mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 21:21:42 +00:00
commit
5b1e849bde
@ -54,11 +54,6 @@ haproxy_deploy() {
|
|||||||
DEPLOY_HAPROXY_ISSUER_DEFAULT="no"
|
DEPLOY_HAPROXY_ISSUER_DEFAULT="no"
|
||||||
DEPLOY_HAPROXY_RELOAD_DEFAULT="true"
|
DEPLOY_HAPROXY_RELOAD_DEFAULT="true"
|
||||||
|
|
||||||
if [ -f "${DOMAIN_CONF}" ]; then
|
|
||||||
# shellcheck disable=SC1090
|
|
||||||
. "${DOMAIN_CONF}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
_debug _cdomain "${_cdomain}"
|
_debug _cdomain "${_cdomain}"
|
||||||
_debug _ckey "${_ckey}"
|
_debug _ckey "${_ckey}"
|
||||||
_debug _ccert "${_ccert}"
|
_debug _ccert "${_ccert}"
|
||||||
@ -66,6 +61,8 @@ haproxy_deploy() {
|
|||||||
_debug _cfullchain "${_cfullchain}"
|
_debug _cfullchain "${_cfullchain}"
|
||||||
|
|
||||||
# PEM_PATH is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_PATH_DEFAULT}"
|
# PEM_PATH is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_PATH_DEFAULT}"
|
||||||
|
_getdeployconf DEPLOY_HAPROXY_PEM_PATH
|
||||||
|
_debug2 DEPLOY_HAPROXY_PEM_PATH "${DEPLOY_HAPROXY_PEM_PATH}"
|
||||||
if [ -n "${DEPLOY_HAPROXY_PEM_PATH}" ]; then
|
if [ -n "${DEPLOY_HAPROXY_PEM_PATH}" ]; then
|
||||||
Le_Deploy_haproxy_pem_path="${DEPLOY_HAPROXY_PEM_PATH}"
|
Le_Deploy_haproxy_pem_path="${DEPLOY_HAPROXY_PEM_PATH}"
|
||||||
_savedomainconf Le_Deploy_haproxy_pem_path "${Le_Deploy_haproxy_pem_path}"
|
_savedomainconf Le_Deploy_haproxy_pem_path "${Le_Deploy_haproxy_pem_path}"
|
||||||
@ -82,6 +79,8 @@ haproxy_deploy() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# PEM_NAME is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_NAME_DEFAULT}"
|
# PEM_NAME is optional. If not provided then assume "${DEPLOY_HAPROXY_PEM_NAME_DEFAULT}"
|
||||||
|
_getdeployconf DEPLOY_HAPROXY_PEM_NAME
|
||||||
|
_debug2 DEPLOY_HAPROXY_PEM_NAME "${DEPLOY_HAPROXY_PEM_NAME}"
|
||||||
if [ -n "${DEPLOY_HAPROXY_PEM_NAME}" ]; then
|
if [ -n "${DEPLOY_HAPROXY_PEM_NAME}" ]; then
|
||||||
Le_Deploy_haproxy_pem_name="${DEPLOY_HAPROXY_PEM_NAME}"
|
Le_Deploy_haproxy_pem_name="${DEPLOY_HAPROXY_PEM_NAME}"
|
||||||
_savedomainconf Le_Deploy_haproxy_pem_name "${Le_Deploy_haproxy_pem_name}"
|
_savedomainconf Le_Deploy_haproxy_pem_name "${Le_Deploy_haproxy_pem_name}"
|
||||||
@ -90,6 +89,8 @@ haproxy_deploy() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# BUNDLE is optional. If not provided then assume "${DEPLOY_HAPROXY_BUNDLE_DEFAULT}"
|
# BUNDLE is optional. If not provided then assume "${DEPLOY_HAPROXY_BUNDLE_DEFAULT}"
|
||||||
|
_getdeployconf DEPLOY_HAPROXY_BUNDLE
|
||||||
|
_debug2 DEPLOY_HAPROXY_BUNDLE "${DEPLOY_HAPROXY_BUNDLE}"
|
||||||
if [ -n "${DEPLOY_HAPROXY_BUNDLE}" ]; then
|
if [ -n "${DEPLOY_HAPROXY_BUNDLE}" ]; then
|
||||||
Le_Deploy_haproxy_bundle="${DEPLOY_HAPROXY_BUNDLE}"
|
Le_Deploy_haproxy_bundle="${DEPLOY_HAPROXY_BUNDLE}"
|
||||||
_savedomainconf Le_Deploy_haproxy_bundle "${Le_Deploy_haproxy_bundle}"
|
_savedomainconf Le_Deploy_haproxy_bundle "${Le_Deploy_haproxy_bundle}"
|
||||||
@ -98,6 +99,8 @@ haproxy_deploy() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# ISSUER is optional. If not provided then assume "${DEPLOY_HAPROXY_ISSUER_DEFAULT}"
|
# ISSUER is optional. If not provided then assume "${DEPLOY_HAPROXY_ISSUER_DEFAULT}"
|
||||||
|
_getdeployconf DEPLOY_HAPROXY_ISSUER
|
||||||
|
_debug2 DEPLOY_HAPROXY_ISSUER "${DEPLOY_HAPROXY_ISSUER}"
|
||||||
if [ -n "${DEPLOY_HAPROXY_ISSUER}" ]; then
|
if [ -n "${DEPLOY_HAPROXY_ISSUER}" ]; then
|
||||||
Le_Deploy_haproxy_issuer="${DEPLOY_HAPROXY_ISSUER}"
|
Le_Deploy_haproxy_issuer="${DEPLOY_HAPROXY_ISSUER}"
|
||||||
_savedomainconf Le_Deploy_haproxy_issuer "${Le_Deploy_haproxy_issuer}"
|
_savedomainconf Le_Deploy_haproxy_issuer "${Le_Deploy_haproxy_issuer}"
|
||||||
@ -106,6 +109,8 @@ haproxy_deploy() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# RELOAD is optional. If not provided then assume "${DEPLOY_HAPROXY_RELOAD_DEFAULT}"
|
# RELOAD is optional. If not provided then assume "${DEPLOY_HAPROXY_RELOAD_DEFAULT}"
|
||||||
|
_getdeployconf DEPLOY_HAPROXY_RELOAD
|
||||||
|
_debug2 DEPLOY_HAPROXY_RELOAD "${DEPLOY_HAPROXY_RELOAD}"
|
||||||
if [ -n "${DEPLOY_HAPROXY_RELOAD}" ]; then
|
if [ -n "${DEPLOY_HAPROXY_RELOAD}" ]; then
|
||||||
Le_Deploy_haproxy_reload="${DEPLOY_HAPROXY_RELOAD}"
|
Le_Deploy_haproxy_reload="${DEPLOY_HAPROXY_RELOAD}"
|
||||||
_savedomainconf Le_Deploy_haproxy_reload "${Le_Deploy_haproxy_reload}"
|
_savedomainconf Le_Deploy_haproxy_reload "${Le_Deploy_haproxy_reload}"
|
||||||
@ -190,7 +195,7 @@ haproxy_deploy() {
|
|||||||
_info "Updating OCSP stapling info"
|
_info "Updating OCSP stapling info"
|
||||||
_debug _ocsp "${_ocsp}"
|
_debug _ocsp "${_ocsp}"
|
||||||
_info "Extracting OCSP URL"
|
_info "Extracting OCSP URL"
|
||||||
_ocsp_url=$(openssl x509 -noout -ocsp_uri -in "${_pem}")
|
_ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}")
|
||||||
_debug _ocsp_url "${_ocsp_url}"
|
_debug _ocsp_url "${_ocsp_url}"
|
||||||
|
|
||||||
# Only process OCSP if URL was present
|
# Only process OCSP if URL was present
|
||||||
@ -203,9 +208,9 @@ haproxy_deploy() {
|
|||||||
# Only process the certificate if we have a .issuer file
|
# Only process the certificate if we have a .issuer file
|
||||||
if [ -r "${_issuer}" ]; then
|
if [ -r "${_issuer}" ]; then
|
||||||
# Check if issuer cert is also a root CA cert
|
# Check if issuer cert is also a root CA cert
|
||||||
_subjectdn=$(openssl x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
|
_subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
|
||||||
_debug _subjectdn "${_subjectdn}"
|
_debug _subjectdn "${_subjectdn}"
|
||||||
_issuerdn=$(openssl x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
|
_issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
|
||||||
_debug _issuerdn "${_issuerdn}"
|
_debug _issuerdn "${_issuerdn}"
|
||||||
_info "Requesting OCSP response"
|
_info "Requesting OCSP response"
|
||||||
# If the issuer is a CA cert then our command line has "-CAfile" added
|
# If the issuer is a CA cert then our command line has "-CAfile" added
|
||||||
@ -216,7 +221,7 @@ haproxy_deploy() {
|
|||||||
fi
|
fi
|
||||||
_debug _cafile_argument "${_cafile_argument}"
|
_debug _cafile_argument "${_cafile_argument}"
|
||||||
# if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed
|
# if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed
|
||||||
_openssl_version=$(openssl version | cut -d' ' -f2)
|
_openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2)
|
||||||
_debug _openssl_version "${_openssl_version}"
|
_debug _openssl_version "${_openssl_version}"
|
||||||
_openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1)
|
_openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1)
|
||||||
_openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2)
|
_openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2)
|
||||||
@ -226,7 +231,7 @@ haproxy_deploy() {
|
|||||||
_header_sep=" "
|
_header_sep=" "
|
||||||
fi
|
fi
|
||||||
# Request the OCSP response from the issuer and store it
|
# Request the OCSP response from the issuer and store it
|
||||||
_openssl_ocsp_cmd="openssl ocsp \
|
_openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \
|
||||||
-issuer \"${_issuer}\" \
|
-issuer \"${_issuer}\" \
|
||||||
-cert \"${_pem}\" \
|
-cert \"${_pem}\" \
|
||||||
-url \"${_ocsp_url}\" \
|
-url \"${_ocsp_url}\" \
|
||||||
|
@ -45,7 +45,7 @@ kong_deploy() {
|
|||||||
#Generate data for request (Multipart/form-data with mixed content)
|
#Generate data for request (Multipart/form-data with mixed content)
|
||||||
if [ -z "$ssl_uuid" ]; then
|
if [ -z "$ssl_uuid" ]; then
|
||||||
#set sni to domain
|
#set sni to domain
|
||||||
content="--$delim${nl}Content-Disposition: form-data; name=\"snis\"${nl}${nl}$_cdomain"
|
content="--$delim${nl}Content-Disposition: form-data; name=\"snis[]\"${nl}${nl}$_cdomain"
|
||||||
fi
|
fi
|
||||||
#add key
|
#add key
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
|
||||||
|
280
deploy/lighttpd.sh
Normal file
280
deploy/lighttpd.sh
Normal file
@ -0,0 +1,280 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
# Script for acme.sh to deploy certificates to lighttpd
|
||||||
|
#
|
||||||
|
# The following variables can be exported:
|
||||||
|
#
|
||||||
|
# export DEPLOY_LIGHTTPD_PEM_NAME="${domain}.pem"
|
||||||
|
#
|
||||||
|
# Defines the name of the PEM file.
|
||||||
|
# Defaults to "<domain>.pem"
|
||||||
|
#
|
||||||
|
# export DEPLOY_LIGHTTPD_PEM_PATH="/etc/lighttpd"
|
||||||
|
#
|
||||||
|
# Defines location of PEM file for Lighttpd.
|
||||||
|
# Defaults to /etc/lighttpd
|
||||||
|
#
|
||||||
|
# export DEPLOY_LIGHTTPD_RELOAD="systemctl reload lighttpd"
|
||||||
|
#
|
||||||
|
# OPTIONAL: Reload command used post deploy
|
||||||
|
# This defaults to be a no-op (ie "true").
|
||||||
|
# It is strongly recommended to set this something that makes sense
|
||||||
|
# for your distro.
|
||||||
|
#
|
||||||
|
# export DEPLOY_LIGHTTPD_ISSUER="yes"
|
||||||
|
#
|
||||||
|
# OPTIONAL: Places CA file as "${DEPLOY_LIGHTTPD_PEM}.issuer"
|
||||||
|
# Note: Required for OCSP stapling to work
|
||||||
|
#
|
||||||
|
# export DEPLOY_LIGHTTPD_BUNDLE="no"
|
||||||
|
#
|
||||||
|
# OPTIONAL: Deploy this certificate as part of a multi-cert bundle
|
||||||
|
# This adds a suffix to the certificate based on the certificate type
|
||||||
|
# eg RSA certificates will have .rsa as a suffix to the file name
|
||||||
|
# Lighttpd will load all certificates and provide one or the other
|
||||||
|
# depending on client capabilities
|
||||||
|
# Note: This functionality requires Lighttpd was compiled against
|
||||||
|
# a version of OpenSSL that supports this.
|
||||||
|
#
|
||||||
|
|
||||||
|
######## Public functions #####################
|
||||||
|
|
||||||
|
#domain keyfile certfile cafile fullchain
|
||||||
|
lighttpd_deploy() {
|
||||||
|
_cdomain="$1"
|
||||||
|
_ckey="$2"
|
||||||
|
_ccert="$3"
|
||||||
|
_cca="$4"
|
||||||
|
_cfullchain="$5"
|
||||||
|
|
||||||
|
# Some defaults
|
||||||
|
DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT="/etc/lighttpd"
|
||||||
|
DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT="${_cdomain}.pem"
|
||||||
|
DEPLOY_LIGHTTPD_BUNDLE_DEFAULT="no"
|
||||||
|
DEPLOY_LIGHTTPD_ISSUER_DEFAULT="yes"
|
||||||
|
DEPLOY_LIGHTTPD_RELOAD_DEFAULT="true"
|
||||||
|
|
||||||
|
_debug _cdomain "${_cdomain}"
|
||||||
|
_debug _ckey "${_ckey}"
|
||||||
|
_debug _ccert "${_ccert}"
|
||||||
|
_debug _cca "${_cca}"
|
||||||
|
_debug _cfullchain "${_cfullchain}"
|
||||||
|
|
||||||
|
# PEM_PATH is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}"
|
||||||
|
_getdeployconf DEPLOY_LIGHTTPD_PEM_PATH
|
||||||
|
_debug2 DEPLOY_LIGHTTPD_PEM_PATH "${DEPLOY_LIGHTTPD_PEM_PATH}"
|
||||||
|
if [ -n "${DEPLOY_LIGHTTPD_PEM_PATH}" ]; then
|
||||||
|
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH}"
|
||||||
|
_savedomainconf Le_Deploy_lighttpd_pem_path "${Le_Deploy_lighttpd_pem_path}"
|
||||||
|
elif [ -z "${Le_Deploy_lighttpd_pem_path}" ]; then
|
||||||
|
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Ensure PEM_PATH exists
|
||||||
|
if [ -d "${Le_Deploy_lighttpd_pem_path}" ]; then
|
||||||
|
_debug "PEM_PATH ${Le_Deploy_lighttpd_pem_path} exists"
|
||||||
|
else
|
||||||
|
_err "PEM_PATH ${Le_Deploy_lighttpd_pem_path} does not exist"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# PEM_NAME is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}"
|
||||||
|
_getdeployconf DEPLOY_LIGHTTPD_PEM_NAME
|
||||||
|
_debug2 DEPLOY_LIGHTTPD_PEM_NAME "${DEPLOY_LIGHTTPD_PEM_NAME}"
|
||||||
|
if [ -n "${DEPLOY_LIGHTTPD_PEM_NAME}" ]; then
|
||||||
|
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME}"
|
||||||
|
_savedomainconf Le_Deploy_lighttpd_pem_name "${Le_Deploy_lighttpd_pem_name}"
|
||||||
|
elif [ -z "${Le_Deploy_lighttpd_pem_name}" ]; then
|
||||||
|
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# BUNDLE is optional. If not provided then assume "${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}"
|
||||||
|
_getdeployconf DEPLOY_LIGHTTPD_BUNDLE
|
||||||
|
_debug2 DEPLOY_LIGHTTPD_BUNDLE "${DEPLOY_LIGHTTPD_BUNDLE}"
|
||||||
|
if [ -n "${DEPLOY_LIGHTTPD_BUNDLE}" ]; then
|
||||||
|
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE}"
|
||||||
|
_savedomainconf Le_Deploy_lighttpd_bundle "${Le_Deploy_lighttpd_bundle}"
|
||||||
|
elif [ -z "${Le_Deploy_lighttpd_bundle}" ]; then
|
||||||
|
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# ISSUER is optional. If not provided then assume "${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}"
|
||||||
|
_getdeployconf DEPLOY_LIGHTTPD_ISSUER
|
||||||
|
_debug2 DEPLOY_LIGHTTPD_ISSUER "${DEPLOY_LIGHTTPD_ISSUER}"
|
||||||
|
if [ -n "${DEPLOY_LIGHTTPD_ISSUER}" ]; then
|
||||||
|
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER}"
|
||||||
|
_savedomainconf Le_Deploy_lighttpd_issuer "${Le_Deploy_lighttpd_issuer}"
|
||||||
|
elif [ -z "${Le_Deploy_lighttpd_issuer}" ]; then
|
||||||
|
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# RELOAD is optional. If not provided then assume "${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}"
|
||||||
|
_getdeployconf DEPLOY_LIGHTTPD_RELOAD
|
||||||
|
_debug2 DEPLOY_LIGHTTPD_RELOAD "${DEPLOY_LIGHTTPD_RELOAD}"
|
||||||
|
if [ -n "${DEPLOY_LIGHTTPD_RELOAD}" ]; then
|
||||||
|
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD}"
|
||||||
|
_savedomainconf Le_Deploy_lighttpd_reload "${Le_Deploy_lighttpd_reload}"
|
||||||
|
elif [ -z "${Le_Deploy_lighttpd_reload}" ]; then
|
||||||
|
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Set the suffix depending if we are creating a bundle or not
|
||||||
|
if [ "${Le_Deploy_lighttpd_bundle}" = "yes" ]; then
|
||||||
|
_info "Bundle creation requested"
|
||||||
|
# Initialise $Le_Keylength if its not already set
|
||||||
|
if [ -z "${Le_Keylength}" ]; then
|
||||||
|
Le_Keylength=""
|
||||||
|
fi
|
||||||
|
if _isEccKey "${Le_Keylength}"; then
|
||||||
|
_info "ECC key type detected"
|
||||||
|
_suffix=".ecdsa"
|
||||||
|
else
|
||||||
|
_info "RSA key type detected"
|
||||||
|
_suffix=".rsa"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
_suffix=""
|
||||||
|
fi
|
||||||
|
_debug _suffix "${_suffix}"
|
||||||
|
|
||||||
|
# Set variables for later
|
||||||
|
_pem="${Le_Deploy_lighttpd_pem_path}/${Le_Deploy_lighttpd_pem_name}${_suffix}"
|
||||||
|
_issuer="${_pem}.issuer"
|
||||||
|
_ocsp="${_pem}.ocsp"
|
||||||
|
_reload="${Le_Deploy_lighttpd_reload}"
|
||||||
|
|
||||||
|
_info "Deploying PEM file"
|
||||||
|
# Create a temporary PEM file
|
||||||
|
_temppem="$(_mktemp)"
|
||||||
|
_debug _temppem "${_temppem}"
|
||||||
|
cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}"
|
||||||
|
_ret="$?"
|
||||||
|
|
||||||
|
# Check that we could create the temporary file
|
||||||
|
if [ "${_ret}" != "0" ]; then
|
||||||
|
_err "Error code ${_ret} returned during PEM file creation"
|
||||||
|
[ -f "${_temppem}" ] && rm -f "${_temppem}"
|
||||||
|
return ${_ret}
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Move PEM file into place
|
||||||
|
_info "Moving new certificate into place"
|
||||||
|
_debug _pem "${_pem}"
|
||||||
|
cat "${_temppem}" >"${_pem}"
|
||||||
|
_ret=$?
|
||||||
|
|
||||||
|
# Clean up temp file
|
||||||
|
[ -f "${_temppem}" ] && rm -f "${_temppem}"
|
||||||
|
|
||||||
|
# Deal with any failure of moving PEM file into place
|
||||||
|
if [ "${_ret}" != "0" ]; then
|
||||||
|
_err "Error code ${_ret} returned while moving new certificate into place"
|
||||||
|
return ${_ret}
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Update .issuer file if requested
|
||||||
|
if [ "${Le_Deploy_lighttpd_issuer}" = "yes" ]; then
|
||||||
|
_info "Updating .issuer file"
|
||||||
|
_debug _issuer "${_issuer}"
|
||||||
|
cat "${_cca}" >"${_issuer}"
|
||||||
|
_ret="$?"
|
||||||
|
|
||||||
|
if [ "${_ret}" != "0" ]; then
|
||||||
|
_err "Error code ${_ret} returned while copying issuer/CA certificate into place"
|
||||||
|
return ${_ret}
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
[ -f "${_issuer}" ] && _err "Issuer file update not requested but .issuer file exists"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Update .ocsp file if certificate was requested with --ocsp/--ocsp-must-staple option
|
||||||
|
if [ -z "${Le_OCSP_Staple}" ]; then
|
||||||
|
Le_OCSP_Staple="0"
|
||||||
|
fi
|
||||||
|
if [ "${Le_OCSP_Staple}" = "1" ]; then
|
||||||
|
_info "Updating OCSP stapling info"
|
||||||
|
_debug _ocsp "${_ocsp}"
|
||||||
|
_info "Extracting OCSP URL"
|
||||||
|
_ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}")
|
||||||
|
_debug _ocsp_url "${_ocsp_url}"
|
||||||
|
|
||||||
|
# Only process OCSP if URL was present
|
||||||
|
if [ "${_ocsp_url}" != "" ]; then
|
||||||
|
# Extract the hostname from the OCSP URL
|
||||||
|
_info "Extracting OCSP URL"
|
||||||
|
_ocsp_host=$(echo "${_ocsp_url}" | cut -d/ -f3)
|
||||||
|
_debug _ocsp_host "${_ocsp_host}"
|
||||||
|
|
||||||
|
# Only process the certificate if we have a .issuer file
|
||||||
|
if [ -r "${_issuer}" ]; then
|
||||||
|
# Check if issuer cert is also a root CA cert
|
||||||
|
_subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
|
||||||
|
_debug _subjectdn "${_subjectdn}"
|
||||||
|
_issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10)
|
||||||
|
_debug _issuerdn "${_issuerdn}"
|
||||||
|
_info "Requesting OCSP response"
|
||||||
|
# If the issuer is a CA cert then our command line has "-CAfile" added
|
||||||
|
if [ "${_subjectdn}" = "${_issuerdn}" ]; then
|
||||||
|
_cafile_argument="-CAfile \"${_issuer}\""
|
||||||
|
else
|
||||||
|
_cafile_argument=""
|
||||||
|
fi
|
||||||
|
_debug _cafile_argument "${_cafile_argument}"
|
||||||
|
# if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed
|
||||||
|
_openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2)
|
||||||
|
_debug _openssl_version "${_openssl_version}"
|
||||||
|
_openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1)
|
||||||
|
_openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2)
|
||||||
|
if [ "${_openssl_major}" -eq "1" ] && [ "${_openssl_minor}" -ge "1" ] || [ "${_openssl_major}" -ge "2" ]; then
|
||||||
|
_header_sep="="
|
||||||
|
else
|
||||||
|
_header_sep=" "
|
||||||
|
fi
|
||||||
|
# Request the OCSP response from the issuer and store it
|
||||||
|
_openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \
|
||||||
|
-issuer \"${_issuer}\" \
|
||||||
|
-cert \"${_pem}\" \
|
||||||
|
-url \"${_ocsp_url}\" \
|
||||||
|
-header Host${_header_sep}\"${_ocsp_host}\" \
|
||||||
|
-respout \"${_ocsp}\" \
|
||||||
|
-verify_other \"${_issuer}\" \
|
||||||
|
${_cafile_argument} \
|
||||||
|
| grep -q \"${_pem}: good\""
|
||||||
|
_debug _openssl_ocsp_cmd "${_openssl_ocsp_cmd}"
|
||||||
|
eval "${_openssl_ocsp_cmd}"
|
||||||
|
_ret=$?
|
||||||
|
else
|
||||||
|
# Non fatal: No issuer file was present so no OCSP stapling file created
|
||||||
|
_err "OCSP stapling in use but no .issuer file was present"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# Non fatal: No OCSP url was found int the certificate
|
||||||
|
_err "OCSP update requested but no OCSP URL was found in certificate"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Non fatal: Check return code of openssl command
|
||||||
|
if [ "${_ret}" != "0" ]; then
|
||||||
|
_err "Updating OCSP stapling failed with return code ${_ret}"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# An OCSP file was already present but certificate did not have OCSP extension
|
||||||
|
if [ -f "${_ocsp}" ]; then
|
||||||
|
_err "OCSP was not requested but .ocsp file exists."
|
||||||
|
# Could remove the file at this step, although Lighttpd just ignores it in this case
|
||||||
|
# rm -f "${_ocsp}" || _err "Problem removing stale .ocsp file"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Reload Lighttpd
|
||||||
|
_debug _reload "${_reload}"
|
||||||
|
eval "${_reload}"
|
||||||
|
_ret=$?
|
||||||
|
if [ "${_ret}" != "0" ]; then
|
||||||
|
_err "Error code ${_ret} during reload"
|
||||||
|
return ${_ret}
|
||||||
|
else
|
||||||
|
_info "Reload successful"
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
@ -35,11 +35,6 @@ ssh_deploy() {
|
|||||||
_cfullchain="$5"
|
_cfullchain="$5"
|
||||||
_deploy_ssh_servers=""
|
_deploy_ssh_servers=""
|
||||||
|
|
||||||
if [ -f "$DOMAIN_CONF" ]; then
|
|
||||||
# shellcheck disable=SC1090
|
|
||||||
. "$DOMAIN_CONF"
|
|
||||||
fi
|
|
||||||
|
|
||||||
_debug _cdomain "$_cdomain"
|
_debug _cdomain "$_cdomain"
|
||||||
_debug _ckey "$_ckey"
|
_debug _ckey "$_ckey"
|
||||||
_debug _ccert "$_ccert"
|
_debug _ccert "$_ccert"
|
||||||
@ -47,6 +42,8 @@ ssh_deploy() {
|
|||||||
_debug _cfullchain "$_cfullchain"
|
_debug _cfullchain "$_cfullchain"
|
||||||
|
|
||||||
# USER is required to login by SSH to remote host.
|
# USER is required to login by SSH to remote host.
|
||||||
|
_getdeployconf DEPLOY_SSH_USER
|
||||||
|
_debug2 DEPLOY_SSH_USER "$DEPLOY_SSH_USER"
|
||||||
if [ -z "$DEPLOY_SSH_USER" ]; then
|
if [ -z "$DEPLOY_SSH_USER" ]; then
|
||||||
if [ -z "$Le_Deploy_ssh_user" ]; then
|
if [ -z "$Le_Deploy_ssh_user" ]; then
|
||||||
_err "DEPLOY_SSH_USER not defined."
|
_err "DEPLOY_SSH_USER not defined."
|
||||||
@ -58,6 +55,8 @@ ssh_deploy() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# SERVER is optional. If not provided then use _cdomain
|
# SERVER is optional. If not provided then use _cdomain
|
||||||
|
_getdeployconf DEPLOY_SSH_SERVER
|
||||||
|
_debug2 DEPLOY_SSH_SERVER "$DEPLOY_SSH_SERVER"
|
||||||
if [ -n "$DEPLOY_SSH_SERVER" ]; then
|
if [ -n "$DEPLOY_SSH_SERVER" ]; then
|
||||||
Le_Deploy_ssh_server="$DEPLOY_SSH_SERVER"
|
Le_Deploy_ssh_server="$DEPLOY_SSH_SERVER"
|
||||||
_savedomainconf Le_Deploy_ssh_server "$Le_Deploy_ssh_server"
|
_savedomainconf Le_Deploy_ssh_server "$Le_Deploy_ssh_server"
|
||||||
@ -66,6 +65,8 @@ ssh_deploy() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# CMD is optional. If not provided then use ssh
|
# CMD is optional. If not provided then use ssh
|
||||||
|
_getdeployconf DEPLOY_SSH_CMD
|
||||||
|
_debug2 DEPLOY_SSH_CMD "$DEPLOY_SSH_CMD"
|
||||||
if [ -n "$DEPLOY_SSH_CMD" ]; then
|
if [ -n "$DEPLOY_SSH_CMD" ]; then
|
||||||
Le_Deploy_ssh_cmd="$DEPLOY_SSH_CMD"
|
Le_Deploy_ssh_cmd="$DEPLOY_SSH_CMD"
|
||||||
_savedomainconf Le_Deploy_ssh_cmd "$Le_Deploy_ssh_cmd"
|
_savedomainconf Le_Deploy_ssh_cmd "$Le_Deploy_ssh_cmd"
|
||||||
@ -74,6 +75,8 @@ ssh_deploy() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# BACKUP is optional. If not provided then default to previously saved value or yes.
|
# BACKUP is optional. If not provided then default to previously saved value or yes.
|
||||||
|
_getdeployconf DEPLOY_SSH_BACKUP
|
||||||
|
_debug2 DEPLOY_SSH_BACKUP "$DEPLOY_SSH_BACKUP"
|
||||||
if [ "$DEPLOY_SSH_BACKUP" = "no" ]; then
|
if [ "$DEPLOY_SSH_BACKUP" = "no" ]; then
|
||||||
Le_Deploy_ssh_backup="no"
|
Le_Deploy_ssh_backup="no"
|
||||||
elif [ -z "$Le_Deploy_ssh_backup" ] || [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
|
elif [ -z "$Le_Deploy_ssh_backup" ] || [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
|
||||||
@ -82,6 +85,8 @@ ssh_deploy() {
|
|||||||
_savedomainconf Le_Deploy_ssh_backup "$Le_Deploy_ssh_backup"
|
_savedomainconf Le_Deploy_ssh_backup "$Le_Deploy_ssh_backup"
|
||||||
|
|
||||||
# BACKUP_PATH is optional. If not provided then default to previously saved value or .acme_ssh_deploy
|
# BACKUP_PATH is optional. If not provided then default to previously saved value or .acme_ssh_deploy
|
||||||
|
_getdeployconf DEPLOY_SSH_BACKUP_PATH
|
||||||
|
_debug2 DEPLOY_SSH_BACKUP_PATH "$DEPLOY_SSH_BACKUP_PATH"
|
||||||
if [ -n "$DEPLOY_SSH_BACKUP_PATH" ]; then
|
if [ -n "$DEPLOY_SSH_BACKUP_PATH" ]; then
|
||||||
Le_Deploy_ssh_backup_path="$DEPLOY_SSH_BACKUP_PATH"
|
Le_Deploy_ssh_backup_path="$DEPLOY_SSH_BACKUP_PATH"
|
||||||
elif [ -z "$Le_Deploy_ssh_backup_path" ]; then
|
elif [ -z "$Le_Deploy_ssh_backup_path" ]; then
|
||||||
@ -91,6 +96,8 @@ ssh_deploy() {
|
|||||||
|
|
||||||
# MULTI_CALL is optional. If not provided then default to previously saved
|
# MULTI_CALL is optional. If not provided then default to previously saved
|
||||||
# value (which may be undefined... equivalent to "no").
|
# value (which may be undefined... equivalent to "no").
|
||||||
|
_getdeployconf DEPLOY_SSH_MULTI_CALL
|
||||||
|
_debug2 DEPLOY_SSH_MULTI_CALL "$DEPLOY_SSH_MULTI_CALL"
|
||||||
if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
|
if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
|
||||||
Le_Deploy_ssh_multi_call="yes"
|
Le_Deploy_ssh_multi_call="yes"
|
||||||
_savedomainconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call"
|
_savedomainconf Le_Deploy_ssh_multi_call "$Le_Deploy_ssh_multi_call"
|
||||||
@ -141,6 +148,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
|
|||||||
|
|
||||||
# KEYFILE is optional.
|
# KEYFILE is optional.
|
||||||
# If provided then private key will be copied to provided filename.
|
# If provided then private key will be copied to provided filename.
|
||||||
|
_getdeployconf DEPLOY_SSH_KEYFILE
|
||||||
|
_debug2 DEPLOY_SSH_KEYFILE "$DEPLOY_SSH_KEYFILE"
|
||||||
if [ -n "$DEPLOY_SSH_KEYFILE" ]; then
|
if [ -n "$DEPLOY_SSH_KEYFILE" ]; then
|
||||||
Le_Deploy_ssh_keyfile="$DEPLOY_SSH_KEYFILE"
|
Le_Deploy_ssh_keyfile="$DEPLOY_SSH_KEYFILE"
|
||||||
_savedomainconf Le_Deploy_ssh_keyfile "$Le_Deploy_ssh_keyfile"
|
_savedomainconf Le_Deploy_ssh_keyfile "$Le_Deploy_ssh_keyfile"
|
||||||
@ -163,6 +172,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
|
|||||||
|
|
||||||
# CERTFILE is optional.
|
# CERTFILE is optional.
|
||||||
# If provided then certificate will be copied or appended to provided filename.
|
# If provided then certificate will be copied or appended to provided filename.
|
||||||
|
_getdeployconf DEPLOY_SSH_CERTFILE
|
||||||
|
_debug2 DEPLOY_SSH_CERTFILE "$DEPLOY_SSH_CERTFILE"
|
||||||
if [ -n "$DEPLOY_SSH_CERTFILE" ]; then
|
if [ -n "$DEPLOY_SSH_CERTFILE" ]; then
|
||||||
Le_Deploy_ssh_certfile="$DEPLOY_SSH_CERTFILE"
|
Le_Deploy_ssh_certfile="$DEPLOY_SSH_CERTFILE"
|
||||||
_savedomainconf Le_Deploy_ssh_certfile "$Le_Deploy_ssh_certfile"
|
_savedomainconf Le_Deploy_ssh_certfile "$Le_Deploy_ssh_certfile"
|
||||||
@ -189,6 +200,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
|
|||||||
|
|
||||||
# CAFILE is optional.
|
# CAFILE is optional.
|
||||||
# If provided then CA intermediate certificate will be copied or appended to provided filename.
|
# If provided then CA intermediate certificate will be copied or appended to provided filename.
|
||||||
|
_getdeployconf DEPLOY_SSH_CAFILE
|
||||||
|
_debug2 DEPLOY_SSH_CAFILE "$DEPLOY_SSH_CAFILE"
|
||||||
if [ -n "$DEPLOY_SSH_CAFILE" ]; then
|
if [ -n "$DEPLOY_SSH_CAFILE" ]; then
|
||||||
Le_Deploy_ssh_cafile="$DEPLOY_SSH_CAFILE"
|
Le_Deploy_ssh_cafile="$DEPLOY_SSH_CAFILE"
|
||||||
_savedomainconf Le_Deploy_ssh_cafile "$Le_Deploy_ssh_cafile"
|
_savedomainconf Le_Deploy_ssh_cafile "$Le_Deploy_ssh_cafile"
|
||||||
@ -216,6 +229,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
|
|||||||
|
|
||||||
# FULLCHAIN is optional.
|
# FULLCHAIN is optional.
|
||||||
# If provided then fullchain certificate will be copied or appended to provided filename.
|
# If provided then fullchain certificate will be copied or appended to provided filename.
|
||||||
|
_getdeployconf DEPLOY_SSH_FULLCHAIN
|
||||||
|
_debug2 DEPLOY_SSH_FULLCHAIN "$DEPLOY_SSH_FULLCHAIN"
|
||||||
if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then
|
if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then
|
||||||
Le_Deploy_ssh_fullchain="$DEPLOY_SSH_FULLCHAIN"
|
Le_Deploy_ssh_fullchain="$DEPLOY_SSH_FULLCHAIN"
|
||||||
_savedomainconf Le_Deploy_ssh_fullchain "$Le_Deploy_ssh_fullchain"
|
_savedomainconf Le_Deploy_ssh_fullchain "$Le_Deploy_ssh_fullchain"
|
||||||
@ -244,6 +259,8 @@ then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; d
|
|||||||
|
|
||||||
# REMOTE_CMD is optional.
|
# REMOTE_CMD is optional.
|
||||||
# If provided then this command will be executed on remote host.
|
# If provided then this command will be executed on remote host.
|
||||||
|
_getdeployconf DEPLOY_SSH_REMOTE_CMD
|
||||||
|
_debug2 DEPLOY_SSH_REMOTE_CMD "$DEPLOY_SSH_REMOTE_CMD"
|
||||||
if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then
|
if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then
|
||||||
Le_Deploy_ssh_remote_cmd="$DEPLOY_SSH_REMOTE_CMD"
|
Le_Deploy_ssh_remote_cmd="$DEPLOY_SSH_REMOTE_CMD"
|
||||||
_savedomainconf Le_Deploy_ssh_remote_cmd "$Le_Deploy_ssh_remote_cmd"
|
_savedomainconf Le_Deploy_ssh_remote_cmd "$Le_Deploy_ssh_remote_cmd"
|
||||||
|
@ -46,7 +46,7 @@ dns_1984hosting_add() {
|
|||||||
|
|
||||||
postdata="entry=new"
|
postdata="entry=new"
|
||||||
postdata="$postdata&type=TXT"
|
postdata="$postdata&type=TXT"
|
||||||
postdata="$postdata&ttl=3600"
|
postdata="$postdata&ttl=900"
|
||||||
postdata="$postdata&zone=$_domain"
|
postdata="$postdata&zone=$_domain"
|
||||||
postdata="$postdata&host=$_sub_domain"
|
postdata="$postdata&host=$_sub_domain"
|
||||||
postdata="$postdata&rdata=%22$value%22"
|
postdata="$postdata&rdata=%22$value%22"
|
||||||
@ -93,20 +93,15 @@ dns_1984hosting_rm() {
|
|||||||
fi
|
fi
|
||||||
_debug _sub_domain "$_sub_domain"
|
_debug _sub_domain "$_sub_domain"
|
||||||
_debug _domain "$_domain"
|
_debug _domain "$_domain"
|
||||||
|
|
||||||
_debug "Delete $fulldomain TXT record"
|
_debug "Delete $fulldomain TXT record"
|
||||||
url="https://management.1984hosting.com/domains"
|
|
||||||
|
|
||||||
_htmlget "$url" "$_domain"
|
url="https://management.1984hosting.com/domains"
|
||||||
_debug2 _response "$_response"
|
if ! _get_zone_id "$url" "$_domain"; then
|
||||||
zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+')"
|
_err "invalid zone" "$_domain"
|
||||||
_debug2 zone_id "$zone_id"
|
|
||||||
if [ -z "$zone_id" ]; then
|
|
||||||
_err "Error getting zone_id for $1"
|
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_htmlget "$url/$zone_id" "$_sub_domain"
|
_htmlget "$url/$_zone_id" "$txtvalue"
|
||||||
_debug2 _response "$_response"
|
_debug2 _response "$_response"
|
||||||
entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')"
|
entry_id="$(echo "$_response" | _egrep_o 'entry_[0-9]+' | sed 's/entry_//')"
|
||||||
_debug2 entry_id "$entry_id"
|
_debug2 entry_id "$entry_id"
|
||||||
@ -135,7 +130,7 @@ dns_1984hosting_rm() {
|
|||||||
_1984hosting_login() {
|
_1984hosting_login() {
|
||||||
if ! _check_credentials; then return 1; fi
|
if ! _check_credentials; then return 1; fi
|
||||||
|
|
||||||
if _check_cookie; then
|
if _check_cookies; then
|
||||||
_debug "Already logged in"
|
_debug "Already logged in"
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
@ -150,9 +145,12 @@ _1984hosting_login() {
|
|||||||
_debug2 response "$response"
|
_debug2 response "$response"
|
||||||
|
|
||||||
if _contains "$response" '"loggedin": true'; then
|
if _contains "$response" '"loggedin": true'; then
|
||||||
One984HOSTING_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _tail_n 1 | _egrep_o 'sessionid=[^;]*;' | tr -d ';')"
|
One984HOSTING_SESSIONID_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'sessionid=[^;]*;' | tr -d ';')"
|
||||||
export One984HOSTING_COOKIE
|
One984HOSTING_CSRFTOKEN_COOKIE="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'csrftoken=[^;]*;' | tr -d ';')"
|
||||||
_saveaccountconf_mutable One984HOSTING_COOKIE "$One984HOSTING_COOKIE"
|
export One984HOSTING_SESSIONID_COOKIE
|
||||||
|
export One984HOSTING_CSRFTOKEN_COOKIE
|
||||||
|
_saveaccountconf_mutable One984HOSTING_SESSIONID_COOKIE "$One984HOSTING_SESSIONID_COOKIE"
|
||||||
|
_saveaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE "$One984HOSTING_CSRFTOKEN_COOKIE"
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
return 1
|
return 1
|
||||||
@ -169,21 +167,24 @@ _check_credentials() {
|
|||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
_check_cookie() {
|
_check_cookies() {
|
||||||
One984HOSTING_COOKIE="${One984HOSTING_COOKIE:-$(_readaccountconf_mutable One984HOSTING_COOKIE)}"
|
One984HOSTING_SESSIONID_COOKIE="${One984HOSTING_SESSIONID_COOKIE:-$(_readaccountconf_mutable One984HOSTING_SESSIONID_COOKIE)}"
|
||||||
if [ -z "$One984HOSTING_COOKIE" ]; then
|
One984HOSTING_CSRFTOKEN_COOKIE="${One984HOSTING_CSRFTOKEN_COOKIE:-$(_readaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE)}"
|
||||||
_debug "No cached cookie found"
|
if [ -z "$One984HOSTING_SESSIONID_COOKIE" ] || [ -z "$One984HOSTING_CSRFTOKEN_COOKIE" ]; then
|
||||||
|
_debug "No cached cookie(s) found"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_authget "https://management.1984hosting.com/accounts/loginstatus/"
|
_authget "https://management.1984hosting.com/accounts/loginstatus/"
|
||||||
if _contains "$response" '"ok": true'; then
|
if _contains "$response" '"ok": true'; then
|
||||||
_debug "Cached cookie still valid"
|
_debug "Cached cookies still valid"
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
_debug "Cached cookie no longer valid"
|
_debug "Cached cookies no longer valid"
|
||||||
One984HOSTING_COOKIE=""
|
One984HOSTING_SESSIONID_COOKIE=""
|
||||||
_saveaccountconf_mutable One984HOSTING_COOKIE "$One984HOSTING_COOKIE"
|
One984HOSTING_CSRFTOKEN_COOKIE=""
|
||||||
|
_saveaccountconf_mutable One984HOSTING_SESSIONID_COOKIE "$One984HOSTING_SESSIONID_COOKIE"
|
||||||
|
_saveaccountconf_mutable One984HOSTING_CSRFTOKEN_COOKIE "$One984HOSTING_CSRFTOKEN_COOKIE"
|
||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -215,9 +216,25 @@ _get_root() {
|
|||||||
return 1
|
return 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#usage: _get_zone_id url domain.com
|
||||||
|
#returns zone id for domain.com
|
||||||
|
_get_zone_id() {
|
||||||
|
url=$1
|
||||||
|
domain=$2
|
||||||
|
_htmlget "$url" "$domain"
|
||||||
|
_debug2 _response "$_response"
|
||||||
|
_zone_id="$(echo "$_response" | _egrep_o 'zone\/[0-9]+' | _head_n 1)"
|
||||||
|
_debug2 _zone_id "$_zone_id"
|
||||||
|
if [ -z "$_zone_id" ]; then
|
||||||
|
_err "Error getting _zone_id for $2"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
# add extra headers to request
|
# add extra headers to request
|
||||||
_authget() {
|
_authget() {
|
||||||
export _H1="Cookie: $One984HOSTING_COOKIE"
|
export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE"
|
||||||
_response=$(_get "$1" | _normalizeJson)
|
_response=$(_get "$1" | _normalizeJson)
|
||||||
_debug2 _response "$_response"
|
_debug2 _response "$_response"
|
||||||
}
|
}
|
||||||
@ -225,12 +242,20 @@ _authget() {
|
|||||||
# truncate huge HTML response
|
# truncate huge HTML response
|
||||||
# echo: Argument list too long
|
# echo: Argument list too long
|
||||||
_htmlget() {
|
_htmlget() {
|
||||||
export _H1="Cookie: $One984HOSTING_COOKIE"
|
export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE"
|
||||||
_response=$(_get "$1" | grep "$2" | _head_n 1)
|
_response=$(_get "$1" | grep "$2")
|
||||||
|
if _contains "$_response" "@$2"; then
|
||||||
|
_response=$(echo "$_response" | grep -v "[@]" | _head_n 1)
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# add extra headers to request
|
# add extra headers to request
|
||||||
_authpost() {
|
_authpost() {
|
||||||
export _H1="Cookie: $One984HOSTING_COOKIE"
|
url="https://management.1984hosting.com/domains"
|
||||||
|
_get_zone_id "$url" "$_domain"
|
||||||
|
csrf_header="$(echo "$One984HOSTING_CSRFTOKEN_COOKIE" | _egrep_o "=[^=][0-9a-zA-Z]*" | tr -d "=")"
|
||||||
|
export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE;$One984HOSTING_SESSIONID_COOKIE"
|
||||||
|
export _H2="Referer: https://management.1984hosting.com/domains/$_zone_id"
|
||||||
|
export _H3="X-CSRFToken: $csrf_header"
|
||||||
_response=$(_post "$1" "$2")
|
_response=$(_post "$1" "$2")
|
||||||
}
|
}
|
||||||
|
@ -119,16 +119,16 @@ login() {
|
|||||||
tmp=$(_post "{\"action\": \"login\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apipassword\": \"$NC_Apipw\", \"customernumber\": \"$NC_CID\"}}" "$end" "" "POST")
|
tmp=$(_post "{\"action\": \"login\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apipassword\": \"$NC_Apipw\", \"customernumber\": \"$NC_CID\"}}" "$end" "" "POST")
|
||||||
sid=$(echo "$tmp" | tr '{}' '\n' | grep apisessionid | cut -d '"' -f 4)
|
sid=$(echo "$tmp" | tr '{}' '\n' | grep apisessionid | cut -d '"' -f 4)
|
||||||
_debug "$tmp"
|
_debug "$tmp"
|
||||||
if [ "$(_getfield "$msg" "4" | sed s/\"status\":\"//g | sed s/\"//g)" != "success" ]; then
|
if [ "$(_getfield "$tmp" "4" | sed s/\"status\":\"//g | sed s/\"//g)" != "success" ]; then
|
||||||
_err "$msg"
|
_err "$tmp"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
logout() {
|
logout() {
|
||||||
tmp=$(_post "{\"action\": \"logout\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apisessionid\": \"$sid\", \"customernumber\": \"$NC_CID\"}}" "$end" "" "POST")
|
tmp=$(_post "{\"action\": \"logout\", \"param\": {\"apikey\": \"$NC_Apikey\", \"apisessionid\": \"$sid\", \"customernumber\": \"$NC_CID\"}}" "$end" "" "POST")
|
||||||
_debug "$tmp"
|
_debug "$tmp"
|
||||||
if [ "$(_getfield "$msg" "4" | sed s/\"status\":\"//g | sed s/\"//g)" != "success" ]; then
|
if [ "$(_getfield "$tmp" "4" | sed s/\"status\":\"//g | sed s/\"//g)" != "success" ]; then
|
||||||
_err "$msg"
|
_err "$tmp"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -7,6 +7,7 @@
|
|||||||
|
|
||||||
RACKSPACE_Endpoint="https://dns.api.rackspacecloud.com/v1.0"
|
RACKSPACE_Endpoint="https://dns.api.rackspacecloud.com/v1.0"
|
||||||
|
|
||||||
|
# 20210923 - RS changed the fields in the API response; fix sed
|
||||||
# 20190213 - The name & id fields swapped in the API response; fix sed
|
# 20190213 - The name & id fields swapped in the API response; fix sed
|
||||||
# 20190101 - Duplicating file for new pull request to dev branch
|
# 20190101 - Duplicating file for new pull request to dev branch
|
||||||
# Original - tcocca:rackspace_dnsapi https://github.com/acmesh-official/acme.sh/pull/1297
|
# Original - tcocca:rackspace_dnsapi https://github.com/acmesh-official/acme.sh/pull/1297
|
||||||
@ -79,8 +80,8 @@ _get_root_zone() {
|
|||||||
_debug2 response "$response"
|
_debug2 response "$response"
|
||||||
if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
|
if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
|
||||||
# Response looks like:
|
# Response looks like:
|
||||||
# {"ttl":300,"accountId":12345,"id":1111111,"name":"example.com","emailAddress": ...<and so on>
|
# {"id":"12345","accountId":"1111111","name": "example.com","ttl":3600,"emailAddress": ... <and so on>
|
||||||
_domain_id=$(echo "$response" | sed -n "s/^.*\"id\":\([^,]*\),\"name\":\"$h\",.*/\1/p")
|
_domain_id=$(echo "$response" | sed -n "s/^.*\"id\":\"\([^,]*\)\",\"accountId\":\"[0-9]*\",\"name\":\"$h\",.*/\1/p")
|
||||||
_debug2 domain_id "$_domain_id"
|
_debug2 domain_id "$_domain_id"
|
||||||
if [ -n "$_domain_id" ]; then
|
if [ -n "$_domain_id" ]; then
|
||||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||||
|
158
dnsapi/dns_veesp.sh
Normal file
158
dnsapi/dns_veesp.sh
Normal file
@ -0,0 +1,158 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
# bug reports to stepan@plyask.in
|
||||||
|
|
||||||
|
#
|
||||||
|
# export VEESP_User="username"
|
||||||
|
# export VEESP_Password="password"
|
||||||
|
|
||||||
|
VEESP_Api="https://secure.veesp.com/api"
|
||||||
|
|
||||||
|
######## Public functions #####################
|
||||||
|
|
||||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||||
|
dns_veesp_add() {
|
||||||
|
fulldomain=$1
|
||||||
|
txtvalue=$2
|
||||||
|
|
||||||
|
VEESP_Password="${VEESP_Password:-$(_readaccountconf_mutable VEESP_Password)}"
|
||||||
|
VEESP_User="${VEESP_User:-$(_readaccountconf_mutable VEESP_User)}"
|
||||||
|
VEESP_auth=$(printf "%s" "$VEESP_User:$VEESP_Password" | _base64)
|
||||||
|
|
||||||
|
if [ -z "$VEESP_Password" ] || [ -z "$VEESP_User" ]; then
|
||||||
|
VEESP_Password=""
|
||||||
|
VEESP_User=""
|
||||||
|
_err "You don't specify veesp api key and email yet."
|
||||||
|
_err "Please create you key and try again."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#save the api key and email to the account conf file.
|
||||||
|
_saveaccountconf_mutable VEESP_Password "$VEESP_Password"
|
||||||
|
_saveaccountconf_mutable VEESP_User "$VEESP_User"
|
||||||
|
|
||||||
|
_debug "First detect the root zone"
|
||||||
|
if ! _get_root "$fulldomain"; then
|
||||||
|
_err "invalid domain"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug _domain_id "$_domain_id"
|
||||||
|
_debug _sub_domain "$_sub_domain"
|
||||||
|
_debug _domain "$_domain"
|
||||||
|
|
||||||
|
_info "Adding record"
|
||||||
|
if VEESP_rest POST "service/$_service_id/dns/$_domain_id/records" "{\"name\":\"$fulldomain\",\"ttl\":1,\"priority\":0,\"type\":\"TXT\",\"content\":\"$txtvalue\"}"; then
|
||||||
|
if _contains "$response" "\"success\":true"; then
|
||||||
|
_info "Added"
|
||||||
|
#todo: check if the record takes effect
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
_err "Add txt record error."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Usage: fulldomain txtvalue
|
||||||
|
# Used to remove the txt record after validation
|
||||||
|
dns_veesp_rm() {
|
||||||
|
fulldomain=$1
|
||||||
|
txtvalue=$2
|
||||||
|
|
||||||
|
VEESP_Password="${VEESP_Password:-$(_readaccountconf_mutable VEESP_Password)}"
|
||||||
|
VEESP_User="${VEESP_User:-$(_readaccountconf_mutable VEESP_User)}"
|
||||||
|
VEESP_auth=$(printf "%s" "$VEESP_User:$VEESP_Password" | _base64)
|
||||||
|
|
||||||
|
_debug "First detect the root zone"
|
||||||
|
if ! _get_root "$fulldomain"; then
|
||||||
|
_err "invalid domain"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug _domain_id "$_domain_id"
|
||||||
|
_debug _sub_domain "$_sub_domain"
|
||||||
|
_debug _domain "$_domain"
|
||||||
|
|
||||||
|
_debug "Getting txt records"
|
||||||
|
VEESP_rest GET "service/$_service_id/dns/$_domain_id"
|
||||||
|
|
||||||
|
count=$(printf "%s\n" "$response" | _egrep_o "\"type\":\"TXT\",\"content\":\".\"$txtvalue.\"\"" | wc -l | tr -d " ")
|
||||||
|
_debug count "$count"
|
||||||
|
if [ "$count" = "0" ]; then
|
||||||
|
_info "Don't need to remove."
|
||||||
|
else
|
||||||
|
record_id=$(printf "%s\n" "$response" | _egrep_o "{\"id\":[^}]*\"type\":\"TXT\",\"content\":\".\"$txtvalue.\"\"" | cut -d\" -f4)
|
||||||
|
_debug "record_id" "$record_id"
|
||||||
|
if [ -z "$record_id" ]; then
|
||||||
|
_err "Can not get record id to remove."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
if ! VEESP_rest DELETE "service/$_service_id/dns/$_domain_id/records/$record_id"; then
|
||||||
|
_err "Delete record error."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_contains "$response" "\"success\":true"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
#################### Private functions below ##################################
|
||||||
|
#_acme-challenge.www.domain.com
|
||||||
|
#returns
|
||||||
|
# _sub_domain=_acme-challenge.www
|
||||||
|
# _domain=domain.com
|
||||||
|
# _domain_id=sdjkglgdfewsdfg
|
||||||
|
_get_root() {
|
||||||
|
domain=$1
|
||||||
|
i=2
|
||||||
|
p=1
|
||||||
|
if ! VEESP_rest GET "dns"; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
while true; do
|
||||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||||
|
_debug h "$h"
|
||||||
|
if [ -z "$h" ]; then
|
||||||
|
#not valid
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if _contains "$response" "\"name\":\"$h\""; then
|
||||||
|
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"domain_id\":[^,]*,\"name\":\"$h\"" | cut -d : -f 2 | cut -d , -f 1 | cut -d '"' -f 2)
|
||||||
|
_debug _domain_id "$_domain_id"
|
||||||
|
_service_id=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$h\",\"service_id\":[^}]*" | cut -d : -f 3 | cut -d '"' -f 2)
|
||||||
|
_debug _service_id "$_service_id"
|
||||||
|
if [ "$_domain_id" ]; then
|
||||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||||
|
_domain="$h"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
p=$i
|
||||||
|
i=$(_math "$i" + 1)
|
||||||
|
done
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
VEESP_rest() {
|
||||||
|
m=$1
|
||||||
|
ep="$2"
|
||||||
|
data="$3"
|
||||||
|
_debug "$ep"
|
||||||
|
|
||||||
|
export _H1="Accept: application/json"
|
||||||
|
export _H2="Authorization: Basic $VEESP_auth"
|
||||||
|
if [ "$m" != "GET" ]; then
|
||||||
|
_debug data "$data"
|
||||||
|
export _H3="Content-Type: application/json"
|
||||||
|
response="$(_post "$data" "$VEESP_Api/$ep" "" "$m")"
|
||||||
|
else
|
||||||
|
response="$(_get "$VEESP_Api/$ep")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$?" != "0" ]; then
|
||||||
|
_err "error $ep"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug2 response "$response"
|
||||||
|
return 0
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user