mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 05:01:40 +00:00
Merge branch 'master' of github.com:DerVerruckteFuchs/acme.sh into 1984-hosting-cookie-fix
This commit is contained in:
commit
e992979113
40
.github/auto-comment.yml
vendored
40
.github/auto-comment.yml
vendored
@ -1,40 +0,0 @@
|
||||
# Comment to a new issue.
|
||||
issuesOpened: >
|
||||
If this is a bug report, please upgrade to the latest code and try again:
|
||||
|
||||
如果有 bug, 请先更新到最新版试试:
|
||||
|
||||
```
|
||||
acme.sh --upgrade
|
||||
```
|
||||
|
||||
please also provide the log with `--debug 2`.
|
||||
|
||||
同时请提供调试输出 `--debug 2`
|
||||
|
||||
see: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
|
||||
|
||||
Without `--debug 2` log, your issue will NEVER get replied.
|
||||
|
||||
没有调试输出, 你的 issue 不会得到任何解答.
|
||||
|
||||
|
||||
pullRequestOpened: >
|
||||
First, NEVER send a PR to `master` branch, it will NEVER be accepted. Please send to the `dev` branch instead.
|
||||
|
||||
If this is a PR to support new DNS API or new notification API, please read this guide first:
|
||||
https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide
|
||||
|
||||
Please check the guide items one by one.
|
||||
|
||||
Then add your usage here:
|
||||
https://github.com/acmesh-official/acme.sh/wiki/dnsapi
|
||||
|
||||
Or some other wiki pages:
|
||||
|
||||
https://github.com/acmesh-official/acme.sh/wiki/deployhooks
|
||||
|
||||
https://github.com/acmesh-official/acme.sh/wiki/notify
|
||||
|
||||
|
||||
|
22
.github/workflows/DNS.yml
vendored
22
.github/workflows/DNS.yml
vendored
@ -59,24 +59,24 @@ jobs:
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||
- name: Set env file
|
||||
run: |
|
||||
cd ../acmetest
|
||||
cd ../acmetest
|
||||
if [ "${{ secrets.TokenName1}}" ] ; then
|
||||
echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> env.list
|
||||
echo "${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}" >> docker.env
|
||||
fi
|
||||
if [ "${{ secrets.TokenName2}}" ] ; then
|
||||
echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> env.list
|
||||
echo "${{ secrets.TokenName2}}=${{ secrets.TokenValue2}}" >> docker.env
|
||||
fi
|
||||
if [ "${{ secrets.TokenName3}}" ] ; then
|
||||
echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> env.list
|
||||
echo "${{ secrets.TokenName3}}=${{ secrets.TokenValue3}}" >> docker.env
|
||||
fi
|
||||
if [ "${{ secrets.TokenName4}}" ] ; then
|
||||
echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> env.list
|
||||
echo "${{ secrets.TokenName4}}=${{ secrets.TokenValue4}}" >> docker.env
|
||||
fi
|
||||
if [ "${{ secrets.TokenName5}}" ] ; then
|
||||
echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> env.list
|
||||
echo "${{ secrets.TokenName5}}=${{ secrets.TokenValue5}}" >> docker.env
|
||||
fi
|
||||
echo "TEST_DNS_NO_WILDCARD" >> env.list
|
||||
echo "TEST_DNS_SLEEP" >> env.list
|
||||
echo "TEST_DNS_NO_WILDCARD" >> docker.env
|
||||
echo "TEST_DNS_SLEEP" >> docker.env
|
||||
- name: Run acmetest
|
||||
run: cd ../acmetest && ./rundocker.sh testall
|
||||
|
||||
@ -226,8 +226,10 @@ jobs:
|
||||
- uses: vmactions/solaris-vm@v0.0.3
|
||||
with:
|
||||
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
|
||||
prepare: pkgutil -y -i socat curl
|
||||
prepare: pkgutil -y -i socat
|
||||
run: |
|
||||
pkg set-mediator -v -I default@1.1 openssl
|
||||
export PATH=/usr/gnu/bin:$PATH
|
||||
if [ "${{ secrets.TokenName1}}" ] ; then
|
||||
export ${{ secrets.TokenName1}}=${{ secrets.TokenValue1}}
|
||||
fi
|
||||
@ -245,5 +247,3 @@ jobs:
|
||||
fi
|
||||
cd ../acmetest
|
||||
./letest.sh
|
||||
|
||||
|
||||
|
60
.github/workflows/FreeBSD.yml
vendored
Normal file
60
.github/workflows/FreeBSD.yml
vendored
Normal file
@ -0,0 +1,60 @@
|
||||
name: FreeBSD
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- '*'
|
||||
paths:
|
||||
- '*.sh'
|
||||
- '.github/workflows/FreeBSD.yml'
|
||||
|
||||
pull_request:
|
||||
branches:
|
||||
- dev
|
||||
paths:
|
||||
- '*.sh'
|
||||
- '.github/workflows/FreeBSD.yml'
|
||||
|
||||
|
||||
jobs:
|
||||
FreeBSD:
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- TEST_ACME_Server: "LetsEncrypt.org_test"
|
||||
CA_ECDSA: ""
|
||||
CA: ""
|
||||
CA_EMAIL: ""
|
||||
- TEST_ACME_Server: "ZeroSSL.com"
|
||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||
CA_EMAIL: "githubtest@acme.sh"
|
||||
runs-on: macos-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
|
||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||
CA: ${{ matrix.CA }}
|
||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: vmactions/cf-tunnel@v0.0.2
|
||||
id: tunnel
|
||||
with:
|
||||
protocol: http
|
||||
port: 8080
|
||||
- name: Set envs
|
||||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
|
||||
- name: Clone acmetest
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||
- uses: vmactions/freebsd-vm@v0.1.4
|
||||
with:
|
||||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL'
|
||||
nat: |
|
||||
"8080": "80"
|
||||
prepare: pkg install -y socat curl
|
||||
usesh: true
|
||||
run: |
|
||||
cd ../acmetest \
|
||||
&& ./letest.sh
|
||||
|
||||
|
127
.github/workflows/LetsEncrypt.yml
vendored
127
.github/workflows/LetsEncrypt.yml
vendored
@ -1,127 +0,0 @@
|
||||
name: LetsEncrypt
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- '*'
|
||||
paths:
|
||||
- '**.sh'
|
||||
- '**.yml'
|
||||
pull_request:
|
||||
branches:
|
||||
- dev
|
||||
paths:
|
||||
- '**.sh'
|
||||
- '**.yml'
|
||||
|
||||
|
||||
jobs:
|
||||
Ubuntu:
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Install tools
|
||||
run: sudo apt-get install -y socat
|
||||
- name: Clone acmetest
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||
- name: Run acmetest
|
||||
run: cd ../acmetest && sudo --preserve-env ./letest.sh
|
||||
|
||||
MacOS:
|
||||
runs-on: macos-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Install tools
|
||||
run: brew install socat
|
||||
- name: Clone acmetest
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||
- name: Run acmetest
|
||||
run: cd ../acmetest && sudo --preserve-env ./letest.sh
|
||||
|
||||
Windows:
|
||||
runs-on: windows-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port.
|
||||
Le_HTTPPort: 8888
|
||||
steps:
|
||||
- name: Set git to use LF
|
||||
run: |
|
||||
git config --global core.autocrlf false
|
||||
- uses: actions/checkout@v2
|
||||
- name: Install cygwin base packages with chocolatey
|
||||
run: |
|
||||
choco config get cacheLocation
|
||||
choco install --no-progress cygwin
|
||||
shell: cmd
|
||||
- name: Install cygwin additional packages
|
||||
run: |
|
||||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
|
||||
shell: cmd
|
||||
- name: Set ENV
|
||||
shell: cmd
|
||||
run: |
|
||||
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV%
|
||||
- name: Check ENV
|
||||
shell: cmd
|
||||
run: |
|
||||
echo "PATH=%PATH%"
|
||||
- name: Clone acmetest
|
||||
shell: cmd
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||
- name: Run acmetest
|
||||
shell: cmd
|
||||
run: cd ../acmetest && bash.exe -c ./letest.sh
|
||||
|
||||
FreeBSD:
|
||||
runs-on: macos-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: vmactions/cf-tunnel@v0.0.1
|
||||
id: tunnel
|
||||
with:
|
||||
protocol: http
|
||||
port: 8080
|
||||
- name: Set envs
|
||||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
|
||||
- name: Clone acmetest
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||
- uses: vmactions/freebsd-vm@v0.1.4
|
||||
with:
|
||||
envs: 'TEST_LOCAL TestingDomain'
|
||||
nat: |
|
||||
"8080": "80"
|
||||
prepare: pkg install -y socat curl
|
||||
usesh: true
|
||||
run: |
|
||||
cd ../acmetest && ./letest.sh
|
||||
|
||||
Solaris:
|
||||
runs-on: macos-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: vmactions/cf-tunnel@v0.0.1
|
||||
id: tunnel
|
||||
with:
|
||||
protocol: http
|
||||
port: 8080
|
||||
- name: Set envs
|
||||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
|
||||
- name: Clone acmetest
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||
- uses: vmactions/solaris-vm@v0.0.3
|
||||
with:
|
||||
envs: 'TEST_LOCAL TestingDomain'
|
||||
nat: |
|
||||
"8080": "80"
|
||||
prepare: pkgutil -y -i socat curl
|
||||
run: |
|
||||
cd ../acmetest && ./letest.sh
|
||||
|
40
.github/workflows/Linux.yml
vendored
Normal file
40
.github/workflows/Linux.yml
vendored
Normal file
@ -0,0 +1,40 @@
|
||||
name: Linux
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- '*'
|
||||
paths:
|
||||
- '*.sh'
|
||||
- '.github/workflows/Linux.yml'
|
||||
|
||||
pull_request:
|
||||
branches:
|
||||
- dev
|
||||
paths:
|
||||
- '*.sh'
|
||||
- '.github/workflows/Linux.yml'
|
||||
|
||||
|
||||
|
||||
jobs:
|
||||
Linux:
|
||||
strategy:
|
||||
matrix:
|
||||
os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3-amd64"]
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Clone acmetest
|
||||
run: |
|
||||
cd .. \
|
||||
&& git clone https://github.com/acmesh-official/acmetest.git \
|
||||
&& cp -r acme.sh acmetest/
|
||||
- name: Run acmetest
|
||||
run: |
|
||||
cd ../acmetest \
|
||||
&& ./rundocker.sh testplat ${{ matrix.os }}
|
||||
|
||||
|
||||
|
52
.github/workflows/MacOS.yml
vendored
Normal file
52
.github/workflows/MacOS.yml
vendored
Normal file
@ -0,0 +1,52 @@
|
||||
name: MacOS
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- '*'
|
||||
paths:
|
||||
- '*.sh'
|
||||
- '.github/workflows/MacOS.yml'
|
||||
|
||||
pull_request:
|
||||
branches:
|
||||
- dev
|
||||
paths:
|
||||
- '*.sh'
|
||||
- '.github/workflows/MacOS.yml'
|
||||
|
||||
|
||||
jobs:
|
||||
MacOS:
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- TEST_ACME_Server: "LetsEncrypt.org_test"
|
||||
CA_ECDSA: ""
|
||||
CA: ""
|
||||
CA_EMAIL: ""
|
||||
- TEST_ACME_Server: "ZeroSSL.com"
|
||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||
CA_EMAIL: "githubtest@acme.sh"
|
||||
runs-on: macos-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
|
||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||
CA: ${{ matrix.CA }}
|
||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Install tools
|
||||
run: brew install socat
|
||||
- name: Clone acmetest
|
||||
run: |
|
||||
cd .. \
|
||||
&& git clone https://github.com/acmesh-official/acmetest.git \
|
||||
&& cp -r acme.sh acmetest/
|
||||
- name: Run acmetest
|
||||
run: |
|
||||
cd ../acmetest \
|
||||
&& sudo --preserve-env ./letest.sh
|
||||
|
||||
|
10
.github/workflows/PebbleStrict.yml
vendored
10
.github/workflows/PebbleStrict.yml
vendored
@ -4,14 +4,14 @@ on:
|
||||
branches:
|
||||
- '*'
|
||||
paths:
|
||||
- '**.sh'
|
||||
- '**.yml'
|
||||
- '*.sh'
|
||||
- '.github/workflows/PebbleStrict.yml'
|
||||
pull_request:
|
||||
branches:
|
||||
- dev
|
||||
paths:
|
||||
- '**.sh'
|
||||
- '**.yml'
|
||||
- '*.sh'
|
||||
- '.github/workflows/PebbleStrict.yml'
|
||||
|
||||
jobs:
|
||||
PebbleStrict:
|
||||
@ -19,7 +19,7 @@ jobs:
|
||||
env:
|
||||
TestingDomain: example.com
|
||||
TestingAltDomains: www.example.com
|
||||
ACME_DIRECTORY: https://localhost:14000/dir
|
||||
TEST_ACME_Server: https://localhost:14000/dir
|
||||
HTTPS_INSECURE: 1
|
||||
Le_HTTPPort: 5002
|
||||
TEST_LOCAL: 1
|
||||
|
58
.github/workflows/Solaris.yml
vendored
Normal file
58
.github/workflows/Solaris.yml
vendored
Normal file
@ -0,0 +1,58 @@
|
||||
name: Solaris
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- '*'
|
||||
paths:
|
||||
- '*.sh'
|
||||
- '.github/workflows/Solaris.yml'
|
||||
|
||||
pull_request:
|
||||
branches:
|
||||
- dev
|
||||
paths:
|
||||
- '*.sh'
|
||||
- '.github/workflows/Solaris.yml'
|
||||
|
||||
|
||||
jobs:
|
||||
Solaris:
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- TEST_ACME_Server: "LetsEncrypt.org_test"
|
||||
CA_ECDSA: ""
|
||||
CA: ""
|
||||
CA_EMAIL: ""
|
||||
- TEST_ACME_Server: "ZeroSSL.com"
|
||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||
CA_EMAIL: "githubtest@acme.sh"
|
||||
runs-on: macos-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
|
||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||
CA: ${{ matrix.CA }}
|
||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: vmactions/cf-tunnel@v0.0.2
|
||||
id: tunnel
|
||||
with:
|
||||
protocol: http
|
||||
port: 8080
|
||||
- name: Set envs
|
||||
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
|
||||
- name: Clone acmetest
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||
- uses: vmactions/solaris-vm@v0.0.3
|
||||
with:
|
||||
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL'
|
||||
nat: |
|
||||
"8080": "80"
|
||||
prepare: pkgutil -y -i socat curl
|
||||
run: |
|
||||
cd ../acmetest \
|
||||
&& ./letest.sh
|
||||
|
54
.github/workflows/Ubuntu.yml
vendored
Normal file
54
.github/workflows/Ubuntu.yml
vendored
Normal file
@ -0,0 +1,54 @@
|
||||
name: Ubuntu
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- '*'
|
||||
paths:
|
||||
- '*.sh'
|
||||
- '.github/workflows/Ubuntu.yml'
|
||||
|
||||
pull_request:
|
||||
branches:
|
||||
- dev
|
||||
paths:
|
||||
- '*.sh'
|
||||
- '.github/workflows/Ubuntu.yml'
|
||||
|
||||
|
||||
jobs:
|
||||
Ubuntu:
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- TEST_ACME_Server: "LetsEncrypt.org_test"
|
||||
CA_ECDSA: ""
|
||||
CA: ""
|
||||
CA_EMAIL: ""
|
||||
- TEST_ACME_Server: "ZeroSSL.com"
|
||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||
CA_EMAIL: "githubtest@acme.sh"
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
TEST_LOCAL: 1
|
||||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
|
||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||
CA: ${{ matrix.CA }}
|
||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||
NO_ECC_384: ${{ matrix.NO_ECC_384 }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Install tools
|
||||
run: sudo apt-get install -y socat
|
||||
- name: Clone acmetest
|
||||
run: |
|
||||
cd .. \
|
||||
&& git clone https://github.com/acmesh-official/acmetest.git \
|
||||
&& cp -r acme.sh acmetest/
|
||||
- name: Run acmetest
|
||||
run: |
|
||||
cd ../acmetest \
|
||||
&& sudo --preserve-env ./letest.sh
|
||||
|
||||
|
70
.github/workflows/Windows.yml
vendored
Normal file
70
.github/workflows/Windows.yml
vendored
Normal file
@ -0,0 +1,70 @@
|
||||
name: Windows
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- '*'
|
||||
paths:
|
||||
- '*.sh'
|
||||
- '.github/workflows/Windows.yml'
|
||||
|
||||
pull_request:
|
||||
branches:
|
||||
- dev
|
||||
paths:
|
||||
- '*.sh'
|
||||
- '.github/workflows/Windows.yml'
|
||||
|
||||
|
||||
jobs:
|
||||
Windows:
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- TEST_ACME_Server: "LetsEncrypt.org_test"
|
||||
CA_ECDSA: ""
|
||||
CA: ""
|
||||
CA_EMAIL: ""
|
||||
- TEST_ACME_Server: "ZeroSSL.com"
|
||||
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
|
||||
CA: "ZeroSSL RSA Domain Secure Site CA"
|
||||
CA_EMAIL: "githubtest@acme.sh"
|
||||
runs-on: windows-latest
|
||||
env:
|
||||
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
|
||||
CA_ECDSA: ${{ matrix.CA_ECDSA }}
|
||||
CA: ${{ matrix.CA }}
|
||||
CA_EMAIL: ${{ matrix.CA_EMAIL }}
|
||||
TEST_LOCAL: 1
|
||||
#The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port.
|
||||
Le_HTTPPort: 8888
|
||||
steps:
|
||||
- name: Set git to use LF
|
||||
run: |
|
||||
git config --global core.autocrlf false
|
||||
- uses: actions/checkout@v2
|
||||
- name: Install cygwin base packages with chocolatey
|
||||
run: |
|
||||
choco config get cacheLocation
|
||||
choco install --no-progress cygwin
|
||||
shell: cmd
|
||||
- name: Install cygwin additional packages
|
||||
run: |
|
||||
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
|
||||
shell: cmd
|
||||
- name: Set ENV
|
||||
shell: cmd
|
||||
run: |
|
||||
echo PATH=C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin >> %GITHUB_ENV%
|
||||
- name: Check ENV
|
||||
shell: cmd
|
||||
run: |
|
||||
echo "PATH=%PATH%"
|
||||
- name: Clone acmetest
|
||||
shell: cmd
|
||||
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
|
||||
- name: Run acmetest
|
||||
shell: cmd
|
||||
run: cd ../acmetest && bash.exe -c ./letest.sh
|
||||
|
||||
|
||||
|
5
.github/workflows/dockerhub.yml
vendored
5
.github/workflows/dockerhub.yml
vendored
@ -6,6 +6,11 @@ on:
|
||||
- '*'
|
||||
tags:
|
||||
- '*'
|
||||
paths:
|
||||
- '**.sh'
|
||||
- "Dockerfile"
|
||||
- '.github/workflows/dockerhub.yml'
|
||||
|
||||
|
||||
jobs:
|
||||
CheckToken:
|
||||
|
4
.github/workflows/shellcheck.yml
vendored
4
.github/workflows/shellcheck.yml
vendored
@ -5,13 +5,13 @@ on:
|
||||
- '*'
|
||||
paths:
|
||||
- '**.sh'
|
||||
- '**.yml'
|
||||
- '.github/workflows/shellcheck.yml'
|
||||
pull_request:
|
||||
branches:
|
||||
- dev
|
||||
paths:
|
||||
- '**.sh'
|
||||
- '**.yml'
|
||||
- '.github/workflows/shellcheck.yml'
|
||||
|
||||
jobs:
|
||||
ShellCheck:
|
||||
|
@ -1,7 +1,6 @@
|
||||
FROM alpine:3.12
|
||||
|
||||
RUN apk update -f \
|
||||
&& apk --no-cache add -f \
|
||||
RUN apk --no-cache add -f \
|
||||
openssl \
|
||||
openssh-client \
|
||||
coreutils \
|
||||
@ -12,8 +11,7 @@ RUN apk update -f \
|
||||
tzdata \
|
||||
oath-toolkit-oathtool \
|
||||
tar \
|
||||
libidn \
|
||||
&& rm -rf /var/cache/apk/*
|
||||
libidn
|
||||
|
||||
ENV LE_CONFIG_HOME /acme.sh
|
||||
|
||||
@ -22,7 +20,7 @@ ARG AUTO_UPGRADE=1
|
||||
ENV AUTO_UPGRADE $AUTO_UPGRADE
|
||||
|
||||
#Install
|
||||
ADD ./ /install_acme.sh/
|
||||
COPY ./ /install_acme.sh/
|
||||
RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) && rm -rf /install_acme.sh/
|
||||
|
||||
|
||||
|
71
README.md
71
README.md
@ -1,6 +1,11 @@
|
||||
# An ACME Shell script: acme.sh
|
||||
|
||||
![LetsEncrypt](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)
|
||||
[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml)
|
||||
[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml)
|
||||
[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)
|
||||
[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)
|
||||
[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)
|
||||
|
||||
![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg)
|
||||
![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
|
||||
![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg)
|
||||
@ -15,18 +20,18 @@
|
||||
|
||||
- An ACME protocol client written purely in Shell (Unix shell) language.
|
||||
- Full ACME protocol implementation.
|
||||
- Support ACME v1 and ACME v2
|
||||
- Support ACME v2 wildcard certs
|
||||
- Support ECDSA certs
|
||||
- Support SAN and wildcard certs
|
||||
- Simple, powerful and very easy to use. You only need 3 minutes to learn it.
|
||||
- Bash, dash and sh compatible.
|
||||
- Purely written in Shell with no dependencies on python or the official Let's Encrypt client.
|
||||
- Purely written in Shell with no dependencies on python.
|
||||
- Just one script to issue, renew and install your certificates automatically.
|
||||
- DOES NOT require `root/sudoer` access.
|
||||
- Docker friendly
|
||||
- IPv6 support
|
||||
- Docker ready
|
||||
- IPv6 ready
|
||||
- Cron job notifications for renewal or error etc.
|
||||
|
||||
It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt.
|
||||
It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates.
|
||||
|
||||
Wiki: https://github.com/acmesh-official/acme.sh/wiki
|
||||
|
||||
@ -57,37 +62,39 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
|
||||
|
||||
| NO | Status| Platform|
|
||||
|----|-------|---------|
|
||||
|1|[![MacOS](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Mac OSX
|
||||
|2|[![Windows](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Windows (cygwin with curl, openssl and crontab included)
|
||||
|3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|FreeBSD
|
||||
|4|[![Solaris](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Solaris
|
||||
|5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)| Ubuntu
|
||||
|6|[![](https://acmesh-official.github.io/acmetest/status/pfsense.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|pfsense
|
||||
|7|[![](https://acmesh-official.github.io/acmetest/status/openbsd.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|OpenBSD
|
||||
|8|[![](https://acmesh-official.github.io/acmetest/status/debian-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)| Debian
|
||||
|9|[![](https://acmesh-official.github.io/acmetest/status/centos-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|CentOS
|
||||
|10|[![](https://acmesh-official.github.io/acmetest/status/opensuse-leap-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|openSUSE
|
||||
|11|[![](https://acmesh-official.github.io/acmetest/status/alpine-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Alpine Linux (with curl)
|
||||
|12|[![](https://acmesh-official.github.io/acmetest/status/archlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Archlinux
|
||||
|13|[![](https://acmesh-official.github.io/acmetest/status/fedora-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|fedora
|
||||
|14|[![](https://acmesh-official.github.io/acmetest/status/kalilinux-kali.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Kali Linux
|
||||
|15|[![](https://acmesh-official.github.io/acmetest/status/oraclelinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Oracle Linux
|
||||
|16|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management)
|
||||
|17|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111
|
||||
|18|[![](https://acmesh-official.github.io/acmetest/status/mageia.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Mageia
|
||||
|19|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
|
||||
|20|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Gentoo Linux
|
||||
|21|[![](https://acmesh-official.github.io/acmetest/status/clearlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|ClearLinux
|
||||
|1|[![MacOS](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/MacOS.yml)|Mac OSX
|
||||
|2|[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)|Windows (cygwin with curl, openssl and crontab included)
|
||||
|3|[![FreeBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/FreeBSD.yml)|FreeBSD
|
||||
|4|[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)|Solaris
|
||||
|5|[![Ubuntu](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Ubuntu.yml)| Ubuntu
|
||||
|6|NA|pfsense
|
||||
|7|NA|OpenBSD
|
||||
|8|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian
|
||||
|9|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS
|
||||
|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE
|
||||
|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl)
|
||||
|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux
|
||||
|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora
|
||||
|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux
|
||||
|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux
|
||||
|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia
|
||||
|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux
|
||||
|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux
|
||||
|19|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111
|
||||
|20|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
|
||||
|21|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management)
|
||||
|
||||
For all build statuses, check our [weekly build project](https://github.com/acmesh-official/acmetest):
|
||||
|
||||
Check our [testing project](https://github.com/acmesh-official/acmetest):
|
||||
|
||||
https://github.com/acmesh-official/acmetest
|
||||
|
||||
# Supported CA
|
||||
|
||||
- Letsencrypt.org CA(default)
|
||||
- [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)
|
||||
- [ZeroSSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA)(default)
|
||||
- Letsencrypt.org CA
|
||||
- [BuyPass.com CA](https://github.com/acmesh-official/acme.sh/wiki/BuyPass.com-CA)
|
||||
- [SSL.com CA](https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA)
|
||||
- [Pebble strict Mode](https://github.com/letsencrypt/pebble)
|
||||
- Any other [RFC8555](https://tools.ietf.org/html/rfc8555)-compliant CA
|
||||
|
||||
@ -469,7 +476,7 @@ TODO:
|
||||
|
||||
### Code Contributors
|
||||
|
||||
This project exists thanks to all the people who contribute. [[Contribute](CONTRIBUTING.md)].
|
||||
This project exists thanks to all the people who contribute.
|
||||
<a href="https://github.com/acmesh-official/acme.sh/graphs/contributors"><img src="https://opencollective.com/acmesh/contributors.svg?width=890&button=false" /></a>
|
||||
|
||||
### Financial Contributors
|
||||
|
348
acme.sh
348
acme.sh
@ -1,6 +1,6 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
VER=2.9.0
|
||||
VER=3.0.1
|
||||
|
||||
PROJECT_NAME="acme.sh"
|
||||
|
||||
@ -20,6 +20,8 @@ _SUB_FOLDER_DEPLOY="deploy"
|
||||
|
||||
_SUB_FOLDERS="$_SUB_FOLDER_DNSAPI $_SUB_FOLDER_DEPLOY $_SUB_FOLDER_NOTIFY"
|
||||
|
||||
CA_LETSENCRYPT_V1="https://acme-v01.api.letsencrypt.org/directory"
|
||||
|
||||
CA_LETSENCRYPT_V2="https://acme-v02.api.letsencrypt.org/directory"
|
||||
CA_LETSENCRYPT_V2_TEST="https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
|
||||
@ -29,18 +31,22 @@ CA_BUYPASS_TEST="https://api.test4.buypass.no/acme/directory"
|
||||
CA_ZEROSSL="https://acme.zerossl.com/v2/DV90"
|
||||
_ZERO_EAB_ENDPOINT="http://api.zerossl.com/acme/eab-credentials-email"
|
||||
|
||||
DEFAULT_CA=$CA_LETSENCRYPT_V2
|
||||
CA_SSLCOM_RSA="https://acme.ssl.com/sslcom-dv-rsa"
|
||||
CA_SSLCOM_ECC="https://acme.ssl.com/sslcom-dv-ecc"
|
||||
|
||||
DEFAULT_CA=$CA_ZEROSSL
|
||||
DEFAULT_STAGING_CA=$CA_LETSENCRYPT_V2_TEST
|
||||
|
||||
CA_NAMES="
|
||||
ZeroSSL.com,zerossl
|
||||
LetsEncrypt.org,letsencrypt
|
||||
LetsEncrypt.org_test,letsencrypt_test,letsencrypttest
|
||||
BuyPass.com,buypass
|
||||
BuyPass.com_test,buypass_test,buypasstest
|
||||
ZeroSSL.com,zerossl
|
||||
SSL.com,sslcom
|
||||
"
|
||||
|
||||
CA_SERVERS="$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_ZEROSSL"
|
||||
CA_SERVERS="$CA_ZEROSSL,$CA_LETSENCRYPT_V2,$CA_LETSENCRYPT_V2_TEST,$CA_BUYPASS,$CA_BUYPASS_TEST,$CA_SSLCOM_RSA"
|
||||
|
||||
DEFAULT_USER_AGENT="$PROJECT_NAME/$VER ($PROJECT)"
|
||||
|
||||
@ -155,6 +161,8 @@ _REVOKE_WIKI="https://github.com/acmesh-official/acme.sh/wiki/revokecert"
|
||||
|
||||
_ZEROSSL_WIKI="https://github.com/acmesh-official/acme.sh/wiki/ZeroSSL.com-CA"
|
||||
|
||||
_SSLCOM_WIKI="https://github.com/acmesh-official/acme.sh/wiki/SSL.com-CA"
|
||||
|
||||
_SERVER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Server"
|
||||
|
||||
_PREFERRED_CHAIN_WIKI="https://github.com/acmesh-official/acme.sh/wiki/Preferred-Chain"
|
||||
@ -1210,7 +1218,7 @@ _createcsr() {
|
||||
_debug2 csr "$csr"
|
||||
_debug2 csrconf "$csrconf"
|
||||
|
||||
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment" >"$csrconf"
|
||||
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\n\n" >"$csrconf"
|
||||
|
||||
if [ "$acmeValidationv1" ]; then
|
||||
domainlist="$(_idn "$domainlist")"
|
||||
@ -1762,7 +1770,7 @@ _inithttp() {
|
||||
if [ -z "$ACME_HTTP_NO_REDIRECTS" ]; then
|
||||
_ACME_CURL="$_ACME_CURL -L "
|
||||
fi
|
||||
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
|
||||
if [ "$DEBUG" ] && [ "$DEBUG" -ge 2 ]; then
|
||||
_CURL_DUMP="$(_mktemp)"
|
||||
_ACME_CURL="$_ACME_CURL --trace-ascii $_CURL_DUMP "
|
||||
fi
|
||||
@ -1802,6 +1810,8 @@ _inithttp() {
|
||||
|
||||
}
|
||||
|
||||
_HTTP_MAX_RETRY=8
|
||||
|
||||
# body url [needbase64] [POST|PUT|DELETE] [ContentType]
|
||||
_post() {
|
||||
body="$1"
|
||||
@ -1809,6 +1819,33 @@ _post() {
|
||||
needbase64="$3"
|
||||
httpmethod="$4"
|
||||
_postContentType="$5"
|
||||
_sleep_retry_sec=1
|
||||
_http_retry_times=0
|
||||
_hcode=0
|
||||
while [ "${_http_retry_times}" -le "$_HTTP_MAX_RETRY" ]; do
|
||||
[ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ]
|
||||
_lastHCode="$?"
|
||||
_debug "Retrying post"
|
||||
_post_impl "$body" "$_post_url" "$needbase64" "$httpmethod" "$_postContentType" "$_lastHCode"
|
||||
_hcode="$?"
|
||||
_debug _hcode "$_hcode"
|
||||
if [ "$_hcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
_http_retry_times=$(_math $_http_retry_times + 1)
|
||||
_sleep $_sleep_retry_sec
|
||||
done
|
||||
return $_hcode
|
||||
}
|
||||
|
||||
# body url [needbase64] [POST|PUT|DELETE] [ContentType] [displayError]
|
||||
_post_impl() {
|
||||
body="$1"
|
||||
_post_url="$2"
|
||||
needbase64="$3"
|
||||
httpmethod="$4"
|
||||
_postContentType="$5"
|
||||
displayError="$6"
|
||||
|
||||
if [ -z "$httpmethod" ]; then
|
||||
httpmethod="POST"
|
||||
@ -1860,7 +1897,9 @@ _post() {
|
||||
fi
|
||||
_ret="$?"
|
||||
if [ "$_ret" != "0" ]; then
|
||||
_err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret"
|
||||
if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
|
||||
_err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $_ret"
|
||||
fi
|
||||
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
|
||||
_err "Here is the curl dump log:"
|
||||
_err "$(cat "$_CURL_DUMP")"
|
||||
@ -1916,7 +1955,9 @@ _post() {
|
||||
_debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later."
|
||||
fi
|
||||
if [ "$_ret" != "0" ]; then
|
||||
_err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret"
|
||||
if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
|
||||
_err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $_ret"
|
||||
fi
|
||||
fi
|
||||
_sed_i "s/^ *//g" "$HTTP_HEADER"
|
||||
else
|
||||
@ -1930,13 +1971,38 @@ _post() {
|
||||
|
||||
# url getheader timeout
|
||||
_get() {
|
||||
url="$1"
|
||||
onlyheader="$2"
|
||||
t="$3"
|
||||
_sleep_retry_sec=1
|
||||
_http_retry_times=0
|
||||
_hcode=0
|
||||
while [ "${_http_retry_times}" -le "$_HTTP_MAX_RETRY" ]; do
|
||||
[ "$_http_retry_times" = "$_HTTP_MAX_RETRY" ]
|
||||
_lastHCode="$?"
|
||||
_debug "Retrying GET"
|
||||
_get_impl "$url" "$onlyheader" "$t" "$_lastHCode"
|
||||
_hcode="$?"
|
||||
_debug _hcode "$_hcode"
|
||||
if [ "$_hcode" = "0" ]; then
|
||||
break
|
||||
fi
|
||||
_http_retry_times=$(_math $_http_retry_times + 1)
|
||||
_sleep $_sleep_retry_sec
|
||||
done
|
||||
return $_hcode
|
||||
}
|
||||
|
||||
# url getheader timeout displayError
|
||||
_get_impl() {
|
||||
_debug GET
|
||||
url="$1"
|
||||
onlyheader="$2"
|
||||
t="$3"
|
||||
displayError="$4"
|
||||
_debug url "$url"
|
||||
_debug "timeout=$t"
|
||||
|
||||
_debug "displayError" "$displayError"
|
||||
_inithttp
|
||||
|
||||
if [ "$_ACME_CURL" ] && [ "${ACME_USE_WGET:-0}" = "0" ]; then
|
||||
@ -1955,7 +2021,9 @@ _get() {
|
||||
fi
|
||||
ret=$?
|
||||
if [ "$ret" != "0" ]; then
|
||||
_err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret"
|
||||
if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
|
||||
_err "Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: $ret"
|
||||
fi
|
||||
if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
|
||||
_err "Here is the curl dump log:"
|
||||
_err "$(cat "$_CURL_DUMP")"
|
||||
@ -1981,7 +2049,9 @@ _get() {
|
||||
_debug "wget returns 8, the server returns a 'Bad request' response, lets process the response later."
|
||||
fi
|
||||
if [ "$ret" != "0" ]; then
|
||||
_err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret"
|
||||
if [ -z "$displayError" ] || [ "$displayError" = "0" ]; then
|
||||
_err "Please refer to https://www.gnu.org/software/wget/manual/html_node/Exit-Status.html for error code: $ret"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
ret=$?
|
||||
@ -2529,17 +2599,33 @@ __initHome() {
|
||||
fi
|
||||
}
|
||||
|
||||
_clearAPI() {
|
||||
ACME_NEW_ACCOUNT=""
|
||||
ACME_KEY_CHANGE=""
|
||||
ACME_NEW_AUTHZ=""
|
||||
ACME_NEW_ORDER=""
|
||||
ACME_REVOKE_CERT=""
|
||||
ACME_NEW_NONCE=""
|
||||
ACME_AGREEMENT=""
|
||||
}
|
||||
|
||||
#server
|
||||
_initAPI() {
|
||||
_api_server="${1:-$ACME_DIRECTORY}"
|
||||
_debug "_init api for server: $_api_server"
|
||||
|
||||
if [ -z "$ACME_NEW_ACCOUNT" ]; then
|
||||
MAX_API_RETRY_TIMES=10
|
||||
_sleep_retry_sec=10
|
||||
_request_retry_times=0
|
||||
while [ -z "$ACME_NEW_ACCOUNT" ] && [ "${_request_retry_times}" -lt "$MAX_API_RETRY_TIMES" ]; do
|
||||
_request_retry_times=$(_math "$_request_retry_times" + 1)
|
||||
response=$(_get "$_api_server")
|
||||
if [ "$?" != "0" ]; then
|
||||
_debug2 "response" "$response"
|
||||
_err "Can not init api."
|
||||
return 1
|
||||
_info "Can not init api for: $_api_server."
|
||||
_info "Sleep $_sleep_retry_sec and retry."
|
||||
_sleep "$_sleep_retry_sec"
|
||||
continue
|
||||
fi
|
||||
response=$(echo "$response" | _json_decode)
|
||||
_debug2 "response" "$response"
|
||||
@ -2572,8 +2658,17 @@ _initAPI() {
|
||||
_debug "ACME_REVOKE_CERT" "$ACME_REVOKE_CERT"
|
||||
_debug "ACME_AGREEMENT" "$ACME_AGREEMENT"
|
||||
_debug "ACME_NEW_NONCE" "$ACME_NEW_NONCE"
|
||||
|
||||
if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then
|
||||
return 0
|
||||
fi
|
||||
_info "Sleep $_sleep_retry_sec and retry."
|
||||
_sleep "$_sleep_retry_sec"
|
||||
done
|
||||
if [ "$ACME_NEW_ACCOUNT" ] && [ "$ACME_NEW_ORDER" ]; then
|
||||
return 0
|
||||
fi
|
||||
_err "Can not init api, for $_api_server"
|
||||
return 1
|
||||
}
|
||||
|
||||
#[domain] [keylength or isEcc flag]
|
||||
@ -2617,15 +2712,44 @@ _initpath() {
|
||||
_ACME_SERVER_HOST="$(echo "$ACME_DIRECTORY" | cut -d : -f 2 | tr -s / | cut -d / -f 2)"
|
||||
_debug2 "_ACME_SERVER_HOST" "$_ACME_SERVER_HOST"
|
||||
|
||||
CA_DIR="$CA_HOME/$_ACME_SERVER_HOST"
|
||||
_ACME_SERVER_PATH="$(echo "$ACME_DIRECTORY" | cut -d : -f 2- | tr -s / | cut -d / -f 3-)"
|
||||
_debug2 "_ACME_SERVER_PATH" "$_ACME_SERVER_PATH"
|
||||
|
||||
CA_DIR="$CA_HOME/$_ACME_SERVER_HOST/$_ACME_SERVER_PATH"
|
||||
_DEFAULT_CA_CONF="$CA_DIR/ca.conf"
|
||||
|
||||
if [ -z "$CA_CONF" ]; then
|
||||
CA_CONF="$_DEFAULT_CA_CONF"
|
||||
fi
|
||||
_debug3 CA_CONF "$CA_CONF"
|
||||
|
||||
_OLD_CADIR="$CA_HOME/$_ACME_SERVER_HOST"
|
||||
_OLD_ACCOUNT_KEY="$_OLD_CADIR/account.key"
|
||||
_OLD_ACCOUNT_JSON="$_OLD_CADIR/account.json"
|
||||
_OLD_CA_CONF="$_OLD_CADIR/ca.conf"
|
||||
|
||||
_DEFAULT_ACCOUNT_KEY_PATH="$CA_DIR/account.key"
|
||||
_DEFAULT_ACCOUNT_JSON_PATH="$CA_DIR/account.json"
|
||||
if [ -z "$ACCOUNT_KEY_PATH" ]; then
|
||||
ACCOUNT_KEY_PATH="$_DEFAULT_ACCOUNT_KEY_PATH"
|
||||
if [ -f "$_OLD_ACCOUNT_KEY" ] && ! [ -f "$ACCOUNT_KEY_PATH" ]; then
|
||||
mkdir -p "$CA_DIR"
|
||||
mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -z "$ACCOUNT_JSON_PATH" ]; then
|
||||
ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH"
|
||||
if [ -f "$_OLD_ACCOUNT_JSON" ] && ! [ -f "$ACCOUNT_JSON_PATH" ]; then
|
||||
mkdir -p "$CA_DIR"
|
||||
mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f "$_OLD_CA_CONF" ] && ! [ -f "$CA_CONF" ]; then
|
||||
mkdir -p "$CA_DIR"
|
||||
mv "$_OLD_CA_CONF" "$CA_CONF"
|
||||
fi
|
||||
|
||||
if [ -f "$CA_CONF" ]; then
|
||||
. "$CA_CONF"
|
||||
fi
|
||||
@ -2646,19 +2770,6 @@ _initpath() {
|
||||
HTTP_HEADER="$LE_CONFIG_HOME/http.header"
|
||||
fi
|
||||
|
||||
_OLD_ACCOUNT_KEY="$LE_WORKING_DIR/account.key"
|
||||
_OLD_ACCOUNT_JSON="$LE_WORKING_DIR/account.json"
|
||||
|
||||
_DEFAULT_ACCOUNT_KEY_PATH="$CA_DIR/account.key"
|
||||
_DEFAULT_ACCOUNT_JSON_PATH="$CA_DIR/account.json"
|
||||
if [ -z "$ACCOUNT_KEY_PATH" ]; then
|
||||
ACCOUNT_KEY_PATH="$_DEFAULT_ACCOUNT_KEY_PATH"
|
||||
fi
|
||||
|
||||
if [ -z "$ACCOUNT_JSON_PATH" ]; then
|
||||
ACCOUNT_JSON_PATH="$_DEFAULT_ACCOUNT_JSON_PATH"
|
||||
fi
|
||||
|
||||
_DEFAULT_CERT_HOME="$LE_CONFIG_HOME"
|
||||
if [ -z "$CERT_HOME" ]; then
|
||||
CERT_HOME="$_DEFAULT_CERT_HOME"
|
||||
@ -3056,10 +3167,10 @@ _checkConf() {
|
||||
_debug "Try include files"
|
||||
for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do
|
||||
_debug "check included $included"
|
||||
if !_startswith "$included" "/" && _exists dirname; then
|
||||
if ! _startswith "$included" "/" && _exists dirname; then
|
||||
_relpath="$(dirname "$_c_file")"
|
||||
_debug "_relpath" "$_relpath"
|
||||
included="$_relpath/included"
|
||||
included="$_relpath/$included"
|
||||
fi
|
||||
if _checkConf "$1" "$included"; then
|
||||
return 0
|
||||
@ -3271,6 +3382,8 @@ _on_before_issue() {
|
||||
if [ "$_chk_pre_hook" ]; then
|
||||
_info "Run pre hook:'$_chk_pre_hook'"
|
||||
if ! (
|
||||
export Le_Domain="$_chk_main_domain"
|
||||
export Le_Alt="$_chk_alt_domains"
|
||||
cd "$DOMAIN_PATH" && eval "$_chk_pre_hook"
|
||||
); then
|
||||
_err "Error when run pre hook."
|
||||
@ -3332,7 +3445,7 @@ _on_before_issue() {
|
||||
_netprc="$(_ss "$_checkport" | grep "$_checkport")"
|
||||
netprc="$(echo "$_netprc" | grep "$_checkaddr")"
|
||||
if [ -z "$netprc" ]; then
|
||||
netprc="$(echo "$_netprc" | grep "$LOCAL_ANY_ADDRESS")"
|
||||
netprc="$(echo "$_netprc" | grep "$LOCAL_ANY_ADDRESS:$_checkport")"
|
||||
fi
|
||||
if [ "$netprc" ]; then
|
||||
_err "$netprc"
|
||||
@ -3489,15 +3602,6 @@ _regAccount() {
|
||||
_initAPI
|
||||
|
||||
mkdir -p "$CA_DIR"
|
||||
if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then
|
||||
_info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH"
|
||||
mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH"
|
||||
fi
|
||||
|
||||
if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then
|
||||
_info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH"
|
||||
mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH"
|
||||
fi
|
||||
|
||||
if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
|
||||
if ! _create_account_key "$_reg_length"; then
|
||||
@ -3526,8 +3630,10 @@ _regAccount() {
|
||||
if [ -z "$_eab_id" ] || [ -z "$_eab_hmac_key" ]; then
|
||||
_info "No EAB credentials found for ZeroSSL, let's get one"
|
||||
if [ -z "$_email" ]; then
|
||||
_err "Please provide a email address for ZeroSSL account."
|
||||
_err "See ZeroSSL usage: $_ZEROSSL_WIKI"
|
||||
_info "$(__green "$PROJECT_NAME is using ZeroSSL as default CA now.")"
|
||||
_info "$(__green "Please update your account with an email address first.")"
|
||||
_info "$(__green "$PROJECT_ENTRY --register-account -m my@example.com")"
|
||||
_info "See: $(__green "$_ZEROSSL_WIKI")"
|
||||
return 1
|
||||
fi
|
||||
_eabresp=$(_post "email=$_email" $_ZERO_EAB_ENDPOINT)
|
||||
@ -3536,13 +3642,15 @@ _regAccount() {
|
||||
_err "Can not get EAB credentials from ZeroSSL."
|
||||
return 1
|
||||
fi
|
||||
_debug2 "$_eabresp"
|
||||
_eab_id="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')"
|
||||
_secure_debug2 _eabresp "$_eabresp"
|
||||
_eab_id="$(echo "$_eabresp" | tr ',}' '\n\n' | grep '"eab_kid"' | cut -d : -f 2 | tr -d '"')"
|
||||
_secure_debug2 _eab_id "$_eab_id"
|
||||
if [ -z "$_eab_id" ]; then
|
||||
_err "Can not resolve _eab_id"
|
||||
return 1
|
||||
fi
|
||||
_eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')"
|
||||
_eab_hmac_key="$(echo "$_eabresp" | tr ',}' '\n\n' | grep '"eab_hmac_key"' | cut -d : -f 2 | tr -d '"')"
|
||||
_secure_debug2 _eab_hmac_key "$_eab_hmac_key"
|
||||
if [ -z "$_eab_hmac_key" ]; then
|
||||
_err "Can not resolve _eab_hmac_key"
|
||||
return 1
|
||||
@ -3564,7 +3672,7 @@ _regAccount() {
|
||||
eab_sign_t="$eab_protected64.$eab_payload64"
|
||||
_debug3 eab_sign_t "$eab_sign_t"
|
||||
|
||||
key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 | _hex_dump | tr -d ' ')"
|
||||
key_hex="$(_durl_replace_base64 "$_eab_hmac_key" | _dbase64 multi | _hex_dump | tr -d ' ')"
|
||||
_debug3 key_hex "$key_hex"
|
||||
|
||||
eab_signature=$(printf "%s" "$eab_sign_t" | _hmac sha256 $key_hex | _base64 | _url_replace)
|
||||
@ -3631,16 +3739,6 @@ _regAccount() {
|
||||
updateaccount() {
|
||||
_initpath
|
||||
|
||||
if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then
|
||||
_info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH"
|
||||
mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH"
|
||||
fi
|
||||
|
||||
if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then
|
||||
_info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH"
|
||||
mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH"
|
||||
fi
|
||||
|
||||
if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
|
||||
_err "Account key is not found at: $ACCOUNT_KEY_PATH"
|
||||
return 1
|
||||
@ -3683,16 +3781,6 @@ updateaccount() {
|
||||
deactivateaccount() {
|
||||
_initpath
|
||||
|
||||
if [ ! -f "$ACCOUNT_KEY_PATH" ] && [ -f "$_OLD_ACCOUNT_KEY" ]; then
|
||||
_info "mv $_OLD_ACCOUNT_KEY to $ACCOUNT_KEY_PATH"
|
||||
mv "$_OLD_ACCOUNT_KEY" "$ACCOUNT_KEY_PATH"
|
||||
fi
|
||||
|
||||
if [ ! -f "$ACCOUNT_JSON_PATH" ] && [ -f "$_OLD_ACCOUNT_JSON" ]; then
|
||||
_info "mv $_OLD_ACCOUNT_JSON to $ACCOUNT_JSON_PATH"
|
||||
mv "$_OLD_ACCOUNT_JSON" "$ACCOUNT_JSON_PATH"
|
||||
fi
|
||||
|
||||
if [ ! -f "$ACCOUNT_KEY_PATH" ]; then
|
||||
_err "Account key is not found at: $ACCOUNT_KEY_PATH"
|
||||
return 1
|
||||
@ -3903,7 +3991,7 @@ _ns_lookup_ali() {
|
||||
}
|
||||
|
||||
_ns_is_available_dp() {
|
||||
if _get "https://dns.alidns.com" "" 1 >/dev/null 2>&1; then
|
||||
if _get "https://doh.pub" "" 1 >/dev/null 2>&1; then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
@ -4123,6 +4211,10 @@ issue() {
|
||||
if [ -z "$_ACME_IS_RENEW" ]; then
|
||||
_initpath "$_main_domain" "$_key_length"
|
||||
mkdir -p "$DOMAIN_PATH"
|
||||
elif ! _hasfield "$_web_roots" "$W_DNS"; then
|
||||
Le_OrderFinalize=""
|
||||
Le_LinkOrder=""
|
||||
Le_LinkCert=""
|
||||
fi
|
||||
|
||||
if _hasfield "$_web_roots" "$W_DNS" && [ -z "$FORCE_DNS_MANUAL" ]; then
|
||||
@ -4132,7 +4224,9 @@ issue() {
|
||||
|
||||
_debug "Using ACME_DIRECTORY: $ACME_DIRECTORY"
|
||||
|
||||
_initAPI
|
||||
if ! _initAPI; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -f "$DOMAIN_CONF" ]; then
|
||||
Le_NextRenewTime=$(_readdomainconf Le_NextRenewTime)
|
||||
@ -4688,26 +4782,13 @@ $_authorizations_map"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug "sleep 2 secs to verify"
|
||||
sleep 2
|
||||
_debug "checking"
|
||||
|
||||
_send_signed_request "$uri"
|
||||
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "$d:Verify error:$response"
|
||||
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
|
||||
_clearup
|
||||
_on_issue_err "$_post_hook" "$vlist"
|
||||
return 1
|
||||
fi
|
||||
_debug2 original "$response"
|
||||
|
||||
response="$(echo "$response" | _normalizeJson)"
|
||||
_debug2 response "$response"
|
||||
|
||||
status=$(echo "$response" | _egrep_o '"status":"[^"]*' | cut -d : -f 2 | tr -d '"')
|
||||
|
||||
_debug2 status "$status"
|
||||
if _contains "$status" "invalid"; then
|
||||
error="$(echo "$response" | _egrep_o '"error":\{[^\}]*')"
|
||||
_debug2 error "$error"
|
||||
@ -4739,9 +4820,9 @@ $_authorizations_map"
|
||||
fi
|
||||
|
||||
if [ "$status" = "pending" ]; then
|
||||
_info "Pending"
|
||||
_info "Pending, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)"
|
||||
elif [ "$status" = "processing" ]; then
|
||||
_info "Processing"
|
||||
_info "Processing, The CA is processing your order, please just wait. ($waittimes/$MAX_RETRY_TIMES)"
|
||||
else
|
||||
_err "$d:Verify error:$response"
|
||||
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
|
||||
@ -4749,7 +4830,19 @@ $_authorizations_map"
|
||||
_on_issue_err "$_post_hook" "$vlist"
|
||||
return 1
|
||||
fi
|
||||
_debug "sleep 2 secs to verify again"
|
||||
sleep 2
|
||||
_debug "checking"
|
||||
|
||||
_send_signed_request "$uri"
|
||||
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "$d:Verify error:$response"
|
||||
_clearupwebbroot "$_currentRoot" "$removelevel" "$token"
|
||||
_clearup
|
||||
_on_issue_err "$_post_hook" "$vlist"
|
||||
return 1
|
||||
fi
|
||||
done
|
||||
|
||||
done
|
||||
@ -4895,10 +4988,10 @@ $_authorizations_map"
|
||||
_info "$(__green "Cert success.")"
|
||||
cat "$CERT_PATH"
|
||||
|
||||
_info "Your cert is in $(__green " $CERT_PATH ")"
|
||||
_info "Your cert is in: $(__green "$CERT_PATH")"
|
||||
|
||||
if [ -f "$CERT_KEY_PATH" ]; then
|
||||
_info "Your cert key is in $(__green " $CERT_KEY_PATH ")"
|
||||
_info "Your cert key is in: $(__green "$CERT_KEY_PATH")"
|
||||
fi
|
||||
|
||||
if [ ! "$USER_PATH" ] || [ ! "$_ACME_IN_CRON" ]; then
|
||||
@ -4907,8 +5000,8 @@ $_authorizations_map"
|
||||
fi
|
||||
fi
|
||||
|
||||
[ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in $(__green " $CA_CERT_PATH ")"
|
||||
[ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green " $CERT_FULLCHAIN_PATH ")"
|
||||
[ -f "$CA_CERT_PATH" ] && _info "The intermediate CA cert is in: $(__green "$CA_CERT_PATH")"
|
||||
[ -f "$CERT_FULLCHAIN_PATH" ] && _info "And the full chain certs is there: $(__green "$CERT_FULLCHAIN_PATH")"
|
||||
|
||||
Le_CertCreateTime=$(_time)
|
||||
_savedomainconf "Le_CertCreateTime" "$Le_CertCreateTime"
|
||||
@ -5019,8 +5112,16 @@ renew() {
|
||||
|
||||
. "$DOMAIN_CONF"
|
||||
_debug Le_API "$Le_API"
|
||||
if [ -z "$Le_API" ] || [ "$CA_LETSENCRYPT_V1" = "$Le_API" ]; then
|
||||
#if this is from an old version, Le_API is empty,
|
||||
#so, we force to use letsencrypt server
|
||||
Le_API="$CA_LETSENCRYPT_V2"
|
||||
fi
|
||||
|
||||
if [ "$Le_API" ]; then
|
||||
if [ "$Le_API" != "$ACME_DIRECTORY" ]; then
|
||||
_clearAPI
|
||||
fi
|
||||
export ACME_DIRECTORY="$Le_API"
|
||||
#reload ca configs
|
||||
ACCOUNT_KEY_PATH=""
|
||||
@ -5028,6 +5129,7 @@ renew() {
|
||||
CA_CONF=""
|
||||
_debug3 "initpath again."
|
||||
_initpath "$Le_Domain" "$_isEcc"
|
||||
_initAPI
|
||||
fi
|
||||
|
||||
if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then
|
||||
@ -5443,7 +5545,7 @@ _installcert() {
|
||||
mkdir -p "$_backup_path"
|
||||
|
||||
if [ "$_real_cert" ]; then
|
||||
_info "Installing cert to:$_real_cert"
|
||||
_info "Installing cert to: $_real_cert"
|
||||
if [ -f "$_real_cert" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
||||
cp "$_real_cert" "$_backup_path/cert.bak"
|
||||
fi
|
||||
@ -5451,7 +5553,7 @@ _installcert() {
|
||||
fi
|
||||
|
||||
if [ "$_real_ca" ]; then
|
||||
_info "Installing CA to:$_real_ca"
|
||||
_info "Installing CA to: $_real_ca"
|
||||
if [ "$_real_ca" = "$_real_cert" ]; then
|
||||
echo "" >>"$_real_ca"
|
||||
cat "$CA_CERT_PATH" >>"$_real_ca" || return 1
|
||||
@ -5464,7 +5566,7 @@ _installcert() {
|
||||
fi
|
||||
|
||||
if [ "$_real_key" ]; then
|
||||
_info "Installing key to:$_real_key"
|
||||
_info "Installing key to: $_real_key"
|
||||
if [ -f "$_real_key" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
||||
cp "$_real_key" "$_backup_path/key.bak"
|
||||
fi
|
||||
@ -5477,7 +5579,7 @@ _installcert() {
|
||||
fi
|
||||
|
||||
if [ "$_real_fullchain" ]; then
|
||||
_info "Installing full chain to:$_real_fullchain"
|
||||
_info "Installing full chain to: $_real_fullchain"
|
||||
if [ -f "$_real_fullchain" ] && [ ! "$_ACME_IS_RENEW" ]; then
|
||||
cp "$_real_fullchain" "$_backup_path/fullchain.bak"
|
||||
fi
|
||||
@ -5645,7 +5747,7 @@ uninstallcronjob() {
|
||||
_info "Removing cron job"
|
||||
cr="$($_CRONTAB -l | grep "$PROJECT_ENTRY --cron")"
|
||||
if [ "$cr" ]; then
|
||||
if _exists uname && uname -a | grep solaris >/dev/null; then
|
||||
if _exists uname && uname -a | grep SunOS >/dev/null; then
|
||||
$_CRONTAB -l | sed "/$PROJECT_ENTRY --cron/d" | $_CRONTAB --
|
||||
else
|
||||
$_CRONTAB -l | sed "/$PROJECT_ENTRY --cron/d" | $_CRONTAB -
|
||||
@ -5685,6 +5787,23 @@ revoke() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
. "$DOMAIN_CONF"
|
||||
_debug Le_API "$Le_API"
|
||||
|
||||
if [ "$Le_API" ]; then
|
||||
if [ "$Le_API" != "$ACME_DIRECTORY" ]; then
|
||||
_clearAPI
|
||||
fi
|
||||
export ACME_DIRECTORY="$Le_API"
|
||||
#reload ca configs
|
||||
ACCOUNT_KEY_PATH=""
|
||||
ACCOUNT_JSON_PATH=""
|
||||
CA_CONF=""
|
||||
_debug3 "initpath again."
|
||||
_initpath "$Le_Domain" "$_isEcc"
|
||||
_initAPI
|
||||
fi
|
||||
|
||||
cert="$(_getfile "${CERT_PATH}" "${BEGIN_CERT}" "${END_CERT}" | tr -d "\r\n" | _url_replace)"
|
||||
|
||||
if [ -z "$cert" ]; then
|
||||
@ -5764,7 +5883,24 @@ remove() {
|
||||
_deactivate() {
|
||||
_d_domain="$1"
|
||||
_d_type="$2"
|
||||
_initpath
|
||||
_initpath "$_d_domain" "$_d_type"
|
||||
|
||||
. "$DOMAIN_CONF"
|
||||
_debug Le_API "$Le_API"
|
||||
|
||||
if [ "$Le_API" ]; then
|
||||
if [ "$Le_API" != "$ACME_DIRECTORY" ]; then
|
||||
_clearAPI
|
||||
fi
|
||||
export ACME_DIRECTORY="$Le_API"
|
||||
#reload ca configs
|
||||
ACCOUNT_KEY_PATH=""
|
||||
ACCOUNT_JSON_PATH=""
|
||||
CA_CONF=""
|
||||
_debug3 "initpath again."
|
||||
_initpath "$Le_Domain" "$_d_type"
|
||||
_initAPI
|
||||
fi
|
||||
|
||||
_identifiers="{\"type\":\"dns\",\"value\":\"$_d_domain\"}"
|
||||
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
|
||||
@ -5795,7 +5931,7 @@ _deactivate() {
|
||||
_debug2 response "$response"
|
||||
_URL_NAME="url"
|
||||
|
||||
entries="$(echo "$response" | tr '][' '==' | _egrep_o "challenges\": *=[^=]*=" | tr '}{' '\n' | grep "\"status\": *\"valid\"")"
|
||||
entries="$(echo "$response" | tr '][' '==' | _egrep_o "challenges\": *=[^=]*=" | tr '}{' '\n\n' | grep "\"status\": *\"valid\"")"
|
||||
if [ -z "$entries" ]; then
|
||||
_info "No valid entries found."
|
||||
if [ -z "$thumbprint" ]; then
|
||||
@ -6559,7 +6695,7 @@ _getRepoHash() {
|
||||
_hash_path=$1
|
||||
shift
|
||||
_hash_url="https://api.github.com/repos/acmesh-official/$PROJECT_NAME/git/refs/$_hash_path"
|
||||
_get $_hash_url | tr -d "\r\n" | tr '{},' '\n' | grep '"sha":' | cut -d '"' -f 4
|
||||
_get $_hash_url | tr -d "\r\n" | tr '{},' '\n\n\n' | grep '"sha":' | cut -d '"' -f 4
|
||||
}
|
||||
|
||||
_getUpgradeHash() {
|
||||
@ -6632,9 +6768,10 @@ _checkSudo() {
|
||||
return 0
|
||||
}
|
||||
|
||||
#server
|
||||
#server #keylength
|
||||
_selectServer() {
|
||||
_server="$1"
|
||||
_skeylength="$2"
|
||||
_server_lower="$(echo "$_server" | _lower_case)"
|
||||
_sindex=0
|
||||
for snames in $CA_NAMES; do
|
||||
@ -6645,6 +6782,9 @@ _selectServer() {
|
||||
if [ "$_server_lower" = "$sname" ]; then
|
||||
_debug2 "_selectServer match $sname"
|
||||
_serverdir="$(_getfield "$CA_SERVERS" $_sindex)"
|
||||
if [ "$_serverdir" = "$CA_SSLCOM_RSA" ] && _isEccKey "$_skeylength"; then
|
||||
_serverdir="$CA_SSLCOM_ECC"
|
||||
fi
|
||||
_debug "Selected server: $_serverdir"
|
||||
ACME_DIRECTORY="$_serverdir"
|
||||
export ACME_DIRECTORY
|
||||
@ -6662,6 +6802,9 @@ _getCAShortName() {
|
||||
if [ -z "$caurl" ]; then
|
||||
caurl="$DEFAULT_CA"
|
||||
fi
|
||||
if [ "$CA_SSLCOM_ECC" = "$caurl" ]; then
|
||||
caurl="$CA_SSLCOM_RSA" #just hack to get the short name
|
||||
fi
|
||||
caurl_lower="$(echo $caurl | _lower_case)"
|
||||
_sindex=0
|
||||
for surl in $(echo "$CA_SERVERS" | _lower_case | tr , ' '); do
|
||||
@ -6876,7 +7019,6 @@ _process() {
|
||||
;;
|
||||
--server)
|
||||
_server="$2"
|
||||
_selectServer "$_server"
|
||||
shift
|
||||
;;
|
||||
--debug)
|
||||
@ -6975,7 +7117,6 @@ _process() {
|
||||
Le_DNSSleep="$_dnssleep"
|
||||
shift
|
||||
;;
|
||||
|
||||
--keylength | -k)
|
||||
_keylength="$2"
|
||||
shift
|
||||
@ -6984,7 +7125,6 @@ _process() {
|
||||
_accountkeylength="$2"
|
||||
shift
|
||||
;;
|
||||
|
||||
--cert-file | --certpath)
|
||||
_cert_file="$2"
|
||||
shift
|
||||
@ -7248,6 +7388,10 @@ _process() {
|
||||
shift 1
|
||||
done
|
||||
|
||||
if [ "$_server" ]; then
|
||||
_selectServer "$_server" "${_ecc:-$_keylength}"
|
||||
fi
|
||||
|
||||
if [ "${_CMD}" != "install" ]; then
|
||||
if [ "$__INTERACTIVE" ] && ! _checkSudo; then
|
||||
if [ -z "$FORCE" ]; then
|
||||
|
98
deploy/consul.sh
Normal file
98
deploy/consul.sh
Normal file
@ -0,0 +1,98 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
# Here is a script to deploy cert to hashicorp consul using curl
|
||||
# (https://www.consul.io/)
|
||||
#
|
||||
# it requires following environment variables:
|
||||
#
|
||||
# CONSUL_PREFIX - this contains the prefix path in consul
|
||||
# CONSUL_HTTP_ADDR - consul requires this to find your consul server
|
||||
#
|
||||
# additionally, you need to ensure that CONSUL_HTTP_TOKEN is available
|
||||
# to access the consul server
|
||||
|
||||
#returns 0 means success, otherwise error.
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
#domain keyfile certfile cafile fullchain
|
||||
consul_deploy() {
|
||||
|
||||
_cdomain="$1"
|
||||
_ckey="$2"
|
||||
_ccert="$3"
|
||||
_cca="$4"
|
||||
_cfullchain="$5"
|
||||
|
||||
_debug _cdomain "$_cdomain"
|
||||
_debug _ckey "$_ckey"
|
||||
_debug _ccert "$_ccert"
|
||||
_debug _cca "$_cca"
|
||||
_debug _cfullchain "$_cfullchain"
|
||||
|
||||
# validate required env vars
|
||||
_getdeployconf CONSUL_PREFIX
|
||||
if [ -z "$CONSUL_PREFIX" ]; then
|
||||
_err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)"
|
||||
return 1
|
||||
fi
|
||||
_savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX"
|
||||
|
||||
_getdeployconf CONSUL_HTTP_ADDR
|
||||
if [ -z "$CONSUL_HTTP_ADDR" ]; then
|
||||
_err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)"
|
||||
return 1
|
||||
fi
|
||||
_savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR"
|
||||
|
||||
CONSUL_CMD=$(command -v consul)
|
||||
|
||||
# force CLI, but the binary does not exist => error
|
||||
if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then
|
||||
_err "Cannot find the consul binary!"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# use the CLI first
|
||||
if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then
|
||||
_info "Found consul binary, deploying with CLI"
|
||||
consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX"
|
||||
else
|
||||
_info "Did not find consul binary, deploying with API"
|
||||
consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN"
|
||||
fi
|
||||
}
|
||||
|
||||
consul_deploy_api() {
|
||||
CONSUL_HTTP_ADDR="$1"
|
||||
CONSUL_PREFIX="$2"
|
||||
CONSUL_HTTP_TOKEN="$3"
|
||||
|
||||
URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX"
|
||||
export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN"
|
||||
|
||||
if [ -n "$FABIO" ]; then
|
||||
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1
|
||||
_post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1
|
||||
else
|
||||
_post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1
|
||||
_post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1
|
||||
_post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1
|
||||
_post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1
|
||||
fi
|
||||
}
|
||||
|
||||
consul_deploy_cli() {
|
||||
CONSUL_CMD="$1"
|
||||
CONSUL_PREFIX="$2"
|
||||
|
||||
if [ -n "$FABIO" ]; then
|
||||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1
|
||||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1
|
||||
else
|
||||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
|
||||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
|
||||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
|
||||
$CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
|
||||
fi
|
||||
}
|
@ -66,6 +66,12 @@ synology_dsm_deploy() {
|
||||
_getdeployconf SYNO_Certificate
|
||||
_debug SYNO_Certificate "${SYNO_Certificate:-}"
|
||||
|
||||
# shellcheck disable=SC1003 # We are not trying to escape a single quote
|
||||
if printf "%s" "$SYNO_Certificate" | grep '\\'; then
|
||||
_err "Do not use a backslash (\) in your certificate description"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port"
|
||||
_debug _base_url "$_base_url"
|
||||
|
||||
@ -110,7 +116,9 @@ synology_dsm_deploy() {
|
||||
_info "Getting certificates in Synology DSM"
|
||||
response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
|
||||
_debug3 response "$response"
|
||||
id=$(echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\"id\":\"\([^\"]*\).*/\1/p")
|
||||
escaped_certificate="$(printf "%s" "$SYNO_Certificate" | sed 's/\([].*^$[]\)/\\\1/g;s/"/\\\\"/g')"
|
||||
_debug escaped_certificate "$escaped_certificate"
|
||||
id=$(echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\"id\":\"\([^\"]*\).*/\1/p")
|
||||
_debug2 id "$id"
|
||||
|
||||
if [ -z "$id" ] && [ -z "${SYNO_Create:-}" ]; then
|
||||
@ -119,7 +127,7 @@ synology_dsm_deploy() {
|
||||
fi
|
||||
|
||||
# we've verified this certificate description is a thing, so save it
|
||||
_savedeployconf SYNO_Certificate "$SYNO_Certificate"
|
||||
_savedeployconf SYNO_Certificate "$SYNO_Certificate" "base64"
|
||||
|
||||
_info "Generate form POST request"
|
||||
nl="\0015\0012"
|
||||
@ -129,7 +137,7 @@ synology_dsm_deploy() {
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\0012"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_Certificate}"
|
||||
if echo "$response" | sed -n "s/.*\"desc\":\"$SYNO_Certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then
|
||||
if echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then
|
||||
_debug2 default "this is the default certificate"
|
||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}true"
|
||||
else
|
||||
|
@ -59,7 +59,7 @@ dns_1984hosting_add() {
|
||||
if _contains "$response" '"haserrors": true'; then
|
||||
_err "1984Hosting failed to add TXT record for $_sub_domain bad RC from _post"
|
||||
return 1
|
||||
elif _contains "$response" "<html>"; then
|
||||
elif _contains "$response" "html>"; then
|
||||
_err "1984Hosting failed to add TXT record for $_sub_domain. Check $HTTP_HEADER file"
|
||||
return 1
|
||||
elif _contains "$response" '"auth": false'; then
|
||||
@ -145,7 +145,7 @@ _1984hosting_login() {
|
||||
password=$(printf '%s' "$One984HOSTING_Password" | _url_encode)
|
||||
url="https://management.1984hosting.com/accounts/checkuserauth/"
|
||||
|
||||
response="$(_post "username=$username&password=$password&otpkey=" "$url")"
|
||||
response="$(_post "username=$username&password=$password&otpkey=" $url)"
|
||||
response="$(echo "$response" | _normalizeJson)"
|
||||
_debug2 response "$response"
|
||||
|
||||
@ -177,7 +177,6 @@ _check_cookie() {
|
||||
fi
|
||||
|
||||
_authget "https://management.1984hosting.com/accounts/loginstatus/"
|
||||
response="$(echo "$_response" | _normalizeJson)"
|
||||
if _contains "$response" '"ok": true'; then
|
||||
_debug "Cached cookie still valid"
|
||||
return 0
|
||||
@ -194,7 +193,7 @@ _check_cookie() {
|
||||
# _domain=domain.com
|
||||
_get_root() {
|
||||
domain="$1"
|
||||
i=2
|
||||
i=1
|
||||
p=1
|
||||
while true; do
|
||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||
@ -205,7 +204,7 @@ _get_root() {
|
||||
fi
|
||||
|
||||
_authget "https://management.1984hosting.com/domains/soacheck/?zone=$h&nameserver=ns0.1984.is."
|
||||
if _contains "$_response" "serial"; then
|
||||
if _contains "$_response" "serial" && ! _contains "$_response" "null"; then
|
||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||
_domain="$h"
|
||||
return 0
|
||||
@ -219,7 +218,8 @@ _get_root() {
|
||||
# add extra headers to request
|
||||
_authget() {
|
||||
export _H1="Cookie: $One984HOSTING_COOKIE"
|
||||
_response=$(_get "$1")
|
||||
_response=$(_get "$1" | _normalizeJson)
|
||||
_debug2 _response "$_response"
|
||||
}
|
||||
|
||||
# truncate huge HTML response
|
||||
|
@ -32,7 +32,7 @@ dns_aws_add() {
|
||||
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
|
||||
AWS_ACCESS_KEY_ID=""
|
||||
AWS_SECRET_ACCESS_KEY=""
|
||||
_err "You haven't specifed the aws route53 api key id and and api key secret yet."
|
||||
_err "You haven't specified the aws route53 api key id and and api key secret yet."
|
||||
_err "Please create your key and try again. see $(__green $AWS_WIKI)"
|
||||
return 1
|
||||
fi
|
||||
|
204
dnsapi/dns_azion.sh
Normal file
204
dnsapi/dns_azion.sh
Normal file
@ -0,0 +1,204 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
#
|
||||
#AZION_Email=""
|
||||
#AZION_Password=""
|
||||
#
|
||||
|
||||
AZION_Api="https://api.azionapi.net"
|
||||
|
||||
######## Public functions ########
|
||||
|
||||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||
# Used to add txt record
|
||||
dns_azion_add() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
_debug "Detect the root zone"
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "Domain not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug _sub_domain "$_sub_domain"
|
||||
_debug _domain "$_domain"
|
||||
_debug _domain_id "$_domain_id"
|
||||
|
||||
_info "Add or update record"
|
||||
_get_record "$_domain_id" "$_sub_domain"
|
||||
if [ "$record_id" ]; then
|
||||
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [$answers_list, \"$txtvalue\"], \"ttl\": 20}"
|
||||
if _azion_rest PUT "intelligent_dns/$_domain_id/records/$record_id" "$_payload"; then
|
||||
if _contains "$response" "$txtvalue"; then
|
||||
_info "Record updated."
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
else
|
||||
_payload="{\"record_type\": \"TXT\", \"entry\": \"$_sub_domain\", \"answers_list\": [\"$txtvalue\"], \"ttl\": 20}"
|
||||
if _azion_rest POST "intelligent_dns/$_domain_id/records" "$_payload"; then
|
||||
if _contains "$response" "$txtvalue"; then
|
||||
_info "Record added."
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
_err "Failed to add or update record."
|
||||
return 1
|
||||
}
|
||||
|
||||
# Usage: fulldomain txtvalue
|
||||
# Used to remove the txt record after validation
|
||||
dns_azion_rm() {
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
|
||||
_debug "Detect the root zone"
|
||||
if ! _get_root "$fulldomain"; then
|
||||
_err "Domain not found"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_debug _sub_domain "$_sub_domain"
|
||||
_debug _domain "$_domain"
|
||||
_debug _domain_id "$_domain_id"
|
||||
|
||||
_info "Removing record"
|
||||
_get_record "$_domain_id" "$_sub_domain"
|
||||
if [ "$record_id" ]; then
|
||||
if _azion_rest DELETE "intelligent_dns/$_domain_id/records/$record_id"; then
|
||||
_info "Record removed."
|
||||
return 0
|
||||
else
|
||||
_err "Failed to remove record."
|
||||
return 1
|
||||
fi
|
||||
else
|
||||
_info "Record not found or already removed."
|
||||
return 0
|
||||
fi
|
||||
}
|
||||
|
||||
#################### Private functions below ##################################
|
||||
# Usage: _acme-challenge.www.domain.com
|
||||
# returns
|
||||
# _sub_domain=_acme-challenge.www
|
||||
# _domain=domain.com
|
||||
# _domain_id=sdjkglgdfewsdfg
|
||||
_get_root() {
|
||||
domain=$1
|
||||
i=1
|
||||
p=1
|
||||
|
||||
if ! _azion_rest GET "intelligent_dns"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
while true; do
|
||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||
_debug h "$h"
|
||||
if [ -z "$h" ]; then
|
||||
# not valid
|
||||
return 1
|
||||
fi
|
||||
|
||||
if _contains "$response" "\"domain\":\"$h\""; then
|
||||
_domain_id=$(echo "$response" | tr '{' "\n" | grep "\"domain\":\"$h\"" | _egrep_o "\"id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \")
|
||||
_debug _domain_id "$_domain_id"
|
||||
if [ "$_domain_id" ]; then
|
||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||
_domain=$h
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
fi
|
||||
p=$i
|
||||
i=$(_math "$i" + 1)
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
_get_record() {
|
||||
_domain_id=$1
|
||||
_record=$2
|
||||
|
||||
if ! _azion_rest GET "intelligent_dns/$_domain_id/records"; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if _contains "$response" "\"entry\":\"$_record\""; then
|
||||
_json_record=$(echo "$response" | tr '{' "\n" | grep "\"entry\":\"$_record\"")
|
||||
if [ "$_json_record" ]; then
|
||||
record_id=$(echo "$_json_record" | _egrep_o "\"record_id\":[0-9]*" | _head_n 1 | cut -d : -f 2 | tr -d \")
|
||||
answers_list=$(echo "$_json_record" | _egrep_o "\"answers_list\":\[.*\]" | _head_n 1 | cut -d : -f 2 | tr -d \[\])
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
_get_token() {
|
||||
AZION_Email="${AZION_Email:-$(_readaccountconf_mutable AZION_Email)}"
|
||||
AZION_Password="${AZION_Password:-$(_readaccountconf_mutable AZION_Password)}"
|
||||
|
||||
if ! _contains "$AZION_Email" "@"; then
|
||||
_err "It seems that the AZION_Email is not a valid email address. Revalidate your environments."
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -z "$AZION_Email" ] || [ -z "$AZION_Password" ]; then
|
||||
_err "You didn't specified a AZION_Email/AZION_Password to generate Azion token."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_saveaccountconf_mutable AZION_Email "$AZION_Email"
|
||||
_saveaccountconf_mutable AZION_Password "$AZION_Password"
|
||||
|
||||
_basic_auth=$(printf "%s:%s" "$AZION_Email" "$AZION_Password" | _base64)
|
||||
_debug _basic_auth "$_basic_auth"
|
||||
|
||||
export _H1="Accept: application/json; version=3"
|
||||
export _H2="Content-Type: application/json"
|
||||
export _H3="Authorization: Basic $_basic_auth"
|
||||
|
||||
response="$(_post "" "$AZION_Api/tokens" "" "POST")"
|
||||
if _contains "$response" "\"token\":\"" >/dev/null; then
|
||||
_azion_token=$(echo "$response" | _egrep_o "\"token\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")
|
||||
export AZION_Token="$_azion_token"
|
||||
else
|
||||
_err "Failed to generate Azion token"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
_azion_rest() {
|
||||
_method=$1
|
||||
_uri="$2"
|
||||
_data="$3"
|
||||
|
||||
if [ -z "$AZION_Token" ]; then
|
||||
_get_token
|
||||
fi
|
||||
_debug2 token "$AZION_Token"
|
||||
|
||||
export _H1="Accept: application/json; version=3"
|
||||
export _H2="Content-Type: application/json"
|
||||
export _H3="Authorization: token $AZION_Token"
|
||||
|
||||
if [ "$_method" != "GET" ]; then
|
||||
_debug _data "$_data"
|
||||
response="$(_post "$_data" "$AZION_Api/$_uri" "" "$_method")"
|
||||
else
|
||||
response="$(_get "$AZION_Api/$_uri")"
|
||||
fi
|
||||
|
||||
_debug2 response "$response"
|
||||
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "error $_method $_uri $_data"
|
||||
return 1
|
||||
fi
|
||||
return 0
|
||||
}
|
@ -9,7 +9,6 @@ dns_infoblox_add() {
|
||||
## Nothing to see here, just some housekeeping
|
||||
fulldomain=$1
|
||||
txtvalue=$2
|
||||
baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=$Infoblox_View"
|
||||
|
||||
_info "Using Infoblox API"
|
||||
_debug fulldomain "$fulldomain"
|
||||
@ -19,12 +18,13 @@ dns_infoblox_add() {
|
||||
if [ -z "$Infoblox_Creds" ] || [ -z "$Infoblox_Server" ]; then
|
||||
Infoblox_Creds=""
|
||||
Infoblox_Server=""
|
||||
_err "You didn't specify the credentials, server or infoblox view yet (Infoblox_Creds, Infoblox_Server and Infoblox_View)."
|
||||
_err "Please set them via EXPORT ([username:password], [ip or hostname]) and try again."
|
||||
_err "You didn't specify the Infoblox credentials or server (Infoblox_Creds; Infoblox_Server)."
|
||||
_err "Please set them via EXPORT Infoblox_Creds=username:password or EXPORT Infoblox_server=ip/hostname and try again."
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -z "$Infoblox_View" ]; then
|
||||
_info "No Infoblox_View set, using fallback value 'default'"
|
||||
Infoblox_View="default"
|
||||
fi
|
||||
|
||||
@ -33,6 +33,9 @@ dns_infoblox_add() {
|
||||
_saveaccountconf Infoblox_Server "$Infoblox_Server"
|
||||
_saveaccountconf Infoblox_View "$Infoblox_View"
|
||||
|
||||
## URLencode Infoblox View to deal with e.g. spaces
|
||||
Infoblox_ViewEncoded=$(printf "%b" "$Infoblox_View" | _url_encode)
|
||||
|
||||
## Base64 encode the credentials
|
||||
Infoblox_CredsEncoded=$(printf "%b" "$Infoblox_Creds" | _base64)
|
||||
|
||||
@ -40,11 +43,14 @@ dns_infoblox_add() {
|
||||
export _H1="Accept-Language:en-US"
|
||||
export _H2="Authorization: Basic $Infoblox_CredsEncoded"
|
||||
|
||||
## Construct the request URL
|
||||
baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=${Infoblox_ViewEncoded}"
|
||||
|
||||
## Add the challenge record to the Infoblox grid member
|
||||
result="$(_post "" "$baseurlnObject" "" "POST")"
|
||||
|
||||
## Let's see if we get something intelligible back from the unit
|
||||
if [ "$(echo "$result" | _egrep_o "record:txt/.*:.*/$Infoblox_View")" ]; then
|
||||
if [ "$(echo "$result" | _egrep_o "record:txt/.*:.*/${Infoblox_ViewEncoded}")" ]; then
|
||||
_info "Successfully created the txt record"
|
||||
return 0
|
||||
else
|
||||
@ -65,6 +71,9 @@ dns_infoblox_rm() {
|
||||
_debug fulldomain "$fulldomain"
|
||||
_debug txtvalue "$txtvalue"
|
||||
|
||||
## URLencode Infoblox View to deal with e.g. spaces
|
||||
Infoblox_ViewEncoded=$(printf "%b" "$Infoblox_View" | _url_encode)
|
||||
|
||||
## Base64 encode the credentials
|
||||
Infoblox_CredsEncoded="$(printf "%b" "$Infoblox_Creds" | _base64)"
|
||||
|
||||
@ -73,18 +82,18 @@ dns_infoblox_rm() {
|
||||
export _H2="Authorization: Basic $Infoblox_CredsEncoded"
|
||||
|
||||
## Does the record exist? Let's check.
|
||||
baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=$Infoblox_View&_return_type=xml-pretty"
|
||||
baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&view=${Infoblox_ViewEncoded}&_return_type=xml-pretty"
|
||||
result="$(_get "$baseurlnObject")"
|
||||
|
||||
## Let's see if we get something intelligible back from the grid
|
||||
if [ "$(echo "$result" | _egrep_o "record:txt/.*:.*/$Infoblox_View")" ]; then
|
||||
if [ "$(echo "$result" | _egrep_o "record:txt/.*:.*/${Infoblox_ViewEncoded}")" ]; then
|
||||
## Extract the object reference
|
||||
objRef="$(printf "%b" "$result" | _egrep_o "record:txt/.*:.*/$Infoblox_View")"
|
||||
objRef="$(printf "%b" "$result" | _egrep_o "record:txt/.*:.*/${Infoblox_ViewEncoded}")"
|
||||
objRmUrl="https://$Infoblox_Server/wapi/v2.2.2/$objRef"
|
||||
## Delete them! All the stale records!
|
||||
rmResult="$(_post "" "$objRmUrl" "" "DELETE")"
|
||||
## Let's see if that worked
|
||||
if [ "$(echo "$rmResult" | _egrep_o "record:txt/.*:.*/$Infoblox_View")" ]; then
|
||||
if [ "$(echo "$rmResult" | _egrep_o "record:txt/.*:.*/${Infoblox_ViewEncoded}")" ]; then
|
||||
_info "Successfully deleted $objRef"
|
||||
return 0
|
||||
else
|
||||
|
@ -149,14 +149,15 @@ _ionos_rest() {
|
||||
response="$(_post "$data" "$IONOS_API$route" "" "$method" "application/json")"
|
||||
else
|
||||
export _H2="Accept: */*"
|
||||
|
||||
export _H3=
|
||||
response="$(_get "$IONOS_API$route")"
|
||||
fi
|
||||
|
||||
if [ "$?" != "0" ]; then
|
||||
_err "Error $route"
|
||||
_err "Error $route: $response"
|
||||
return 1
|
||||
fi
|
||||
_debug2 "response" "$response"
|
||||
|
||||
return 0
|
||||
}
|
||||
|
@ -51,7 +51,7 @@ dns_nsd_rm() {
|
||||
Nsd_ZoneFile="${Nsd_ZoneFile:-$(_readdomainconf Nsd_ZoneFile)}"
|
||||
Nsd_Command="${Nsd_Command:-$(_readdomainconf Nsd_Command)}"
|
||||
|
||||
sed -i "/$fulldomain. $ttlvalue IN TXT \"$txtvalue\"/d" "$Nsd_ZoneFile"
|
||||
_sed_i "/$fulldomain. $ttlvalue IN TXT \"$txtvalue\"/d" "$Nsd_ZoneFile"
|
||||
_info "Removed TXT record for $fulldomain"
|
||||
_debug "Running $Nsd_Command"
|
||||
if eval "$Nsd_Command"; then
|
||||
|
324
dnsapi/dns_oci.sh
Normal file
324
dnsapi/dns_oci.sh
Normal file
@ -0,0 +1,324 @@
|
||||
#!/usr/bin/env sh
|
||||
#
|
||||
# Acme.sh DNS API plugin for Oracle Cloud Infrastructure
|
||||
# Copyright (c) 2021, Oracle and/or its affiliates
|
||||
#
|
||||
# The plugin will automatically use the default profile from an OCI SDK and CLI
|
||||
# configuration file, if it exists.
|
||||
#
|
||||
# Alternatively, set the following environment variables:
|
||||
# - OCI_CLI_TENANCY : OCID of tenancy that contains the target DNS zone
|
||||
# - OCI_CLI_USER : OCID of user with permission to add/remove records from zones
|
||||
# - OCI_CLI_REGION : Should point to the tenancy home region
|
||||
#
|
||||
# One of the following two variables is required:
|
||||
# - OCI_CLI_KEY_FILE: Path to private API signing key file in PEM format; or
|
||||
# - OCI_CLI_KEY : The private API signing key in PEM format
|
||||
#
|
||||
# NOTE: using an encrypted private key that needs a passphrase is not supported.
|
||||
#
|
||||
|
||||
dns_oci_add() {
|
||||
_fqdn="$1"
|
||||
_rdata="$2"
|
||||
|
||||
if _get_oci_zone; then
|
||||
|
||||
_add_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"ttl\": 30,\"operation\":\"ADD\"}]}"
|
||||
response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_add_record_body")
|
||||
if [ "$response" ]; then
|
||||
_info "Success: added TXT record for ${_sub_domain}.${_domain}."
|
||||
else
|
||||
_err "Error: failed to add TXT record for ${_sub_domain}.${_domain}."
|
||||
_err "Check that the user has permission to add records to this zone."
|
||||
return 1
|
||||
fi
|
||||
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
dns_oci_rm() {
|
||||
_fqdn="$1"
|
||||
_rdata="$2"
|
||||
|
||||
if _get_oci_zone; then
|
||||
|
||||
_remove_record_body="{\"items\":[{\"domain\":\"${_sub_domain}.${_domain}\",\"rdata\":\"$_rdata\",\"rtype\":\"TXT\",\"operation\":\"REMOVE\"}]}"
|
||||
response=$(_signed_request "PATCH" "/20180115/zones/${_domain}/records" "$_remove_record_body")
|
||||
if [ "$response" ]; then
|
||||
_info "Success: removed TXT record for ${_sub_domain}.${_domain}."
|
||||
else
|
||||
_err "Error: failed to remove TXT record for ${_sub_domain}.${_domain}."
|
||||
_err "Check that the user has permission to remove records from this zone."
|
||||
return 1
|
||||
fi
|
||||
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
#################### Private functions below ##################################
|
||||
_get_oci_zone() {
|
||||
|
||||
if ! _oci_config; then
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _get_zone "$_fqdn"; then
|
||||
_err "Error: DNS Zone not found for $_fqdn in $OCI_CLI_TENANCY"
|
||||
return 1
|
||||
fi
|
||||
|
||||
return 0
|
||||
|
||||
}
|
||||
|
||||
_oci_config() {
|
||||
|
||||
_DEFAULT_OCI_CLI_CONFIG_FILE="$HOME/.oci/config"
|
||||
OCI_CLI_CONFIG_FILE="${OCI_CLI_CONFIG_FILE:-$(_readaccountconf_mutable OCI_CLI_CONFIG_FILE)}"
|
||||
|
||||
if [ -z "$OCI_CLI_CONFIG_FILE" ]; then
|
||||
OCI_CLI_CONFIG_FILE="$_DEFAULT_OCI_CLI_CONFIG_FILE"
|
||||
fi
|
||||
|
||||
if [ "$_DEFAULT_OCI_CLI_CONFIG_FILE" != "$OCI_CLI_CONFIG_FILE" ]; then
|
||||
_saveaccountconf_mutable OCI_CLI_CONFIG_FILE "$OCI_CLI_CONFIG_FILE"
|
||||
else
|
||||
_clearaccountconf_mutable OCI_CLI_CONFIG_FILE
|
||||
fi
|
||||
|
||||
_DEFAULT_OCI_CLI_PROFILE="DEFAULT"
|
||||
OCI_CLI_PROFILE="${OCI_CLI_PROFILE:-$(_readaccountconf_mutable OCI_CLI_PROFILE)}"
|
||||
if [ "$_DEFAULT_OCI_CLI_PROFILE" != "$OCI_CLI_PROFILE" ]; then
|
||||
_saveaccountconf_mutable OCI_CLI_PROFILE "$OCI_CLI_PROFILE"
|
||||
else
|
||||
OCI_CLI_PROFILE="$_DEFAULT_OCI_CLI_PROFILE"
|
||||
_clearaccountconf_mutable OCI_CLI_PROFILE
|
||||
fi
|
||||
|
||||
OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readaccountconf_mutable OCI_CLI_TENANCY)}"
|
||||
if [ "$OCI_CLI_TENANCY" ]; then
|
||||
_saveaccountconf_mutable OCI_CLI_TENANCY "$OCI_CLI_TENANCY"
|
||||
elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
|
||||
_debug "Reading OCI_CLI_TENANCY value from: $OCI_CLI_CONFIG_FILE"
|
||||
OCI_CLI_TENANCY="${OCI_CLI_TENANCY:-$(_readini "$OCI_CLI_CONFIG_FILE" tenancy "$OCI_CLI_PROFILE")}"
|
||||
fi
|
||||
|
||||
if [ -z "$OCI_CLI_TENANCY" ]; then
|
||||
_err "Error: unable to read OCI_CLI_TENANCY from config file or environment variable."
|
||||
return 1
|
||||
fi
|
||||
|
||||
OCI_CLI_USER="${OCI_CLI_USER:-$(_readaccountconf_mutable OCI_CLI_USER)}"
|
||||
if [ "$OCI_CLI_USER" ]; then
|
||||
_saveaccountconf_mutable OCI_CLI_USER "$OCI_CLI_USER"
|
||||
elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
|
||||
_debug "Reading OCI_CLI_USER value from: $OCI_CLI_CONFIG_FILE"
|
||||
OCI_CLI_USER="${OCI_CLI_USER:-$(_readini "$OCI_CLI_CONFIG_FILE" user "$OCI_CLI_PROFILE")}"
|
||||
fi
|
||||
if [ -z "$OCI_CLI_USER" ]; then
|
||||
_err "Error: unable to read OCI_CLI_USER from config file or environment variable."
|
||||
return 1
|
||||
fi
|
||||
|
||||
OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readaccountconf_mutable OCI_CLI_REGION)}"
|
||||
if [ "$OCI_CLI_REGION" ]; then
|
||||
_saveaccountconf_mutable OCI_CLI_REGION "$OCI_CLI_REGION"
|
||||
elif [ -f "$OCI_CLI_CONFIG_FILE" ]; then
|
||||
_debug "Reading OCI_CLI_REGION value from: $OCI_CLI_CONFIG_FILE"
|
||||
OCI_CLI_REGION="${OCI_CLI_REGION:-$(_readini "$OCI_CLI_CONFIG_FILE" region "$OCI_CLI_PROFILE")}"
|
||||
fi
|
||||
if [ -z "$OCI_CLI_REGION" ]; then
|
||||
_err "Error: unable to read OCI_CLI_REGION from config file or environment variable."
|
||||
return 1
|
||||
fi
|
||||
|
||||
OCI_CLI_KEY="${OCI_CLI_KEY:-$(_readaccountconf_mutable OCI_CLI_KEY)}"
|
||||
if [ -z "$OCI_CLI_KEY" ]; then
|
||||
_clearaccountconf_mutable OCI_CLI_KEY
|
||||
OCI_CLI_KEY_FILE="${OCI_CLI_KEY_FILE:-$(_readini "$OCI_CLI_CONFIG_FILE" key_file "$OCI_CLI_PROFILE")}"
|
||||
if [ "$OCI_CLI_KEY_FILE" ] && [ -f "$OCI_CLI_KEY_FILE" ]; then
|
||||
_debug "Reading OCI_CLI_KEY value from: $OCI_CLI_KEY_FILE"
|
||||
OCI_CLI_KEY=$(_base64 <"$OCI_CLI_KEY_FILE")
|
||||
_saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY"
|
||||
fi
|
||||
else
|
||||
_saveaccountconf_mutable OCI_CLI_KEY "$OCI_CLI_KEY"
|
||||
fi
|
||||
|
||||
if [ -z "$OCI_CLI_KEY_FILE" ] && [ -z "$OCI_CLI_KEY" ]; then
|
||||
_err "Error: unable to find key file path in OCI config file or OCI_CLI_KEY_FILE."
|
||||
_err "Error: unable to load private API signing key from OCI_CLI_KEY."
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ "$(printf "%s\n" "$OCI_CLI_KEY" | wc -l)" -eq 1 ]; then
|
||||
OCI_CLI_KEY=$(printf "%s" "$OCI_CLI_KEY" | _dbase64 multiline)
|
||||
fi
|
||||
|
||||
return 0
|
||||
|
||||
}
|
||||
|
||||
# _get_zone(): retrieves the Zone name and OCID
|
||||
#
|
||||
# _sub_domain=_acme-challenge.www
|
||||
# _domain=domain.com
|
||||
# _domain_ociid=ocid1.dns-zone.oc1..
|
||||
_get_zone() {
|
||||
domain=$1
|
||||
i=1
|
||||
p=1
|
||||
|
||||
while true; do
|
||||
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||
_debug h "$h"
|
||||
if [ -z "$h" ]; then
|
||||
# not valid
|
||||
return 1
|
||||
fi
|
||||
|
||||
_domain_id=$(_signed_request "GET" "/20180115/zones/$h" "" "id")
|
||||
if [ "$_domain_id" ]; then
|
||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||
_domain=$h
|
||||
|
||||
_debug _domain_id "$_domain_id"
|
||||
_debug _sub_domain "$_sub_domain"
|
||||
_debug _domain "$_domain"
|
||||
return 0
|
||||
fi
|
||||
|
||||
p=$i
|
||||
i=$(_math "$i" + 1)
|
||||
done
|
||||
return 1
|
||||
|
||||
}
|
||||
|
||||
#Usage: privatekey
|
||||
#Output MD5 fingerprint
|
||||
_fingerprint() {
|
||||
|
||||
pkey="$1"
|
||||
if [ -z "$pkey" ]; then
|
||||
_usage "Usage: _fingerprint privkey"
|
||||
return 1
|
||||
fi
|
||||
|
||||
printf "%s" "$pkey" | ${ACME_OPENSSL_BIN:-openssl} rsa -pubout -outform DER 2>/dev/null | ${ACME_OPENSSL_BIN:-openssl} md5 -c | cut -d = -f 2 | tr -d ' '
|
||||
|
||||
}
|
||||
|
||||
_signed_request() {
|
||||
|
||||
_sig_method="$1"
|
||||
_sig_target="$2"
|
||||
_sig_body="$3"
|
||||
_return_field="$4"
|
||||
|
||||
_key_fingerprint=$(_fingerprint "$OCI_CLI_KEY")
|
||||
_sig_host="dns.$OCI_CLI_REGION.oraclecloud.com"
|
||||
_sig_keyId="$OCI_CLI_TENANCY/$OCI_CLI_USER/$_key_fingerprint"
|
||||
_sig_alg="rsa-sha256"
|
||||
_sig_version="1"
|
||||
_sig_now="$(LC_ALL=C \date -u "+%a, %d %h %Y %H:%M:%S GMT")"
|
||||
|
||||
_request_method=$(printf %s "$_sig_method" | _lower_case)
|
||||
_curl_method=$(printf %s "$_sig_method" | _upper_case)
|
||||
|
||||
_request_target="(request-target): $_request_method $_sig_target"
|
||||
_date_header="date: $_sig_now"
|
||||
_host_header="host: $_sig_host"
|
||||
|
||||
_string_to_sign="$_request_target\n$_date_header\n$_host_header"
|
||||
_sig_headers="(request-target) date host"
|
||||
|
||||
if [ "$_sig_body" ]; then
|
||||
_secure_debug3 _sig_body "$_sig_body"
|
||||
_sig_body_sha256="x-content-sha256: $(printf %s "$_sig_body" | _digest sha256)"
|
||||
_sig_body_type="content-type: application/json"
|
||||
_sig_body_length="content-length: ${#_sig_body}"
|
||||
_string_to_sign="$_string_to_sign\n$_sig_body_sha256\n$_sig_body_type\n$_sig_body_length"
|
||||
_sig_headers="$_sig_headers x-content-sha256 content-type content-length"
|
||||
fi
|
||||
|
||||
_tmp_file=$(_mktemp)
|
||||
if [ -f "$_tmp_file" ]; then
|
||||
printf '%s' "$OCI_CLI_KEY" >"$_tmp_file"
|
||||
_signature=$(printf '%b' "$_string_to_sign" | _sign "$_tmp_file" sha256 | tr -d '\r\n')
|
||||
rm -f "$_tmp_file"
|
||||
fi
|
||||
|
||||
_signed_header="Authorization: Signature version=\"$_sig_version\",keyId=\"$_sig_keyId\",algorithm=\"$_sig_alg\",headers=\"$_sig_headers\",signature=\"$_signature\""
|
||||
_secure_debug3 _signed_header "$_signed_header"
|
||||
|
||||
if [ "$_curl_method" = "GET" ]; then
|
||||
export _H1="$_date_header"
|
||||
export _H2="$_signed_header"
|
||||
_response="$(_get "https://${_sig_host}${_sig_target}")"
|
||||
elif [ "$_curl_method" = "PATCH" ]; then
|
||||
export _H1="$_date_header"
|
||||
export _H2="$_sig_body_sha256"
|
||||
export _H3="$_sig_body_type"
|
||||
export _H4="$_sig_body_length"
|
||||
export _H5="$_signed_header"
|
||||
_response="$(_post "$_sig_body" "https://${_sig_host}${_sig_target}" "" "PATCH")"
|
||||
else
|
||||
_err "Unable to process method: $_curl_method."
|
||||
fi
|
||||
|
||||
_ret="$?"
|
||||
if [ "$_return_field" ]; then
|
||||
_response="$(echo "$_response" | sed 's/\\\"//g'))"
|
||||
_return=$(echo "${_response}" | _egrep_o "\"$_return_field\"\\s*:\\s*\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d "\"")
|
||||
else
|
||||
_return="$_response"
|
||||
fi
|
||||
|
||||
printf "%s" "$_return"
|
||||
return $_ret
|
||||
|
||||
}
|
||||
|
||||
# file key [section]
|
||||
_readini() {
|
||||
_file="$1"
|
||||
_key="$2"
|
||||
_section="${3:-DEFAULT}"
|
||||
|
||||
_start_n=$(grep -n '\['"$_section"']' "$_file" | cut -d : -f 1)
|
||||
_debug3 _start_n "$_start_n"
|
||||
if [ -z "$_start_n" ]; then
|
||||
_err "Can not find section: $_section"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_start_nn=$(_math "$_start_n" + 1)
|
||||
_debug3 "_start_nn" "$_start_nn"
|
||||
|
||||
_left="$(sed -n "${_start_nn},99999p" "$_file")"
|
||||
_debug3 _left "$_left"
|
||||
_end="$(echo "$_left" | grep -n "^\[" | _head_n 1)"
|
||||
_debug3 "_end" "$_end"
|
||||
if [ "$_end" ]; then
|
||||
_end_n=$(echo "$_end" | cut -d : -f 1)
|
||||
_debug3 "_end_n" "$_end_n"
|
||||
_seg_n=$(echo "$_left" | sed -n "1,${_end_n}p")
|
||||
else
|
||||
_seg_n="$_left"
|
||||
fi
|
||||
|
||||
_debug3 "_seg_n" "$_seg_n"
|
||||
_lineini="$(echo "$_seg_n" | grep "^ *$_key *= *")"
|
||||
_inivalue="$(printf "%b" "$(eval "echo $_lineini | sed \"s/^ *${_key} *= *//g\"")")"
|
||||
_debug2 _inivalue "$_inivalue"
|
||||
echo "$_inivalue"
|
||||
|
||||
}
|
@ -261,7 +261,9 @@ _get_root() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
if ! _contains "$response" "This service does not exist" >/dev/null && ! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then
|
||||
if ! _contains "$response" "This service does not exist" >/dev/null &&
|
||||
! _contains "$response" "This call has not been granted" >/dev/null &&
|
||||
! _contains "$response" "NOT_GRANTED_CALL" >/dev/null; then
|
||||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||
_domain="$h"
|
||||
return 0
|
||||
|
@ -103,7 +103,7 @@ set_record() {
|
||||
_build_record_string "$oldchallenge"
|
||||
done
|
||||
|
||||
if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}"; then
|
||||
if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}" "application/json"; then
|
||||
_err "Set txt record error."
|
||||
return 1
|
||||
fi
|
||||
@ -126,7 +126,7 @@ rm_record() {
|
||||
|
||||
if _contains "$_existing_challenges" "$txtvalue"; then
|
||||
#Delete all challenges (PowerDNS API does not allow to delete content)
|
||||
if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}"; then
|
||||
if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"DELETE\", \"name\": \"$full.\", \"type\": \"TXT\"}]}" "application/json"; then
|
||||
_err "Delete txt record error."
|
||||
return 1
|
||||
fi
|
||||
@ -140,7 +140,7 @@ rm_record() {
|
||||
fi
|
||||
done
|
||||
#Recreate the existing challenges
|
||||
if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}"; then
|
||||
if ! _pdns_rest "PATCH" "/api/v1/servers/$PDNS_ServerId/zones/$root" "{\"rrsets\": [{\"changetype\": \"REPLACE\", \"name\": \"$full.\", \"type\": \"TXT\", \"ttl\": $PDNS_Ttl, \"records\": [$_record_string]}]}" "application/json"; then
|
||||
_err "Set txt record error."
|
||||
return 1
|
||||
fi
|
||||
@ -203,12 +203,13 @@ _pdns_rest() {
|
||||
method=$1
|
||||
ep=$2
|
||||
data=$3
|
||||
ct=$4
|
||||
|
||||
export _H1="X-API-Key: $PDNS_Token"
|
||||
|
||||
if [ ! "$method" = "GET" ]; then
|
||||
_debug data "$data"
|
||||
response="$(_post "$data" "$PDNS_Url$ep" "" "$method")"
|
||||
response="$(_post "$data" "$PDNS_Url$ep" "" "$method" "$ct")"
|
||||
else
|
||||
response="$(_get "$PDNS_Url$ep")"
|
||||
fi
|
||||
|
@ -110,8 +110,8 @@ _get_root() {
|
||||
|
||||
if _porkbun_rest POST "dns/retrieve/$h"; then
|
||||
if _contains "$response" "\"status\":\"SUCCESS\""; then
|
||||
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")"
|
||||
_domain=$h
|
||||
_sub_domain="$(echo "$fulldomain" | sed "s/\\.$_domain\$//")"
|
||||
return 0
|
||||
else
|
||||
_debug "Go to next level of $_domain"
|
||||
|
@ -33,7 +33,7 @@ dns_vultr_add() {
|
||||
_debug 'Getting txt records'
|
||||
_vultr_rest GET "dns/records?domain=$_domain"
|
||||
|
||||
if printf "%s\n" "$response" | grep "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
|
||||
if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
|
||||
_err 'Error'
|
||||
return 1
|
||||
fi
|
||||
@ -73,12 +73,12 @@ dns_vultr_rm() {
|
||||
_debug 'Getting txt records'
|
||||
_vultr_rest GET "dns/records?domain=$_domain"
|
||||
|
||||
if printf "%s\n" "$response" | grep "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
|
||||
if printf "%s\n" "$response" | grep -- "\"type\":\"TXT\",\"name\":\"$fulldomain\"" >/dev/null; then
|
||||
_err 'Error'
|
||||
return 1
|
||||
fi
|
||||
|
||||
_record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)"
|
||||
_record_id="$(echo "$response" | tr '{}' '\n' | grep '"TXT"' | grep -- "$txtvalue" | tr ',' '\n' | grep -i 'RECORDID' | cut -d : -f 2)"
|
||||
_debug _record_id "$_record_id"
|
||||
if [ "$_record_id" ]; then
|
||||
_info "Successfully retrieved the record id for ACME challenge."
|
||||
|
@ -37,11 +37,19 @@ sendgrid_send() {
|
||||
fi
|
||||
_saveaccountconf_mutable SENDGRID_FROM "$SENDGRID_FROM"
|
||||
|
||||
SENDGRID_FROM_NAME="${SENDGRID_FROM_NAME:-$(_readaccountconf_mutable SENDGRID_FROM_NAME)}"
|
||||
_saveaccountconf_mutable SENDGRID_FROM_NAME "$SENDGRID_FROM_NAME"
|
||||
|
||||
export _H1="Authorization: Bearer $SENDGRID_API_KEY"
|
||||
export _H2="Content-Type: application/json"
|
||||
|
||||
_content="$(echo "$_content" | _json_encode)"
|
||||
_data="{\"personalizations\": [{\"to\": [{\"email\": \"$SENDGRID_TO\"}]}],\"from\": {\"email\": \"$SENDGRID_FROM\"},\"subject\": \"$_subject\",\"content\": [{\"type\": \"text/plain\", \"value\": \"$_content\"}]}"
|
||||
|
||||
if [ -z "$SENDGRID_FROM_NAME" ]; then
|
||||
_data="{\"personalizations\": [{\"to\": [{\"email\": \"$SENDGRID_TO\"}]}],\"from\": {\"email\": \"$SENDGRID_FROM\"},\"subject\": \"$_subject\",\"content\": [{\"type\": \"text/plain\", \"value\": \"$_content\"}]}"
|
||||
else
|
||||
_data="{\"personalizations\": [{\"to\": [{\"email\": \"$SENDGRID_TO\"}]}],\"from\": {\"email\": \"$SENDGRID_FROM\", \"name\": \"$SENDGRID_FROM_NAME\"},\"subject\": \"$_subject\",\"content\": [{\"type\": \"text/plain\", \"value\": \"$_content\"}]}"
|
||||
fi
|
||||
response="$(_post "$_data" "https://api.sendgrid.com/v3/mail/send")"
|
||||
|
||||
if [ "$?" = "0" ] && [ -z "$response" ]; then
|
||||
|
@ -27,7 +27,7 @@ telegram_send() {
|
||||
fi
|
||||
_saveaccountconf_mutable TELEGRAM_BOT_CHATID "$TELEGRAM_BOT_CHATID"
|
||||
|
||||
_content="$(printf "%s" "$_content" | sed -e 's/*/\\\\*/')"
|
||||
_content="$(printf "%s" "$_content" | sed -e 's/\([_*`\[]\)/\\\\\1/g')"
|
||||
_content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)"
|
||||
_data="{\"text\": \"$_content\", "
|
||||
_data="$_data\"chat_id\": \"$TELEGRAM_BOT_CHATID\", "
|
||||
|
Loading…
Reference in New Issue
Block a user