diff --git a/README.md b/README.md
index 2d31c678..41ffb694 100644
--- a/README.md
+++ b/README.md
@@ -348,6 +348,7 @@ You don't have to do anything manually!
1. hosting.de (https://www.hosting.de)
1. Neodigit.net API (https://www.neodigit.net)
1. Exoscale.com API (https://www.exoscale.com/)
+1. PointDNS API (https://pointhq.com/)
And:
diff --git a/acme.sh b/acme.sh
index 872529f7..d651c4f5 100755
--- a/acme.sh
+++ b/acme.sh
@@ -2921,7 +2921,10 @@ _clearup() {
_clearupdns() {
_debug "_clearupdns"
- if [ "$dnsadded" != 1 ] || [ -z "$vlist" ]; then
+ _debug "dnsadded" "$dnsadded"
+ _debug "vlist" "$vlist"
+ #dnsadded is "0" or "1" means dns-01 method was used for at least one domain
+ if [ -z "$dnsadded" ] || [ -z "$vlist" ]; then
_debug "skip dns."
return
fi
@@ -3854,8 +3857,8 @@ $_authorizations_map"
)
if [ "$?" != "0" ]; then
- _clearup
_on_issue_err "$_post_hook" "$vlist"
+ _clearup
return 1
fi
dnsadded='1'
@@ -3866,8 +3869,8 @@ $_authorizations_map"
_savedomainconf "Le_Vlist" "$vlist"
_debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit."
_err "Please add the TXT records to the domains, and re-run with --renew."
- _clearup
_on_issue_err "$_post_hook"
+ _clearup
return 1
fi
@@ -3901,7 +3904,7 @@ $_authorizations_map"
continue
fi
- _info "Verifying:$d"
+ _info "Verifying: $d"
_debug "d" "$d"
_debug "keyauthorization" "$keyauthorization"
_debug "uri" "$uri"
diff --git a/dnsapi/README.md b/dnsapi/README.md
index 9358eb4b..fc65748e 100644
--- a/dnsapi/README.md
+++ b/dnsapi/README.md
@@ -1127,6 +1127,18 @@ acme.sh --issue --dns dns_exoscale -d example.com -d www.example.com
The `EXOSCALE_API_KEY` and `EXOSCALE_SECRET_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
+## 58. Using PointHQ API to issue certs
+
+Log into [PointHQ account management](https://app.pointhq.com/profile) and copy the API key from the page there.
+
+```export PointHQ_Key="apikeystringgoeshere"
+exportPointHQ_Email="accountemail@yourdomain.com"
+```
+
+You can then issue certs by using:
+```acme.sh --issue --dns dns_pointhq -d example.com -d www.example.com
+```
+
# Use custom API
If your API is not supported yet, you can write your own DNS API.
diff --git a/dnsapi/dns_inwx.sh b/dnsapi/dns_inwx.sh
index cd5af91b..f4590cf8 100755
--- a/dnsapi/dns_inwx.sh
+++ b/dnsapi/dns_inwx.sh
@@ -158,7 +158,8 @@ _inwx_login() {
export _H1
#https://github.com/inwx/php-client/blob/master/INWX/Domrobot.php#L71
- if _contains "$response" "tfa"; then
+ if _contains "$response" "code1000" \
+ && _contains "$response" "tfaGOOGLE-AUTH"; then
if [ -z "$INWX_Shared_Secret" ]; then
_err "Mobile TAN detected."
_err "Please define a shared secret."
diff --git a/dnsapi/dns_namecheap.sh b/dnsapi/dns_namecheap.sh
index a6651be6..2f401bd9 100755
--- a/dnsapi/dns_namecheap.sh
+++ b/dnsapi/dns_namecheap.sh
@@ -161,12 +161,12 @@ _namecheap_parse_host() {
_host=$1
_debug _host "$_host"
- _hostid=$(echo "$_host" | _egrep_o '\sHostId="[^"]*' | cut -d '"' -f 2)
- _hostname=$(echo "$_host" | _egrep_o '\sName="[^"]*' | cut -d '"' -f 2)
- _hosttype=$(echo "$_host" | _egrep_o '\sType="[^"]*' | cut -d '"' -f 2)
- _hostaddress=$(echo "$_host" | _egrep_o '\sAddress="[^"]*' | cut -d '"' -f 2)
- _hostmxpref=$(echo "$_host" | _egrep_o '\sMXPref="[^"]*' | cut -d '"' -f 2)
- _hostttl=$(echo "$_host" | _egrep_o '\sTTL="[^"]*' | cut -d '"' -f 2)
+ _hostid=$(echo "$_host" | _egrep_o ' HostId="[^"]*' | cut -d '"' -f 2)
+ _hostname=$(echo "$_host" | _egrep_o ' Name="[^"]*' | cut -d '"' -f 2)
+ _hosttype=$(echo "$_host" | _egrep_o ' Type="[^"]*' | cut -d '"' -f 2)
+ _hostaddress=$(echo "$_host" | _egrep_o ' Address="[^"]*' | cut -d '"' -f 2)
+ _hostmxpref=$(echo "$_host" | _egrep_o ' MXPref="[^"]*' | cut -d '"' -f 2)
+ _hostttl=$(echo "$_host" | _egrep_o ' TTL="[^"]*' | cut -d '"' -f 2)
_debug hostid "$_hostid"
_debug hostname "$_hostname"
diff --git a/dnsapi/dns_pointhq.sh b/dnsapi/dns_pointhq.sh
new file mode 100644
index 00000000..62313109
--- /dev/null
+++ b/dnsapi/dns_pointhq.sh
@@ -0,0 +1,164 @@
+#!/usr/bin/env sh
+
+#
+#PointHQ_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
+#
+#PointHQ_Email="xxxx@sss.com"
+
+PointHQ_Api="https://api.pointhq.com"
+
+######## Public functions #####################
+
+#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns_pointhq_add() {
+ fulldomain=$1
+ txtvalue=$2
+
+ PointHQ_Key="${PointHQ_Key:-$(_readaccountconf_mutable PointHQ_Key)}"
+ PointHQ_Email="${PointHQ_Email:-$(_readaccountconf_mutable PointHQ_Email)}"
+ if [ -z "$PointHQ_Key" ] || [ -z "$PointHQ_Email" ]; then
+ PointHQ_Key=""
+ PointHQ_Email=""
+ _err "You didn't specify a PointHQ API key and email yet."
+ _err "Please create the key and try again."
+ return 1
+ fi
+
+ if ! _contains "$PointHQ_Email" "@"; then
+ _err "It seems that the PointHQ_Email=$PointHQ_Email is not a valid email address."
+ _err "Please check and retry."
+ return 1
+ fi
+
+ #save the api key and email to the account conf file.
+ _saveaccountconf_mutable PointHQ_Key "$PointHQ_Key"
+ _saveaccountconf_mutable PointHQ_Email "$PointHQ_Email"
+
+ _debug "First detect the root zone"
+ if ! _get_root "$fulldomain"; then
+ _err "invalid domain"
+ return 1
+ fi
+ _debug _sub_domain "$_sub_domain"
+ _debug _domain "$_domain"
+
+ _info "Adding record"
+ if _pointhq_rest POST "zones/$_domain/records" "{\"zone_record\": {\"name\":\"$_sub_domain\",\"record_type\":\"TXT\",\"data\":\"$txtvalue\",\"ttl\":3600}}"; then
+ if printf -- "%s" "$response" | grep "$fulldomain" >/dev/null; then
+ _info "Added, OK"
+ return 0
+ else
+ _err "Add txt record error."
+ return 1
+ fi
+ fi
+ _err "Add txt record error."
+ return 1
+}
+
+#fulldomain txtvalue
+dns_pointhq_rm() {
+ fulldomain=$1
+ txtvalue=$2
+
+ PointHQ_Key="${PointHQ_Key:-$(_readaccountconf_mutable PointHQ_Key)}"
+ PointHQ_Email="${PointHQ_Email:-$(_readaccountconf_mutable PointHQ_Email)}"
+ if [ -z "$PointHQ_Key" ] || [ -z "$PointHQ_Email" ]; then
+ PointHQ_Key=""
+ PointHQ_Email=""
+ _err "You didn't specify a PointHQ API key and email yet."
+ _err "Please create the key and try again."
+ return 1
+ fi
+
+ _debug "First detect the root zone"
+ if ! _get_root "$fulldomain"; then
+ _err "invalid domain"
+ return 1
+ fi
+ _debug _sub_domain "$_sub_domain"
+ _debug _domain "$_domain"
+
+ _debug "Getting txt records"
+ _pointhq_rest GET "zones/${_domain}/records?record_type=TXT&name=$_sub_domain"
+
+ if ! printf "%s" "$response" | grep "^\[" >/dev/null; then
+ _err "Error"
+ return 1
+ fi
+
+ if [ "$response" = "[]" ]; then
+ _info "No records to remove."
+ else
+ record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":[^,]*" | cut -d : -f 2 | tr -d \" | head -n 1)
+ _debug "record_id" "$record_id"
+ if [ -z "$record_id" ]; then
+ _err "Can not get record id to remove."
+ return 1
+ fi
+ if ! _pointhq_rest DELETE "zones/$_domain/records/$record_id"; then
+ _err "Delete record error."
+ return 1
+ fi
+ _contains "$response" '"status":"OK"'
+ fi
+}
+
+#################### Private functions below ##################################
+#_acme-challenge.www.domain.com
+#returns
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+_get_root() {
+ domain=$1
+ i=2
+ p=1
+ while true; do
+ h=$(printf "%s" "$domain" | cut -d . -f $i-100)
+ _debug h "$h"
+ if [ -z "$h" ]; then
+ #not valid
+ return 1
+ fi
+
+ if ! _pointhq_rest GET "zones"; then
+ return 1
+ fi
+
+ if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
+ _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
+ _domain=$h
+ return 0
+ fi
+ p=$i
+ i=$(_math "$i" + 1)
+ done
+ return 1
+}
+
+_pointhq_rest() {
+ m=$1
+ ep="$2"
+ data="$3"
+ _debug "$ep"
+
+ _pointhq_auth=$(printf "%s:%s" "$PointHQ_Email" "$PointHQ_Key" | _base64)
+
+ export _H1="Authorization: Basic $_pointhq_auth"
+ export _H2="Content-Type: application/json"
+ export _H3="Accept: application/json"
+
+ if [ "$m" != "GET" ]; then
+ _debug data "$data"
+ response="$(_post "$data" "$PointHQ_Api/$ep" "" "$m")"
+ else
+ response="$(_get "$PointHQ_Api/$ep")"
+ fi
+
+ if [ "$?" != "0" ]; then
+ _err "error $ep"
+ return 1
+ fi
+ _debug2 response "$response"
+ return 0
+}