mirror of
https://github.com/plantroon/acme.sh.git
synced 2025-01-22 04:12:02 +00:00
commit
70ed6b96d1
52
.github/workflows/DNS.yml
vendored
52
.github/workflows/DNS.yml
vendored
@ -59,6 +59,11 @@ jobs:
|
|||||||
DEBUG: ${{ secrets.DEBUG }}
|
DEBUG: ${{ secrets.DEBUG }}
|
||||||
http_proxy: ${{ secrets.http_proxy }}
|
http_proxy: ${{ secrets.http_proxy }}
|
||||||
https_proxy: ${{ secrets.https_proxy }}
|
https_proxy: ${{ secrets.https_proxy }}
|
||||||
|
TokenName1: ${{ secrets.TokenName1}}
|
||||||
|
TokenName2: ${{ secrets.TokenName2}}
|
||||||
|
TokenName3: ${{ secrets.TokenName3}}
|
||||||
|
TokenName4: ${{ secrets.TokenName4}}
|
||||||
|
TokenName5: ${{ secrets.TokenName5}}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
@ -102,6 +107,11 @@ jobs:
|
|||||||
DEBUG: ${{ secrets.DEBUG }}
|
DEBUG: ${{ secrets.DEBUG }}
|
||||||
http_proxy: ${{ secrets.http_proxy }}
|
http_proxy: ${{ secrets.http_proxy }}
|
||||||
https_proxy: ${{ secrets.https_proxy }}
|
https_proxy: ${{ secrets.https_proxy }}
|
||||||
|
TokenName1: ${{ secrets.TokenName1}}
|
||||||
|
TokenName2: ${{ secrets.TokenName2}}
|
||||||
|
TokenName3: ${{ secrets.TokenName3}}
|
||||||
|
TokenName4: ${{ secrets.TokenName4}}
|
||||||
|
TokenName5: ${{ secrets.TokenName5}}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Install tools
|
- name: Install tools
|
||||||
@ -145,6 +155,11 @@ jobs:
|
|||||||
DEBUG: ${{ secrets.DEBUG }}
|
DEBUG: ${{ secrets.DEBUG }}
|
||||||
http_proxy: ${{ secrets.http_proxy }}
|
http_proxy: ${{ secrets.http_proxy }}
|
||||||
https_proxy: ${{ secrets.https_proxy }}
|
https_proxy: ${{ secrets.https_proxy }}
|
||||||
|
TokenName1: ${{ secrets.TokenName1}}
|
||||||
|
TokenName2: ${{ secrets.TokenName2}}
|
||||||
|
TokenName3: ${{ secrets.TokenName3}}
|
||||||
|
TokenName4: ${{ secrets.TokenName4}}
|
||||||
|
TokenName5: ${{ secrets.TokenName5}}
|
||||||
steps:
|
steps:
|
||||||
- name: Set git to use LF
|
- name: Set git to use LF
|
||||||
run: |
|
run: |
|
||||||
@ -202,13 +217,18 @@ jobs:
|
|||||||
DEBUG: ${{ secrets.DEBUG }}
|
DEBUG: ${{ secrets.DEBUG }}
|
||||||
http_proxy: ${{ secrets.http_proxy }}
|
http_proxy: ${{ secrets.http_proxy }}
|
||||||
https_proxy: ${{ secrets.https_proxy }}
|
https_proxy: ${{ secrets.https_proxy }}
|
||||||
|
TokenName1: ${{ secrets.TokenName1}}
|
||||||
|
TokenName2: ${{ secrets.TokenName2}}
|
||||||
|
TokenName3: ${{ secrets.TokenName3}}
|
||||||
|
TokenName4: ${{ secrets.TokenName4}}
|
||||||
|
TokenName5: ${{ secrets.TokenName5}}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- uses: vmactions/freebsd-vm@v0
|
- uses: vmactions/freebsd-vm@v0
|
||||||
with:
|
with:
|
||||||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
||||||
prepare: pkg install -y socat curl
|
prepare: pkg install -y socat curl
|
||||||
usesh: true
|
usesh: true
|
||||||
copyback: false
|
copyback: false
|
||||||
@ -248,13 +268,18 @@ jobs:
|
|||||||
DEBUG: ${{ secrets.DEBUG }}
|
DEBUG: ${{ secrets.DEBUG }}
|
||||||
http_proxy: ${{ secrets.http_proxy }}
|
http_proxy: ${{ secrets.http_proxy }}
|
||||||
https_proxy: ${{ secrets.https_proxy }}
|
https_proxy: ${{ secrets.https_proxy }}
|
||||||
|
TokenName1: ${{ secrets.TokenName1}}
|
||||||
|
TokenName2: ${{ secrets.TokenName2}}
|
||||||
|
TokenName3: ${{ secrets.TokenName3}}
|
||||||
|
TokenName4: ${{ secrets.TokenName4}}
|
||||||
|
TokenName5: ${{ secrets.TokenName5}}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- uses: vmactions/openbsd-vm@v0
|
- uses: vmactions/openbsd-vm@v0
|
||||||
with:
|
with:
|
||||||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
||||||
prepare: pkg_add socat curl
|
prepare: pkg_add socat curl
|
||||||
usesh: true
|
usesh: true
|
||||||
copyback: false
|
copyback: false
|
||||||
@ -294,13 +319,18 @@ jobs:
|
|||||||
DEBUG: ${{ secrets.DEBUG }}
|
DEBUG: ${{ secrets.DEBUG }}
|
||||||
http_proxy: ${{ secrets.http_proxy }}
|
http_proxy: ${{ secrets.http_proxy }}
|
||||||
https_proxy: ${{ secrets.https_proxy }}
|
https_proxy: ${{ secrets.https_proxy }}
|
||||||
|
TokenName1: ${{ secrets.TokenName1}}
|
||||||
|
TokenName2: ${{ secrets.TokenName2}}
|
||||||
|
TokenName3: ${{ secrets.TokenName3}}
|
||||||
|
TokenName4: ${{ secrets.TokenName4}}
|
||||||
|
TokenName5: ${{ secrets.TokenName5}}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- uses: vmactions/netbsd-vm@v0
|
- uses: vmactions/netbsd-vm@v0
|
||||||
with:
|
with:
|
||||||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
||||||
prepare: |
|
prepare: |
|
||||||
pkg_add curl socat
|
pkg_add curl socat
|
||||||
usesh: true
|
usesh: true
|
||||||
@ -341,13 +371,18 @@ jobs:
|
|||||||
DEBUG: ${{ secrets.DEBUG }}
|
DEBUG: ${{ secrets.DEBUG }}
|
||||||
http_proxy: ${{ secrets.http_proxy }}
|
http_proxy: ${{ secrets.http_proxy }}
|
||||||
https_proxy: ${{ secrets.https_proxy }}
|
https_proxy: ${{ secrets.https_proxy }}
|
||||||
|
TokenName1: ${{ secrets.TokenName1}}
|
||||||
|
TokenName2: ${{ secrets.TokenName2}}
|
||||||
|
TokenName3: ${{ secrets.TokenName3}}
|
||||||
|
TokenName4: ${{ secrets.TokenName4}}
|
||||||
|
TokenName5: ${{ secrets.TokenName5}}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- uses: vmactions/dragonflybsd-vm@v0
|
- uses: vmactions/dragonflybsd-vm@v0
|
||||||
with:
|
with:
|
||||||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
||||||
prepare: |
|
prepare: |
|
||||||
pkg install -y curl socat
|
pkg install -y curl socat
|
||||||
usesh: true
|
usesh: true
|
||||||
@ -391,14 +426,19 @@ jobs:
|
|||||||
DEBUG: ${{ secrets.DEBUG }}
|
DEBUG: ${{ secrets.DEBUG }}
|
||||||
http_proxy: ${{ secrets.http_proxy }}
|
http_proxy: ${{ secrets.http_proxy }}
|
||||||
https_proxy: ${{ secrets.https_proxy }}
|
https_proxy: ${{ secrets.https_proxy }}
|
||||||
HTTPS_INSECURE: 1 # always set to 1 to ignore https error, sincc Solaris doesn't accept the expired ISRG X1 root
|
HTTPS_INSECURE: 1 # always set to 1 to ignore https error, since Solaris doesn't accept the expired ISRG X1 root
|
||||||
|
TokenName1: ${{ secrets.TokenName1}}
|
||||||
|
TokenName2: ${{ secrets.TokenName2}}
|
||||||
|
TokenName3: ${{ secrets.TokenName3}}
|
||||||
|
TokenName4: ${{ secrets.TokenName4}}
|
||||||
|
TokenName5: ${{ secrets.TokenName5}}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Clone acmetest
|
- name: Clone acmetest
|
||||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||||
- uses: vmactions/solaris-vm@v0
|
- uses: vmactions/solaris-vm@v0
|
||||||
with:
|
with:
|
||||||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
||||||
copyback: false
|
copyback: false
|
||||||
prepare: pkgutil -y -i socat
|
prepare: pkgutil -y -i socat
|
||||||
run: |
|
run: |
|
||||||
|
4
acme.sh
4
acme.sh
@ -4866,7 +4866,9 @@ $_authorizations_map"
|
|||||||
_on_issue_err "$_post_hook" "$vlist"
|
_on_issue_err "$_post_hook" "$vlist"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
if ! chmod a+r "$wellknown_path/$token"; then
|
||||||
|
_debug "chmod failed, but we just continue."
|
||||||
|
fi
|
||||||
if [ ! "$usingApache" ]; then
|
if [ ! "$usingApache" ]; then
|
||||||
if webroot_owner=$(_stat "$_currentRoot"); then
|
if webroot_owner=$(_stat "$_currentRoot"); then
|
||||||
_debug "Changing owner/group of .well-known to $webroot_owner"
|
_debug "Changing owner/group of .well-known to $webroot_owner"
|
||||||
|
@ -3,18 +3,29 @@
|
|||||||
# Uses command line uapi. --user option is needed only if run as root.
|
# Uses command line uapi. --user option is needed only if run as root.
|
||||||
# Returns 0 when success.
|
# Returns 0 when success.
|
||||||
#
|
#
|
||||||
|
# Configure DEPLOY_CPANEL_AUTO_<...> options to enable or restrict automatic
|
||||||
|
# detection of deployment targets through UAPI (if not set, defaults below are used.)
|
||||||
|
# - ENABLED : 'true' for multi-site / wildcard capability; otherwise single-site mode.
|
||||||
|
# - NOMATCH : 'true' to allow deployment to sites that do not match the certificate.
|
||||||
|
# - INCLUDE : Comma-separated list - sites must match this field.
|
||||||
|
# - EXCLUDE : Comma-separated list - sites must NOT match this field.
|
||||||
|
# INCLUDE/EXCLUDE both support non-lexical, glob-style matches using '*'
|
||||||
|
#
|
||||||
# Please note that I am no longer using Github. If you want to report an issue
|
# Please note that I am no longer using Github. If you want to report an issue
|
||||||
# or contact me, visit https://forum.webseodesigners.com/web-design-seo-and-hosting-f16/
|
# or contact me, visit https://forum.webseodesigners.com/web-design-seo-and-hosting-f16/
|
||||||
#
|
#
|
||||||
# Written by Santeri Kannisto <santeri.kannisto@webseodesigners.com>
|
# Written by Santeri Kannisto <santeri.kannisto@webseodesigners.com>
|
||||||
# Public domain, 2017-2018
|
# Public domain, 2017-2018
|
||||||
|
#
|
||||||
# export DEPLOY_CPANEL_USER=myusername
|
# export DEPLOY_CPANEL_USER=myusername
|
||||||
|
# export DEPLOY_CPANEL_AUTO_ENABLED='true'
|
||||||
|
# export DEPLOY_CPANEL_AUTO_NOMATCH='false'
|
||||||
|
# export DEPLOY_CPANEL_AUTO_INCLUDE='*'
|
||||||
|
# export DEPLOY_CPANEL_AUTO_EXCLUDE=''
|
||||||
|
|
||||||
######## Public functions #####################
|
######## Public functions #####################
|
||||||
|
|
||||||
#domain keyfile certfile cafile fullchain
|
#domain keyfile certfile cafile fullchain
|
||||||
|
|
||||||
cpanel_uapi_deploy() {
|
cpanel_uapi_deploy() {
|
||||||
_cdomain="$1"
|
_cdomain="$1"
|
||||||
_ckey="$2"
|
_ckey="$2"
|
||||||
@ -22,6 +33,9 @@ cpanel_uapi_deploy() {
|
|||||||
_cca="$4"
|
_cca="$4"
|
||||||
_cfullchain="$5"
|
_cfullchain="$5"
|
||||||
|
|
||||||
|
# re-declare vars inherited from acme.sh but not passed to make ShellCheck happy
|
||||||
|
: "${Le_Alt:=""}"
|
||||||
|
|
||||||
_debug _cdomain "$_cdomain"
|
_debug _cdomain "$_cdomain"
|
||||||
_debug _ckey "$_ckey"
|
_debug _ckey "$_ckey"
|
||||||
_debug _ccert "$_ccert"
|
_debug _ccert "$_ccert"
|
||||||
@ -32,25 +46,120 @@ cpanel_uapi_deploy() {
|
|||||||
_err "The command uapi is not found."
|
_err "The command uapi is not found."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# declare useful constants
|
||||||
|
uapi_error_response='status: 0'
|
||||||
|
|
||||||
# read cert and key files and urlencode both
|
# read cert and key files and urlencode both
|
||||||
_cert=$(_url_encode <"$_ccert")
|
_cert=$(_url_encode <"$_ccert")
|
||||||
_key=$(_url_encode <"$_ckey")
|
_key=$(_url_encode <"$_ckey")
|
||||||
|
|
||||||
_debug _cert "$_cert"
|
_debug2 _cert "$_cert"
|
||||||
_debug _key "$_key"
|
_debug2 _key "$_key"
|
||||||
|
|
||||||
if [ "$(id -u)" = 0 ]; then
|
if [ "$(id -u)" = 0 ]; then
|
||||||
if [ -z "$DEPLOY_CPANEL_USER" ]; then
|
_getdeployconf DEPLOY_CPANEL_USER
|
||||||
|
# fallback to _readdomainconf for old installs
|
||||||
|
if [ -z "${DEPLOY_CPANEL_USER:=$(_readdomainconf DEPLOY_CPANEL_USER)}" ]; then
|
||||||
_err "It seems that you are root, please define the target user name: export DEPLOY_CPANEL_USER=username"
|
_err "It seems that you are root, please define the target user name: export DEPLOY_CPANEL_USER=username"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
_savedomainconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
|
_debug DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
|
||||||
_response=$(uapi --user="$DEPLOY_CPANEL_USER" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
|
_savedeployconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
|
||||||
|
|
||||||
|
_uapi_user="$DEPLOY_CPANEL_USER"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Load all AUTO envars and set defaults - see above for usage
|
||||||
|
__cpanel_initautoparam ENABLED 'true'
|
||||||
|
__cpanel_initautoparam NOMATCH 'false'
|
||||||
|
__cpanel_initautoparam INCLUDE '*'
|
||||||
|
__cpanel_initautoparam EXCLUDE ''
|
||||||
|
|
||||||
|
# Auto mode
|
||||||
|
if [ "$DEPLOY_CPANEL_AUTO_ENABLED" = "true" ]; then
|
||||||
|
# call API for site config
|
||||||
|
_response=$(uapi DomainInfo list_domains)
|
||||||
|
# exit if error in response
|
||||||
|
if [ -z "$_response" ] || [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
|
||||||
|
_err "Error in deploying certificate - cannot retrieve sitelist:"
|
||||||
|
_err "\n$_response"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# parse response to create site list
|
||||||
|
sitelist=$(__cpanel_parse_response "$_response")
|
||||||
|
_debug "UAPI sites found: $sitelist"
|
||||||
|
|
||||||
|
# filter sitelist using configured domains
|
||||||
|
# skip if NOMATCH is "true"
|
||||||
|
if [ "$DEPLOY_CPANEL_AUTO_NOMATCH" = "true" ]; then
|
||||||
|
_debug "DEPLOY_CPANEL_AUTO_NOMATCH is true"
|
||||||
|
_info "UAPI nomatch mode is enabled - Will not validate sites are valid for the certificate"
|
||||||
|
else
|
||||||
|
_debug "DEPLOY_CPANEL_AUTO_NOMATCH is false"
|
||||||
|
d="$(echo "${Le_Alt}," | sed -e "s/^$_cdomain,//" -e "s/,$_cdomain,/,/")"
|
||||||
|
d="$(echo "$_cdomain,$d" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\[\^\.\]\*/g')"
|
||||||
|
sitelist="$(echo "$sitelist" | grep -ix "$d")"
|
||||||
|
_debug2 "Matched UAPI sites: $sitelist"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# filter sites that do not match $DEPLOY_CPANEL_AUTO_INCLUDE
|
||||||
|
_info "Applying sitelist filter DEPLOY_CPANEL_AUTO_INCLUDE: $DEPLOY_CPANEL_AUTO_INCLUDE"
|
||||||
|
sitelist="$(echo "$sitelist" | grep -ix "$(echo "$DEPLOY_CPANEL_AUTO_INCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")"
|
||||||
|
_debug2 "Remaining sites: $sitelist"
|
||||||
|
|
||||||
|
# filter sites that match $DEPLOY_CPANEL_AUTO_EXCLUDE
|
||||||
|
_info "Applying sitelist filter DEPLOY_CPANEL_AUTO_EXCLUDE: $DEPLOY_CPANEL_AUTO_EXCLUDE"
|
||||||
|
sitelist="$(echo "$sitelist" | grep -vix "$(echo "$DEPLOY_CPANEL_AUTO_EXCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")"
|
||||||
|
_debug2 "Remaining sites: $sitelist"
|
||||||
|
|
||||||
|
# counter for success / failure check
|
||||||
|
successes=0
|
||||||
|
if [ -n "$sitelist" ]; then
|
||||||
|
sitetotal="$(echo "$sitelist" | wc -l)"
|
||||||
|
_debug "$sitetotal sites to deploy"
|
||||||
|
else
|
||||||
|
sitetotal=0
|
||||||
|
_debug "No sites to deploy"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# for each site: call uapi to publish cert and log result. Only return failure if all fail
|
||||||
|
for site in $sitelist; do
|
||||||
|
# call uapi to publish cert, check response for errors and log them.
|
||||||
|
if [ -n "$_uapi_user" ]; then
|
||||||
|
_response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$site" cert="$_cert" key="$_key")
|
||||||
|
else
|
||||||
|
_response=$(uapi SSL install_ssl domain="$site" cert="$_cert" key="$_key")
|
||||||
|
fi
|
||||||
|
if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
|
||||||
|
_err "Error in deploying certificate to $site:"
|
||||||
|
_err "$_response"
|
||||||
|
else
|
||||||
|
successes=$((successes + 1))
|
||||||
|
_debug "$_response"
|
||||||
|
_info "Succcessfully deployed to $site"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# Raise error if all updates fail
|
||||||
|
if [ "$sitetotal" -gt 0 ] && [ "$successes" -eq 0 ]; then
|
||||||
|
_err "Could not deploy to any of $sitetotal sites via UAPI"
|
||||||
|
_debug "successes: $successes, sitetotal: $sitetotal"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_info "Successfully deployed certificate to $successes of $sitetotal sites via UAPI"
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
# "classic" mode - will only try to deploy to the primary domain; will not check UAPI first
|
||||||
|
if [ -n "$_uapi_user" ]; then
|
||||||
|
_response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
|
||||||
else
|
else
|
||||||
_response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
|
_response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
|
||||||
fi
|
fi
|
||||||
error_response="status: 0"
|
|
||||||
if test "${_response#*$error_response}" != "$_response"; then
|
if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
|
||||||
_err "Error in deploying certificate:"
|
_err "Error in deploying certificate:"
|
||||||
_err "$_response"
|
_err "$_response"
|
||||||
return 1
|
return 1
|
||||||
@ -59,4 +168,44 @@ cpanel_uapi_deploy() {
|
|||||||
_debug response "$_response"
|
_debug response "$_response"
|
||||||
_info "Certificate successfully deployed"
|
_info "Certificate successfully deployed"
|
||||||
return 0
|
return 0
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
######## Private functions #####################
|
||||||
|
|
||||||
|
# Internal utility to process YML from UAPI - only looks at main_domain and sub_domains
|
||||||
|
#[response]
|
||||||
|
__cpanel_parse_response() {
|
||||||
|
if [ $# -gt 0 ]; then resp="$*"; else resp="$(cat)"; fi
|
||||||
|
|
||||||
|
echo "$resp" |
|
||||||
|
sed -En \
|
||||||
|
-e 's/\r$//' \
|
||||||
|
-e 's/^( *)([_.[:alnum:]]+) *: *(.*)/\1,\2,\3/p' \
|
||||||
|
-e 's/^( *)- (.*)/\1,-,\2/p' |
|
||||||
|
awk -F, '{
|
||||||
|
level = length($1)/2;
|
||||||
|
section[level] = $2;
|
||||||
|
for (i in section) {if (i > level) {delete section[i]}}
|
||||||
|
if (length($3) > 0) {
|
||||||
|
prefix="";
|
||||||
|
for (i=0; i < level; i++)
|
||||||
|
{ prefix = (prefix)(section[i])("/") }
|
||||||
|
printf("%s%s=%s\n", prefix, $2, $3);
|
||||||
|
}
|
||||||
|
}' |
|
||||||
|
sed -En -e 's/^result\/data\/(main_domain|sub_domains\/-)=(.*)$/\2/p'
|
||||||
|
}
|
||||||
|
|
||||||
|
# Load parameter by prefix+name - fallback to default if not set, and save to config
|
||||||
|
#pname pdefault
|
||||||
|
__cpanel_initautoparam() {
|
||||||
|
pname="$1"
|
||||||
|
pdefault="$2"
|
||||||
|
pkey="DEPLOY_CPANEL_AUTO_$pname"
|
||||||
|
|
||||||
|
_getdeployconf "$pkey"
|
||||||
|
[ -n "$(eval echo "\"\$$pkey\"")" ] || eval "$pkey=\"$pdefault\""
|
||||||
|
_debug2 "$pkey" "$(eval echo "\"\$$pkey\"")"
|
||||||
|
_savedeployconf "$pkey" "$(eval echo "\"\$$pkey\"")"
|
||||||
}
|
}
|
||||||
|
@ -39,7 +39,7 @@ dns_gcloud_rm() {
|
|||||||
_dns_gcloud_start_tr || return $?
|
_dns_gcloud_start_tr || return $?
|
||||||
_dns_gcloud_get_rrdatas || return $?
|
_dns_gcloud_get_rrdatas || return $?
|
||||||
echo "$rrdatas" | _dns_gcloud_remove_rrs || return $?
|
echo "$rrdatas" | _dns_gcloud_remove_rrs || return $?
|
||||||
echo "$rrdatas" | grep -F -v "\"$txtvalue\"" | _dns_gcloud_add_rrs || return $?
|
echo "$rrdatas" | grep -F -v -- "\"$txtvalue\"" | _dns_gcloud_add_rrs || return $?
|
||||||
_dns_gcloud_execute_tr || return $?
|
_dns_gcloud_execute_tr || return $?
|
||||||
|
|
||||||
_info "$fulldomain record added"
|
_info "$fulldomain record added"
|
||||||
|
@ -18,15 +18,15 @@ dns_netlify_add() {
|
|||||||
NETLIFY_ACCESS_TOKEN=""
|
NETLIFY_ACCESS_TOKEN=""
|
||||||
_err "Please specify your Netlify Access Token and try again."
|
_err "Please specify your Netlify Access Token and try again."
|
||||||
return 1
|
return 1
|
||||||
|
else
|
||||||
|
_saveaccountconf_mutable NETLIFY_ACCESS_TOKEN "$NETLIFY_ACCESS_TOKEN"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_info "Using Netlify"
|
_info "Using Netlify"
|
||||||
_debug fulldomain "$fulldomain"
|
_debug fulldomain "$fulldomain"
|
||||||
_debug txtvalue "$txtvalue"
|
_debug txtvalue "$txtvalue"
|
||||||
|
|
||||||
_saveaccountconf_mutable NETLIFY_ACCESS_TOKEN "$NETLIFY_ACCESS_TOKEN"
|
if ! _get_root "$fulldomain"; then
|
||||||
|
|
||||||
if ! _get_root "$fulldomain" "$accesstoken"; then
|
|
||||||
_err "invalid domain"
|
_err "invalid domain"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -62,9 +62,9 @@ dns_netlify_rm() {
|
|||||||
_debug txtdomain "$txtdomain"
|
_debug txtdomain "$txtdomain"
|
||||||
_debug txt "$txt"
|
_debug txt "$txt"
|
||||||
|
|
||||||
_saveaccountconf_mutable NETLIFY_ACCESS_TOKEN "$NETLIFY_ACCESS_TOKEN"
|
NETLIFY_ACCESS_TOKEN="${NETLIFY_ACCESS_TOKEN:-$(_readaccountconf_mutable NETLIFY_ACCESS_TOKEN)}"
|
||||||
|
|
||||||
if ! _get_root "$txtdomain" "$accesstoken"; then
|
if ! _get_root "$txtdomain"; then
|
||||||
_err "invalid domain"
|
_err "invalid domain"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
TRANSIP_Api_Url="https://api.transip.nl/v6"
|
TRANSIP_Api_Url="https://api.transip.nl/v6"
|
||||||
TRANSIP_Token_Read_Only="false"
|
TRANSIP_Token_Read_Only="false"
|
||||||
TRANSIP_Token_Global_Key="false"
|
|
||||||
TRANSIP_Token_Expiration="30 minutes"
|
TRANSIP_Token_Expiration="30 minutes"
|
||||||
# You can't reuse a label token, so we leave this empty normally
|
# You can't reuse a label token, so we leave this empty normally
|
||||||
TRANSIP_Token_Label=""
|
TRANSIP_Token_Label=""
|
||||||
@ -96,7 +95,11 @@ _transip_get_token() {
|
|||||||
nonce=$(echo "TRANSIP$(_time)" | _digest sha1 hex | cut -c 1-32)
|
nonce=$(echo "TRANSIP$(_time)" | _digest sha1 hex | cut -c 1-32)
|
||||||
_debug nonce "$nonce"
|
_debug nonce "$nonce"
|
||||||
|
|
||||||
data="{\"login\":\"${TRANSIP_Username}\",\"nonce\":\"${nonce}\",\"read_only\":\"${TRANSIP_Token_Read_Only}\",\"expiration_time\":\"${TRANSIP_Token_Expiration}\",\"label\":\"${TRANSIP_Token_Label}\",\"global_key\":\"${TRANSIP_Token_Global_Key}\"}"
|
# make IP whitelisting configurable
|
||||||
|
TRANSIP_Token_Global_Key="${TRANSIP_Token_Global_Key:-$(_readaccountconf_mutable TRANSIP_Token_Global_Key)}"
|
||||||
|
_saveaccountconf_mutable TRANSIP_Token_Global_Key "$TRANSIP_Token_Global_Key"
|
||||||
|
|
||||||
|
data="{\"login\":\"${TRANSIP_Username}\",\"nonce\":\"${nonce}\",\"read_only\":\"${TRANSIP_Token_Read_Only}\",\"expiration_time\":\"${TRANSIP_Token_Expiration}\",\"label\":\"${TRANSIP_Token_Label}\",\"global_key\":\"${TRANSIP_Token_Global_Key:-false}\"}"
|
||||||
_debug data "$data"
|
_debug data "$data"
|
||||||
|
|
||||||
#_signature=$(printf "%s" "$data" | openssl dgst -sha512 -sign "$TRANSIP_Key_File" | _base64)
|
#_signature=$(printf "%s" "$data" | openssl dgst -sha512 -sign "$TRANSIP_Key_File" | _base64)
|
||||||
@ -139,6 +142,18 @@ _transip_setup() {
|
|||||||
_saveaccountconf_mutable TRANSIP_Username "$TRANSIP_Username"
|
_saveaccountconf_mutable TRANSIP_Username "$TRANSIP_Username"
|
||||||
_saveaccountconf_mutable TRANSIP_Key_File "$TRANSIP_Key_File"
|
_saveaccountconf_mutable TRANSIP_Key_File "$TRANSIP_Key_File"
|
||||||
|
|
||||||
|
# download key file if it's an URL
|
||||||
|
if _startswith "$TRANSIP_Key_File" "http"; then
|
||||||
|
_debug "download transip key file"
|
||||||
|
TRANSIP_Key_URL=$TRANSIP_Key_File
|
||||||
|
TRANSIP_Key_File="$(_mktemp)"
|
||||||
|
chmod 600 "$TRANSIP_Key_File"
|
||||||
|
if ! _get "$TRANSIP_Key_URL" >"$TRANSIP_Key_File"; then
|
||||||
|
_err "Error getting key file from : $TRANSIP_Key_URL"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -f "$TRANSIP_Key_File" ]; then
|
if [ -f "$TRANSIP_Key_File" ]; then
|
||||||
if ! grep "BEGIN PRIVATE KEY" "$TRANSIP_Key_File" >/dev/null 2>&1; then
|
if ! grep "BEGIN PRIVATE KEY" "$TRANSIP_Key_File" >/dev/null 2>&1; then
|
||||||
_err "Key file doesn't seem to be a valid key: ${TRANSIP_Key_File}"
|
_err "Key file doesn't seem to be a valid key: ${TRANSIP_Key_File}"
|
||||||
@ -156,6 +171,12 @@ _transip_setup() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -n "${TRANSIP_Key_URL}" ]; then
|
||||||
|
_debug "delete transip key file"
|
||||||
|
rm "${TRANSIP_Key_File}"
|
||||||
|
TRANSIP_Key_File=$TRANSIP_Key_URL
|
||||||
|
fi
|
||||||
|
|
||||||
_get_root "$fulldomain" || return 1
|
_get_root "$fulldomain" || return 1
|
||||||
|
|
||||||
return 0
|
return 0
|
||||||
|
Loading…
x
Reference in New Issue
Block a user