plantroon/acme.sh
1
0
Fork 0
mirror of https://github.com/plantroon/acme.sh.git synced 2024-11-09 16:01:46 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2063 from Neilpang/dev

Browse Source 
sync
This commit is contained in:
neil 2019-01-27 13:42:50 +08:00 committed by GitHub
commit 9dac02ba5d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 91 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -350,6 +350,7 @@ You don't have to do anything manually!
1. Exoscale.com API (https://www.exoscale.com/) 1. Exoscale.com API (https://www.exoscale.com/)
1. PointDNS API (https://pointhq.com/) 1. PointDNS API (https://pointhq.com/)
1. Active24.cz API (https://www.active24.cz/) 1. Active24.cz API (https://www.active24.cz/)
1. do.de API (https://www.do.de/)
And: And:

46
acme.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
VER=2.8.0 VER=2.8.1
PROJECT_NAME="acme.sh" PROJECT_NAME="acme.sh"
@ -35,7 +35,6 @@ _OLD_STAGE_CA_HOST="https://acme-staging.api.letsencrypt.org"
VTYPE_HTTP="http-01" VTYPE_HTTP="http-01"
VTYPE_DNS="dns-01" VTYPE_DNS="dns-01"
VTYPE_TLS="tls-sni-01"
VTYPE_ALPN="tls-alpn-01" VTYPE_ALPN="tls-alpn-01"
LOCAL_ANY_ADDRESS="0.0.0.0" LOCAL_ANY_ADDRESS="0.0.0.0"
@ -46,7 +45,6 @@ DEFAULT_DNS_SLEEP=120
NO_VALUE="no" NO_VALUE="no"
W_TLS="tls"
W_DNS="dns" W_DNS="dns"
W_ALPN="alpn" W_ALPN="alpn"
DNS_ALIAS_PREFIX="=" DNS_ALIAS_PREFIX="="
@ -3080,8 +3078,8 @@ _on_before_issue() {
_savedomainconf "Le_HTTPPort" "$Le_HTTPPort" _savedomainconf "Le_HTTPPort" "$Le_HTTPPort"
fi fi
_checkport="$Le_HTTPPort" _checkport="$Le_HTTPPort"
elif [ "$_currentRoot" = "$W_TLS" ] || [ "$_currentRoot" = "$W_ALPN" ]; then elif [ "$_currentRoot" = "$W_ALPN" ]; then
_info "Standalone tls/alpn mode." _info "Standalone alpn mode."
if [ -z "$Le_TLSPort" ]; then if [ -z "$Le_TLSPort" ]; then
Le_TLSPort=443 Le_TLSPort=443
else else
@ -3701,10 +3699,6 @@ $_authorizations_map"
vtype="$VTYPE_DNS" vtype="$VTYPE_DNS"
fi fi
if [ "$_currentRoot" = "$W_TLS" ]; then
vtype="$VTYPE_TLS"
fi
if [ "$_currentRoot" = "$W_ALPN" ]; then if [ "$_currentRoot" = "$W_ALPN" ]; then
vtype="$VTYPE_ALPN" vtype="$VTYPE_ALPN"
fi fi
@ -3988,40 +3982,6 @@ $_authorizations_map"
fi fi
fi fi
elif [ "$vtype" = "$VTYPE_TLS" ]; then
#create A
#_hash_A="$(printf "%s" $token | _digest "sha256" "hex" )"
#_debug2 _hash_A "$_hash_A"
#_x="$(echo $_hash_A | cut -c 1-32)"
#_debug2 _x "$_x"
#_y="$(echo $_hash_A | cut -c 33-64)"
#_debug2 _y "$_y"
#_SAN_A="$_x.$_y.token.acme.invalid"
#_debug2 _SAN_A "$_SAN_A"
#create B
_hash_B="$(printf "%s" "$keyauthorization" | _digest "sha256" "hex")"
_debug2 _hash_B "$_hash_B"
_x="$(echo "$_hash_B" | cut -c 1-32)"
_debug2 _x "$_x"
_y="$(echo "$_hash_B" | cut -c 33-64)"
_debug2 _y "$_y"
#_SAN_B="$_x.$_y.ka.acme.invalid"
_SAN_B="$_x.$_y.acme.invalid"
_debug2 _SAN_B "$_SAN_B"
_ncaddr="$(_getfield "$_local_addr" "$_ncIndex")"
_ncIndex="$(_math "$_ncIndex" + 1)"
if ! _starttlsserver "$_SAN_B" "$_SAN_A" "$Le_TLSPort" "$keyauthorization" "$_ncaddr"; then
_err "Start tls server error."
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup
_on_issue_err "$_post_hook" "$vlist"
return 1
fi
elif [ "$vtype" = "$VTYPE_ALPN" ]; then elif [ "$vtype" = "$VTYPE_ALPN" ]; then
acmevalidationv1="$(printf "%s" "$keyauthorization" | _digest "sha256" "hex")" acmevalidationv1="$(printf "%s" "$keyauthorization" | _digest "sha256" "hex")"
_debug acmevalidationv1 "$acmevalidationv1" _debug acmevalidationv1 "$acmevalidationv1"

15
dnsapi/README.md
View File

@ -1156,6 +1156,21 @@ acme.sh --issue --dns dns_active24 -d example.com -d www.example.com --dnssleep
The `ACTIVE24_Token` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. The `ACTIVE24_Token` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
## 60. Use do.de API
Create an API token in your do.de account.
Set your API token:
```
export DO_LETOKEN='FmD408PdqT1E269gUK57'
```
To issue a certificate run:
```
acme.sh --issue --dns dns_doapi -d example.com -d *.example.com
```
The API token will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
# Use custom API # Use custom API

59
dnsapi/dns_doapi.sh Executable file
View File

@ -0,0 +1,59 @@
#!/usr/bin/env sh
# Official Let's Encrypt API for do.de / Domain-Offensive
#
# This is different from the dns_do adapter, because dns_do is only usable for enterprise customers
# This API is also available to private customers/individuals
#
# Provide the required LetsEncrypt token like this:
# DO_LETOKEN="FmD408PdqT1E269gUK57"
DO_API="https://www.do.de/api/letsencrypt"
######## Public functions #####################
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_doapi_add() {
fulldomain=$1
txtvalue=$2
DO_LETOKEN="${DO_LETOKEN:-$(_readaccountconf_mutable DO_LETOKEN)}"
if [ -z "$DO_LETOKEN" ]; then
DO_LETOKEN=""
_err "You didn't configure a do.de API token yet."
_err "Please set DO_LETOKEN and try again."
return 1
fi
_saveaccountconf_mutable DO_LETOKEN "$DO_LETOKEN"
_info "Adding TXT record to ${fulldomain}"
response="$(_get "$DO_API?token=$DO_LETOKEN&domain=${fulldomain}&value=${txtvalue}")"
if _contains "${response}" 'success'; then
return 0
fi
_err "Could not create resource record, check logs"
_err "${response}"
return 1
}
dns_doapi_rm() {
fulldomain=$1
DO_LETOKEN="${DO_LETOKEN:-$(_readaccountconf_mutable DO_LETOKEN)}"
if [ -z "$DO_LETOKEN" ]; then
DO_LETOKEN=""
_err "You didn't configure a do.de API token yet."
_err "Please set DO_LETOKEN and try again."
return 1
fi
_saveaccountconf_mutable DO_LETOKEN "$DO_LETOKEN"
_info "Deleting resource record $fulldomain"
response="$(_get "$DO_API?token=$DO_LETOKEN&domain=${fulldomain}&action=delete")"
if _contains "${response}" 'success'; then
return 0
fi
_err "Could not delete resource record, check logs"
_err "${response}"
return 1
}

20
dnsapi/dns_namecheap.sh
View File

@ -3,16 +3,15 @@
# Namecheap API # Namecheap API
# https://www.namecheap.com/support/api/intro.aspx # https://www.namecheap.com/support/api/intro.aspx
# #
# Requires Namecheap API key set in NAMECHEAP_API_KEY, NAMECHEAP_SOURCEIP and NAMECHEAP_USERNAME set as environment variable # Requires Namecheap API key set in
#NAMECHEAP_API_KEY,
#NAMECHEAP_USERNAME,
#NAMECHEAP_SOURCEIP
# Due to Namecheap's API limitation all the records of your domain will be read and re applied, make sure to have a backup of your records you could apply if any issue would arise. # Due to Namecheap's API limitation all the records of your domain will be read and re applied, make sure to have a backup of your records you could apply if any issue would arise.
######## Public functions ##################### ######## Public functions #####################
if [ "$STAGE" -eq 1 ]; then NAMECHEAP_API="https://api.namecheap.com/xml.response"
NAMECHEAP_API="https://api.sandbox.namecheap.com/xml.response"
else
NAMECHEAP_API="https://api.namecheap.com/xml.response"
fi
#Usage: dns_namecheap_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" #Usage: dns_namecheap_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_namecheap_add() { dns_namecheap_add() {
@ -144,7 +143,7 @@ _namecheap_set_publicip() {
_namecheap_post() { _namecheap_post() {
command=$1 command=$1
data="ApiUser=${NAMECHEAP_USERNAME}&ApiKey=${NAMECHEAP_API_KEY}&ClientIp=${_publicip}&UserName=${NAMECHEAP_USERNAME}&Command=${command}" data="ApiUser=${NAMECHEAP_USERNAME}&ApiKey=${NAMECHEAP_API_KEY}&ClientIp=${_publicip}&UserName=${NAMECHEAP_USERNAME}&Command=${command}"
_debug2 "_namecheap_post data" "$data"
response="$(_post "$data" "$NAMECHEAP_API" "" "POST")" response="$(_post "$data" "$NAMECHEAP_API" "" "POST")"
_debug2 response "$response" _debug2 response "$response"
@ -224,6 +223,12 @@ _set_namecheap_TXT() {
while read -r host; do while read -r host; do
if _contains "$host" "<host"; then if _contains "$host" "<host"; then
_namecheap_parse_host "$host" _namecheap_parse_host "$host"
_debug2 _hostname "_hostname"
_debug2 _hosttype "_hosttype"
_debug2 _hostaddress "_hostaddress"
_debug2 _hostmxpref "_hostmxpref"
_hostaddress="$(printf "%s" "$_hostaddress" | _url_encode)"
_debug2 "encoded _hostaddress" "_hostaddress"
_namecheap_add_host "$_hostname" "$_hosttype" "$_hostaddress" "$_hostmxpref" "$_hostttl" _namecheap_add_host "$_hostname" "$_hosttype" "$_hostaddress" "$_hostmxpref" "$_hostttl"
fi fi
done <<EOT done <<EOT
@ -278,6 +283,7 @@ _del_namecheap_TXT() {
_debug "TXT entry found" _debug "TXT entry found"
found=1 found=1
else else
_hostaddress="$(printf "%s" "$_hostaddress" | _url_encode)"
_namecheap_add_host "$_hostname" "$_hosttype" "$_hostaddress" "$_hostmxpref" "$_hostttl" _namecheap_add_host "$_hostname" "$_hosttype" "$_hostaddress" "$_hostmxpref" "$_hostttl"
fi fi
fi fi