mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 05:01:40 +00:00
Merge branch 'dev' into feature/dns-openprovider
This commit is contained in:
commit
19628c4732
@ -74,6 +74,7 @@ https://github.com/Neilpang/acmetest
|
||||
|
||||
- Letsencrypt.org CA(default)
|
||||
- [BuyPass.com CA](https://github.com/Neilpang/acme.sh/wiki/BuyPass.com-CA)
|
||||
- [Pebble strict Mode](https://github.com/letsencrypt/pebble)
|
||||
|
||||
# Supported modes
|
||||
|
||||
@ -357,8 +358,8 @@ You don't have to do anything manually!
|
||||
1. Rackspace Cloud DNS (https://www.rackspace.com)
|
||||
1. Online.net API (https://online.net/)
|
||||
1. MyDevil.net (https://www.mydevil.net/)
|
||||
1. Core-Networks.de (https://core-networks.de)
|
||||
1. OpenProvider API (https://www.openprovider.com/)
|
||||
|
||||
And:
|
||||
|
||||
**lexicon DNS API: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
|
||||
|
134
acme.sh
134
acme.sh
@ -66,6 +66,9 @@ END_CERT="-----END CERTIFICATE-----"
|
||||
CONTENT_TYPE_JSON="application/jose+json"
|
||||
RENEW_SKIP=2
|
||||
|
||||
B64CONF_START="__ACME_BASE64__START_"
|
||||
B64CONF_END="__ACME_BASE64__END_"
|
||||
|
||||
ECC_SEP="_"
|
||||
ECC_SUFFIX="${ECC_SEP}ecc"
|
||||
|
||||
@ -1827,23 +1830,29 @@ _send_signed_request() {
|
||||
nonceurl="$ACME_NEW_NONCE"
|
||||
if _post "" "$nonceurl" "" "HEAD" "$__request_conent_type"; then
|
||||
_headers="$(cat "$HTTP_HEADER")"
|
||||
_debug2 _headers "$_headers"
|
||||
_CACHED_NONCE="$(echo "$_headers" | grep -i "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
|
||||
fi
|
||||
fi
|
||||
if [ -z "$_headers" ]; then
|
||||
if [ -z "$_CACHED_NONCE" ]; then
|
||||
_debug2 "Get nonce with GET. ACME_DIRECTORY" "$ACME_DIRECTORY"
|
||||
nonceurl="$ACME_DIRECTORY"
|
||||
_headers="$(_get "$nonceurl" "onlyheader")"
|
||||
_debug2 _headers "$_headers"
|
||||
_CACHED_NONCE="$(echo "$_headers" | grep -i "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
|
||||
fi
|
||||
|
||||
if [ -z "$_CACHED_NONCE" ] && [ "$ACME_NEW_NONCE" ]; then
|
||||
_debug2 "Get nonce with GET. ACME_NEW_NONCE" "$ACME_NEW_NONCE"
|
||||
nonceurl="$ACME_NEW_NONCE"
|
||||
_headers="$(_get "$nonceurl" "onlyheader")"
|
||||
_debug2 _headers "$_headers"
|
||||
_CACHED_NONCE="$(echo "$_headers" | grep -i "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
|
||||
fi
|
||||
_debug2 _CACHED_NONCE "$_CACHED_NONCE"
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "Can not connect to $nonceurl to get nonce."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug2 _headers "$_headers"
|
||||
|
||||
_CACHED_NONCE="$(echo "$_headers" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
|
||||
_debug2 _CACHED_NONCE "$_CACHED_NONCE"
|
||||
else
|
||||
_debug2 "Use _CACHED_NONCE" "$_CACHED_NONCE"
|
||||
fi
|
||||
@ -1958,12 +1967,16 @@ _setopt() {
|
||||
_debug3 "$(grep -n "^$__opt$__sep" "$__conf")"
|
||||
}
|
||||
|
||||
#_save_conf file key value
|
||||
#_save_conf file key value base64encode
|
||||
#save to conf
|
||||
_save_conf() {
|
||||
_s_c_f="$1"
|
||||
_sdkey="$2"
|
||||
_sdvalue="$3"
|
||||
_b64encode="$4"
|
||||
if [ "$_b64encode" ]; then
|
||||
_sdvalue="${B64CONF_START}$(printf "%s" "${_sdvalue}" | _base64)${B64CONF_END}"
|
||||
fi
|
||||
if [ "$_s_c_f" ]; then
|
||||
_setopt "$_s_c_f" "$_sdkey" "=" "'$_sdvalue'"
|
||||
else
|
||||
@ -1988,19 +2001,20 @@ _read_conf() {
|
||||
_r_c_f="$1"
|
||||
_sdkey="$2"
|
||||
if [ -f "$_r_c_f" ]; then
|
||||
(
|
||||
eval "$(grep "^$_sdkey *=" "$_r_c_f")"
|
||||
eval "printf \"%s\" \"\$$_sdkey\""
|
||||
)
|
||||
_sdv="$(grep "^$_sdkey *=" "$_r_c_f" | cut -d = -f 2-1000 | tr -d "'")"
|
||||
if _startswith "$_sdv" "${B64CONF_START}" && _endswith "$_sdv" "${B64CONF_END}"; then
|
||||
_sdv="$(echo "$_sdv" | sed "s/${B64CONF_START}//" | sed "s/${B64CONF_END}//" | _dbase64)"
|
||||
fi
|
||||
printf "%s" "$_sdv"
|
||||
else
|
||||
_debug "config file is empty, can not read $_sdkey"
|
||||
fi
|
||||
}
|
||||
|
||||
#_savedomainconf key value
|
||||
#_savedomainconf key value base64encode
|
||||
#save to domain.conf
|
||||
_savedomainconf() {
|
||||
_save_conf "$DOMAIN_CONF" "$1" "$2"
|
||||
_save_conf "$DOMAIN_CONF" "$@"
|
||||
}
|
||||
|
||||
#_cleardomainconf key
|
||||
@ -2013,14 +2027,14 @@ _readdomainconf() {
|
||||
_read_conf "$DOMAIN_CONF" "$1"
|
||||
}
|
||||
|
||||
#_saveaccountconf key value
|
||||
#_saveaccountconf key value base64encode
|
||||
_saveaccountconf() {
|
||||
_save_conf "$ACCOUNT_CONF_PATH" "$1" "$2"
|
||||
_save_conf "$ACCOUNT_CONF_PATH" "$@"
|
||||
}
|
||||
|
||||
#key value
|
||||
#key value base64encode
|
||||
_saveaccountconf_mutable() {
|
||||
_save_conf "$ACCOUNT_CONF_PATH" "SAVED_$1" "$2"
|
||||
_save_conf "$ACCOUNT_CONF_PATH" "SAVED_$1" "$2" "$3"
|
||||
#remove later
|
||||
_clearaccountconf "$1"
|
||||
}
|
||||
@ -2060,6 +2074,7 @@ _clearcaconf() {
|
||||
_startserver() {
|
||||
content="$1"
|
||||
ncaddr="$2"
|
||||
_debug "content" "$content"
|
||||
_debug "ncaddr" "$ncaddr"
|
||||
|
||||
_debug "startserver: $$"
|
||||
@ -2086,8 +2101,14 @@ _startserver() {
|
||||
SOCAT_OPTIONS="$SOCAT_OPTIONS,bind=${ncaddr}"
|
||||
fi
|
||||
|
||||
_content_len="$(printf "%s" "$content" | wc -c)"
|
||||
_debug _content_len "$_content_len"
|
||||
_debug "_NC" "$_NC $SOCAT_OPTIONS"
|
||||
$_NC $SOCAT_OPTIONS SYSTEM:"sleep 1; echo HTTP/1.0 200 OK; echo ; echo $content; echo;" &
|
||||
$_NC $SOCAT_OPTIONS SYSTEM:"sleep 1; \
|
||||
echo 'HTTP/1.0 200 OK'; \
|
||||
echo 'Content-Length\: $_content_len'; \
|
||||
echo ''; \
|
||||
printf '$content';" &
|
||||
serverproc="$!"
|
||||
}
|
||||
|
||||
@ -3062,6 +3083,7 @@ _on_before_issue() {
|
||||
_info "Standalone mode."
|
||||
if [ -z "$Le_HTTPPort" ]; then
|
||||
Le_HTTPPort=80
|
||||
_cleardomainconf "Le_HTTPPort"
|
||||
else
|
||||
_savedomainconf "Le_HTTPPort" "$Le_HTTPPort"
|
||||
fi
|
||||
@ -3269,7 +3291,7 @@ _regAccount() {
|
||||
fi
|
||||
|
||||
_debug2 responseHeaders "$responseHeaders"
|
||||
_accUri="$(echo "$responseHeaders" | grep "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n")"
|
||||
_accUri="$(echo "$responseHeaders" | grep -i "^Location:" | _head_n 1 | cut -d ' ' -f 2 | tr -d "\r\n")"
|
||||
_debug "_accUri" "$_accUri"
|
||||
if [ -z "$_accUri" ]; then
|
||||
_err "Can not find account id url."
|
||||
@ -3435,7 +3457,7 @@ __trigger_validation() {
|
||||
_t_vtype="$3"
|
||||
_debug2 _t_vtype "$_t_vtype"
|
||||
if [ "$ACME_VERSION" = "2" ]; then
|
||||
_send_signed_request "$_t_url" "{\"keyAuthorization\": \"$_t_key_authz\"}"
|
||||
_send_signed_request "$_t_url" "{}"
|
||||
else
|
||||
_send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"type\": \"$_t_vtype\", \"keyAuthorization\": \"$_t_key_authz\"}"
|
||||
fi
|
||||
@ -3628,9 +3650,9 @@ issue() {
|
||||
_savedomainconf "Le_Alt" "$_alt_domains"
|
||||
_savedomainconf "Le_Webroot" "$_web_roots"
|
||||
|
||||
_savedomainconf "Le_PreHook" "$_pre_hook"
|
||||
_savedomainconf "Le_PostHook" "$_post_hook"
|
||||
_savedomainconf "Le_RenewHook" "$_renew_hook"
|
||||
_savedomainconf "Le_PreHook" "$_pre_hook" "base64"
|
||||
_savedomainconf "Le_PostHook" "$_post_hook" "base64"
|
||||
_savedomainconf "Le_RenewHook" "$_renew_hook" "base64"
|
||||
|
||||
if [ "$_local_addr" ]; then
|
||||
_savedomainconf "Le_LocalAddress" "$_local_addr"
|
||||
@ -4205,20 +4227,66 @@ $_authorizations_map"
|
||||
der="$(_getfile "${CSR_PATH}" "${BEGIN_CSR}" "${END_CSR}" | tr -d "\r\n" | _url_replace)"
|
||||
|
||||
if [ "$ACME_VERSION" = "2" ]; then
|
||||
_info "Lets finalize the order, Le_OrderFinalize: $Le_OrderFinalize"
|
||||
if ! _send_signed_request "${Le_OrderFinalize}" "{\"csr\": \"$der\"}"; then
|
||||
_err "Sign failed."
|
||||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
if [ "$code" != "200" ]; then
|
||||
_err "Sign failed, code is not 200."
|
||||
_err "Sign failed, finalize code is not 200."
|
||||
_err "$response"
|
||||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
Le_LinkCert="$(echo "$response" | tr -d '\r\n' | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)"
|
||||
Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n" | cut -d " " -f 2)"
|
||||
if [ -z "$Le_LinkOrder" ]; then
|
||||
_err "Sign error, can not get order link location header"
|
||||
_err "responseHeaders" "$responseHeaders"
|
||||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
_savedomainconf "Le_LinkOrder" "$Le_LinkOrder"
|
||||
|
||||
_tempSignedResponse="$response"
|
||||
_link_cert_retry=0
|
||||
_MAX_CERT_RETRY=5
|
||||
while [ "$_link_cert_retry" -lt "$_MAX_CERT_RETRY" ]; do
|
||||
if _contains "$response" "\"status\":\"valid\""; then
|
||||
_debug "Order status is valid."
|
||||
Le_LinkCert="$(echo "$response" | tr -d '\r\n' | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)"
|
||||
_debug Le_LinkCert "$Le_LinkCert"
|
||||
if [ -z "$Le_LinkCert" ]; then
|
||||
_err "Sign error, can not find Le_LinkCert"
|
||||
_err "$response"
|
||||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
break
|
||||
elif _contains "$response" "\"processing\""; then
|
||||
_info "Order status is processing, lets sleep and retry."
|
||||
_sleep 2
|
||||
else
|
||||
_err "Sign error, wrong status"
|
||||
_err "$response"
|
||||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
if ! _send_signed_request "$Le_LinkOrder"; then
|
||||
_err "Sign failed, can not post to Le_LinkOrder cert:$Le_LinkOrder."
|
||||
_err "$response"
|
||||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
_link_cert_retry="$(_math $_link_cert_retry + 1)"
|
||||
done
|
||||
|
||||
if [ -z "$Le_LinkCert" ]; then
|
||||
_err "Sign failed, can not get Le_LinkCert, retry time limit."
|
||||
_err "$response"
|
||||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
_info "Download cert, Le_LinkCert: $Le_LinkCert"
|
||||
if ! _send_signed_request "$Le_LinkCert"; then
|
||||
_err "Sign failed, can not download cert:$Le_LinkCert."
|
||||
_err "$response"
|
||||
@ -4237,7 +4305,7 @@ $_authorizations_map"
|
||||
_end_n="$(_math $_end_n + 1)"
|
||||
sed -n "${_end_n},9999p" "$CERT_FULLCHAIN_PATH" >"$CA_CERT_PATH"
|
||||
fi
|
||||
response="$_tempSignedResponse"
|
||||
|
||||
else
|
||||
if ! _send_signed_request "${ACME_NEW_ORDER}" "{\"resource\": \"$ACME_NEW_ORDER_RES\", \"csr\": \"$der\"}" "needbase64"; then
|
||||
_err "Sign failed. $response"
|
||||
@ -4395,7 +4463,7 @@ $_authorizations_map"
|
||||
_savedomainconf "Le_RealCertPath" "$_real_cert"
|
||||
_savedomainconf "Le_RealCACertPath" "$_real_ca"
|
||||
_savedomainconf "Le_RealKeyPath" "$_real_key"
|
||||
_savedomainconf "Le_ReloadCmd" "$_reload_cmd"
|
||||
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
|
||||
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
|
||||
if ! _installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"; then
|
||||
return 1
|
||||
@ -4462,6 +4530,10 @@ renew() {
|
||||
fi
|
||||
|
||||
IS_RENEW="1"
|
||||
Le_ReloadCmd="$(_readdomainconf Le_ReloadCmd)"
|
||||
Le_PreHook="$(_readdomainconf Le_PreHook)"
|
||||
Le_PostHook="$(_readdomainconf Le_PostHook)"
|
||||
Le_RenewHook="$(_readdomainconf Le_RenewHook)"
|
||||
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" "$Le_RealFullChainPath" "$Le_PreHook" "$Le_PostHook" "$Le_RenewHook" "$Le_LocalAddress" "$Le_ChallengeAlias"
|
||||
res="$?"
|
||||
if [ "$res" != "0" ]; then
|
||||
@ -4742,7 +4814,7 @@ installcert() {
|
||||
_savedomainconf "Le_RealCertPath" "$_real_cert"
|
||||
_savedomainconf "Le_RealCACertPath" "$_real_ca"
|
||||
_savedomainconf "Le_RealKeyPath" "$_real_key"
|
||||
_savedomainconf "Le_ReloadCmd" "$_reload_cmd"
|
||||
_savedomainconf "Le_ReloadCmd" "$_reload_cmd" "base64"
|
||||
_savedomainconf "Le_RealFullChainPath" "$_real_fullchain"
|
||||
|
||||
_installcert "$_main_domain" "$_real_cert" "$_real_key" "$_real_ca" "$_real_fullchain" "$_reload_cmd"
|
||||
@ -4826,7 +4898,7 @@ _installcert() {
|
||||
export CERT_KEY_PATH
|
||||
export CA_CERT_PATH
|
||||
export CERT_FULLCHAIN_PATH
|
||||
export Le_Domain
|
||||
export Le_Domain="$_main_domain"
|
||||
cd "$DOMAIN_PATH" && eval "$_reload_cmd"
|
||||
); then
|
||||
_info "$(__green "Reload success")"
|
||||
|
@ -349,10 +349,10 @@ $ export QINIU_SK="bar"
|
||||
$ acme.sh --deploy -d example.com --deploy-hook qiniu
|
||||
```
|
||||
|
||||
假如您部署的证书为泛域名证书,您还需要设置 `QINIU_CDN_DOMAIN` 变量,指定实际需要部署的域名:
|
||||
假如您部署的证书为泛域名证书,您还需要设置 `QINIU_CDN_DOMAIN` 变量,指定实际需要部署的域名(请注意泛域名前的点):
|
||||
|
||||
```sh
|
||||
$ export QINIU_CDN_DOMAIN="cdn.example.com"
|
||||
$ export QINIU_CDN_DOMAIN=".cdn.example.com"
|
||||
$ acme.sh --deploy -d example.com --deploy-hook qiniu
|
||||
```
|
||||
|
||||
@ -375,10 +375,10 @@ $ acme.sh --deploy -d example.com --deploy-hook qiniu
|
||||
|
||||
(Optional), If you are using wildcard certificate,
|
||||
you may need export `QINIU_CDN_DOMAIN` to specify which domain
|
||||
you want to update:
|
||||
you want to update (please note the leading dot):
|
||||
|
||||
```sh
|
||||
$ export QINIU_CDN_DOMAIN="cdn.example.com"
|
||||
$ export QINIU_CDN_DOMAIN=".cdn.example.com"
|
||||
$ acme.sh --deploy -d example.com --deploy-hook qiniu
|
||||
```
|
||||
|
||||
|
@ -87,6 +87,6 @@ qiniu_deploy() {
|
||||
}
|
||||
|
||||
_make_access_token() {
|
||||
_token="$(printf "%s\n" "$1" | _hmac "sha1" "$(printf "%s" "$QINIU_SK" | _hex_dump | tr -d " ")" | _base64)"
|
||||
_token="$(printf "%s\n" "$1" | _hmac "sha1" "$(printf "%s" "$QINIU_SK" | _hex_dump | tr -d " ")" | _base64 | tr -- '+/' '-_')"
|
||||
echo "$QINIU_AK:$_token"
|
||||
}
|
||||
|
@ -1279,7 +1279,24 @@ acme.sh --issue --dns dns_mydevil -d example.com -d *.example.com
|
||||
|
||||
After certificate is ready, you can install it with [deploy command](../deploy/README.md#14-deploy-your-cert-on-mydevilnet).
|
||||
|
||||
## 67. Use OpenProvider API
|
||||
## 67. Use Core-Networks API to automatically issue cert
|
||||
|
||||
First you need to login to your Core-Networks account to to set up an API-User.
|
||||
Then export username and password to use these credentials.
|
||||
|
||||
```
|
||||
export CN_User="user"
|
||||
export CN_Password="passowrd"
|
||||
```
|
||||
|
||||
Ok, let's issue a cert now:
|
||||
```
|
||||
acme.sh --issue --dns dns_cn -d example.com -d www.example.com
|
||||
```
|
||||
|
||||
The `CN_User` and `CN_Password` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||
|
||||
## 68. Use OpenProvider API
|
||||
|
||||
First, you need to enable API access and retrieve your password hash on https://rcp.openprovider.eu/account/dashboard.php
|
||||
|
||||
@ -1317,3 +1334,5 @@ See: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
|
||||
# Use lexicon DNS API
|
||||
|
||||
https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api
|
||||
|
||||
|
||||
|
157
dnsapi/dns_cn.sh
Normal file
157
dnsapi/dns_cn.sh
Normal file
@ -0,0 +1,157 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
# DNS API for acme.sh for Core-Networks (https://beta.api.core-networks.de/doc/).
|
||||
# created by 5ll and francis
|
||||
|
||||
CN_API="https://beta.api.core-networks.de"
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
dns_cn_add() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
if ! _cn_login; then
|
||||
_err "login failed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug "First detect the root zone"
|
||||
if ! _cn_get_root "$fulldomain"; then
|
||||
_err "invalid domain"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug "_sub_domain $_sub_domain"
|
||||
_debug "_domain $_domain"
|
||||
|
||||
_info "Adding record"
|
||||
curData="{\"name\":\"$_sub_domain\",\"ttl\":120,\"type\":\"TXT\",\"data\":\"$txtvalue\"}"
|
||||
curResult="$(_post "${curData}" "${CN_API}/dnszones/${_domain}/records/")"
|
||||
|
||||
_debug "curData $curData"
|
||||
_debug "curResult $curResult"
|
||||
|
||||
if _contains "$curResult" ""; then
|
||||
_info "Added, OK"
|
||||
|
||||
if ! _cn_commit; then
|
||||
_err "commiting changes failed"
|
||||
return 1
|
||||
fi
|
||||
return 0
|
||||
|
||||
else
|
||||
_err "Add txt record error."
|
||||
_debug "curData is $curData"
|
||||
_debug "curResult is $curResult"
|
||||
_err "error adding text record, response was $curResult"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
dns_cn_rm() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
if ! _cn_login; then
|
||||
_err "login failed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug "First detect the root zone"
|
||||
if ! _cn_get_root "$fulldomain"; then
|
||||
_err "invalid domain"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_info "Deleting record"
|
||||
curData="{\"name\":\"$_sub_domain\",\"data\":\"$txtvalue\"}"
|
||||
curResult="$(_post "${curData}" "${CN_API}/dnszones/${_domain}/records/delete")"
|
||||
_debug curData is "$curData"
|
||||
|
||||
_info "commiting changes"
|
||||
if ! _cn_commit; then
|
||||
_err "commiting changes failed"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_info "Deletet txt record"
|
||||
return 0
|
||||
}
|
||||
|
||||
################### Private functions below ##################################
|
||||
_cn_login() {
|
||||
CN_User="${CN_User:-$(_readaccountconf_mutable CN_User)}"
|
||||
CN_Password="${CN_Password:-$(_readaccountconf_mutable CN_Password)}"
|
||||
if [ -z "$CN_User" ] || [ -z "$CN_Password" ]; then
|
||||
CN_User=""
|
||||
CN_Password=""
|
||||
_err "You must export variables: CN_User and CN_Password"
|
||||
return 1
|
||||
fi
|
||||
|
||||
#save the config variables to the account conf file.
|
||||
_saveaccountconf_mutable CN_User "$CN_User"
|
||||
_saveaccountconf_mutable CN_Password "$CN_Password"
|
||||
|
||||
_info "Getting an AUTH-Token"
|
||||
curData="{\"login\":\"${CN_User}\",\"password\":\"${CN_Password}\"}"
|
||||
curResult="$(_post "${curData}" "${CN_API}/auth/token")"
|
||||
_debug "Calling _CN_login: '${curData}' '${CN_API}/auth/token'"
|
||||
|
||||
if _contains "${curResult}" '"token":"'; then
|
||||
authToken=$(echo "${curResult}" | cut -d ":" -f2 | cut -d "," -f1 | sed 's/^.\(.*\).$/\1/')
|
||||
export _H1="Authorization: Bearer $authToken"
|
||||
_info "Successfully acquired AUTH-Token"
|
||||
_debug "AUTH-Token: '${authToken}'"
|
||||
_debug "_H1 '${_H1}'"
|
||||
else
|
||||
_err "Couldn't acquire an AUTH-Token"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Commit changes
|
||||
_cn_commit() {
|
||||
_info "Commiting changes"
|
||||
_post "" "${CN_API}/dnszones/$h/records/commit"
|
||||
}
|
||||
|
||||
_cn_get_root() {
|
||||
domain=$1
|
||||
i=2
|
||||
p=1
|
||||
while true; do
|
||||
|
||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||
_debug h "$h"
|
||||
_debug _H1 "${_H1}"
|
||||
|
||||
if [ -z "$h" ]; then
|
||||
#not valid
|
||||
return 1
|
||||
fi
|
||||
|
||||
_cn_zonelist="$(_get ${CN_API}/dnszones/)"
|
||||
_debug _cn_zonelist "${_cn_zonelist}"
|
||||
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "something went wrong while getting the zone list"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if _contains "$_cn_zonelist" "\"name\":\"$h\"" >/dev/null; then
|
||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||
_domain=$h
|
||||
return 0
|
||||
else
|
||||
_debug "Zonelist does not contain domain - iterating "
|
||||
fi
|
||||
p=$i
|
||||
i=$(_math "$i" + 1)
|
||||
|
||||
done
|
||||
_err "Zonelist does not contain domain - exiting"
|
||||
return 1
|
||||
}
|
@ -76,6 +76,22 @@ dns_namecheap_rm() {
|
||||
# _sub_domain=_acme-challenge.www
|
||||
# _domain=domain.com
|
||||
_get_root() {
|
||||
fulldomain=$1
|
||||
|
||||
if ! _get_root_by_getList "$fulldomain"; then
|
||||
_debug "Failed domain lookup via domains.getList api call. Trying domain lookup via domains.dns.getHosts api."
|
||||
# The above "getList" api will only return hosts *owned* by the calling user. However, if the calling
|
||||
# user is not the owner, but still has administrative rights, we must query the getHosts api directly.
|
||||
# See this comment and the official namecheap response: http://disq.us/p/1q6v9x9
|
||||
if ! _get_root_by_getHosts "$fulldomain"; then
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
_get_root_by_getList() {
|
||||
domain=$1
|
||||
|
||||
if ! _namecheap_post "namecheap.domains.getList"; then
|
||||
@ -94,6 +110,10 @@ _get_root() {
|
||||
#not valid
|
||||
return 1
|
||||
fi
|
||||
if ! _contains "$h" "\\."; then
|
||||
#not valid
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _contains "$response" "$h"; then
|
||||
_debug "$h not found"
|
||||
@ -108,6 +128,31 @@ _get_root() {
|
||||
return 1
|
||||
}
|
||||
|
||||
_get_root_by_getHosts() {
|
||||
i=100
|
||||
p=99
|
||||
|
||||
while [ $p -ne 0 ]; do
|
||||
|
||||
h=$(printf "%s" "$1" | cut -d . -f $i-100)
|
||||
if [ -n "$h" ]; then
|
||||
if _contains "$h" "\\."; then
|
||||
_debug h "$h"
|
||||
if _namecheap_set_tld_sld "$h"; then
|
||||
_sub_domain=$(printf "%s" "$1" | cut -d . -f 1-$p)
|
||||
_domain="$h"
|
||||
return 0
|
||||
else
|
||||
_debug "$h not found"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
i="$p"
|
||||
p=$(_math "$p" - 1)
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
_namecheap_set_publicip() {
|
||||
|
||||
if [ -z "$NAMECHEAP_SOURCEIP" ]; then
|
||||
|
Loading…
Reference in New Issue
Block a user