mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 05:01:40 +00:00
commit
1476f83ba7
2
.github/workflows/DNS.yml
vendored
2
.github/workflows/DNS.yml
vendored
@ -37,7 +37,7 @@ jobs:
|
||||
- name: "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test"
|
||||
run: |
|
||||
echo "Read this: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Test"
|
||||
if [ "${{github.actor}}" != "Neilpang" ]; then
|
||||
if [ "${{github.repository_owner}}" != "acmesh-official" ]; then
|
||||
false
|
||||
fi
|
||||
|
||||
|
74
acme.sh
74
acme.sh
@ -1252,7 +1252,7 @@ _createcsr() {
|
||||
else
|
||||
domainlist="$(_idn "$domainlist")"
|
||||
_debug2 domainlist "$domainlist"
|
||||
alt="$(_getIdType "$domain" | _upper_case):$domain"
|
||||
alt="$(_getIdType "$domain" | _upper_case):$(_idn "$domain")"
|
||||
for dl in $(echo "$domainlist" | tr "," ' '); do
|
||||
alt="$alt,$(_getIdType "$dl" | _upper_case):$dl"
|
||||
done
|
||||
@ -1831,8 +1831,6 @@ _inithttp() {
|
||||
|
||||
}
|
||||
|
||||
_HTTP_MAX_RETRY=8
|
||||
|
||||
# body url [needbase64] [POST|PUT|DELETE] [ContentType]
|
||||
_post() {
|
||||
body="$1"
|
||||
@ -1840,33 +1838,6 @@ _post() {
|
||||
needbase64="$3"
|
||||
httpmethod="$4"
|
||||
_postContentType="$5"
|
||||
_sleep_retry_sec=1
|
||||
_http_retry_times=0
|
||||
_hcode=0
|
||||
while [ "${_http_retry_times}" -le "$_HTTP_MAX_RETRY" ]; do
|
||||
[ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ]
|
||||
_lastHCode="$?"
|
||||
_debug "Retrying post"
|
||||
_post_impl "$body" "$_post_url" "$needbase64" "$httpmethod" "$_postContentType" "$_lastHCode"
|
||||
_hcode="$?"
|
||||
_debug _hcode "$_hcode"
|
||||
if [ "$_hcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
_http_retry_times=$(_math $_http_retry_times + 1)
|
||||
_sleep $_sleep_retry_sec
|
||||
done
|
||||
return $_hcode
|
||||
}
|
||||
|
||||
# body url [needbase64] [POST|PUT|DELETE] [ContentType] [displayError]
|
||||
_post_impl() {
|
||||
body="$1"
|
||||
_post_url="$2"
|
||||
needbase64="$3"
|
||||
httpmethod="$4"
|
||||
_postContentType="$5"
|
||||
displayError="$6"
|
||||
|
||||
if [ -z "$httpmethod" ]; then
|
||||
httpmethod="POST"
|
||||
@ -1918,9 +1889,7 @@ _post_impl() {
|
||||
fi
|
||||
_ret="$?"
|
||||
if [ "$_ret" != "0" ]; then
|
||||
if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
|
||||
_err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret"
|
||||
fi
|
||||
_err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret"
|
||||
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
|
||||
_err "Here is the curl dump log:"
|
||||
_err "$(cat "$_CURL_DUMP")"
|
||||
@ -1976,9 +1945,7 @@ _post_impl() {
|
||||
_debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later."
|
||||
fi
|
||||
if [ "$_ret" != "0" ]; then
|
||||
if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
|
||||
_err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret"
|
||||
fi
|
||||
_err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret"
|
||||
fi
|
||||
_sed_i "s/^ *//g" "$HTTP_HEADER"
|
||||
else
|
||||
@ -1992,38 +1959,13 @@ _post_impl() {
|
||||
|
||||
# url getheader timeout
|
||||
_get() {
|
||||
url="$1"
|
||||
onlyheader="$2"
|
||||
t="$3"
|
||||
_sleep_retry_sec=1
|
||||
_http_retry_times=0
|
||||
_hcode=0
|
||||
while [ "${_http_retry_times}" -le "$_HTTP_MAX_RETRY" ]; do
|
||||
[ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ]
|
||||
_lastHCode="$?"
|
||||
_debug "Retrying GET"
|
||||
_get_impl "$url" "$onlyheader" "$t" "$_lastHCode"
|
||||
_hcode="$?"
|
||||
_debug _hcode "$_hcode"
|
||||
if [ "$_hcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
_http_retry_times=$(_math $_http_retry_times + 1)
|
||||
_sleep $_sleep_retry_sec
|
||||
done
|
||||
return $_hcode
|
||||
}
|
||||
|
||||
# url getheader timeout displayError
|
||||
_get_impl() {
|
||||
_debug GET
|
||||
url="$1"
|
||||
onlyheader="$2"
|
||||
t="$3"
|
||||
displayError="$4"
|
||||
_debug url "$url"
|
||||
_debug "timeout=$t"
|
||||
_debug "displayError" "$displayError"
|
||||
|
||||
_inithttp
|
||||
|
||||
if [ "$_ACME_CURL" ] && [ "${ACME_USE_WGET:-0}" = "0" ]; then
|
||||
@ -2042,9 +1984,7 @@ _get_impl() {
|
||||
fi
|
||||
ret=$?
|
||||
if [ "$ret" != "0" ]; then
|
||||
if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
|
||||
_err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret"
|
||||
fi
|
||||
_err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret"
|
||||
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
|
||||
_err "Here is the curl dump log:"
|
||||
_err "$(cat "$_CURL_DUMP")"
|
||||
@ -2070,9 +2010,7 @@ _get_impl() {
|
||||
_debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later."
|
||||
fi
|
||||
if [ "$ret" != "0" ]; then
|
||||
if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
|
||||
_err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret"
|
||||
fi
|
||||
_err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret"
|
||||
fi
|
||||
else
|
||||
ret=$?
|
||||
|
@ -36,43 +36,51 @@ fritzbox_deploy() {
|
||||
fi
|
||||
fi
|
||||
|
||||
_fritzbox_username="${DEPLOY_FRITZBOX_USERNAME}"
|
||||
_fritzbox_password="${DEPLOY_FRITZBOX_PASSWORD}"
|
||||
_fritzbox_url="${DEPLOY_FRITZBOX_URL}"
|
||||
# Clear traces of incorrectly stored values
|
||||
_clearaccountconf DEPLOY_FRITZBOX_USERNAME
|
||||
_clearaccountconf DEPLOY_FRITZBOX_PASSWORD
|
||||
_clearaccountconf DEPLOY_FRITZBOX_URL
|
||||
|
||||
_debug _fritzbox_url "$_fritzbox_url"
|
||||
_debug _fritzbox_username "$_fritzbox_username"
|
||||
_secure_debug _fritzbox_password "$_fritzbox_password"
|
||||
if [ -z "$_fritzbox_username" ]; then
|
||||
# Read config from saved values or env
|
||||
_getdeployconf DEPLOY_FRITZBOX_USERNAME
|
||||
_getdeployconf DEPLOY_FRITZBOX_PASSWORD
|
||||
_getdeployconf DEPLOY_FRITZBOX_URL
|
||||
|
||||
_debug DEPLOY_FRITZBOX_URL "$DEPLOY_FRITZBOX_URL"
|
||||
_debug DEPLOY_FRITZBOX_USERNAME "$DEPLOY_FRITZBOX_USERNAME"
|
||||
_secure_debug DEPLOY_FRITZBOX_PASSWORD "$DEPLOY_FRITZBOX_PASSWORD"
|
||||
|
||||
if [ -z "$DEPLOY_FRITZBOX_USERNAME" ]; then
|
||||
_err "FRITZ!Box username is not found, please define DEPLOY_FRITZBOX_USERNAME."
|
||||
return 1
|
||||
fi
|
||||
if [ -z "$_fritzbox_password" ]; then
|
||||
if [ -z "$DEPLOY_FRITZBOX_PASSWORD" ]; then
|
||||
_err "FRITZ!Box password is not found, please define DEPLOY_FRITZBOX_PASSWORD."
|
||||
return 1
|
||||
fi
|
||||
if [ -z "$_fritzbox_url" ]; then
|
||||
if [ -z "$DEPLOY_FRITZBOX_URL" ]; then
|
||||
_err "FRITZ!Box url is not found, please define DEPLOY_FRITZBOX_URL."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_saveaccountconf DEPLOY_FRITZBOX_USERNAME "${_fritzbox_username}"
|
||||
_saveaccountconf DEPLOY_FRITZBOX_PASSWORD "${_fritzbox_password}"
|
||||
_saveaccountconf DEPLOY_FRITZBOX_URL "${_fritzbox_url}"
|
||||
# Save current values
|
||||
_savedeployconf DEPLOY_FRITZBOX_USERNAME "$DEPLOY_FRITZBOX_USERNAME"
|
||||
_savedeployconf DEPLOY_FRITZBOX_PASSWORD "$DEPLOY_FRITZBOX_PASSWORD"
|
||||
_savedeployconf DEPLOY_FRITZBOX_URL "$DEPLOY_FRITZBOX_URL"
|
||||
|
||||
# Do not check for a valid SSL certificate, because initially the cert is not valid, so it could not install the LE generated certificate
|
||||
export HTTPS_INSECURE=1
|
||||
|
||||
_info "Log in to the FRITZ!Box"
|
||||
_fritzbox_challenge="$(_get "${_fritzbox_url}/login_sid.lua" | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//')"
|
||||
_fritzbox_challenge="$(_get "${DEPLOY_FRITZBOX_URL}/login_sid.lua" | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//')"
|
||||
if _exists iconv; then
|
||||
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | iconv -f ASCII -t UTF16LE | _digest md5 hex)"
|
||||
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${DEPLOY_FRITZBOX_PASSWORD}" | iconv -f ASCII -t UTF16LE | _digest md5 hex)"
|
||||
elif _exists uconv; then
|
||||
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | uconv -f ASCII -t UTF16LE | _digest md5 hex)"
|
||||
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${DEPLOY_FRITZBOX_PASSWORD}" | uconv -f ASCII -t UTF16LE | _digest md5 hex)"
|
||||
else
|
||||
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | _digest md5 hex)"
|
||||
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${DEPLOY_FRITZBOX_PASSWORD}" | perl -p -e 'use Encode qw/encode/; print encode("UTF-16LE","$_"); $_="";' | _digest md5 hex)"
|
||||
fi
|
||||
_fritzbox_sid="$(_get "${_fritzbox_url}/login_sid.lua?sid=0000000000000000&username=${_fritzbox_username}&response=${_fritzbox_challenge}-${_fritzbox_hash}" | sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//')"
|
||||
_fritzbox_sid="$(_get "${DEPLOY_FRITZBOX_URL}/login_sid.lua?sid=0000000000000000&username=${DEPLOY_FRITZBOX_USERNAME}&response=${_fritzbox_challenge}-${_fritzbox_hash}" | sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//')"
|
||||
|
||||
if [ -z "${_fritzbox_sid}" ] || [ "${_fritzbox_sid}" = "0000000000000000" ]; then
|
||||
_err "Logging in to the FRITZ!Box failed. Please check username, password and URL."
|
||||
@ -104,7 +112,7 @@ fritzbox_deploy() {
|
||||
_info "Upload certificate to the FRITZ!Box"
|
||||
|
||||
export _H1="Content-type: multipart/form-data boundary=${_post_boundary}"
|
||||
_post "$(cat "${_post_request}")" "${_fritzbox_url}/cgi-bin/firmwarecfg" | grep SSL
|
||||
_post "$(cat "${_post_request}")" "${DEPLOY_FRITZBOX_URL}/cgi-bin/firmwarecfg" | grep SSL
|
||||
|
||||
retval=$?
|
||||
if [ $retval = 0 ]; then
|
||||
|
@ -2,8 +2,7 @@
|
||||
|
||||
# Here is a script to deploy cert to Synology DSM
|
||||
#
|
||||
# it requires the jq and curl are in the $PATH and the following
|
||||
# environment variables must be set:
|
||||
# It requires following environment variables:
|
||||
#
|
||||
# SYNO_Username - Synology Username to login (must be an administrator)
|
||||
# SYNO_Password - Synology Password to login
|
||||
@ -16,6 +15,12 @@
|
||||
# SYNO_Hostname - defaults to localhost
|
||||
# SYNO_Port - defaults to 5000
|
||||
# SYNO_DID - device ID to skip OTP - defaults to empty
|
||||
# SYNO_TOTP_SECRET - TOTP secret to generate OTP - defaults to empty
|
||||
#
|
||||
# Dependencies:
|
||||
# -------------
|
||||
# - jq and curl
|
||||
# - oathtool (When using 2 Factor Authentication and SYNO_TOTP_SECRET is set)
|
||||
#
|
||||
#returns 0 means success, otherwise error.
|
||||
|
||||
@ -36,6 +41,7 @@ synology_dsm_deploy() {
|
||||
_getdeployconf SYNO_Password
|
||||
_getdeployconf SYNO_Create
|
||||
_getdeployconf SYNO_DID
|
||||
_getdeployconf SYNO_TOTP_SECRET
|
||||
if [ -z "${SYNO_Username:-}" ] || [ -z "${SYNO_Password:-}" ]; then
|
||||
_err "SYNO_Username & SYNO_Password must be set"
|
||||
return 1
|
||||
@ -86,13 +92,18 @@ synology_dsm_deploy() {
|
||||
encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)"
|
||||
encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)"
|
||||
|
||||
otp_code=""
|
||||
if [ -n "$SYNO_TOTP_SECRET" ]; then
|
||||
otp_code="$(oathtool --base32 --totp "${SYNO_TOTP_SECRET}" 2>/dev/null)"
|
||||
fi
|
||||
|
||||
if [ -n "$SYNO_DID" ]; then
|
||||
_H1="Cookie: did=$SYNO_DID"
|
||||
export _H1
|
||||
_debug3 H1 "${_H1}"
|
||||
fi
|
||||
|
||||
response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
|
||||
response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$otp_code" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
|
||||
token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
|
||||
_debug3 response "$response"
|
||||
_debug token "$token"
|
||||
@ -100,7 +111,7 @@ synology_dsm_deploy() {
|
||||
if [ -z "$token" ]; then
|
||||
_err "Unable to authenticate to $SYNO_Hostname:$SYNO_Port using $SYNO_Scheme."
|
||||
_err "Check your username and password."
|
||||
_err "If two-factor authentication is enabled for the user, you have to choose another user."
|
||||
_err "If two-factor authentication is enabled for the user, set SYNO_TOTP_SECRET."
|
||||
return 1
|
||||
fi
|
||||
sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')
|
||||
@ -113,6 +124,7 @@ synology_dsm_deploy() {
|
||||
_savedeployconf SYNO_Username "$SYNO_Username"
|
||||
_savedeployconf SYNO_Password "$SYNO_Password"
|
||||
_savedeployconf SYNO_DID "$SYNO_DID"
|
||||
_savedeployconf SYNO_TOTP_SECRET "$SYNO_TOTP_SECRET"
|
||||
|
||||
_info "Getting certificates in Synology DSM"
|
||||
response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
|
||||
|
@ -1,15 +1,15 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
#
|
||||
# API-integration for Simply.com (https://www.simply.com)
|
||||
|
||||
#SIMPLY_AccountName="accountname"
|
||||
#
|
||||
#SIMPLY_ApiKey="apikey"
|
||||
#
|
||||
#SIMPLY_Api="https://api.simply.com/1/[ACCOUNTNAME]/[APIKEY]"
|
||||
SIMPLY_Api_Default="https://api.simply.com/1"
|
||||
|
||||
#This is used for determining success of REST call
|
||||
SIMPLY_SUCCESS_CODE='"status": 200'
|
||||
SIMPLY_SUCCESS_CODE='"status":200'
|
||||
|
||||
######## Public functions #####################
|
||||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
@ -51,7 +51,7 @@ dns_simply_rm() {
|
||||
|
||||
_simply_save_config
|
||||
|
||||
_debug "First detect the root zone"
|
||||
_debug "Find the DNS zone"
|
||||
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "invalid domain"
|
||||
@ -77,8 +77,8 @@ dns_simply_rm() {
|
||||
for record in $records; do
|
||||
_debug record "$record"
|
||||
|
||||
record_data=$(echo "$record" | cut -d "," -f 3 | sed 's/"//g' | grep "data" | cut -d ":" -f 2)
|
||||
record_type=$(echo "$record" | cut -d "," -f 4 | sed 's/"//g' | grep "type" | cut -d ":" -f 2)
|
||||
record_data=$(echo "$record" | sed -n "s/.*\"data\":\"\([^\"]*\)\".*/\1/p")
|
||||
record_type=$(echo "$record" | sed -n "s/.*\"type\":\"\([^\"]*\)\".*/\1/p")
|
||||
|
||||
_debug2 record_data "$record_data"
|
||||
_debug2 record_type "$record_type"
|
||||
@ -151,7 +151,7 @@ _simply_save_config() {
|
||||
_simply_get_all_records() {
|
||||
domain=$1
|
||||
|
||||
if ! _simply_rest GET "my/products/$domain/dns/records"; then
|
||||
if ! _simply_rest GET "my/products/$domain/dns/records/"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
@ -169,7 +169,7 @@ _get_root() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _simply_rest GET "my/products/$h/dns"; then
|
||||
if ! _simply_rest GET "my/products/$h/dns/"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
@ -193,7 +193,7 @@ _simply_add_record() {
|
||||
|
||||
data="{\"name\": \"$sub_domain\", \"type\":\"TXT\", \"data\": \"$txtval\", \"priority\":0, \"ttl\": 3600}"
|
||||
|
||||
if ! _simply_rest POST "my/products/$domain/dns/records" "$data"; then
|
||||
if ! _simply_rest POST "my/products/$domain/dns/records/" "$data"; then
|
||||
_err "Adding record not successfull!"
|
||||
return 1
|
||||
fi
|
||||
@ -214,7 +214,7 @@ _simply_delete_record() {
|
||||
|
||||
_debug record_id "Delete record with id $record_id"
|
||||
|
||||
if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id"; then
|
||||
if ! _simply_rest DELETE "my/products/$domain/dns/records/$record_id/"; then
|
||||
_err "Deleting record not successfull!"
|
||||
return 1
|
||||
fi
|
||||
@ -250,6 +250,8 @@ _simply_rest() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
response="$(echo "$response" | _normalizeJson)"
|
||||
|
||||
_debug2 response "$response"
|
||||
|
||||
if _contains "$response" "Invalid account authorization"; then
|
||||
|
Loading…
Reference in New Issue
Block a user