support doh to poll dns status
fix https://github.com/Neilpang/acme.sh/issues/2015
This commit is contained in:
neil 2019-02-19 21:39:06 +08:00 committed by GitHub
parent 8f2a8a0051
commit b5ca9bbab2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

190
acme.sh
View File

@ -2929,42 +2929,38 @@ _clearup() {
_clearupdns() { _clearupdns() {
_debug "_clearupdns" _debug "_clearupdns"
_debug "dnsadded" "$dnsadded" _debug "dns_entries" "$dns_entries"
_debug "vlist" "$vlist"
#dnsadded is "0" or "1" means dns-01 method was used for at least one domain if [ -z "$dns_entries" ]; then
if [ -z "$dnsadded" ] || [ -z "$vlist" ]; then
_debug "skip dns." _debug "skip dns."
return return
fi fi
_info "Removing DNS records." _info "Removing DNS records."
ventries=$(echo "$vlist" | tr ',' ' ')
_alias_index=1
for ventry in $ventries; do
d=$(echo "$ventry" | cut -d "$sep" -f 1)
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
vtype=$(echo "$ventry" | cut -d "$sep" -f 4)
_currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5)
txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)"
_debug txt "$txt"
if [ "$keyauthorization" = "$STATE_VERIFIED" ]; then
_debug "$d is already verified, skip $vtype."
_alias_index="$(_math "$_alias_index" + 1)"
continue
fi
if [ "$vtype" != "$VTYPE_DNS" ]; then for entry in $dns_entries; do
_debug "Skip $d for $vtype" d=$(_getfield "$entry" 1)
continue txtdomain=$(_getfield "$entry" 2)
aliasDomain=$(_getfield "$entry" 3)
txt=$(_getfield "$entry" 5)
d_api=$(_getfield "$entry" 6)
_debug "d" "$d"
_debug "txtdomain" "$txtdomain"
_debug "aliasDomain" "$aliasDomain"
_debug "txt" "$txt"
_debug "d_api" "$d_api"
if [ "$d_api" = "$txt" ]; then
d_api=""
fi fi
d_api="$(_findHook "$d" dnsapi "$_currentRoot")"
_debug d_api "$d_api"
if [ -z "$d_api" ]; then if [ -z "$d_api" ]; then
_info "Not Found domain api file: $d_api" _info "Not Found domain api file: $d_api"
continue continue
fi fi
if [ "$aliasDomain" ]; then
txtdomain="$aliasDomain"
fi
( (
if ! . "$d_api"; then if ! . "$d_api"; then
_err "Load file $d_api error. Please check your api file and try again." _err "Load file $d_api error. Please check your api file and try again."
@ -2977,24 +2973,6 @@ _clearupdns() {
return 1 return 1
fi fi
_dns_root_d="$d"
if _startswith "$_dns_root_d" "*."; then
_dns_root_d="$(echo "$_dns_root_d" | sed 's/*.//')"
fi
_d_alias="$(_getfield "$_challenge_alias" "$_alias_index")"
_alias_index="$(_math "$_alias_index" + 1)"
_debug "_d_alias" "$_d_alias"
if [ "$_d_alias" ]; then
if _startswith "$_d_alias" "$DNS_ALIAS_PREFIX"; then
txtdomain="$(echo "$_d_alias" | sed "s/$DNS_ALIAS_PREFIX//")"
else
txtdomain="_acme-challenge.$_d_alias"
fi
else
txtdomain="_acme-challenge.$_dns_root_d"
fi
if ! $rmcommand "$txtdomain" "$txt"; then if ! $rmcommand "$txtdomain" "$txt"; then
_err "Error removing txt for domain:$txtdomain" _err "Error removing txt for domain:$txtdomain"
return 1 return 1
@ -3463,6 +3441,113 @@ __trigger_validation() {
fi fi
} }
#endpoint domain type
_ns_lookup() {
_ns_ep="$1"
_ns_domain="$2"
_ns_type="$3"
_debug2 "_ns_ep" "$_ns_ep"
_debug2 "_ns_domain" "$_ns_domain"
_debug2 "_ns_type" "$_ns_type"
response="$(_H1="accept: application/dns-json" _get "$_ns_ep?name=$_ns_domain&type=$_ns_type")"
_ret=$?
_debug2 "response" "$response"
if [ "$_ret" != "0" ]; then
return $_ret
fi
_answers="$(echo "$response" | tr '{}' '<>' | _egrep_o '"Answer":\[[^]]*]' | tr '<>' '\n\n')"
_debug2 "_answers" "$_answers"
echo "$_answers"
}
#domain, type
_ns_lookup_cf() {
_cf_ld="$1"
_cf_ld_type="$2"
_cf_ep="https://cloudflare-dns.com/dns-query"
_ns_lookup "$_cf_ep" "$_cf_ld" "$_cf_ld_type"
}
#domain, type
_ns_purge_cf() {
_cf_d="$1"
_cf_d_type="$2"
_debug "Cloudflare purge $_cf_d_type record for domain $_cf_d"
_cf_purl="https://1.1.1.1/api/v1/purge?domain=$_cf_d&type=$_cf_d_type"
response="$(_post "" "$_cf_purl")"
_debug2 response "$response"
}
#txtdomain, alias, txt
__check_txt() {
_c_txtdomain="$1"
_c_aliasdomain="$2"
_c_txt="$3"
_debug "_c_txtdomain" "$_c_txtdomain"
_debug "_c_aliasdomain" "$_c_aliasdomain"
_debug "_c_txt" "$_c_txt"
_answers="$(_ns_lookup_cf "$_c_aliasdomain" TXT)"
_contains "$_answers" "$_c_txt"
}
#txtdomain
__purge_txt() {
_p_txtdomain="$1"
_debug _p_txtdomain "$_p_txtdomain"
_ns_purge_cf "$_p_txtdomain" "TXT"
}
#wait and check each dns entries
_check_dns_entries() {
_success_txt=","
_end_time="$(_time)"
_end_time="$(_math "$_end_time" + 1200)" #let's check no more than 20 minutes.
while [ "$(_time)" -le "$_end_time" ]; do
_left=""
for entry in $dns_entries; do
d=$(_getfield "$entry" 1)
txtdomain=$(_getfield "$entry" 2)
aliasDomain=$(_getfield "$entry" 3)
txt=$(_getfield "$entry" 5)
d_api=$(_getfield "$entry" 6)
_debug "d" "$d"
_debug "txtdomain" "$txtdomain"
_debug "aliasDomain" "$aliasDomain"
_debug "txt" "$txt"
_debug "d_api" "$d_api"
_info "Checking $d for $aliasDomain"
if _contains "$_success_txt" ",$txt,"; then
_info "Already success, continue next one."
continue
fi
if __check_txt "$txtdomain" "$aliasDomain" "$txt"; then
_info "Domain $d '$aliasDomain' success."
_success_txt="$_success_txt,$txt,"
continue
fi
_left=1
_info "Not valid yet, let's wait 10 seconds and check next one."
_sleep 10
__purge_txt "$txtdomain"
if [ "$txtdomain" != "$aliasDomain" ]; then
__purge_txt "$aliasDomain"
fi
done
if [ "$_left" ]; then
_info "Let's wait 10 seconds and check again".
_sleep 10
else
_info "All success, let's return"
break
fi
done
}
#webroot, domain domainlist keylength #webroot, domain domainlist keylength
issue() { issue() {
if [ -z "$2" ]; then if [ -z "$2" ]; then
@ -3786,6 +3871,7 @@ $_authorizations_map"
done done
_debug vlist "$vlist" _debug vlist "$vlist"
#add entry #add entry
dns_entries=""
dnsadded="" dnsadded=""
ventries=$(echo "$vlist" | tr "$dvsep" ' ') ventries=$(echo "$vlist" | tr "$dvsep" ' ')
_alias_index=1 _alias_index=1
@ -3816,8 +3902,10 @@ $_authorizations_map"
else else
txtdomain="_acme-challenge.$_d_alias" txtdomain="_acme-challenge.$_d_alias"
fi fi
dns_entries="${dns_entries}${_dns_root_d}${dvsep}_acme-challenge.$_dns_root_d$dvsep$txtdomain$dvsep$_currentRoot"
else else
txtdomain="_acme-challenge.$_dns_root_d" txtdomain="_acme-challenge.$_dns_root_d"
dns_entries="${dns_entries}${_dns_root_d}${dvsep}_acme-challenge.$_dns_root_d$dvsep$dvsep$_currentRoot"
fi fi
_debug txtdomain "$txtdomain" _debug txtdomain "$txtdomain"
txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)" txt="$(printf "%s" "$keyauthorization" | _digest "sha256" | _url_replace)"
@ -3826,7 +3914,9 @@ $_authorizations_map"
d_api="$(_findHook "$_dns_root_d" dnsapi "$_currentRoot")" d_api="$(_findHook "$_dns_root_d" dnsapi "$_currentRoot")"
_debug d_api "$d_api" _debug d_api "$d_api"
dns_entries="$dns_entries$dvsep$txt${dvsep}$d_api
"
_debug2 "$dns_entries"
if [ "$d_api" ]; then if [ "$d_api" ]; then
_info "Found domain api file: $d_api" _info "Found domain api file: $d_api"
else else
@ -3880,16 +3970,22 @@ $_authorizations_map"
fi fi
if [ "$dnsadded" = '1' ]; then if [ "$dns_entries" ]; then
if [ -z "$Le_DNSSleep" ]; then if [ -z "$Le_DNSSleep" ]; then
Le_DNSSleep="$DEFAULT_DNS_SLEEP" _info "Let's check each dns records now. Sleep 20 seconds first."
_sleep 20
if ! _check_dns_entries; then
_err "check dns error."
_on_issue_err "$_post_hook"
_clearup
return 1
fi
else else
_savedomainconf "Le_DNSSleep" "$Le_DNSSleep" _savedomainconf "Le_DNSSleep" "$Le_DNSSleep"
fi
_info "Sleep $(__green $Le_DNSSleep) seconds for the txt records to take effect" _info "Sleep $(__green $Le_DNSSleep) seconds for the txt records to take effect"
_sleep "$Le_DNSSleep" _sleep "$Le_DNSSleep"
fi fi
fi
NGINX_RESTORE_VLIST="" NGINX_RESTORE_VLIST=""
_debug "ok, let's start to verify" _debug "ok, let's start to verify"