|
|
||||||
|
|
||||||
#returns 0 means success, otherwise error.
|
#returns 0 means success, otherwise error.
|
||||||
|
|
||||||
# The deploy-hook automatically detects standard Unifi installations
|
|
||||||
# for each of the supported environments. Most users should not need
|
|
||||||
# to set any of these variables, but if you are running a self-hosted
|
|
||||||
# Controller with custom locations, set these as necessary before running
|
|
||||||
# the deploy hook. (Defaults shown below.)
|
|
||||||
#
|
|
||||||
# Settings for Unifi Controller:
|
|
||||||
# Location of Java keystore or unifi.keystore.jks file:
|
|
||||||
#DEPLOY_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore"
|
#DEPLOY_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore"
|
||||||
# Keystore password (built into Unifi Controller, not a user-set password):
|
|
||||||
#DEPLOY_UNIFI_KEYPASS="aircontrolenterprise"
|
#DEPLOY_UNIFI_KEYPASS="aircontrolenterprise"
|
||||||
# Command to restart Unifi Controller:
|
|
||||||
#DEPLOY_UNIFI_RELOAD="service unifi restart"
|
#DEPLOY_UNIFI_RELOAD="service unifi restart"
|
||||||
#
|
|
||||||
# Settings for Unifi Cloud Key Gen1 (nginx admin pages):
|
|
||||||
# Directory where cloudkey.crt and cloudkey.key live:
|
|
||||||
#DEPLOY_UNIFI_CLOUDKEY_CERTDIR="/etc/ssl/private"
|
|
||||||
# Command to restart maintenance pages and Controller
|
|
||||||
# (same setting as above, default is updated when running on Cloud Key Gen1):
|
|
||||||
#DEPLOY_UNIFI_RELOAD="service nginx restart && service unifi restart"
|
|
||||||
#
|
|
||||||
# Settings for UnifiOS (Cloud Key Gen2):
|
|
||||||
# Directory where unifi-core.crt and unifi-core.key live:
|
|
||||||
#DEPLOY_UNIFI_CORE_CONFIG="/data/unifi-core/config/"
|
|
||||||
# Command to restart unifi-core:
|
|
||||||
#DEPLOY_UNIFI_RELOAD="systemctl restart unifi-core"
|
|
||||||
#
|
|
||||||
# At least one of DEPLOY_UNIFI_KEYSTORE, DEPLOY_UNIFI_CLOUDKEY_CERTDIR,
|
|
||||||
# or DEPLOY_UNIFI_CORE_CONFIG must exist to receive the deployed certs.
|
|
||||||
|
|
||||||
######## Public functions #####################
|
######## Public functions #####################
|
||||||
|
|
||||||
@ -55,160 +24,77 @@ unifi_deploy() {
|
|||||||
_debug _cca "$_cca"
|
_debug _cca "$_cca"
|
||||||
_debug _cfullchain "$_cfullchain"
|
_debug _cfullchain "$_cfullchain"
|
||||||
|
|
||||||
_getdeployconf DEPLOY_UNIFI_KEYSTORE
|
if ! _exists keytool; then
|
||||||
_getdeployconf DEPLOY_UNIFI_KEYPASS
|
_err "keytool not found"
|
||||||
_getdeployconf DEPLOY_UNIFI_CLOUDKEY_CERTDIR
|
return 1
|
||||||
_getdeployconf DEPLOY_UNIFI_CORE_CONFIG
|
fi
|
||||||
_getdeployconf DEPLOY_UNIFI_RELOAD
|
|
||||||
|
|
||||||
_debug2 DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE"
|
DEFAULT_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore"
|
||||||
_debug2 DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS"
|
_unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-$DEFAULT_UNIFI_KEYSTORE}"
|
||||||
_debug2 DEPLOY_UNIFI_CLOUDKEY_CERTDIR "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR"
|
DEFAULT_UNIFI_KEYPASS="aircontrolenterprise"
|
||||||
_debug2 DEPLOY_UNIFI_CORE_CONFIG "$DEPLOY_UNIFI_CORE_CONFIG"
|
_unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-$DEFAULT_UNIFI_KEYPASS}"
|
||||||
_debug2 DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD"
|
DEFAULT_UNIFI_RELOAD="service unifi restart"
|
||||||
|
_reload="${DEPLOY_UNIFI_RELOAD:-$DEFAULT_UNIFI_RELOAD}"
|
||||||
|
|
||||||
# Space-separated list of environments detected and installed:
|
_debug _unifi_keystore "$_unifi_keystore"
|
||||||
_services_updated=""
|
if [ ! -f "$_unifi_keystore" ]; then
|
||||||
|
if [ -z "$DEPLOY_UNIFI_KEYSTORE" ]; then
|
||||||
# Default reload commands accumulated as we auto-detect environments:
|
_err "unifi keystore is not found, please define DEPLOY_UNIFI_KEYSTORE"
|
||||||
_reload_cmd=""
|
|
||||||
|
|
||||||
# Unifi Controller environment (self hosted or any Cloud Key) --
|
|
||||||
# auto-detect by file /usr/lib/unifi/data/keystore:
|
|
||||||
_unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-/usr/lib/unifi/data/keystore}"
|
|
||||||
if [ -f "$_unifi_keystore" ]; then
|
|
||||||
_info "Installing certificate for Unifi Controller (Java keystore)"
|
|
||||||
_debug _unifi_keystore "$_unifi_keystore"
|
|
||||||
if ! _exists keytool; then
|
|
||||||
_err "keytool not found"
|
|
||||||
return 1
|
return 1
|
||||||
fi
|
|
||||||
if [ ! -w "$_unifi_keystore" ]; then
|
|
||||||
_err "The file $_unifi_keystore is not writable, please change the permission."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
_unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-aircontrolenterprise}"
|
|
||||||
|
|
||||||
_debug "Generate import pkcs12"
|
|
||||||
_import_pkcs12="$(_mktemp)"
|
|
||||||
_toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root
|
|
||||||
# shellcheck disable=SC2181
|
|
||||||
if [ "$?" != "0" ]; then
|
|
||||||
_err "Error generating pkcs12. Please re-run with --debug and report a bug."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
_debug "Import into keystore: $_unifi_keystore"
|
|
||||||
if keytool -importkeystore \
|
|
||||||
-deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \
|
|
||||||
-srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \
|
|
||||||
-alias unifi -noprompt; then
|
|
||||||
_debug "Import keystore success!"
|
|
||||||
rm "$_import_pkcs12"
|
|
||||||
else
|
else
|
||||||
_err "Error importing into Unifi Java keystore."
|
_err "It seems that the specified unifi keystore is not valid, please check."
|
||||||
_err "Please re-run with --debug and report a bug."
|
|
||||||
rm "$_import_pkcs12"
|
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
if systemctl -q is-active unifi; then
|
if [ ! -w "$_unifi_keystore" ]; then
|
||||||
_reload_cmd="${_reload_cmd:+$_reload_cmd && }service unifi restart"
|
_err "The file $_unifi_keystore is not writable, please change the permission."
|
||||||
fi
|
|
||||||
_services_updated="${_services_updated} unifi"
|
|
||||||
_info "Install Unifi Controller certificate success!"
|
|
||||||
elif [ "$DEPLOY_UNIFI_KEYSTORE" ]; then
|
|
||||||
_err "The specified DEPLOY_UNIFI_KEYSTORE='$DEPLOY_UNIFI_KEYSTORE' is not valid, please check."
|
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Cloud Key environment (non-UnifiOS -- nginx serves admin pages) --
|
_info "Generate import pkcs12"
|
||||||
# auto-detect by file /etc/ssl/private/cloudkey.key:
|
_import_pkcs12="$(_mktemp)"
|
||||||
_cloudkey_certdir="${DEPLOY_UNIFI_CLOUDKEY_CERTDIR:-/etc/ssl/private}"
|
_toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root
|
||||||
if [ -f "${_cloudkey_certdir}/cloudkey.key" ]; then
|
if [ "$?" != "0" ]; then
|
||||||
_info "Installing certificate for Cloud Key Gen1 (nginx admin pages)"
|
_err "Oops, error creating import pkcs12, please report bug to us."
|
||||||
_debug _cloudkey_certdir "$_cloudkey_certdir"
|
|
||||||
if [ ! -w "$_cloudkey_certdir" ]; then
|
|
||||||
_err "The directory $_cloudkey_certdir is not writable; please check permissions."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
# Cloud Key expects to load the keystore from /etc/ssl/private/unifi.keystore.jks.
|
|
||||||
# Normally /usr/lib/unifi/data/keystore is a symlink there (so the keystore was
|
|
||||||
# updated above), but if not, we don't know how to handle this installation:
|
|
||||||
if ! cmp -s "$_unifi_keystore" "${_cloudkey_certdir}/unifi.keystore.jks"; then
|
|
||||||
_err "Unsupported Cloud Key configuration: keystore not found at '${_cloudkey_certdir}/unifi.keystore.jks'"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
cat "$_cfullchain" >"${_cloudkey_certdir}/cloudkey.crt"
|
|
||||||
cat "$_ckey" >"${_cloudkey_certdir}/cloudkey.key"
|
|
||||||
(cd "$_cloudkey_certdir" && tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks)
|
|
||||||
|
|
||||||
if systemctl -q is-active nginx; then
|
|
||||||
_reload_cmd="${_reload_cmd:+$_reload_cmd && }service nginx restart"
|
|
||||||
fi
|
|
||||||
_info "Install Cloud Key Gen1 certificate success!"
|
|
||||||
_services_updated="${_services_updated} nginx"
|
|
||||||
elif [ "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" ]; then
|
|
||||||
_err "The specified DEPLOY_UNIFI_CLOUDKEY_CERTDIR='$DEPLOY_UNIFI_CLOUDKEY_CERTDIR' is not valid, please check."
|
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# UnifiOS environment -- auto-detect by /data/unifi-core/config/unifi-core.key:
|
_info "Modify unifi keystore: $_unifi_keystore"
|
||||||
_unifi_core_config="${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}"
|
if keytool -importkeystore \
|
||||||
if [ -f "${_unifi_core_config}/unifi-core.key" ]; then
|
-deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \
|
||||||
_info "Installing certificate for UnifiOS"
|
-srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \
|
||||||
_debug _unifi_core_config "$_unifi_core_config"
|
-alias unifi -noprompt; then
|
||||||
if [ ! -w "$_unifi_core_config" ]; then
|
_info "Import keystore success!"
|
||||||
_err "The directory $_unifi_core_config is not writable; please check permissions."
|
rm "$_import_pkcs12"
|
||||||
return 1
|
else
|
||||||
fi
|
_err "Import unifi keystore error, please report bug to us."
|
||||||
|
rm "$_import_pkcs12"
|
||||||
cat "$_cfullchain" >"${_unifi_core_config}/unifi-core.crt"
|
|
||||||
cat "$_ckey" >"${_unifi_core_config}/unifi-core.key"
|
|
||||||
|
|
||||||
if systemctl -q is-active unifi-core; then
|
|
||||||
_reload_cmd="${_reload_cmd:+$_reload_cmd && }systemctl restart unifi-core"
|
|
||||||
fi
|
|
||||||
_info "Install UnifiOS certificate success!"
|
|
||||||
_services_updated="${_services_updated} unifi-core"
|
|
||||||
elif [ "$DEPLOY_UNIFI_CORE_CONFIG" ]; then
|
|
||||||
_err "The specified DEPLOY_UNIFI_CORE_CONFIG='$DEPLOY_UNIFI_CORE_CONFIG' is not valid, please check."
|
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$_services_updated" ]; then
|
_info "Run reload: $_reload"
|
||||||
# None of the Unifi environments were auto-detected, so no deployment has occurred
|
if eval "$_reload"; then
|
||||||
# (and none of DEPLOY_UNIFI_{KEYSTORE,CLOUDKEY_CERTDIR,CORE_CONFIG} were set).
|
|
||||||
_err "Unable to detect Unifi environment in standard location."
|
|
||||||
_err "(This deploy hook must be run on the Unifi device, not a remote machine.)"
|
|
||||||
_err "For non-standard Unifi installations, set DEPLOY_UNIFI_KEYSTORE,"
|
|
||||||
_err "DEPLOY_UNIFI_CLOUDKEY_CERTDIR, and/or DEPLOY_UNIFI_CORE_CONFIG as appropriate."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
_reload_cmd="${DEPLOY_UNIFI_RELOAD:-$_reload_cmd}"
|
|
||||||
if [ -z "$_reload_cmd" ]; then
|
|
||||||
_err "Certificates were installed for services:${_services_updated},"
|
|
||||||
_err "but none appear to be active. Please set DEPLOY_UNIFI_RELOAD"
|
|
||||||
_err "to a command that will restart the necessary services."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
_info "Reload services (this may take some time): $_reload_cmd"
|
|
||||||
if eval "$_reload_cmd"; then
|
|
||||||
_info "Reload success!"
|
_info "Reload success!"
|
||||||
|
if [ "$DEPLOY_UNIFI_KEYSTORE" ]; then
|
||||||
|
_savedomainconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE"
|
||||||
|
else
|
||||||
|
_cleardomainconf DEPLOY_UNIFI_KEYSTORE
|
||||||
|
fi
|
||||||
|
if [ "$DEPLOY_UNIFI_KEYPASS" ]; then
|
||||||
|
_savedomainconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS"
|
||||||
|
else
|
||||||
|
_cleardomainconf DEPLOY_UNIFI_KEYPASS
|
||||||
|
fi
|
||||||
|
if [ "$DEPLOY_UNIFI_RELOAD" ]; then
|
||||||
|
_savedomainconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD"
|
||||||
|
else
|
||||||
|
_cleardomainconf DEPLOY_UNIFI_RELOAD
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
else
|
else
|
||||||
_err "Reload error"
|
_err "Reload error"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Successful, so save all (non-default) config:
|
|
||||||
_savedeployconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE"
|
|
||||||
_savedeployconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS"
|
|
||||||
_savedeployconf DEPLOY_UNIFI_CLOUDKEY_CERTDIR "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR"
|
|
||||||
_savedeployconf DEPLOY_UNIFI_CORE_CONFIG "$DEPLOY_UNIFI_CORE_CONFIG"
|
|
||||||
_savedeployconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD"
|
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
#Arvan_Token="Apikey xxxx"
|
#Arvan_Token="xxxx"
|
||||||
|
|
||||||
ARVAN_API_URL="https://napi.arvancloud.com/cdn/4.0/domains"
|
ARVAN_API_URL="https://napi.arvancloud.com/cdn/4.0/domains"
|
||||||
#Author: Vahid Fardi
|
|
||||||
|
#Author: Ehsan Aliakbar
|
||||||
#Report Bugs here: https://github.com/Neilpang/acme.sh
|
#Report Bugs here: https://github.com/Neilpang/acme.sh
|
||||||
#
|
#
|
||||||
######## Public functions #####################
|
######## Public functions #####################
|
||||||
@ -37,7 +38,6 @@ dns_arvan_add() {
|
|||||||
_info "Adding record"
|
_info "Adding record"
|
||||||
if _arvan_rest POST "$_domain/dns-records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":{\"text\":\"$txtvalue\"},\"ttl\":120}"; then
|
if _arvan_rest POST "$_domain/dns-records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":{\"text\":\"$txtvalue\"},\"ttl\":120}"; then
|
||||||
if _contains "$response" "$txtvalue"; then
|
if _contains "$response" "$txtvalue"; then
|
||||||
_info "response id is $response"
|
|
||||||
_info "Added, OK"
|
_info "Added, OK"
|
||||||
return 0
|
return 0
|
||||||
elif _contains "$response" "Record Data is Duplicated"; then
|
elif _contains "$response" "Record Data is Duplicated"; then
|
||||||
@ -49,7 +49,7 @@ dns_arvan_add() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
_err "Add txt record error."
|
_err "Add txt record error."
|
||||||
return 0
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
#Usage: fulldomain txtvalue
|
#Usage: fulldomain txtvalue
|
||||||
@ -73,21 +73,33 @@ dns_arvan_rm() {
|
|||||||
_debug _domain "$_domain"
|
_debug _domain "$_domain"
|
||||||
|
|
||||||
_debug "Getting txt records"
|
_debug "Getting txt records"
|
||||||
_arvan_rest GET "${_domain}/dns-records"
|
shorted_txtvalue=$(printf "%s" "$txtvalue" | cut -d "-" -d "_" -f1)
|
||||||
|
_arvan_rest GET "${_domain}/dns-records?search=$shorted_txtvalue"
|
||||||
|
|
||||||
if ! printf "%s" "$response" | grep \"current_page\":1 >/dev/null; then
|
if ! printf "%s" "$response" | grep \"current_page\":1 >/dev/null; then
|
||||||
_err "Error on Arvan Api"
|
_err "Error on Arvan Api"
|
||||||
_err "Please create a github issue with debbug log"
|
_err "Please create a github issue with debbug log"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_record_id=$(echo "$response" | _egrep_o ".\"id\":\"[^\"]*\",\"type\":\"txt\",\"name\":\"_acme-challenge\",\"value\":{\"text\":\"$txtvalue\"}" | cut -d : -f 2 | cut -d , -f 1 | tr -d \")
|
count=$(printf "%s\n" "$response" | _egrep_o "\"total\":[^,]*" | cut -d : -f 2)
|
||||||
if ! _arvan_rest "DELETE" "${_domain}/dns-records/${_record_id}"; then
|
_debug count "$count"
|
||||||
_err "Error on Arvan Api"
|
if [ "$count" = "0" ]; then
|
||||||
return 1
|
_info "Don't need to remove."
|
||||||
|
else
|
||||||
|
record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | head -n 1)
|
||||||
|
_debug "record_id" "$record_id"
|
||||||
|
if [ -z "$record_id" ]; then
|
||||||
|
_err "Can not get record id to remove."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
if ! _arvan_rest "DELETE" "${_domain}/dns-records/$record_id"; then
|
||||||
|
_err "Delete record error."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug "$response"
|
||||||
|
_contains "$response" 'dns record deleted'
|
||||||
fi
|
fi
|
||||||
_debug "$response"
|
|
||||||
_contains "$response" 'dns record deleted'
|
|
||||||
return 0
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#################### Private functions below ##################################
|
#################### Private functions below ##################################
|
||||||
@ -99,7 +111,7 @@ dns_arvan_rm() {
|
|||||||
# _domain_id=sdjkglgdfewsdfg
|
# _domain_id=sdjkglgdfewsdfg
|
||||||
_get_root() {
|
_get_root() {
|
||||||
domain=$1
|
domain=$1
|
||||||
i=2
|
i=1
|
||||||
p=1
|
p=1
|
||||||
while true; do
|
while true; do
|
||||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||||
@ -109,11 +121,12 @@ _get_root() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! _arvan_rest GET "$h"; then
|
if ! _arvan_rest GET "?search=$h"; then
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
if _contains "$response" "\"domain\":\"$h\""; then
|
|
||||||
_domain_id=$(echo "$response" | cut -d : -f 3 | cut -d , -f 1 | tr -d \")
|
if _contains "$response" "\"domain\":\"$h\"" || _contains "$response" '"total":1'; then
|
||||||
|
_domain_id=$(echo "$response" | _egrep_o "\[.\"id\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
|
||||||
if [ "$_domain_id" ]; then
|
if [ "$_domain_id" ]; then
|
||||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||||
_domain=$h
|
_domain=$h
|
||||||
@ -133,6 +146,7 @@ _arvan_rest() {
|
|||||||
data="$3"
|
data="$3"
|
||||||
|
|
||||||
token_trimmed=$(echo "$Arvan_Token" | tr -d '"')
|
token_trimmed=$(echo "$Arvan_Token" | tr -d '"')
|
||||||
|
|
||||||
export _H1="Authorization: $token_trimmed"
|
export _H1="Authorization: $token_trimmed"
|
||||||
|
|
||||||
if [ "$mtd" = "DELETE" ]; then
|
if [ "$mtd" = "DELETE" ]; then
|
||||||
@ -146,5 +160,4 @@ _arvan_rest() {
|
|||||||
else
|
else
|
||||||
response="$(_get "$ARVAN_API_URL/$ep$data")"
|
response="$(_get "$ARVAN_API_URL/$ep$data")"
|
||||||
fi
|
fi
|
||||||
return 0
|
|
||||||
}
|
}
|
||||||
|
@ -89,7 +89,7 @@ add_record() {
|
|||||||
|
|
||||||
_info "Adding record"
|
_info "Adding record"
|
||||||
|
|
||||||
if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=%E9%BB%98%E8%AE%A4"; then
|
if ! _rest POST "Record.Create" "login_token=$DP_Id,$DP_Key&format=json&lang=en&domain_id=$_domain_id&sub_domain=$_sub_domain&record_type=TXT&value=$txtvalue&record_line=默认"; then
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
|
|
||||||
DuckDNS_API="https://www.duckdns.org/update"
|
DuckDNS_API="https://www.duckdns.org/update"
|
||||||
|
|
||||||
######## Public functions ######################
|
######## Public functions #####################
|
||||||
|
|
||||||
#Usage: dns_duckdns_add _acme-challenge.domain.duckdns.org "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
#Usage: dns_duckdns_add _acme-challenge.domain.duckdns.org "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||||
dns_duckdns_add() {
|
dns_duckdns_add() {
|
||||||
@ -112,7 +112,7 @@ _duckdns_rest() {
|
|||||||
param="$2"
|
param="$2"
|
||||||
_debug param "$param"
|
_debug param "$param"
|
||||||
url="$DuckDNS_API?$param"
|
url="$DuckDNS_API?$param"
|
||||||
if [ -n "$DEBUG" ] && [ "$DEBUG" -gt 0 ]; then
|
if [ "$DEBUG" -gt 0 ]; then
|
||||||
url="$url&verbose=true"
|
url="$url&verbose=true"
|
||||||
fi
|
fi
|
||||||
_debug url "$url"
|
_debug url "$url"
|
||||||
@ -121,7 +121,7 @@ _duckdns_rest() {
|
|||||||
if [ "$method" = "GET" ]; then
|
if [ "$method" = "GET" ]; then
|
||||||
response="$(_get "$url")"
|
response="$(_get "$url")"
|
||||||
_debug2 response "$response"
|
_debug2 response "$response"
|
||||||
if [ -n "$DEBUG" ] && [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then
|
if [ "$DEBUG" -gt 0 ] && _contains "$response" "UPDATED" && _contains "$response" "OK"; then
|
||||||
response="OK"
|
response="OK"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
# HUAWEICLOUD_ProjectID
|
# HUAWEICLOUD_ProjectID
|
||||||
|
|
||||||
iam_api="https://iam.myhuaweicloud.com"
|
iam_api="https://iam.myhuaweicloud.com"
|
||||||
dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work
|
dns_api="https://dns.ap-southeast-1.myhuaweicloud.com"
|
||||||
|
|
||||||
######## Public functions #####################
|
######## Public functions #####################
|
||||||
|
|
||||||
@ -29,27 +29,16 @@ dns_huaweicloud_add() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
unset token # Clear token
|
|
||||||
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")"
|
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")"
|
||||||
if [ -z "${token}" ]; then # Check token
|
_debug2 "${token}"
|
||||||
_err "dns_api(dns_huaweicloud): Error getting token."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
_debug "Access token is: ${token}"
|
|
||||||
|
|
||||||
unset zoneid
|
|
||||||
zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
|
zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
|
||||||
if [ -z "${zoneid}" ]; then
|
_debug "${zoneid}"
|
||||||
_err "dns_api(dns_huaweicloud): Error getting zone id."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
_debug "Zone ID is: ${zoneid}"
|
|
||||||
|
|
||||||
_debug "Adding Record"
|
_debug "Adding Record"
|
||||||
_add_record "${token}" "${fulldomain}" "${txtvalue}"
|
_add_record "${token}" "${fulldomain}" "${txtvalue}"
|
||||||
ret="$?"
|
ret="$?"
|
||||||
if [ "${ret}" != "0" ]; then
|
if [ "${ret}" != "0" ]; then
|
||||||
_err "dns_api(dns_huaweicloud): Error adding record."
|
_err "dns_huaweicloud: Error adding record."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -80,21 +69,12 @@ dns_huaweicloud_rm() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
unset token # Clear token
|
|
||||||
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")"
|
token="$(_get_token "${HUAWEICLOUD_Username}" "${HUAWEICLOUD_Password}" "${HUAWEICLOUD_ProjectID}")"
|
||||||
if [ -z "${token}" ]; then # Check token
|
_debug2 "${token}"
|
||||||
_err "dns_api(dns_huaweicloud): Error getting token."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
_debug "Access token is: ${token}"
|
|
||||||
|
|
||||||
unset zoneid
|
|
||||||
zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
|
zoneid="$(_get_zoneid "${token}" "${fulldomain}")"
|
||||||
if [ -z "${zoneid}" ]; then
|
_debug "${zoneid}"
|
||||||
_err "dns_api(dns_huaweicloud): Error getting zone id."
|
record_id="$(_get_recordset_id "${token}" "${fulldomain}" "${zoneid}")"
|
||||||
return 1
|
_debug "Record Set ID is: ${record_id}"
|
||||||
fi
|
|
||||||
_debug "Zone ID is: ${zoneid}"
|
|
||||||
|
|
||||||
# Remove all records
|
# Remove all records
|
||||||
# Therotically HuaweiCloud does not allow more than one record set
|
# Therotically HuaweiCloud does not allow more than one record set
|
||||||
|
@ -24,9 +24,20 @@ dns_ionos_add() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_body="[{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}]"
|
_new_record="{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}"
|
||||||
|
|
||||||
if _ionos_rest POST "$IONOS_ROUTE_ZONES/$_zone_id/records" "$_body" && [ -z "$response" ]; then
|
# As no POST route is supported by the API, check for existing records and include them in the PATCH request in order not delete them.
|
||||||
|
# This is required to support ACME v2 wildcard certificate creation, where two TXT records for the same domain name are created.
|
||||||
|
|
||||||
|
_ionos_get_existing_records "$fulldomain" "$_zone_id"
|
||||||
|
|
||||||
|
if [ "$_existing_records" ]; then
|
||||||
|
_body="[$_new_record,$_existing_records]"
|
||||||
|
else
|
||||||
|
_body="[$_new_record]"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if _ionos_rest PATCH "$IONOS_ROUTE_ZONES/$_zone_id" "$_body" && [ -z "$response" ]; then
|
||||||
_info "TXT record has been created successfully."
|
_info "TXT record has been created successfully."
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
@ -114,6 +125,17 @@ _get_root() {
|
|||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_ionos_get_existing_records() {
|
||||||
|
fulldomain=$1
|
||||||
|
zone_id=$2
|
||||||
|
|
||||||
|
if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then
|
||||||
|
response="$(echo "$response" | tr -d "\n")"
|
||||||
|
|
||||||
|
_existing_records="$(printf "%s\n" "$response" | _egrep_o "\"records\":\[.*\]" | _head_n 1 | cut -d '[' -f 2 | sed 's/]//')"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
_ionos_get_record() {
|
_ionos_get_record() {
|
||||||
fulldomain=$1
|
fulldomain=$1
|
||||||
zone_id=$2
|
zone_id=$2
|
||||||
@ -146,7 +168,7 @@ _ionos_rest() {
|
|||||||
export _H2="Accept: application/json"
|
export _H2="Accept: application/json"
|
||||||
export _H3="Content-Type: application/json"
|
export _H3="Content-Type: application/json"
|
||||||
|
|
||||||
response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")"
|
response="$(_post "$data" "$IONOS_API$route" "" "$method")"
|
||||||
else
|
else
|
||||||
export _H2="Accept: */*"
|
export _H2="Accept: */*"
|
||||||
|
|
||||||
|
@ -208,7 +208,7 @@ _namecheap_parse_host() {
|
|||||||
_hostid=$(echo "$_host" | _egrep_o ' HostId="[^"]*' | cut -d '"' -f 2)
|
_hostid=$(echo "$_host" | _egrep_o ' HostId="[^"]*' | cut -d '"' -f 2)
|
||||||
_hostname=$(echo "$_host" | _egrep_o ' Name="[^"]*' | cut -d '"' -f 2)
|
_hostname=$(echo "$_host" | _egrep_o ' Name="[^"]*' | cut -d '"' -f 2)
|
||||||
_hosttype=$(echo "$_host" | _egrep_o ' Type="[^"]*' | cut -d '"' -f 2)
|
_hosttype=$(echo "$_host" | _egrep_o ' Type="[^"]*' | cut -d '"' -f 2)
|
||||||
_hostaddress=$(echo "$_host" | _egrep_o ' Address="[^"]*' | cut -d '"' -f 2 | _xml_decode)
|
_hostaddress=$(echo "$_host" | _egrep_o ' Address="[^"]*' | cut -d '"' -f 2)
|
||||||
_hostmxpref=$(echo "$_host" | _egrep_o ' MXPref="[^"]*' | cut -d '"' -f 2)
|
_hostmxpref=$(echo "$_host" | _egrep_o ' MXPref="[^"]*' | cut -d '"' -f 2)
|
||||||
_hostttl=$(echo "$_host" | _egrep_o ' TTL="[^"]*' | cut -d '"' -f 2)
|
_hostttl=$(echo "$_host" | _egrep_o ' TTL="[^"]*' | cut -d '"' -f 2)
|
||||||
|
|
||||||
@ -405,7 +405,3 @@ _namecheap_set_tld_sld() {
|
|||||||
done
|
done
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
_xml_decode() {
|
|
||||||
sed 's/"/"/g'
|
|
||||||
}
|
|
||||||
|
@ -175,13 +175,13 @@ _get_root() {
|
|||||||
i=1
|
i=1
|
||||||
|
|
||||||
if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then
|
if _pdns_rest "GET" "/api/v1/servers/$PDNS_ServerId/zones"; then
|
||||||
_zones_response=$(echo "$response" | _normalizeJson)
|
_zones_response="$response"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
while true; do
|
while true; do
|
||||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||||
|
|
||||||
if _contains "$_zones_response" "\"name\":\"$h.\""; then
|
if _contains "$_zones_response" "\"name\": \"$h.\""; then
|
||||||
_domain="$h."
|
_domain="$h."
|
||||||
if [ -z "$h" ]; then
|
if [ -z "$h" ]; then
|
||||||
_domain="=2E"
|
_domain="=2E"
|
||||||
|
@ -1,157 +0,0 @@
|
|||||||
#!/usr/bin/env sh
|
|
||||||
|
|
||||||
#
|
|
||||||
#PORKBUN_API_KEY="pk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
|
|
||||||
#PORKBUN_SECRET_API_KEY="sk1_0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
|
|
||||||
|
|
||||||
PORKBUN_Api="https://porkbun.com/api/json/v3"
|
|
||||||
|
|
||||||
######## Public functions #####################
|
|
||||||
|
|
||||||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
|
||||||
dns_porkbun_add() {
|
|
||||||
fulldomain=$1
|
|
||||||
txtvalue=$2
|
|
||||||
|
|
||||||
PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}"
|
|
||||||
PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}"
|
|
||||||
|
|
||||||
if [ -z "$PORKBUN_API_KEY" ] || [ -z "$PORKBUN_SECRET_API_KEY" ]; then
|
|
||||||
PORKBUN_API_KEY=''
|
|
||||||
PORKBUN_SECRET_API_KEY=''
|
|
||||||
_err "You didn't specify a Porkbun api key and secret api key yet."
|
|
||||||
_err "You can get yours from here https://porkbun.com/account/api."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
#save the credentials to the account conf file.
|
|
||||||
_saveaccountconf_mutable PORKBUN_API_KEY "$PORKBUN_API_KEY"
|
|
||||||
_saveaccountconf_mutable PORKBUN_SECRET_API_KEY "$PORKBUN_SECRET_API_KEY"
|
|
||||||
|
|
||||||
_debug 'First detect the root zone'
|
|
||||||
if ! _get_root "$fulldomain"; then
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
_debug _sub_domain "$_sub_domain"
|
|
||||||
_debug _domain "$_domain"
|
|
||||||
|
|
||||||
# For wildcard cert, the main root domain and the wildcard domain have the same txt subdomain name, so
|
|
||||||
# we can not use updating anymore.
|
|
||||||
# count=$(printf "%s\n" "$response" | _egrep_o "\"count\":[^,]*" | cut -d : -f 2)
|
|
||||||
# _debug count "$count"
|
|
||||||
# if [ "$count" = "0" ]; then
|
|
||||||
_info "Adding record"
|
|
||||||
if _porkbun_rest POST "dns/create/$_domain" "{\"name\":\"$_sub_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":120}"; then
|
|
||||||
if _contains "$response" '\"status\":"SUCCESS"'; then
|
|
||||||
_info "Added, OK"
|
|
||||||
return 0
|
|
||||||
elif _contains "$response" "The record already exists"; then
|
|
||||||
_info "Already exists, OK"
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
_err "Add txt record error. ($response)"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
_err "Add txt record error."
|
|
||||||
return 1
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
#fulldomain txtvalue
|
|
||||||
dns_porkbun_rm() {
|
|
||||||
fulldomain=$1
|
|
||||||
txtvalue=$2
|
|
||||||
|
|
||||||
PORKBUN_API_KEY="${PORKBUN_API_KEY:-$(_readaccountconf_mutable PORKBUN_API_KEY)}"
|
|
||||||
PORKBUN_SECRET_API_KEY="${PORKBUN_SECRET_API_KEY:-$(_readaccountconf_mutable PORKBUN_SECRET_API_KEY)}"
|
|
||||||
|
|
||||||
_debug 'First detect the root zone'
|
|
||||||
if ! _get_root "$fulldomain"; then
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
_debug _sub_domain "$_sub_domain"
|
|
||||||
_debug _domain "$_domain"
|
|
||||||
|
|
||||||
count=$(echo "$response" | _egrep_o "\"count\": *[^,]*" | cut -d : -f 2 | tr -d " ")
|
|
||||||
_debug count "$count"
|
|
||||||
if [ "$count" = "0" ]; then
|
|
||||||
_info "Don't need to remove."
|
|
||||||
else
|
|
||||||
record_id=$(echo "$response" | tr '{' '\n' | grep "$txtvalue" | cut -d, -f1 | cut -d: -f2 | tr -d \")
|
|
||||||
_debug "record_id" "$record_id"
|
|
||||||
if [ -z "$record_id" ]; then
|
|
||||||
_err "Can not get record id to remove."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
if ! _porkbun_rest POST "dns/delete/$_domain/$record_id"; then
|
|
||||||
_err "Delete record error."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
echo "$response" | tr -d " " | grep '\"status\":"SUCCESS"' >/dev/null
|
|
||||||
fi
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
#################### Private functions below ##################################
|
|
||||||
#_acme-challenge.www.domain.com
|
|
||||||
#returns
|
|
||||||
# _sub_domain=_acme-challenge.www
|
|
||||||
# _domain=domain.com
|
|
||||||
_get_root() {
|
|
||||||
domain=$1
|
|
||||||
i=1
|
|
||||||
while true; do
|
|
||||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
|
||||||
_debug h "$h"
|
|
||||||
if [ -z "$h" ]; then
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
if _porkbun_rest POST "dns/retrieve/$h"; then
|
|
||||||
if _contains "$response" "\"status\":\"SUCCESS\""; then
|
|
||||||
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")"
|
|
||||||
_domain=$h
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
_debug "Go to next level of $_domain"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
_debug "Go to next level of $_domain"
|
|
||||||
fi
|
|
||||||
i=$(_math "$i" + 1)
|
|
||||||
done
|
|
||||||
|
|
||||||
return 1
|
|
||||||
}
|
|
||||||
|
|
||||||
_porkbun_rest() {
|
|
||||||
m=$1
|
|
||||||
ep="$2"
|
|
||||||
data="$3"
|
|
||||||
_debug "$ep"
|
|
||||||
|
|
||||||
api_key_trimmed=$(echo "$PORKBUN_API_KEY" | tr -d '"')
|
|
||||||
secret_api_key_trimmed=$(echo "$PORKBUN_SECRET_API_KEY" | tr -d '"')
|
|
||||||
|
|
||||||
test -z "$data" && data="{" || data="$(echo $data | cut -d'}' -f1),"
|
|
||||||
data="$data\"apikey\":\"$api_key_trimmed\",\"secretapikey\":\"$secret_api_key_trimmed\"}"
|
|
||||||
|
|
||||||
export _H1="Content-Type: application/json"
|
|
||||||
|
|
||||||
if [ "$m" != "GET" ]; then
|
|
||||||
_debug data "$data"
|
|
||||||
response="$(_post "$data" "$PORKBUN_Api/$ep" "" "$m")"
|
|
||||||
else
|
|
||||||
response="$(_get "$PORKBUN_Api/$ep")"
|
|
||||||
fi
|
|
||||||
|
|
||||||
_sleep 3 # prevent rate limit
|
|
||||||
|
|
||||||
if [ "$?" != "0" ]; then
|
|
||||||
_err "error $ep"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
_debug2 response "$response"
|
|
||||||
return 0
|
|
||||||
}
|
|
@ -49,42 +49,16 @@ dns_servercow_add() {
|
|||||||
_debug _sub_domain "$_sub_domain"
|
_debug _sub_domain "$_sub_domain"
|
||||||
_debug _domain "$_domain"
|
_debug _domain "$_domain"
|
||||||
|
|
||||||
# check whether a txt record already exists for the subdomain
|
if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then
|
||||||
if printf -- "%s" "$response" | grep "{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\"" >/dev/null; then
|
if printf -- "%s" "$response" | grep "ok" >/dev/null; then
|
||||||
_info "A txt record with the same name already exists."
|
_info "Added, OK"
|
||||||
# trim the string on the left
|
return 0
|
||||||
txtvalue_old=${response#*{\"name\":\"$_sub_domain\",\"ttl\":20,\"type\":\"TXT\",\"content\":\"}
|
else
|
||||||
# trim the string on the right
|
_err "add txt record error."
|
||||||
txtvalue_old=${txtvalue_old%%\"*}
|
return 1
|
||||||
|
|
||||||
_debug txtvalue_old "$txtvalue_old"
|
|
||||||
|
|
||||||
_info "Add the new txtvalue to the existing txt record."
|
|
||||||
if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":[\"$txtvalue\",\"$txtvalue_old\"],\"ttl\":20}"; then
|
|
||||||
if printf -- "%s" "$response" | grep "ok" >/dev/null; then
|
|
||||||
_info "Added additional txtvalue, OK"
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
_err "add txt record error."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
_err "add txt record error."
|
|
||||||
return 1
|
|
||||||
else
|
|
||||||
_info "There is no txt record with the name yet."
|
|
||||||
if _servercow_api POST "$_domain" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":20}"; then
|
|
||||||
if printf -- "%s" "$response" | grep "ok" >/dev/null; then
|
|
||||||
_info "Added, OK"
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
_err "add txt record error."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
_err "add txt record error."
|
|
||||||
return 1
|
|
||||||
fi
|
fi
|
||||||
|
_err "add txt record error."
|
||||||
|
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
@ -6,10 +6,8 @@
|
|||||||
#SIMPLY_ApiKey="apikey"
|
#SIMPLY_ApiKey="apikey"
|
||||||
#
|
#
|
||||||
#SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]"
|
#SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]"
|
||||||
SIMPLY_Api_Default="https://api.simply.com/1"
|
|
||||||
|
|
||||||
#This is used for determining success of REST call
|
SIMPLY_Api_Default="https://api.simply.com/1"
|
||||||
SIMPLY_SUCCESS_CODE='"status": 200'
|
|
||||||
|
|
||||||
######## Public functions #####################
|
######## Public functions #####################
|
||||||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||||
@ -173,7 +171,7 @@ _get_root() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then
|
if _contains "$response" '"code":"NOT_FOUND"'; then
|
||||||
_debug "$h not found"
|
_debug "$h not found"
|
||||||
else
|
else
|
||||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||||
@ -198,12 +196,6 @@ _simply_add_record() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then
|
|
||||||
_err "Call to API not sucessfull, see below message for more details"
|
|
||||||
_err "$response"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -219,12 +211,6 @@ _simply_delete_record() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! _contains "$response" "$SIMPLY_SUCCESS_CODE"; then
|
|
||||||
_err "Call to API not sucessfull, see below message for more details"
|
|
||||||
_err "$response"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
400
notify/smtp.sh
400
notify/smtp.sh
@ -2,398 +2,14 @@
|
|||||||
|
|
||||||
# support smtp
|
# support smtp
|
||||||
|
|
||||||
# Please report bugs to https://github.com/acmesh-official/acme.sh/issues/3358
|
|
||||||
|
|
||||||
# This implementation uses either curl or Python (3 or 2.7).
|
|
||||||
# (See also the "mail" notify hook, which supports other ways to send mail.)
|
|
||||||
|
|
||||||
# SMTP_FROM="from@example.com" # required
|
|
||||||
# SMTP_TO="to@example.com" # required
|
|
||||||
# SMTP_HOST="smtp.example.com" # required
|
|
||||||
# SMTP_PORT="25" # defaults to 25, 465 or 587 depending on SMTP_SECURE
|
|
||||||
# SMTP_SECURE="tls" # one of "none", "ssl" (implicit TLS, TLS Wrapper), "tls" (explicit TLS, STARTTLS)
|
|
||||||
# SMTP_USERNAME="" # set if SMTP server requires login
|
|
||||||
# SMTP_PASSWORD="" # set if SMTP server requires login
|
|
||||||
# SMTP_TIMEOUT="30" # seconds for SMTP operations to timeout
|
|
||||||
# SMTP_BIN="/path/to/python_or_curl" # default finds first of python3, python2.7, python, pypy3, pypy, curl on PATH
|
|
||||||
|
|
||||||
SMTP_SECURE_DEFAULT="tls"
|
|
||||||
SMTP_TIMEOUT_DEFAULT="30"
|
|
||||||
|
|
||||||
# subject content statuscode
|
|
||||||
smtp_send() {
|
smtp_send() {
|
||||||
SMTP_SUBJECT="$1"
|
_subject="$1"
|
||||||
SMTP_CONTENT="$2"
|
_content="$2"
|
||||||
# UNUSED: _statusCode="$3" # 0: success, 1: error 2($RENEW_SKIP): skipped
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped
|
||||||
|
_debug "_subject" "$_subject"
|
||||||
|
_debug "_content" "$_content"
|
||||||
|
_debug "_statusCode" "$_statusCode"
|
||||||
|
|
||||||
# Load and validate config:
|
_err "Not implemented yet."
|
||||||
SMTP_BIN="$(_readaccountconf_mutable_default SMTP_BIN)"
|
return 1
|
||||||
if [ -n "$SMTP_BIN" ] && ! _exists "$SMTP_BIN"; then
|
|
||||||
_err "SMTP_BIN '$SMTP_BIN' does not exist."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
if [ -z "$SMTP_BIN" ]; then
|
|
||||||
# Look for a command that can communicate with an SMTP server.
|
|
||||||
# (Please don't add sendmail, ssmtp, mutt, mail, or msmtp here.
|
|
||||||
# Those are already handled by the "mail" notify hook.)
|
|
||||||
for cmd in python3 python2.7 python pypy3 pypy curl; do
|
|
||||||
if _exists "$cmd"; then
|
|
||||||
SMTP_BIN="$cmd"
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
if [ -z "$SMTP_BIN" ]; then
|
|
||||||
_err "The smtp notify-hook requires curl or Python, but can't find any."
|
|
||||||
_err 'If you have one of them, define SMTP_BIN="/path/to/curl_or_python".'
|
|
||||||
_err 'Otherwise, see if you can use the "mail" notify-hook instead.'
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
_debug SMTP_BIN "$SMTP_BIN"
|
|
||||||
_saveaccountconf_mutable_default SMTP_BIN "$SMTP_BIN"
|
|
||||||
|
|
||||||
SMTP_FROM="$(_readaccountconf_mutable_default SMTP_FROM)"
|
|
||||||
SMTP_FROM="$(_clean_email_header "$SMTP_FROM")"
|
|
||||||
if [ -z "$SMTP_FROM" ]; then
|
|
||||||
_err "You must define SMTP_FROM as the sender email address."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
if _email_has_display_name "$SMTP_FROM"; then
|
|
||||||
_err "SMTP_FROM must be only a simple email address (sender@example.com)."
|
|
||||||
_err "Change your SMTP_FROM='$SMTP_FROM' to remove the display name."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
_debug SMTP_FROM "$SMTP_FROM"
|
|
||||||
_saveaccountconf_mutable_default SMTP_FROM "$SMTP_FROM"
|
|
||||||
|
|
||||||
SMTP_TO="$(_readaccountconf_mutable_default SMTP_TO)"
|
|
||||||
SMTP_TO="$(_clean_email_header "$SMTP_TO")"
|
|
||||||
if [ -z "$SMTP_TO" ]; then
|
|
||||||
_err "You must define SMTP_TO as the recipient email address(es)."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
if _email_has_display_name "$SMTP_TO"; then
|
|
||||||
_err "SMTP_TO must be only simple email addresses (to@example.com,to2@example.com)."
|
|
||||||
_err "Change your SMTP_TO='$SMTP_TO' to remove the display name(s)."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
_debug SMTP_TO "$SMTP_TO"
|
|
||||||
_saveaccountconf_mutable_default SMTP_TO "$SMTP_TO"
|
|
||||||
|
|
||||||
SMTP_HOST="$(_readaccountconf_mutable_default SMTP_HOST)"
|
|
||||||
if [ -z "$SMTP_HOST" ]; then
|
|
||||||
_err "You must define SMTP_HOST as the SMTP server hostname."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
_debug SMTP_HOST "$SMTP_HOST"
|
|
||||||
_saveaccountconf_mutable_default SMTP_HOST "$SMTP_HOST"
|
|
||||||
|
|
||||||
SMTP_SECURE="$(_readaccountconf_mutable_default SMTP_SECURE "$SMTP_SECURE_DEFAULT")"
|
|
||||||
case "$SMTP_SECURE" in
|
|
||||||
"none") smtp_port_default="25" ;;
|
|
||||||
"ssl") smtp_port_default="465" ;;
|
|
||||||
"tls") smtp_port_default="587" ;;
|
|
||||||
*)
|
|
||||||
_err "Invalid SMTP_SECURE='$SMTP_SECURE'. It must be 'ssl', 'tls' or 'none'."
|
|
||||||
return 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
_debug SMTP_SECURE "$SMTP_SECURE"
|
|
||||||
_saveaccountconf_mutable_default SMTP_SECURE "$SMTP_SECURE" "$SMTP_SECURE_DEFAULT"
|
|
||||||
|
|
||||||
SMTP_PORT="$(_readaccountconf_mutable_default SMTP_PORT "$smtp_port_default")"
|
|
||||||
case "$SMTP_PORT" in
|
|
||||||
*[!0-9]*)
|
|
||||||
_err "Invalid SMTP_PORT='$SMTP_PORT'. It must be a port number."
|
|
||||||
return 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
_debug SMTP_PORT "$SMTP_PORT"
|
|
||||||
_saveaccountconf_mutable_default SMTP_PORT "$SMTP_PORT" "$smtp_port_default"
|
|
||||||
|
|
||||||
SMTP_USERNAME="$(_readaccountconf_mutable_default SMTP_USERNAME)"
|
|
||||||
_debug SMTP_USERNAME "$SMTP_USERNAME"
|
|
||||||
_saveaccountconf_mutable_default SMTP_USERNAME "$SMTP_USERNAME"
|
|
||||||
|
|
||||||
SMTP_PASSWORD="$(_readaccountconf_mutable_default SMTP_PASSWORD)"
|
|
||||||
_secure_debug SMTP_PASSWORD "$SMTP_PASSWORD"
|
|
||||||
_saveaccountconf_mutable_default SMTP_PASSWORD "$SMTP_PASSWORD"
|
|
||||||
|
|
||||||
SMTP_TIMEOUT="$(_readaccountconf_mutable_default SMTP_TIMEOUT "$SMTP_TIMEOUT_DEFAULT")"
|
|
||||||
_debug SMTP_TIMEOUT "$SMTP_TIMEOUT"
|
|
||||||
_saveaccountconf_mutable_default SMTP_TIMEOUT "$SMTP_TIMEOUT" "$SMTP_TIMEOUT_DEFAULT"
|
|
||||||
|
|
||||||
SMTP_X_MAILER="$(_clean_email_header "$PROJECT_NAME $VER --notify-hook smtp")"
|
|
||||||
|
|
||||||
# Run with --debug 2 (or above) to echo the transcript of the SMTP session.
|
|
||||||
# Careful: this may include SMTP_PASSWORD in plaintext!
|
|
||||||
if [ "${DEBUG:-$DEBUG_LEVEL_NONE}" -ge "$DEBUG_LEVEL_2" ]; then
|
|
||||||
SMTP_SHOW_TRANSCRIPT="True"
|
|
||||||
else
|
|
||||||
SMTP_SHOW_TRANSCRIPT=""
|
|
||||||
fi
|
|
||||||
|
|
||||||
SMTP_SUBJECT=$(_clean_email_header "$SMTP_SUBJECT")
|
|
||||||
_debug SMTP_SUBJECT "$SMTP_SUBJECT"
|
|
||||||
_debug SMTP_CONTENT "$SMTP_CONTENT"
|
|
||||||
|
|
||||||
# Send the message:
|
|
||||||
case "$(basename "$SMTP_BIN")" in
|
|
||||||
curl) _smtp_send=_smtp_send_curl ;;
|
|
||||||
py*) _smtp_send=_smtp_send_python ;;
|
|
||||||
*)
|
|
||||||
_err "Can't figure out how to invoke '$SMTP_BIN'."
|
|
||||||
_err "Check your SMTP_BIN setting."
|
|
||||||
return 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
if ! smtp_output="$($_smtp_send)"; then
|
|
||||||
_err "Error sending message with $SMTP_BIN."
|
|
||||||
if [ -n "$smtp_output" ]; then
|
|
||||||
_err "$smtp_output"
|
|
||||||
fi
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
# Strip CR and NL from text to prevent MIME header injection
|
|
||||||
# text
|
|
||||||
_clean_email_header() {
|
|
||||||
printf "%s" "$(echo "$1" | tr -d "\r\n")"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Simple check for display name in an email address (< > or ")
|
|
||||||
# email
|
|
||||||
_email_has_display_name() {
|
|
||||||
_email="$1"
|
|
||||||
expr "$_email" : '^.*[<>"]' >/dev/null
|
|
||||||
}
|
|
||||||
|
|
||||||
##
|
|
||||||
## curl smtp sending
|
|
||||||
##
|
|
||||||
|
|
||||||
# Send the message via curl using SMTP_* variables
|
|
||||||
_smtp_send_curl() {
|
|
||||||
# Build curl args in $@
|
|
||||||
case "$SMTP_SECURE" in
|
|
||||||
none)
|
|
||||||
set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}"
|
|
||||||
;;
|
|
||||||
ssl)
|
|
||||||
set -- --url "smtps://${SMTP_HOST}:${SMTP_PORT}"
|
|
||||||
;;
|
|
||||||
tls)
|
|
||||||
set -- --url "smtp://${SMTP_HOST}:${SMTP_PORT}" --ssl-reqd
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
# This will only occur if someone adds a new SMTP_SECURE option above
|
|
||||||
# without updating this code for it.
|
|
||||||
_err "Unhandled SMTP_SECURE='$SMTP_SECURE' in _smtp_send_curl"
|
|
||||||
_err "Please re-run with --debug and report a bug."
|
|
||||||
return 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
set -- "$@" \
|
|
||||||
--upload-file - \
|
|
||||||
--mail-from "$SMTP_FROM" \
|
|
||||||
--max-time "$SMTP_TIMEOUT"
|
|
||||||
|
|
||||||
# Burst comma-separated $SMTP_TO into individual --mail-rcpt args.
|
|
||||||
_to="${SMTP_TO},"
|
|
||||||
while [ -n "$_to" ]; do
|
|
||||||
_rcpt="${_to%%,*}"
|
|
||||||
_to="${_to#*,}"
|
|
||||||
set -- "$@" --mail-rcpt "$_rcpt"
|
|
||||||
done
|
|
||||||
|
|
||||||
_smtp_login="${SMTP_USERNAME}:${SMTP_PASSWORD}"
|
|
||||||
if [ "$_smtp_login" != ":" ]; then
|
|
||||||
set -- "$@" --user "$_smtp_login"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$SMTP_SHOW_TRANSCRIPT" = "True" ]; then
|
|
||||||
set -- "$@" --verbose
|
|
||||||
else
|
|
||||||
set -- "$@" --silent --show-error
|
|
||||||
fi
|
|
||||||
|
|
||||||
raw_message="$(_smtp_raw_message)"
|
|
||||||
|
|
||||||
_debug2 "curl command:" "$SMTP_BIN" "$*"
|
|
||||||
_debug2 "raw_message:\n$raw_message"
|
|
||||||
|
|
||||||
echo "$raw_message" | "$SMTP_BIN" "$@"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Output an RFC-822 / RFC-5322 email message using SMTP_* variables.
|
|
||||||
# (This assumes variables have already been cleaned for use in email headers.)
|
|
||||||
_smtp_raw_message() {
|
|
||||||
echo "From: $SMTP_FROM"
|
|
||||||
echo "To: $SMTP_TO"
|
|
||||||
echo "Subject: $(_mime_encoded_word "$SMTP_SUBJECT")"
|
|
||||||
echo "Date: $(_rfc2822_date)"
|
|
||||||
echo "Content-Type: text/plain; charset=utf-8"
|
|
||||||
echo "X-Mailer: $SMTP_X_MAILER"
|
|
||||||
echo
|
|
||||||
echo "$SMTP_CONTENT"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Convert text to RFC-2047 MIME "encoded word" format if it contains non-ASCII chars
|
|
||||||
# text
|
|
||||||
_mime_encoded_word() {
|
|
||||||
_text="$1"
|
|
||||||
# (regex character ranges like [a-z] can be locale-dependent; enumerate ASCII chars to avoid that)
|
|
||||||
_ascii='] $`"'"[!#%&'()*+,./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ~^_abcdefghijklmnopqrstuvwxyz{|}~-"
|
|
||||||
if expr "$_text" : "^.*[^$_ascii]" >/dev/null; then
|
|
||||||
# At least one non-ASCII char; convert entire thing to encoded word
|
|
||||||
printf "%s" "=?UTF-8?B?$(printf "%s" "$_text" | _base64)?="
|
|
||||||
else
|
|
||||||
# Just printable ASCII, no conversion needed
|
|
||||||
printf "%s" "$_text"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Output current date in RFC-2822 Section 3.3 format as required in email headers
|
|
||||||
# (e.g., "Mon, 15 Feb 2021 14:22:01 -0800")
|
|
||||||
_rfc2822_date() {
|
|
||||||
# Notes:
|
|
||||||
# - this is deliberately not UTC, because it "SHOULD express local time" per spec
|
|
||||||
# - the spec requires weekday and month in the C locale (English), not localized
|
|
||||||
# - this date format specifier has been tested on Linux, Mac, Solaris and FreeBSD
|
|
||||||
_old_lc_time="$LC_TIME"
|
|
||||||
LC_TIME=C
|
|
||||||
date +'%a, %-d %b %Y %H:%M:%S %z'
|
|
||||||
LC_TIME="$_old_lc_time"
|
|
||||||
}
|
|
||||||
|
|
||||||
##
|
|
||||||
## Python smtp sending
|
|
||||||
##
|
|
||||||
|
|
||||||
# Send the message via Python using SMTP_* variables
|
|
||||||
_smtp_send_python() {
|
|
||||||
_debug "Python version" "$("$SMTP_BIN" --version 2>&1)"
|
|
||||||
|
|
||||||
# language=Python
|
|
||||||
"$SMTP_BIN" <<PYTHON
|
|
||||||
# This code is meant to work with either Python 2.7.x or Python 3.4+.
|
|
||||||
try:
|
|
||||||
try:
|
|
||||||
from email.message import EmailMessage
|
|
||||||
from email.policy import default as email_policy_default
|
|
||||||
except ImportError:
|
|
||||||
# Python 2 (or < 3.3)
|
|
||||||
from email.mime.text import MIMEText as EmailMessage
|
|
||||||
email_policy_default = None
|
|
||||||
from email.utils import formatdate as rfc2822_date
|
|
||||||
from smtplib import SMTP, SMTP_SSL, SMTPException
|
|
||||||
from socket import error as SocketError
|
|
||||||
except ImportError as err:
|
|
||||||
print("A required Python standard package is missing. This system may have"
|
|
||||||
" a reduced version of Python unsuitable for sending mail: %s" % err)
|
|
||||||
exit(1)
|
|
||||||
|
|
||||||
show_transcript = """$SMTP_SHOW_TRANSCRIPT""" == "True"
|
|
||||||
|
|
||||||
smtp_host = """$SMTP_HOST"""
|
|
||||||
smtp_port = int("""$SMTP_PORT""")
|
|
||||||
smtp_secure = """$SMTP_SECURE"""
|
|
||||||
username = """$SMTP_USERNAME"""
|
|
||||||
password = """$SMTP_PASSWORD"""
|
|
||||||
timeout=int("""$SMTP_TIMEOUT""") # seconds
|
|
||||||
x_mailer="""$SMTP_X_MAILER"""
|
|
||||||
|
|
||||||
from_email="""$SMTP_FROM"""
|
|
||||||
to_emails="""$SMTP_TO""" # can be comma-separated
|
|
||||||
subject="""$SMTP_SUBJECT"""
|
|
||||||
content="""$SMTP_CONTENT"""
|
|
||||||
|
|
||||||
try:
|
|
||||||
msg = EmailMessage(policy=email_policy_default)
|
|
||||||
msg.set_content(content)
|
|
||||||
except (AttributeError, TypeError):
|
|
||||||
# Python 2 MIMEText
|
|
||||||
msg = EmailMessage(content)
|
|
||||||
msg["Subject"] = subject
|
|
||||||
msg["From"] = from_email
|
|
||||||
msg["To"] = to_emails
|
|
||||||
msg["Date"] = rfc2822_date(localtime=True)
|
|
||||||
msg["X-Mailer"] = x_mailer
|
|
||||||
|
|
||||||
smtp = None
|
|
||||||
try:
|
|
||||||
if smtp_secure == "ssl":
|
|
||||||
smtp = SMTP_SSL(smtp_host, smtp_port, timeout=timeout)
|
|
||||||
else:
|
|
||||||
smtp = SMTP(smtp_host, smtp_port, timeout=timeout)
|
|
||||||
smtp.set_debuglevel(show_transcript)
|
|
||||||
if smtp_secure == "tls":
|
|
||||||
smtp.starttls()
|
|
||||||
if username or password:
|
|
||||||
smtp.login(username, password)
|
|
||||||
smtp.sendmail(msg["From"], msg["To"].split(","), msg.as_string())
|
|
||||||
|
|
||||||
except SMTPException as err:
|
|
||||||
# Output just the error (skip the Python stack trace) for SMTP errors
|
|
||||||
print("Error sending: %r" % err)
|
|
||||||
exit(1)
|
|
||||||
|
|
||||||
except SocketError as err:
|
|
||||||
print("Error connecting to %s:%d: %r" % (smtp_host, smtp_port, err))
|
|
||||||
exit(1)
|
|
||||||
|
|
||||||
finally:
|
|
||||||
if smtp is not None:
|
|
||||||
smtp.quit()
|
|
||||||
PYTHON
|
|
||||||
}
|
|
||||||
|
|
||||||
##
|
|
||||||
## Conf helpers
|
|
||||||
##
|
|
||||||
|
|
||||||
#_readaccountconf_mutable_default name default_value
|
|
||||||
# Given a name like MY_CONF:
|
|
||||||
# - if MY_CONF is set and non-empty, output $MY_CONF
|
|
||||||
# - if MY_CONF is set _empty_, output $default_value
|
|
||||||
# (lets user `export MY_CONF=` to clear previous saved value
|
|
||||||
# and return to default, without user having to know default)
|
|
||||||
# - otherwise if _readaccountconf_mutable MY_CONF is non-empty, return that
|
|
||||||
# (value of SAVED_MY_CONF from account.conf)
|
|
||||||
# - otherwise output $default_value
|
|
||||||
_readaccountconf_mutable_default() {
|
|
||||||
_name="$1"
|
|
||||||
_default_value="$2"
|
|
||||||
|
|
||||||
eval "_value=\"\$$_name\""
|
|
||||||
eval "_name_is_set=\"\${${_name}+true}\""
|
|
||||||
# ($_name_is_set is "true" if $$_name is set to anything, including empty)
|
|
||||||
if [ -z "${_value}" ] && [ "${_name_is_set:-}" != "true" ]; then
|
|
||||||
_value="$(_readaccountconf_mutable "$_name")"
|
|
||||||
fi
|
|
||||||
if [ -z "${_value}" ]; then
|
|
||||||
_value="$_default_value"
|
|
||||||
fi
|
|
||||||
printf "%s" "$_value"
|
|
||||||
}
|
|
||||||
|
|
||||||
#_saveaccountconf_mutable_default name value default_value base64encode
|
|
||||||
# Like _saveaccountconf_mutable, but if value is default_value
|
|
||||||
# then _clearaccountconf_mutable instead
|
|
||||||
_saveaccountconf_mutable_default() {
|
|
||||||
_name="$1"
|
|
||||||
_value="$2"
|
|
||||||
_default_value="$3"
|
|
||||||
_base64encode="$4"
|
|
||||||
|
|
||||||
if [ "$_value" != "$_default_value" ]; then
|
|
||||||
_saveaccountconf_mutable "$_name" "$_value" "$_base64encode"
|
|
||||||
else
|
|
||||||
_clearaccountconf_mutable "$_name"
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user