mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 13:11:41 +00:00
commit
9dac02ba5d
@ -350,6 +350,7 @@ You don't have to do anything manually!
|
||||
1. Exoscale.com API (https://www.exoscale.com/)
|
||||
1. PointDNS API (https://pointhq.com/)
|
||||
1. Active24.cz API (https://www.active24.cz/)
|
||||
1. do.de API (https://www.do.de/)
|
||||
|
||||
And:
|
||||
|
||||
|
46
acme.sh
46
acme.sh
@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
VER=2.8.0
|
||||
VER=2.8.1
|
||||
|
||||
PROJECT_NAME="acme.sh"
|
||||
|
||||
@ -35,7 +35,6 @@ _OLD_STAGE_CA_HOST="https://acme-staging.api.letsencrypt.org"
|
||||
|
||||
VTYPE_HTTP="http-01"
|
||||
VTYPE_DNS="dns-01"
|
||||
VTYPE_TLS="tls-sni-01"
|
||||
VTYPE_ALPN="tls-alpn-01"
|
||||
|
||||
LOCAL_ANY_ADDRESS="0.0.0.0"
|
||||
@ -46,7 +45,6 @@ DEFAULT_DNS_SLEEP=120
|
||||
|
||||
NO_VALUE="no"
|
||||
|
||||
W_TLS="tls"
|
||||
W_DNS="dns"
|
||||
W_ALPN="alpn"
|
||||
DNS_ALIAS_PREFIX="="
|
||||
@ -3080,8 +3078,8 @@ _on_before_issue() {
|
||||
_savedomainconf "Le_HTTPPort" "$Le_HTTPPort"
|
||||
fi
|
||||
_checkport="$Le_HTTPPort"
|
||||
elif [ "$_currentRoot" = "$W_TLS" ] || [ "$_currentRoot" = "$W_ALPN" ]; then
|
||||
_info "Standalone tls/alpn mode."
|
||||
elif [ "$_currentRoot" = "$W_ALPN" ]; then
|
||||
_info "Standalone alpn mode."
|
||||
if [ -z "$Le_TLSPort" ]; then
|
||||
Le_TLSPort=443
|
||||
else
|
||||
@ -3701,10 +3699,6 @@ $_authorizations_map"
|
||||
vtype="$VTYPE_DNS"
|
||||
fi
|
||||
|
||||
if [ "$_currentRoot" = "$W_TLS" ]; then
|
||||
vtype="$VTYPE_TLS"
|
||||
fi
|
||||
|
||||
if [ "$_currentRoot" = "$W_ALPN" ]; then
|
||||
vtype="$VTYPE_ALPN"
|
||||
fi
|
||||
@ -3988,40 +3982,6 @@ $_authorizations_map"
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
elif [ "$vtype" = "$VTYPE_TLS" ]; then
|
||||
#create A
|
||||
#_hash_A="$(printf "%s" $token | _digest "sha256" "hex" )"
|
||||
#_debug2 _hash_A "$_hash_A"
|
||||
#_x="$(echo $_hash_A | cut -c 1-32)"
|
||||
#_debug2 _x "$_x"
|
||||
#_y="$(echo $_hash_A | cut -c 33-64)"
|
||||
#_debug2 _y "$_y"
|
||||
#_SAN_A="$_x.$_y.token.acme.invalid"
|
||||
#_debug2 _SAN_A "$_SAN_A"
|
||||
|
||||
#create B
|
||||
_hash_B="$(printf "%s" "$keyauthorization" | _digest "sha256" "hex")"
|
||||
_debug2 _hash_B "$_hash_B"
|
||||
_x="$(echo "$_hash_B" | cut -c 1-32)"
|
||||
_debug2 _x "$_x"
|
||||
_y="$(echo "$_hash_B" | cut -c 33-64)"
|
||||
_debug2 _y "$_y"
|
||||
|
||||
#_SAN_B="$_x.$_y.ka.acme.invalid"
|
||||
|
||||
_SAN_B="$_x.$_y.acme.invalid"
|
||||
_debug2 _SAN_B "$_SAN_B"
|
||||
|
||||
_ncaddr="$(_getfield "$_local_addr" "$_ncIndex")"
|
||||
_ncIndex="$(_math "$_ncIndex" + 1)"
|
||||
if ! _starttlsserver "$_SAN_B" "$_SAN_A" "$Le_TLSPort" "$keyauthorization" "$_ncaddr"; then
|
||||
_err "Start tls server error."
|
||||
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
|
||||
_clearup
|
||||
_on_issue_err "$_post_hook" "$vlist"
|
||||
return 1
|
||||
fi
|
||||
elif [ "$vtype" = "$VTYPE_ALPN" ]; then
|
||||
acmevalidationv1="$(printf "%s" "$keyauthorization" | _digest "sha256" "hex")"
|
||||
_debug acmevalidationv1 "$acmevalidationv1"
|
||||
|
@ -1156,6 +1156,21 @@ acme.sh --issue --dns dns_active24 -d example.com -d www.example.com --dnssleep
|
||||
|
||||
The `ACTIVE24_Token` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||
|
||||
## 60. Use do.de API
|
||||
|
||||
Create an API token in your do.de account.
|
||||
|
||||
Set your API token:
|
||||
```
|
||||
export DO_LETOKEN='FmD408PdqT1E269gUK57'
|
||||
```
|
||||
|
||||
To issue a certificate run:
|
||||
```
|
||||
acme.sh --issue --dns dns_doapi -d example.com -d *.example.com
|
||||
```
|
||||
|
||||
The API token will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||
|
||||
# Use custom API
|
||||
|
||||
|
59
dnsapi/dns_doapi.sh
Executable file
59
dnsapi/dns_doapi.sh
Executable file
@ -0,0 +1,59 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
# Official Let's Encrypt API for do.de / Domain-Offensive
|
||||
#
|
||||
# This is different from the dns_do adapter, because dns_do is only usable for enterprise customers
|
||||
# This API is also available to private customers/individuals
|
||||
#
|
||||
# Provide the required LetsEncrypt token like this:
|
||||
# DO_LETOKEN="FmD408PdqT1E269gUK57"
|
||||
|
||||
DO_API="https://www.do.de/api/letsencrypt"
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
dns_doapi_add() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
DO_LETOKEN="${DO_LETOKEN:-$(_readaccountconf_mutable DO_LETOKEN)}"
|
||||
if [ -z "$DO_LETOKEN" ]; then
|
||||
DO_LETOKEN=""
|
||||
_err "You didn't configure a do.de API token yet."
|
||||
_err "Please set DO_LETOKEN and try again."
|
||||
return 1
|
||||
fi
|
||||
_saveaccountconf_mutable DO_LETOKEN "$DO_LETOKEN"
|
||||
|
||||
_info "Adding TXT record to ${fulldomain}"
|
||||
response="$(_get "$DO_API?token=$DO_LETOKEN&domain=${fulldomain}&value=${txtvalue}")"
|
||||
if _contains "${response}" 'success'; then
|
||||
return 0
|
||||
fi
|
||||
_err "Could not create resource record, check logs"
|
||||
_err "${response}"
|
||||
return 1
|
||||
}
|
||||
|
||||
dns_doapi_rm() {
|
||||
fulldomain=$1
|
||||
|
||||
DO_LETOKEN="${DO_LETOKEN:-$(_readaccountconf_mutable DO_LETOKEN)}"
|
||||
if [ -z "$DO_LETOKEN" ]; then
|
||||
DO_LETOKEN=""
|
||||
_err "You didn't configure a do.de API token yet."
|
||||
_err "Please set DO_LETOKEN and try again."
|
||||
return 1
|
||||
fi
|
||||
_saveaccountconf_mutable DO_LETOKEN "$DO_LETOKEN"
|
||||
|
||||
_info "Deleting resource record $fulldomain"
|
||||
response="$(_get "$DO_API?token=$DO_LETOKEN&domain=${fulldomain}&action=delete")"
|
||||
if _contains "${response}" 'success'; then
|
||||
return 0
|
||||
fi
|
||||
_err "Could not delete resource record, check logs"
|
||||
_err "${response}"
|
||||
return 1
|
||||
}
|
@ -3,16 +3,15 @@
|
||||
# Namecheap API
|
||||
# https://www.namecheap.com/support/api/intro.aspx
|
||||
#
|
||||
# Requires Namecheap API key set in NAMECHEAP_API_KEY, NAMECHEAP_SOURCEIP and NAMECHEAP_USERNAME set as environment variable
|
||||
# Requires Namecheap API key set in
|
||||
#NAMECHEAP_API_KEY,
|
||||
#NAMECHEAP_USERNAME,
|
||||
#NAMECHEAP_SOURCEIP
|
||||
# Due to Namecheap's API limitation all the records of your domain will be read and re applied, make sure to have a backup of your records you could apply if any issue would arise.
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
if [ "$STAGE" -eq 1 ]; then
|
||||
NAMECHEAP_API="https://api.sandbox.namecheap.com/xml.response"
|
||||
else
|
||||
NAMECHEAP_API="https://api.namecheap.com/xml.response"
|
||||
fi
|
||||
|
||||
#Usage: dns_namecheap_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
dns_namecheap_add() {
|
||||
@ -144,7 +143,7 @@ _namecheap_set_publicip() {
|
||||
_namecheap_post() {
|
||||
command=$1
|
||||
data="ApiUser=${NAMECHEAP_USERNAME}&ApiKey=${NAMECHEAP_API_KEY}&ClientIp=${_publicip}&UserName=${NAMECHEAP_USERNAME}&Command=${command}"
|
||||
|
||||
_debug2 "_namecheap_post data" "$data"
|
||||
response="$(_post "$data" "$NAMECHEAP_API" "" "POST")"
|
||||
_debug2 response "$response"
|
||||
|
||||
@ -224,6 +223,12 @@ _set_namecheap_TXT() {
|
||||
while read -r host; do
|
||||
if _contains "$host" "<host"; then
|
||||
_namecheap_parse_host "$host"
|
||||
_debug2 _hostname "_hostname"
|
||||
_debug2 _hosttype "_hosttype"
|
||||
_debug2 _hostaddress "_hostaddress"
|
||||
_debug2 _hostmxpref "_hostmxpref"
|
||||
_hostaddress="$(printf "%s" "$_hostaddress" | _url_encode)"
|
||||
_debug2 "encoded _hostaddress" "_hostaddress"
|
||||
_namecheap_add_host "$_hostname" "$_hosttype" "$_hostaddress" "$_hostmxpref" "$_hostttl"
|
||||
fi
|
||||
done <<EOT
|
||||
@ -278,6 +283,7 @@ _del_namecheap_TXT() {
|
||||
_debug "TXT entry found"
|
||||
found=1
|
||||
else
|
||||
_hostaddress="$(printf "%s" "$_hostaddress" | _url_encode)"
|
||||
_namecheap_add_host "$_hostname" "$_hosttype" "$_hostaddress" "$_hostmxpref" "$_hostttl"
|
||||
fi
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user