mirror of
https://github.com/plantroon/acme.sh.git
synced 2025-01-22 12:22:03 +00:00
Merge branch 'dev' into all-inkl-kasserver-dns-script
This commit is contained in:
commit
8c634d8323
45
README.md
45
README.md
@ -37,6 +37,8 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
|
|||||||
- [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297)
|
- [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297)
|
||||||
- [archlinux](https://aur.archlinux.org/packages/acme.sh-git/)
|
- [archlinux](https://aur.archlinux.org/packages/acme.sh-git/)
|
||||||
- [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient)
|
- [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient)
|
||||||
|
- [CentOS Web Panel](http://centos-webpanel.com/)
|
||||||
|
- [lnmp.org](https://lnmp.org/)
|
||||||
- [more...](https://github.com/Neilpang/acme.sh/wiki/Blogs-and-tutorials)
|
- [more...](https://github.com/Neilpang/acme.sh/wiki/Blogs-and-tutorials)
|
||||||
|
|
||||||
# Tested OS
|
# Tested OS
|
||||||
@ -220,22 +222,7 @@ acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com
|
|||||||
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
||||||
|
|
||||||
|
|
||||||
# 5. Use Standalone TLS server to issue cert
|
# 5. Use Apache mode
|
||||||
|
|
||||||
**(requires you to be root/sudoer or have permission to listen on port 443 (TCP))**
|
|
||||||
|
|
||||||
acme.sh supports `tls-sni-01` validation.
|
|
||||||
|
|
||||||
Port `443` (TCP) **MUST** be free to listen on, otherwise you will be prompted to free it and try again.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
acme.sh --issue --tls -d example.com -d www.example.com -d cp.example.com
|
|
||||||
```
|
|
||||||
|
|
||||||
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
|
||||||
|
|
||||||
|
|
||||||
# 6. Use Apache mode
|
|
||||||
|
|
||||||
**(requires you to be root/sudoer, since it is required to interact with Apache server)**
|
**(requires you to be root/sudoer, since it is required to interact with Apache server)**
|
||||||
|
|
||||||
@ -255,7 +242,7 @@ We don't want to mess your apache server, don't worry.**
|
|||||||
|
|
||||||
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
||||||
|
|
||||||
# 7. Use Nginx mode
|
# 6. Use Nginx mode
|
||||||
|
|
||||||
**(requires you to be root/sudoer, since it is required to interact with Nginx server)**
|
**(requires you to be root/sudoer, since it is required to interact with Nginx server)**
|
||||||
|
|
||||||
@ -279,7 +266,7 @@ We don't want to mess your nginx server, don't worry.**
|
|||||||
|
|
||||||
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
|
||||||
|
|
||||||
# 8. Automatic DNS API integration
|
# 7. Automatic DNS API integration
|
||||||
|
|
||||||
If your DNS provider supports API access, we can use that API to automatically issue the certs.
|
If your DNS provider supports API access, we can use that API to automatically issue the certs.
|
||||||
|
|
||||||
@ -343,7 +330,7 @@ If your DNS provider is not on the supported list above, you can write your own
|
|||||||
|
|
||||||
For more details: [How to use DNS API](dnsapi)
|
For more details: [How to use DNS API](dnsapi)
|
||||||
|
|
||||||
# 9. Use DNS manual mode:
|
# 8. Use DNS manual mode:
|
||||||
|
|
||||||
If your dns provider doesn't support any api access, you can add the txt record by your hand.
|
If your dns provider doesn't support any api access, you can add the txt record by your hand.
|
||||||
|
|
||||||
@ -377,7 +364,7 @@ Ok, it's done.
|
|||||||
|
|
||||||
**Please use dns api mode instead.**
|
**Please use dns api mode instead.**
|
||||||
|
|
||||||
# 10. Issue ECC certificates
|
# 9. Issue ECC certificates
|
||||||
|
|
||||||
`Let's Encrypt` can now issue **ECDSA** certificates.
|
`Let's Encrypt` can now issue **ECDSA** certificates.
|
||||||
|
|
||||||
@ -409,7 +396,7 @@ Valid values are:
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
# 11. Issue Wildcard certificates
|
# 10. Issue Wildcard certificates
|
||||||
|
|
||||||
It's simple, just give a wildcard domain as the `-d` parameter.
|
It's simple, just give a wildcard domain as the `-d` parameter.
|
||||||
|
|
||||||
@ -419,7 +406,7 @@ acme.sh --issue -d example.com -d *.example.com --dns dns_cf
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
# 12. How to renew the certs
|
# 11. How to renew the certs
|
||||||
|
|
||||||
No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days.
|
No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days.
|
||||||
|
|
||||||
@ -436,7 +423,7 @@ acme.sh --renew -d example.com --force --ecc
|
|||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
# 13. How to stop cert renewal
|
# 12. How to stop cert renewal
|
||||||
|
|
||||||
To stop renewal of a cert, you can execute the following to remove the cert from the renewal list:
|
To stop renewal of a cert, you can execute the following to remove the cert from the renewal list:
|
||||||
|
|
||||||
@ -449,7 +436,7 @@ The cert/key file is not removed from the disk.
|
|||||||
You can remove the respective directory (e.g. `~/.acme.sh/example.com`) by yourself.
|
You can remove the respective directory (e.g. `~/.acme.sh/example.com`) by yourself.
|
||||||
|
|
||||||
|
|
||||||
# 14. How to upgrade `acme.sh`
|
# 13. How to upgrade `acme.sh`
|
||||||
|
|
||||||
acme.sh is in constant development, so it's strongly recommended to use the latest code.
|
acme.sh is in constant development, so it's strongly recommended to use the latest code.
|
||||||
|
|
||||||
@ -474,25 +461,25 @@ acme.sh --upgrade --auto-upgrade 0
|
|||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
# 15. Issue a cert from an existing CSR
|
# 14. Issue a cert from an existing CSR
|
||||||
|
|
||||||
https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR
|
https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR
|
||||||
|
|
||||||
|
|
||||||
# 16. Under the Hood
|
# 15. Under the Hood
|
||||||
|
|
||||||
Speak ACME language using shell, directly to "Let's Encrypt".
|
Speak ACME language using shell, directly to "Let's Encrypt".
|
||||||
|
|
||||||
TODO:
|
TODO:
|
||||||
|
|
||||||
|
|
||||||
# 17. Acknowledgments
|
# 16. Acknowledgments
|
||||||
|
|
||||||
1. Acme-tiny: https://github.com/diafygi/acme-tiny
|
1. Acme-tiny: https://github.com/diafygi/acme-tiny
|
||||||
2. ACME protocol: https://github.com/ietf-wg-acme/acme
|
2. ACME protocol: https://github.com/ietf-wg-acme/acme
|
||||||
|
|
||||||
|
|
||||||
# 18. License & Others
|
# 17. License & Others
|
||||||
|
|
||||||
License is GPLv3
|
License is GPLv3
|
||||||
|
|
||||||
@ -501,7 +488,7 @@ Please Star and Fork me.
|
|||||||
[Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcome.
|
[Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcome.
|
||||||
|
|
||||||
|
|
||||||
# 19. Donate
|
# 18. Donate
|
||||||
Your donation makes **acme.sh** better:
|
Your donation makes **acme.sh** better:
|
||||||
|
|
||||||
1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/)
|
1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/)
|
||||||
|
80
acme.sh
80
acme.sh
@ -1,6 +1,6 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
VER=2.7.7
|
VER=2.7.8
|
||||||
|
|
||||||
PROJECT_NAME="acme.sh"
|
PROJECT_NAME="acme.sh"
|
||||||
|
|
||||||
@ -47,6 +47,7 @@ DEFAULT_DNS_SLEEP=120
|
|||||||
NO_VALUE="no"
|
NO_VALUE="no"
|
||||||
|
|
||||||
W_TLS="tls"
|
W_TLS="tls"
|
||||||
|
W_DNS="dns"
|
||||||
DNS_ALIAS_PREFIX="="
|
DNS_ALIAS_PREFIX="="
|
||||||
|
|
||||||
MODE_STATELESS="stateless"
|
MODE_STATELESS="stateless"
|
||||||
@ -2341,7 +2342,7 @@ _initpath() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_debug2 ACME_DIRECTORY "$ACME_DIRECTORY"
|
_debug ACME_DIRECTORY "$ACME_DIRECTORY"
|
||||||
_ACME_SERVER_HOST="$(echo "$ACME_DIRECTORY" | cut -d : -f 2 | tr -s / | cut -d / -f 2)"
|
_ACME_SERVER_HOST="$(echo "$ACME_DIRECTORY" | cut -d : -f 2 | tr -s / | cut -d / -f 2)"
|
||||||
_debug2 "_ACME_SERVER_HOST" "$_ACME_SERVER_HOST"
|
_debug2 "_ACME_SERVER_HOST" "$_ACME_SERVER_HOST"
|
||||||
|
|
||||||
@ -2998,6 +2999,8 @@ _on_before_issue() {
|
|||||||
_chk_pre_hook="$4"
|
_chk_pre_hook="$4"
|
||||||
_chk_local_addr="$5"
|
_chk_local_addr="$5"
|
||||||
_debug _on_before_issue
|
_debug _on_before_issue
|
||||||
|
_debug _chk_main_domain "$_chk_main_domain"
|
||||||
|
_debug _chk_alt_domains "$_chk_alt_domains"
|
||||||
#run pre hook
|
#run pre hook
|
||||||
if [ "$_chk_pre_hook" ]; then
|
if [ "$_chk_pre_hook" ]; then
|
||||||
_info "Run pre hook:'$_chk_pre_hook'"
|
_info "Run pre hook:'$_chk_pre_hook'"
|
||||||
@ -3018,11 +3021,17 @@ _on_before_issue() {
|
|||||||
|
|
||||||
_debug Le_LocalAddress "$_chk_local_addr"
|
_debug Le_LocalAddress "$_chk_local_addr"
|
||||||
|
|
||||||
alldomains=$(echo "$_chk_main_domain,$_chk_alt_domains" | tr ',' ' ')
|
|
||||||
_index=1
|
_index=1
|
||||||
_currentRoot=""
|
_currentRoot=""
|
||||||
_addrIndex=1
|
_addrIndex=1
|
||||||
for d in $alldomains; do
|
_w_index=1
|
||||||
|
while true; do
|
||||||
|
d="$(echo "$_chk_main_domain,$_chk_alt_domains," | cut -d , -f "$_w_index")"
|
||||||
|
_w_index="$(_math "$_w_index" + 1)"
|
||||||
|
_debug d "$d"
|
||||||
|
if [ -z "$d" ]; then
|
||||||
|
break
|
||||||
|
fi
|
||||||
_debug "Check for domain" "$d"
|
_debug "Check for domain" "$d"
|
||||||
_currentRoot="$(_getfield "$_chk_web_roots" $_index)"
|
_currentRoot="$(_getfield "$_chk_web_roots" $_index)"
|
||||||
_debug "_currentRoot" "$_currentRoot"
|
_debug "_currentRoot" "$_currentRoot"
|
||||||
@ -3118,7 +3127,7 @@ _on_issue_err() {
|
|||||||
)
|
)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "dns"; then
|
if [ "$IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "$W_DNS"; then
|
||||||
_err "$_DNS_MANUAL_ERR"
|
_err "$_DNS_MANUAL_ERR"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -3154,7 +3163,7 @@ _on_issue_success() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if _hasfield "$Le_Webroot" "dns"; then
|
if _hasfield "$Le_Webroot" "$W_DNS"; then
|
||||||
_err "$_DNS_MANUAL_WARN"
|
_err "$_DNS_MANUAL_WARN"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -3421,6 +3430,9 @@ issue() {
|
|||||||
_main_domain=$(echo "$2,$3" | cut -d , -f 1)
|
_main_domain=$(echo "$2,$3" | cut -d , -f 1)
|
||||||
_alt_domains=$(echo "$2,$3" | cut -d , -f 2- | sed "s/,${NO_VALUE}$//")
|
_alt_domains=$(echo "$2,$3" | cut -d , -f 2- | sed "s/,${NO_VALUE}$//")
|
||||||
fi
|
fi
|
||||||
|
_debug _main_domain "$_main_domain"
|
||||||
|
_debug _alt_domains "$_alt_domains"
|
||||||
|
|
||||||
_key_length="$4"
|
_key_length="$4"
|
||||||
_real_cert="$5"
|
_real_cert="$5"
|
||||||
_real_key="$6"
|
_real_key="$6"
|
||||||
@ -3551,10 +3563,15 @@ issue() {
|
|||||||
if [ "$ACME_VERSION" = "2" ]; then
|
if [ "$ACME_VERSION" = "2" ]; then
|
||||||
#make new order request
|
#make new order request
|
||||||
_identifiers="{\"type\":\"dns\",\"value\":\"$_main_domain\"}"
|
_identifiers="{\"type\":\"dns\",\"value\":\"$_main_domain\"}"
|
||||||
for d in $(echo "$_alt_domains" | tr ',' ' '); do
|
_w_index=1
|
||||||
if [ "$d" ]; then
|
while true; do
|
||||||
_identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$d\"}"
|
d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")"
|
||||||
|
_w_index="$(_math "$_w_index" + 1)"
|
||||||
|
_debug d "$d"
|
||||||
|
if [ -z "$d" ]; then
|
||||||
|
break
|
||||||
fi
|
fi
|
||||||
|
_identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$d\"}"
|
||||||
done
|
done
|
||||||
_debug2 _identifiers "$_identifiers"
|
_debug2 _identifiers "$_identifiers"
|
||||||
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
||||||
@ -3591,6 +3608,8 @@ issue() {
|
|||||||
_debug2 "_authz_url" "$_authz_url"
|
_debug2 "_authz_url" "$_authz_url"
|
||||||
if ! response="$(_get "$_authz_url")"; then
|
if ! response="$(_get "$_authz_url")"; then
|
||||||
_err "get to authz error."
|
_err "get to authz error."
|
||||||
|
_err "_authorizations_seg" "$_authorizations_seg"
|
||||||
|
_err "_authz_url" "$_authz_url"
|
||||||
_clearup
|
_clearup
|
||||||
_on_issue_err "$_post_hook"
|
_on_issue_err "$_post_hook"
|
||||||
return 1
|
return 1
|
||||||
@ -3609,10 +3628,16 @@ $_authorizations_map"
|
|||||||
_debug2 _authorizations_map "$_authorizations_map"
|
_debug2 _authorizations_map "$_authorizations_map"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
alldomains=$(echo "$_main_domain,$_alt_domains" | tr ',' ' ')
|
|
||||||
_index=0
|
_index=0
|
||||||
_currentRoot=""
|
_currentRoot=""
|
||||||
for d in $alldomains; do
|
_w_index=1
|
||||||
|
while true; do
|
||||||
|
d="$(echo "$_main_domain,$_alt_domains," | cut -d , -f "$_w_index")"
|
||||||
|
_w_index="$(_math "$_w_index" + 1)"
|
||||||
|
_debug d "$d"
|
||||||
|
if [ -z "$d" ]; then
|
||||||
|
break
|
||||||
|
fi
|
||||||
_info "Getting webroot for domain" "$d"
|
_info "Getting webroot for domain" "$d"
|
||||||
_index=$(_math $_index + 1)
|
_index=$(_math $_index + 1)
|
||||||
_w="$(echo $_web_roots | cut -d , -f $_index)"
|
_w="$(echo $_web_roots | cut -d , -f $_index)"
|
||||||
@ -3624,7 +3649,7 @@ $_authorizations_map"
|
|||||||
|
|
||||||
vtype="$VTYPE_HTTP"
|
vtype="$VTYPE_HTTP"
|
||||||
#todo, v2 wildcard force to use dns
|
#todo, v2 wildcard force to use dns
|
||||||
if _startswith "$_currentRoot" "dns"; then
|
if _startswith "$_currentRoot" "$W_DNS"; then
|
||||||
vtype="$VTYPE_DNS"
|
vtype="$VTYPE_DNS"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -3641,6 +3666,7 @@ $_authorizations_map"
|
|||||||
_debug2 "response" "$response"
|
_debug2 "response" "$response"
|
||||||
if [ -z "$response" ]; then
|
if [ -z "$response" ]; then
|
||||||
_err "get to authz error."
|
_err "get to authz error."
|
||||||
|
_err "_authorizations_map" "$_authorizations_map"
|
||||||
_clearup
|
_clearup
|
||||||
_on_issue_err "$_post_hook"
|
_on_issue_err "$_post_hook"
|
||||||
return 1
|
return 1
|
||||||
@ -3751,6 +3777,10 @@ $_authorizations_map"
|
|||||||
if [ "$d_api" ]; then
|
if [ "$d_api" ]; then
|
||||||
_info "Found domain api file: $d_api"
|
_info "Found domain api file: $d_api"
|
||||||
else
|
else
|
||||||
|
if [ "$_currentRoot" != "$W_DNS" ]; then
|
||||||
|
_err "Can not find dns api hook for: $_currentRoot"
|
||||||
|
_info "You need to add the txt record manually."
|
||||||
|
fi
|
||||||
_info "$(__red "Add the following TXT record:")"
|
_info "$(__red "Add the following TXT record:")"
|
||||||
_info "$(__red "Domain: '$(__green "$txtdomain")'")"
|
_info "$(__red "Domain: '$(__green "$txtdomain")'")"
|
||||||
_info "$(__red "TXT value: '$(__green "$txt")'")"
|
_info "$(__red "TXT value: '$(__green "$txt")'")"
|
||||||
@ -3789,7 +3819,7 @@ $_authorizations_map"
|
|||||||
if [ "$dnsadded" = '0' ]; then
|
if [ "$dnsadded" = '0' ]; then
|
||||||
_savedomainconf "Le_Vlist" "$vlist"
|
_savedomainconf "Le_Vlist" "$vlist"
|
||||||
_debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit."
|
_debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit."
|
||||||
_err "Please add the TXT records to the domains, and retry again."
|
_err "Please add the TXT records to the domains, and re-run with --renew."
|
||||||
_clearup
|
_clearup
|
||||||
_on_issue_err "$_post_hook"
|
_on_issue_err "$_post_hook"
|
||||||
return 1
|
return 1
|
||||||
@ -4151,7 +4181,7 @@ $_authorizations_map"
|
|||||||
echo "$BEGIN_CERT" >"$CA_CERT_PATH"
|
echo "$BEGIN_CERT" >"$CA_CERT_PATH"
|
||||||
_base64 "multiline" <"$CA_CERT_PATH.der" >>"$CA_CERT_PATH"
|
_base64 "multiline" <"$CA_CERT_PATH.der" >>"$CA_CERT_PATH"
|
||||||
echo "$END_CERT" >>"$CA_CERT_PATH"
|
echo "$END_CERT" >>"$CA_CERT_PATH"
|
||||||
if !_checkcert "$CA_CERT_PATH"; then
|
if ! _checkcert "$CA_CERT_PATH"; then
|
||||||
_err "Can not get the ca cert."
|
_err "Can not get the ca cert."
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
@ -4264,7 +4294,7 @@ renew() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
. "$DOMAIN_CONF"
|
. "$DOMAIN_CONF"
|
||||||
|
_debug Le_API "$Le_API"
|
||||||
if [ "$Le_API" ]; then
|
if [ "$Le_API" ]; then
|
||||||
if [ "$_OLD_CA_HOST" = "$Le_API" ]; then
|
if [ "$_OLD_CA_HOST" = "$Le_API" ]; then
|
||||||
export Le_API="$DEFAULT_CA"
|
export Le_API="$DEFAULT_CA"
|
||||||
@ -4868,6 +4898,8 @@ _deactivate() {
|
|||||||
_debug2 "authzUri" "$authzUri"
|
_debug2 "authzUri" "$authzUri"
|
||||||
if ! response="$(_get "$authzUri")"; then
|
if ! response="$(_get "$authzUri")"; then
|
||||||
_err "get to authz error."
|
_err "get to authz error."
|
||||||
|
_err "_authorizations_seg" "$_authorizations_seg"
|
||||||
|
_err "authzUri" "$authzUri"
|
||||||
_clearup
|
_clearup
|
||||||
_on_issue_err "$_post_hook"
|
_on_issue_err "$_post_hook"
|
||||||
return 1
|
return 1
|
||||||
@ -5399,7 +5431,6 @@ Parameters:
|
|||||||
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
|
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
|
||||||
--standalone Use standalone mode.
|
--standalone Use standalone mode.
|
||||||
--stateless Use stateless mode, see: $_STATELESS_WIKI
|
--stateless Use stateless mode, see: $_STATELESS_WIKI
|
||||||
--tls Use standalone tls mode.
|
|
||||||
--apache Use apache mode.
|
--apache Use apache mode.
|
||||||
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
|
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
|
||||||
--dnssleep [$DEFAULT_DNS_SLEEP] The time in seconds to wait for all the txt records to take effect in dns api mode. Default $DEFAULT_DNS_SLEEP seconds.
|
--dnssleep [$DEFAULT_DNS_SLEEP] The time in seconds to wait for all the txt records to take effect in dns api mode. Default $DEFAULT_DNS_SLEEP seconds.
|
||||||
@ -5429,7 +5460,6 @@ Parameters:
|
|||||||
--accountkey Specifies the account key path, Only valid for the '--install' command.
|
--accountkey Specifies the account key path, Only valid for the '--install' command.
|
||||||
--days Specifies the days to renew the cert when using '--issue' command. The max value is $MAX_RENEW days.
|
--days Specifies the days to renew the cert when using '--issue' command. The max value is $MAX_RENEW days.
|
||||||
--httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
|
--httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
|
||||||
--tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
|
|
||||||
--local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
|
--local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
|
||||||
--listraw Only used for '--list' command, list the certs in raw format.
|
--listraw Only used for '--list' command, list the certs in raw format.
|
||||||
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
|
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
|
||||||
@ -5780,16 +5810,8 @@ _process() {
|
|||||||
_webroot="$_webroot,$wvalue"
|
_webroot="$_webroot,$wvalue"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
--tls)
|
|
||||||
wvalue="$W_TLS"
|
|
||||||
if [ -z "$_webroot" ]; then
|
|
||||||
_webroot="$wvalue"
|
|
||||||
else
|
|
||||||
_webroot="$_webroot,$wvalue"
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
--dns)
|
--dns)
|
||||||
wvalue="dns"
|
wvalue="$W_DNS"
|
||||||
if [ "$2" ] && ! _startswith "$2" "-"; then
|
if [ "$2" ] && ! _startswith "$2" "-"; then
|
||||||
wvalue="$2"
|
wvalue="$2"
|
||||||
shift
|
shift
|
||||||
@ -5883,12 +5905,6 @@ _process() {
|
|||||||
Le_HTTPPort="$_httpport"
|
Le_HTTPPort="$_httpport"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--tlsport)
|
|
||||||
_tlsport="$2"
|
|
||||||
Le_TLSPort="$_tlsport"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
|
|
||||||
--listraw)
|
--listraw)
|
||||||
_listraw="raw"
|
_listraw="raw"
|
||||||
;;
|
;;
|
||||||
|
@ -99,6 +99,7 @@ dns_azure_add() {
|
|||||||
_azure_rest PUT "$acmeRecordURI" "$body" "$accesstoken"
|
_azure_rest PUT "$acmeRecordURI" "$body" "$accesstoken"
|
||||||
if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then
|
if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then
|
||||||
_info "validation value added"
|
_info "validation value added"
|
||||||
|
return 0
|
||||||
else
|
else
|
||||||
_err "error adding validation value ($_code)"
|
_err "error adding validation value ($_code)"
|
||||||
return 1
|
return 1
|
||||||
@ -194,6 +195,7 @@ dns_azure_rm() {
|
|||||||
_azure_rest PUT "$acmeRecordURI" "$body" "$accesstoken"
|
_azure_rest PUT "$acmeRecordURI" "$body" "$accesstoken"
|
||||||
if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then
|
if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then
|
||||||
_info "validation value removed"
|
_info "validation value removed"
|
||||||
|
return 0
|
||||||
else
|
else
|
||||||
_err "error removing validation value ($_code)"
|
_err "error removing validation value ($_code)"
|
||||||
return 1
|
return 1
|
||||||
@ -226,6 +228,7 @@ _azure_rest() {
|
|||||||
else
|
else
|
||||||
response="$(_get "$ep")"
|
response="$(_get "$ep")"
|
||||||
fi
|
fi
|
||||||
|
_ret="$?"
|
||||||
_secure_debug2 "response $response"
|
_secure_debug2 "response $response"
|
||||||
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")"
|
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")"
|
||||||
_debug "http response code $_code"
|
_debug "http response code $_code"
|
||||||
@ -236,7 +239,7 @@ _azure_rest() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
# See https://docs.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#general-rest-and-retry-guidelines for retryable HTTP codes
|
# See https://docs.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#general-rest-and-retry-guidelines for retryable HTTP codes
|
||||||
if [ "$?" != "0" ] || [ -z "$_code" ] || [ "$_code" = "408" ] || [ "$_code" = "500" ] || [ "$_code" = "503" ] || [ "$_code" = "504" ]; then
|
if [ "$_ret" != "0" ] || [ -z "$_code" ] || [ "$_code" = "408" ] || [ "$_code" = "500" ] || [ "$_code" = "503" ] || [ "$_code" = "504" ]; then
|
||||||
_request_retry_times="$(_math "$_request_retry_times" + 1)"
|
_request_retry_times="$(_math "$_request_retry_times" + 1)"
|
||||||
_info "REST call error $_code retrying $ep in $_request_retry_times s"
|
_info "REST call error $_code retrying $ep in $_request_retry_times s"
|
||||||
_sleep "$_request_retry_times"
|
_sleep "$_request_retry_times"
|
||||||
@ -281,6 +284,7 @@ _azure_getaccess_token() {
|
|||||||
body="resource=$(printf "%s" 'https://management.core.windows.net/' | _url_encode)&client_id=$(printf "%s" "$clientID" | _url_encode)&client_secret=$(printf "%s" "$clientSecret" | _url_encode)&grant_type=client_credentials"
|
body="resource=$(printf "%s" 'https://management.core.windows.net/' | _url_encode)&client_id=$(printf "%s" "$clientID" | _url_encode)&client_secret=$(printf "%s" "$clientSecret" | _url_encode)&grant_type=client_credentials"
|
||||||
_secure_debug2 "data $body"
|
_secure_debug2 "data $body"
|
||||||
response="$(_post "$body" "https://login.microsoftonline.com/$tenantID/oauth2/token" "" "POST")"
|
response="$(_post "$body" "https://login.microsoftonline.com/$tenantID/oauth2/token" "" "POST")"
|
||||||
|
_ret="$?"
|
||||||
_secure_debug2 "response $response"
|
_secure_debug2 "response $response"
|
||||||
response="$(echo "$response" | _normalizeJson)"
|
response="$(echo "$response" | _normalizeJson)"
|
||||||
accesstoken=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
|
accesstoken=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
|
||||||
@ -290,7 +294,7 @@ _azure_getaccess_token() {
|
|||||||
_err "no acccess token received. Check your Azure settings see $WIKI"
|
_err "no acccess token received. Check your Azure settings see $WIKI"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
if [ "$?" != "0" ]; then
|
if [ "$_ret" != "0" ]; then
|
||||||
_err "error $response"
|
_err "error $response"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -19,8 +19,8 @@ dns_cf_add() {
|
|||||||
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
|
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
|
||||||
CF_Key=""
|
CF_Key=""
|
||||||
CF_Email=""
|
CF_Email=""
|
||||||
_err "You don't specify cloudflare api key and email yet."
|
_err "You didn't specify a cloudflare api key and email yet."
|
||||||
_err "Please create you key and try again."
|
_err "Please create the key and try again."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -94,8 +94,8 @@ dns_cf_rm() {
|
|||||||
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
|
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
|
||||||
CF_Key=""
|
CF_Key=""
|
||||||
CF_Email=""
|
CF_Email=""
|
||||||
_err "You don't specify cloudflare api key and email yet."
|
_err "You didn't specify a cloudflare api key and email yet."
|
||||||
_err "Please create you key and try again."
|
_err "Please create the key and try again."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -20,12 +20,22 @@
|
|||||||
dns_dgon_add() {
|
dns_dgon_add() {
|
||||||
fulldomain="$(echo "$1" | _lower_case)"
|
fulldomain="$(echo "$1" | _lower_case)"
|
||||||
txtvalue=$2
|
txtvalue=$2
|
||||||
|
|
||||||
|
DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}"
|
||||||
|
# Check if API Key Exist
|
||||||
|
if [ -z "$DO_API_KEY" ]; then
|
||||||
|
DO_API_KEY=""
|
||||||
|
_err "You did not specify DigitalOcean API key."
|
||||||
|
_err "Please export DO_API_KEY and try again."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
_info "Using digitalocean dns validation - add record"
|
_info "Using digitalocean dns validation - add record"
|
||||||
_debug fulldomain "$fulldomain"
|
_debug fulldomain "$fulldomain"
|
||||||
_debug txtvalue "$txtvalue"
|
_debug txtvalue "$txtvalue"
|
||||||
|
|
||||||
## save the env vars (key and domain split location) for later automated use
|
## save the env vars (key and domain split location) for later automated use
|
||||||
_saveaccountconf DO_API_KEY "$DO_API_KEY"
|
_saveaccountconf_mutable DO_API_KEY "$DO_API_KEY"
|
||||||
|
|
||||||
## split the domain for DO API
|
## split the domain for DO API
|
||||||
if ! _get_base_domain "$fulldomain"; then
|
if ! _get_base_domain "$fulldomain"; then
|
||||||
@ -39,7 +49,7 @@ dns_dgon_add() {
|
|||||||
export _H1="Content-Type: application/json"
|
export _H1="Content-Type: application/json"
|
||||||
export _H2="Authorization: Bearer $DO_API_KEY"
|
export _H2="Authorization: Bearer $DO_API_KEY"
|
||||||
PURL='https://api.digitalocean.com/v2/domains/'$_domain'/records'
|
PURL='https://api.digitalocean.com/v2/domains/'$_domain'/records'
|
||||||
PBODY='{"type":"TXT","name":"'$_sub_domain'","data":"'$txtvalue'"}'
|
PBODY='{"type":"TXT","name":"'$_sub_domain'","data":"'$txtvalue'","ttl":120}'
|
||||||
|
|
||||||
_debug PURL "$PURL"
|
_debug PURL "$PURL"
|
||||||
_debug PBODY "$PBODY"
|
_debug PBODY "$PBODY"
|
||||||
@ -65,6 +75,16 @@ dns_dgon_add() {
|
|||||||
dns_dgon_rm() {
|
dns_dgon_rm() {
|
||||||
fulldomain="$(echo "$1" | _lower_case)"
|
fulldomain="$(echo "$1" | _lower_case)"
|
||||||
txtvalue=$2
|
txtvalue=$2
|
||||||
|
|
||||||
|
DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}"
|
||||||
|
# Check if API Key Exist
|
||||||
|
if [ -z "$DO_API_KEY" ]; then
|
||||||
|
DO_API_KEY=""
|
||||||
|
_err "You did not specify DigitalOcean API key."
|
||||||
|
_err "Please export DO_API_KEY and try again."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
_info "Using digitalocean dns validation - remove record"
|
_info "Using digitalocean dns validation - remove record"
|
||||||
_debug fulldomain "$fulldomain"
|
_debug fulldomain "$fulldomain"
|
||||||
_debug txtvalue "$txtvalue"
|
_debug txtvalue "$txtvalue"
|
||||||
@ -92,11 +112,11 @@ dns_dgon_rm() {
|
|||||||
domain_list="$(_get "$GURL")"
|
domain_list="$(_get "$GURL")"
|
||||||
## 2) find record
|
## 2) find record
|
||||||
## check for what we are looing for: "type":"A","name":"$_sub_domain"
|
## check for what we are looing for: "type":"A","name":"$_sub_domain"
|
||||||
record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*\d+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")"
|
record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*[0-9]+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")"
|
||||||
## 3) check record and get next page
|
## 3) check record and get next page
|
||||||
if [ -z "$record" ]; then
|
if [ -z "$record" ]; then
|
||||||
## find the next page if we dont have a match
|
## find the next page if we dont have a match
|
||||||
nextpage="$(echo "$domain_list" | _egrep_o "\"links\".*" | _egrep_o "\"next\".*" | _egrep_o "http.*page\=\d+")"
|
nextpage="$(echo "$domain_list" | _egrep_o "\"links\".*" | _egrep_o "\"next\".*" | _egrep_o "http.*page\=[0-9]+")"
|
||||||
if [ -z "$nextpage" ]; then
|
if [ -z "$nextpage" ]; then
|
||||||
_err "no record and no nextpage in digital ocean DNS removal"
|
_err "no record and no nextpage in digital ocean DNS removal"
|
||||||
return 1
|
return 1
|
||||||
@ -108,7 +128,7 @@ dns_dgon_rm() {
|
|||||||
done
|
done
|
||||||
|
|
||||||
## we found the record
|
## we found the record
|
||||||
rec_id="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*\d+" | _egrep_o "\d+")"
|
rec_id="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")"
|
||||||
_debug rec_id "$rec_id"
|
_debug rec_id "$rec_id"
|
||||||
|
|
||||||
## delete the record
|
## delete the record
|
||||||
|
@ -53,8 +53,9 @@ dns_freedns_add() {
|
|||||||
i="$(_math "$i" - 1)"
|
i="$(_math "$i" - 1)"
|
||||||
sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")"
|
sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")"
|
||||||
|
|
||||||
_debug top_domain "$top_domain"
|
_debug "top_domain: $top_domain"
|
||||||
_debug sub_domain "$sub_domain"
|
_debug "sub_domain: $sub_domain"
|
||||||
|
|
||||||
# Sometimes FreeDNS does not return the subdomain page but rather
|
# Sometimes FreeDNS does not return the subdomain page but rather
|
||||||
# returns a page regarding becoming a premium member. This usually
|
# returns a page regarding becoming a premium member. This usually
|
||||||
# happens after a period of inactivity. Immediately trying again
|
# happens after a period of inactivity. Immediately trying again
|
||||||
@ -63,6 +64,7 @@ dns_freedns_add() {
|
|||||||
attempts=2
|
attempts=2
|
||||||
while [ "$attempts" -gt "0" ]; do
|
while [ "$attempts" -gt "0" ]; do
|
||||||
attempts="$(_math "$attempts" - 1)"
|
attempts="$(_math "$attempts" - 1)"
|
||||||
|
|
||||||
htmlpage="$(_freedns_retrieve_subdomain_page "$FREEDNS_COOKIE")"
|
htmlpage="$(_freedns_retrieve_subdomain_page "$FREEDNS_COOKIE")"
|
||||||
if [ "$?" != "0" ]; then
|
if [ "$?" != "0" ]; then
|
||||||
if [ "$using_cached_cookies" = "true" ]; then
|
if [ "$using_cached_cookies" = "true" ]; then
|
||||||
@ -71,10 +73,9 @@ dns_freedns_add() {
|
|||||||
fi
|
fi
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
_debug2 htmlpage "$htmlpage"
|
|
||||||
|
|
||||||
subdomain_csv="$(echo "$htmlpage" | tr -d "\n\r" | _egrep_o '<form .*</form>' | sed 's/<tr>/@<tr>/g' | tr '@' '\n' | grep edit.php | grep "$top_domain")"
|
subdomain_csv="$(echo "$htmlpage" | tr -d "\n\r" | _egrep_o '<form .*</form>' | sed 's/<tr>/@<tr>/g' | tr '@' '\n' | grep edit.php | grep "$top_domain")"
|
||||||
_debug2 subdomain_csv "$subdomain_csv"
|
_debug3 "subdomain_csv: $subdomain_csv"
|
||||||
|
|
||||||
# The above beauty ends with striping out rows that do not have an
|
# The above beauty ends with striping out rows that do not have an
|
||||||
# href to edit.php and do not have the top domain we are looking for.
|
# href to edit.php and do not have the top domain we are looking for.
|
||||||
@ -85,55 +86,25 @@ dns_freedns_add() {
|
|||||||
lines="$(echo "$subdomain_csv" | wc -l)"
|
lines="$(echo "$subdomain_csv" | wc -l)"
|
||||||
i=0
|
i=0
|
||||||
found=0
|
found=0
|
||||||
|
DNSdomainid=""
|
||||||
while [ "$i" -lt "$lines" ]; do
|
while [ "$i" -lt "$lines" ]; do
|
||||||
i="$(_math "$i" + 1)"
|
i="$(_math "$i" + 1)"
|
||||||
line="$(echo "$subdomain_csv" | sed -n "${i}p")"
|
line="$(echo "$subdomain_csv" | sed -n "${i}p")"
|
||||||
_debug2 line "$line"
|
_debug2 "line: $line"
|
||||||
if [ $found = 0 ] && _contains "$line" "<td>$top_domain</td>"; then
|
if [ $found = 0 ] && _contains "$line" "<td>$top_domain</td>"; then
|
||||||
# this line will contain DNSdomainid for the top_domain
|
# this line will contain DNSdomainid for the top_domain
|
||||||
DNSdomainid="$(echo "$line" | _egrep_o "edit_domain_id *= *.*>" | cut -d = -f 2 | cut -d '>' -f 1)"
|
DNSdomainid="$(echo "$line" | _egrep_o "edit_domain_id *= *.*>" | cut -d = -f 2 | cut -d '>' -f 1)"
|
||||||
_debug2 DNSdomainid "$DNSdomainid"
|
_debug2 "DNSdomainid: $DNSdomainid"
|
||||||
found=1
|
found=1
|
||||||
else
|
|
||||||
# lines contain DNS records for all subdomains
|
|
||||||
DNSname="$(echo "$line" | _egrep_o 'edit.php.*</a>' | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
|
||||||
_debug2 DNSname "$DNSname"
|
|
||||||
DNStype="$(echo "$line" | sed 's/<td/@<td/g' | tr '@' '\n' | sed -n '4p' | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
|
||||||
_debug2 DNStype "$DNStype"
|
|
||||||
if [ "$DNSname" = "$fulldomain" ] && [ "$DNStype" = "TXT" ]; then
|
|
||||||
DNSdataid="$(echo "$line" | _egrep_o 'data_id=.*' | cut -d = -f 2 | cut -d '>' -f 1)"
|
|
||||||
# Now get current value for the TXT record. This method may
|
|
||||||
# not produce accurate results as the value field is truncated
|
|
||||||
# on this webpage. To get full value we would need to load
|
|
||||||
# another page. However we don't really need this so long as
|
|
||||||
# there is only one TXT record for the acme challenge subdomain.
|
|
||||||
DNSvalue="$(echo "$line" | sed 's/<td/@<td/g' | tr '@' '\n' | sed -n '5p' | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
|
||||||
_debug2 DNSvalue "$DNSvalue"
|
|
||||||
if [ $found != 0 ]; then
|
|
||||||
break
|
break
|
||||||
# we are breaking out of the loop at the first match of DNS name
|
|
||||||
# and DNS type (if we are past finding the domainid). This assumes
|
|
||||||
# that there is only ever one TXT record for the LetsEncrypt/acme
|
|
||||||
# challenge subdomain. This seems to be a reasonable assumption
|
|
||||||
# as the acme client deletes the TXT record on successful validation.
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
DNSname=""
|
|
||||||
DNStype=""
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
_debug "DNSname: $DNSname DNStype: $DNStype DNSdomainid: $DNSdomainid DNSdataid: $DNSdataid"
|
|
||||||
_debug "DNSvalue: $DNSvalue"
|
|
||||||
|
|
||||||
if [ -z "$DNSdomainid" ]; then
|
if [ -z "$DNSdomainid" ]; then
|
||||||
# If domain ID is empty then something went wrong (top level
|
# If domain ID is empty then something went wrong (top level
|
||||||
# domain not found at FreeDNS).
|
# domain not found at FreeDNS).
|
||||||
if [ "$attempts" = "0" ]; then
|
if [ "$attempts" = "0" ]; then
|
||||||
# exhausted maximum retry attempts
|
# exhausted maximum retry attempts
|
||||||
_debug "$htmlpage"
|
|
||||||
_debug "$subdomain_csv"
|
|
||||||
_err "Domain $top_domain not found at FreeDNS"
|
_err "Domain $top_domain not found at FreeDNS"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -145,33 +116,10 @@ dns_freedns_add() {
|
|||||||
_info "Retry loading subdomain page ($attempts attempts remaining)"
|
_info "Retry loading subdomain page ($attempts attempts remaining)"
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ -z "$DNSdataid" ]; then
|
# Add in new TXT record with the value provided
|
||||||
# If data ID is empty then specific subdomain does not exist yet, need
|
_debug "Adding TXT record for $fulldomain, $txtvalue"
|
||||||
# to create it this should always be the case as the acme client
|
|
||||||
# deletes the entry after domain is validated.
|
|
||||||
_freedns_add_txt_record "$FREEDNS_COOKIE" "$DNSdomainid" "$sub_domain" "$txtvalue"
|
_freedns_add_txt_record "$FREEDNS_COOKIE" "$DNSdomainid" "$sub_domain" "$txtvalue"
|
||||||
return $?
|
return $?
|
||||||
else
|
|
||||||
if [ "$txtvalue" = "$DNSvalue" ]; then
|
|
||||||
# if value in TXT record matches value requested then DNS record
|
|
||||||
# does not need to be updated. But...
|
|
||||||
# Testing value match fails. Website is truncating the value field.
|
|
||||||
# So for now we will always go down the else path. Though in theory
|
|
||||||
# should never come here anyway as the acme client deletes
|
|
||||||
# the TXT record on successful validation, so we should not even
|
|
||||||
# have found a TXT record !!
|
|
||||||
_info "No update necessary for $fulldomain at FreeDNS"
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
# Delete the old TXT record (with the wrong value)
|
|
||||||
if _freedns_delete_txt_record "$FREEDNS_COOKIE" "$DNSdataid"; then
|
|
||||||
# And add in new TXT record with the value provided
|
|
||||||
_freedns_add_txt_record "$FREEDNS_COOKIE" "$DNSdomainid" "$sub_domain" "$txtvalue"
|
|
||||||
fi
|
|
||||||
return $?
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
return 0
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#Usage: fulldomain txtvalue
|
#Usage: fulldomain txtvalue
|
||||||
@ -205,7 +153,7 @@ dns_freedns_rm() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
subdomain_csv="$(echo "$htmlpage" | tr -d "\n\r" | _egrep_o '<form .*</form>' | sed 's/<tr>/@<tr>/g' | tr '@' '\n' | grep edit.php | grep "$fulldomain")"
|
subdomain_csv="$(echo "$htmlpage" | tr -d "\n\r" | _egrep_o '<form .*</form>' | sed 's/<tr>/@<tr>/g' | tr '@' '\n' | grep edit.php | grep "$fulldomain")"
|
||||||
_debug2 subdomain_csv "$subdomain_csv"
|
_debug3 "subdomain_csv: $subdomain_csv"
|
||||||
|
|
||||||
# The above beauty ends with striping out rows that do not have an
|
# The above beauty ends with striping out rows that do not have an
|
||||||
# href to edit.php and do not have the domain name we are looking for.
|
# href to edit.php and do not have the domain name we are looking for.
|
||||||
@ -216,35 +164,51 @@ dns_freedns_rm() {
|
|||||||
lines="$(echo "$subdomain_csv" | wc -l)"
|
lines="$(echo "$subdomain_csv" | wc -l)"
|
||||||
i=0
|
i=0
|
||||||
found=0
|
found=0
|
||||||
|
DNSdataid=""
|
||||||
while [ "$i" -lt "$lines" ]; do
|
while [ "$i" -lt "$lines" ]; do
|
||||||
i="$(_math "$i" + 1)"
|
i="$(_math "$i" + 1)"
|
||||||
line="$(echo "$subdomain_csv" | sed -n "${i}p")"
|
line="$(echo "$subdomain_csv" | sed -n "${i}p")"
|
||||||
_debug2 line "$line"
|
_debug3 "line: $line"
|
||||||
DNSname="$(echo "$line" | _egrep_o 'edit.php.*</a>' | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
DNSname="$(echo "$line" | _egrep_o 'edit.php.*</a>' | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
||||||
_debug2 DNSname "$DNSname"
|
_debug2 "DNSname: $DNSname"
|
||||||
|
if [ "$DNSname" = "$fulldomain" ]; then
|
||||||
DNStype="$(echo "$line" | sed 's/<td/@<td/g' | tr '@' '\n' | sed -n '4p' | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
DNStype="$(echo "$line" | sed 's/<td/@<td/g' | tr '@' '\n' | sed -n '4p' | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
||||||
_debug2 DNStype "$DNStype"
|
_debug2 "DNStype: $DNStype"
|
||||||
if [ "$DNSname" = "$fulldomain" ] && [ "$DNStype" = "TXT" ]; then
|
if [ "$DNStype" = "TXT" ]; then
|
||||||
DNSdataid="$(echo "$line" | _egrep_o 'data_id=.*' | cut -d = -f 2 | cut -d '>' -f 1)"
|
DNSdataid="$(echo "$line" | _egrep_o 'data_id=.*' | cut -d = -f 2 | cut -d '>' -f 1)"
|
||||||
_debug2 DNSdataid "$DNSdataid"
|
_debug2 "DNSdataid: $DNSdataid"
|
||||||
DNSvalue="$(echo "$line" | sed 's/<td/@<td/g' | tr '@' '\n' | sed -n '5p' | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
DNSvalue="$(echo "$line" | sed 's/<td/@<td/g' | tr '@' '\n' | sed -n '5p' | cut -d '>' -f 2 | cut -d '<' -f 1)"
|
||||||
_debug2 DNSvalue "$DNSvalue"
|
if _startswith "$DNSvalue" """; then
|
||||||
# if [ "$DNSvalue" = "$txtvalue" ]; then
|
# remove the quotation from the start
|
||||||
# Testing value match fails. Website is truncating the value
|
DNSvalue="$(echo "$DNSvalue" | cut -c 7-)"
|
||||||
# field. So for now we will assume that there is only one TXT
|
fi
|
||||||
# field for the sub domain and just delete it. Currently this
|
if _endswith "$DNSvalue" "..."; then
|
||||||
# is a safe assumption.
|
# value was truncated, remove the dot dot dot from the end
|
||||||
|
DNSvalue="$(echo "$DNSvalue" | sed 's/...$//')"
|
||||||
|
elif _endswith "$DNSvalue" """; then
|
||||||
|
# else remove the closing quotation from the end
|
||||||
|
DNSvalue="$(echo "$DNSvalue" | sed 's/......$//')"
|
||||||
|
fi
|
||||||
|
_debug2 "DNSvalue: $DNSvalue"
|
||||||
|
|
||||||
|
if [ -n "$DNSdataid" ] && _startswith "$txtvalue" "$DNSvalue"; then
|
||||||
|
# Found a match. But note... Website is truncating the
|
||||||
|
# value field so we are only testing that part that is not
|
||||||
|
# truncated. This should be accurate enough.
|
||||||
|
_debug "Deleting TXT record for $fulldomain, $txtvalue"
|
||||||
_freedns_delete_txt_record "$FREEDNS_COOKIE" "$DNSdataid"
|
_freedns_delete_txt_record "$FREEDNS_COOKIE" "$DNSdataid"
|
||||||
return $?
|
return $?
|
||||||
# fi
|
fi
|
||||||
|
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|
||||||
# If we get this far we did not find a match (after two attempts)
|
# If we get this far we did not find a match (after two attempts)
|
||||||
# Not necessarily an error, but log anyway.
|
# Not necessarily an error, but log anyway.
|
||||||
_debug2 "$subdomain_csv"
|
_debug3 "$subdomain_csv"
|
||||||
_info "Cannot delete TXT record for $fulldomain/$txtvalue. Does not exist at FreeDNS"
|
_info "Cannot delete TXT record for $fulldomain, $txtvalue. Does not exist at FreeDNS"
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -272,7 +236,7 @@ _freedns_login() {
|
|||||||
|
|
||||||
# if cookies is not empty then logon successful
|
# if cookies is not empty then logon successful
|
||||||
if [ -z "$cookies" ]; then
|
if [ -z "$cookies" ]; then
|
||||||
_debug "$htmlpage"
|
_debug3 "htmlpage: $htmlpage"
|
||||||
_err "FreeDNS login failed for user $username. Check $HTTP_HEADER file"
|
_err "FreeDNS login failed for user $username. Check $HTTP_HEADER file"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -301,7 +265,7 @@ _freedns_retrieve_subdomain_page() {
|
|||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_debug2 "$htmlpage"
|
_debug3 "htmlpage: $htmlpage"
|
||||||
|
|
||||||
printf "%s" "$htmlpage"
|
printf "%s" "$htmlpage"
|
||||||
return 0
|
return 0
|
||||||
@ -323,17 +287,17 @@ _freedns_add_txt_record() {
|
|||||||
_err "FreeDNS failed to add TXT record for $subdomain bad RC from _post"
|
_err "FreeDNS failed to add TXT record for $subdomain bad RC from _post"
|
||||||
return 1
|
return 1
|
||||||
elif ! grep "200 OK" "$HTTP_HEADER" >/dev/null; then
|
elif ! grep "200 OK" "$HTTP_HEADER" >/dev/null; then
|
||||||
_debug "$htmlpage"
|
_debug3 "htmlpage: $htmlpage"
|
||||||
_err "FreeDNS failed to add TXT record for $subdomain. Check $HTTP_HEADER file"
|
_err "FreeDNS failed to add TXT record for $subdomain. Check $HTTP_HEADER file"
|
||||||
return 1
|
return 1
|
||||||
elif _contains "$htmlpage" "security code was incorrect"; then
|
elif _contains "$htmlpage" "security code was incorrect"; then
|
||||||
_debug "$htmlpage"
|
_debug3 "htmlpage: $htmlpage"
|
||||||
_err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested security code"
|
_err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested security code"
|
||||||
_err "Note that you cannot use automatic DNS validation for FreeDNS public domains"
|
_err "Note that you cannot use automatic DNS validation for FreeDNS public domains"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_debug2 "$htmlpage"
|
_debug3 "htmlpage: $htmlpage"
|
||||||
_info "Added acme challenge TXT record for $fulldomain at FreeDNS"
|
_info "Added acme challenge TXT record for $fulldomain at FreeDNS"
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@ -352,7 +316,7 @@ _freedns_delete_txt_record() {
|
|||||||
_err "FreeDNS failed to delete TXT record for $data_id bad RC from _get"
|
_err "FreeDNS failed to delete TXT record for $data_id bad RC from _get"
|
||||||
return 1
|
return 1
|
||||||
elif ! _contains "$htmlheader" "200 OK"; then
|
elif ! _contains "$htmlheader" "200 OK"; then
|
||||||
_debug "$htmlheader"
|
_debug2 "htmlheader: $htmlheader"
|
||||||
_err "FreeDNS failed to delete TXT record $data_id"
|
_err "FreeDNS failed to delete TXT record $data_id"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
Loading…
x
Reference in New Issue
Block a user