mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 05:01:40 +00:00
commit
ff38d2bba6
@ -1,4 +1,4 @@
|
|||||||
FROM alpine:3.6
|
FROM alpine:3.9
|
||||||
|
|
||||||
RUN apk update -f \
|
RUN apk update -f \
|
||||||
&& apk --no-cache add -f \
|
&& apk --no-cache add -f \
|
||||||
@ -7,6 +7,7 @@ RUN apk update -f \
|
|||||||
bind-tools \
|
bind-tools \
|
||||||
curl \
|
curl \
|
||||||
socat \
|
socat \
|
||||||
|
tzdata \
|
||||||
&& rm -rf /var/cache/apk/*
|
&& rm -rf /var/cache/apk/*
|
||||||
|
|
||||||
ENV LE_CONFIG_HOME /acme.sh
|
ENV LE_CONFIG_HOME /acme.sh
|
||||||
|
11
README.md
11
README.md
@ -253,7 +253,7 @@ Just set string "apache" as the second argument and it will force use of apache
|
|||||||
acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com
|
acme.sh --issue --apache -d example.com -d www.example.com -d cp.example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
**This apache mode is only to issue the cert, it will not change your apache config files.
|
**This apache mode is only to issue the cert, it will not change your apache config files.
|
||||||
You will need to configure your website config files to use the cert by yourself.
|
You will need to configure your website config files to use the cert by yourself.
|
||||||
We don't want to mess your apache server, don't worry.**
|
We don't want to mess your apache server, don't worry.**
|
||||||
|
|
||||||
@ -277,7 +277,7 @@ So, the config is not changed.
|
|||||||
acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com
|
acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
**This nginx mode is only to issue the cert, it will not change your nginx config files.
|
**This nginx mode is only to issue the cert, it will not change your nginx config files.
|
||||||
You will need to configure your website config files to use the cert by yourself.
|
You will need to configure your website config files to use the cert by yourself.
|
||||||
We don't want to mess your nginx server, don't worry.**
|
We don't want to mess your nginx server, don't worry.**
|
||||||
|
|
||||||
@ -351,6 +351,11 @@ You don't have to do anything manually!
|
|||||||
1. PointDNS API (https://pointhq.com/)
|
1. PointDNS API (https://pointhq.com/)
|
||||||
1. Active24.cz API (https://www.active24.cz/)
|
1. Active24.cz API (https://www.active24.cz/)
|
||||||
1. do.de API (https://www.do.de/)
|
1. do.de API (https://www.do.de/)
|
||||||
|
1. Nexcess API (https://www.nexcess.net)
|
||||||
|
1. Thermo.io API (https://www.thermo.io)
|
||||||
|
1. Futurehosting API (https://www.futurehosting.com)
|
||||||
|
1. Rackspace Cloud DNS (https://www.rackspace.com)
|
||||||
|
1. Online.net API (https://online.net/)
|
||||||
|
|
||||||
And:
|
And:
|
||||||
|
|
||||||
@ -528,5 +533,5 @@ Please Star and Fork me.
|
|||||||
Your donation makes **acme.sh** better:
|
Your donation makes **acme.sh** better:
|
||||||
|
|
||||||
1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/)
|
1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/)
|
||||||
|
|
||||||
[Donate List](https://github.com/Neilpang/acme.sh/wiki/Donate-list)
|
[Donate List](https://github.com/Neilpang/acme.sh/wiki/Donate-list)
|
||||||
|
46
acme.sh
46
acme.sh
@ -139,6 +139,7 @@ __red() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
_printargs() {
|
_printargs() {
|
||||||
|
_exitstatus="$?"
|
||||||
if [ -z "$NO_TIMESTAMP" ] || [ "$NO_TIMESTAMP" = "0" ]; then
|
if [ -z "$NO_TIMESTAMP" ] || [ "$NO_TIMESTAMP" = "0" ]; then
|
||||||
printf -- "%s" "[$(date)] "
|
printf -- "%s" "[$(date)] "
|
||||||
fi
|
fi
|
||||||
@ -148,6 +149,8 @@ _printargs() {
|
|||||||
printf -- "%s" "$1='$2'"
|
printf -- "%s" "$1='$2'"
|
||||||
fi
|
fi
|
||||||
printf "\n"
|
printf "\n"
|
||||||
|
# return the saved exit status
|
||||||
|
return "$_exitstatus"
|
||||||
}
|
}
|
||||||
|
|
||||||
_dlg_versions() {
|
_dlg_versions() {
|
||||||
@ -183,6 +186,7 @@ _dlg_versions() {
|
|||||||
|
|
||||||
#class
|
#class
|
||||||
_syslog() {
|
_syslog() {
|
||||||
|
_exitstatus="$?"
|
||||||
if [ "${SYS_LOG:-$SYSLOG_LEVEL_NONE}" = "$SYSLOG_LEVEL_NONE" ]; then
|
if [ "${SYS_LOG:-$SYSLOG_LEVEL_NONE}" = "$SYSLOG_LEVEL_NONE" ]; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
@ -196,6 +200,7 @@ _syslog() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
$__logger_i -t "$PROJECT_NAME" -p "$_logclass" "$(_printargs "$@")" >/dev/null 2>&1
|
$__logger_i -t "$PROJECT_NAME" -p "$_logclass" "$(_printargs "$@")" >/dev/null 2>&1
|
||||||
|
return "$_exitstatus"
|
||||||
}
|
}
|
||||||
|
|
||||||
_log() {
|
_log() {
|
||||||
@ -1188,7 +1193,7 @@ _ss() {
|
|||||||
|
|
||||||
if _exists "netstat"; then
|
if _exists "netstat"; then
|
||||||
_debug "Using: netstat"
|
_debug "Using: netstat"
|
||||||
if netstat -h 2>&1 | grep "\-p proto" >/dev/null; then
|
if netstat -help 2>&1 | grep "\-p proto" >/dev/null; then
|
||||||
#for windows version netstat tool
|
#for windows version netstat tool
|
||||||
netstat -an -p tcp | grep "LISTENING" | grep ":$_port "
|
netstat -an -p tcp | grep "LISTENING" | grep ":$_port "
|
||||||
else
|
else
|
||||||
@ -1882,29 +1887,34 @@ _send_signed_request() {
|
|||||||
_err "Can not post to $url"
|
_err "Can not post to $url"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
_debug2 original "$response"
|
|
||||||
response="$(echo "$response" | _normalizeJson)"
|
|
||||||
|
|
||||||
responseHeaders="$(cat "$HTTP_HEADER")"
|
responseHeaders="$(cat "$HTTP_HEADER")"
|
||||||
|
|
||||||
_debug2 responseHeaders "$responseHeaders"
|
_debug2 responseHeaders "$responseHeaders"
|
||||||
_debug2 response "$response"
|
|
||||||
code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")"
|
code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")"
|
||||||
_debug code "$code"
|
_debug code "$code"
|
||||||
|
|
||||||
_CACHED_NONCE="$(echo "$responseHeaders" | grep "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
|
_debug2 original "$response"
|
||||||
|
if echo "$responseHeaders" | grep -i "Content-Type: application/json" >/dev/null 2>&1; then
|
||||||
_body="$response"
|
response="$(echo "$response" | _normalizeJson)"
|
||||||
if [ "$needbase64" ]; then
|
|
||||||
_body="$(echo "$_body" | _dbase64 | tr -d '\0')"
|
|
||||||
_debug3 _body "$_body"
|
|
||||||
fi
|
fi
|
||||||
|
_debug2 response "$response"
|
||||||
|
|
||||||
if _contains "$_body" "JWS has invalid anti-replay nonce" || _contains "$_body" "JWS has an invalid anti-replay nonce"; then
|
_CACHED_NONCE="$(echo "$responseHeaders" | grep -i "Replay-Nonce:" | _head_n 1 | tr -d "\r\n " | cut -d ':' -f 2)"
|
||||||
_info "It seems the CA server is busy now, let's wait and retry. Sleeping $_sleep_retry_sec seconds."
|
|
||||||
_CACHED_NONCE=""
|
if ! _startswith "$code" "2"; then
|
||||||
_sleep $_sleep_retry_sec
|
_body="$response"
|
||||||
continue
|
if [ "$needbase64" ]; then
|
||||||
|
_body="$(echo "$_body" | _dbase64 multiline)"
|
||||||
|
_debug3 _body "$_body"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if _contains "$_body" "JWS has invalid anti-replay nonce" || _contains "$_body" "JWS has an invalid anti-replay nonce"; then
|
||||||
|
_info "It seems the CA server is busy now, let's wait and retry. Sleeping $_sleep_retry_sec seconds."
|
||||||
|
_CACHED_NONCE=""
|
||||||
|
_sleep $_sleep_retry_sec
|
||||||
|
continue
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
break
|
break
|
||||||
done
|
done
|
||||||
@ -4113,14 +4123,14 @@ $_authorizations_map"
|
|||||||
Le_LinkCert="$(echo "$response" | tr -d '\r\n' | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)"
|
Le_LinkCert="$(echo "$response" | tr -d '\r\n' | _egrep_o '"certificate" *: *"[^"]*"' | cut -d '"' -f 4)"
|
||||||
|
|
||||||
_tempSignedResponse="$response"
|
_tempSignedResponse="$response"
|
||||||
if ! _send_signed_request "$Le_LinkCert" "" "needbase64"; then
|
if ! _send_signed_request "$Le_LinkCert"; then
|
||||||
_err "Sign failed, can not download cert:$Le_LinkCert."
|
_err "Sign failed, can not download cert:$Le_LinkCert."
|
||||||
_err "$response"
|
_err "$response"
|
||||||
_on_issue_err "$_post_hook"
|
_on_issue_err "$_post_hook"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "$response" | _dbase64 "multiline" >"$CERT_PATH"
|
echo "$response" >"$CERT_PATH"
|
||||||
|
|
||||||
if [ "$(grep -- "$BEGIN_CERT" "$CERT_PATH" | wc -l)" -gt "1" ]; then
|
if [ "$(grep -- "$BEGIN_CERT" "$CERT_PATH" | wc -l)" -gt "1" ]; then
|
||||||
_debug "Found cert chain"
|
_debug "Found cert chain"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
# How to use DNS API
|
# How to use DNS API
|
||||||
|
|
||||||
If your dns provider doesn't provide api access, you can use our dns alias mode:
|
If your dns provider doesn't provide api access, you can use our dns alias mode:
|
||||||
|
|
||||||
https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode
|
https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode
|
||||||
|
|
||||||
@ -891,7 +891,7 @@ acme.sh --issue --dns dns_loopia -d example.com -d *.example.com
|
|||||||
The username and password will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
The username and password will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||||
## 45. Use ACME DNS API
|
## 45. Use ACME DNS API
|
||||||
|
|
||||||
ACME DNS is a limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
|
ACME DNS is a limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
|
||||||
https://github.com/joohoi/acme-dns
|
https://github.com/joohoi/acme-dns
|
||||||
|
|
||||||
```
|
```
|
||||||
@ -1011,7 +1011,6 @@ acme.sh --issue --dns dns_netcup -d example.com -d www.example.com
|
|||||||
```
|
```
|
||||||
|
|
||||||
The `NC_Apikey`,`NC_Apipw` and `NC_CID` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
The `NC_Apikey`,`NC_Apipw` and `NC_CID` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||||
|
|
||||||
## 52. Use GratisDNS.dk
|
## 52. Use GratisDNS.dk
|
||||||
|
|
||||||
GratisDNS.dk (https://gratisdns.dk/) does not provide an API to update DNS records (other than IPv4 and IPv6
|
GratisDNS.dk (https://gratisdns.dk/) does not provide an API to update DNS records (other than IPv4 and IPv6
|
||||||
@ -1172,6 +1171,94 @@ acme.sh --issue --dns dns_doapi -d example.com -d *.example.com
|
|||||||
|
|
||||||
The API token will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
The API token will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||||
|
|
||||||
|
## 61. Use Nexcess API
|
||||||
|
|
||||||
|
First, you'll need to login to the [Nexcess.net Client Portal](https://portal.nexcess.net) and [generate a new API token](https://portal.nexcess.net/api-token).
|
||||||
|
|
||||||
|
Once you have a token, set it in your systems environment:
|
||||||
|
|
||||||
|
```
|
||||||
|
export NW_API_TOKEN="YOUR_TOKEN_HERE"
|
||||||
|
export NW_API_ENDPOINT="https://portal.nexcess.net"
|
||||||
|
```
|
||||||
|
|
||||||
|
Finally, we'll issue the certificate: (Nexcess DNS publishes at max every 15 minutes, we recommend setting a 900 second `--dnssleep`)
|
||||||
|
|
||||||
|
```
|
||||||
|
acme.sh --issue --dns dns_nw -d example.com --dnssleep 900
|
||||||
|
```
|
||||||
|
|
||||||
|
The `NW_API_TOKEN` and `NW_API_ENDPOINT` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||||
|
|
||||||
|
## 62. Use Thermo.io API
|
||||||
|
|
||||||
|
First, you'll need to login to the [Thermo.io Client Portal](https://core.thermo.io) and [generate a new API token](https://core.thermo.io/api-token).
|
||||||
|
|
||||||
|
Once you have a token, set it in your systems environment:
|
||||||
|
|
||||||
|
```
|
||||||
|
export NW_API_TOKEN="YOUR_TOKEN_HERE"
|
||||||
|
export NW_API_ENDPOINT="https://core.thermo.io"
|
||||||
|
```
|
||||||
|
|
||||||
|
Finally, we'll issue the certificate: (Thermo DNS publishes at max every 15 minutes, we recommend setting a 900 second `--dnssleep`)
|
||||||
|
|
||||||
|
```
|
||||||
|
acme.sh --issue --dns dns_nw -d example.com --dnssleep 900
|
||||||
|
```
|
||||||
|
|
||||||
|
The `NW_API_TOKEN` and `NW_API_ENDPOINT` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||||
|
|
||||||
|
## 63. Use Futurehosting API
|
||||||
|
|
||||||
|
First, you'll need to login to the [Futurehosting Client Portal](https://my.futurehosting.com) and [generate a new API token](https://my.futurehosting.com/api-token).
|
||||||
|
|
||||||
|
Once you have a token, set it in your systems environment:
|
||||||
|
|
||||||
|
```
|
||||||
|
export NW_API_TOKEN="YOUR_TOKEN_HERE"
|
||||||
|
export NW_API_ENDPOINT="https://my.futurehosting.com"
|
||||||
|
```
|
||||||
|
|
||||||
|
Finally, we'll issue the certificate: (Futurehosting DNS publishes at max every 15 minutes, we recommend setting a 900 second `--dnssleep`)
|
||||||
|
|
||||||
|
```
|
||||||
|
acme.sh --issue --dns dns_nw -d example.com --dnssleep 900
|
||||||
|
```
|
||||||
|
|
||||||
|
The `NW_API_TOKEN` and `NW_API_ENDPOINT` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||||
|
|
||||||
|
## 64. Use Rackspace API
|
||||||
|
|
||||||
|
Set username and API key, which is available under "My Profile & Settings"
|
||||||
|
|
||||||
|
```
|
||||||
|
export RACKSPACE_Username='username'
|
||||||
|
export RACKSPACE_Apikey='xxx'
|
||||||
|
```
|
||||||
|
|
||||||
|
Now, let's issue a cert:
|
||||||
|
|
||||||
|
```
|
||||||
|
acme.sh --issue --dns dns_rackspace -d example.com -d www.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
## 65. Use Online API
|
||||||
|
|
||||||
|
First, you'll need to retrive your API key, which is available under https://console.online.net/en/api/access
|
||||||
|
|
||||||
|
```
|
||||||
|
export ONLINE_API_KEY='xxx'
|
||||||
|
```
|
||||||
|
|
||||||
|
To issue a cert run:
|
||||||
|
|
||||||
|
```
|
||||||
|
acme.sh --issue --dns dns_online -d example.com -d www.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
`ONLINE_API_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed.
|
||||||
|
|
||||||
# Use custom API
|
# Use custom API
|
||||||
|
|
||||||
If your API is not supported yet, you can write your own DNS API.
|
If your API is not supported yet, you can write your own DNS API.
|
||||||
|
@ -13,6 +13,7 @@ dns_hostingde_add() {
|
|||||||
txtvalue="${2}"
|
txtvalue="${2}"
|
||||||
_debug "Calling: _hostingde_addRecord() '${fulldomain}' '${txtvalue}'"
|
_debug "Calling: _hostingde_addRecord() '${fulldomain}' '${txtvalue}'"
|
||||||
_hostingde_apiKey && _hostingde_getZoneConfig && _hostingde_addRecord
|
_hostingde_apiKey && _hostingde_getZoneConfig && _hostingde_addRecord
|
||||||
|
return $?
|
||||||
}
|
}
|
||||||
|
|
||||||
dns_hostingde_rm() {
|
dns_hostingde_rm() {
|
||||||
@ -20,6 +21,7 @@ dns_hostingde_rm() {
|
|||||||
txtvalue="${2}"
|
txtvalue="${2}"
|
||||||
_debug "Calling: _hostingde_removeRecord() '${fulldomain}' '${txtvalue}'"
|
_debug "Calling: _hostingde_removeRecord() '${fulldomain}' '${txtvalue}'"
|
||||||
_hostingde_apiKey && _hostingde_getZoneConfig && _hostingde_removeRecord
|
_hostingde_apiKey && _hostingde_getZoneConfig && _hostingde_removeRecord
|
||||||
|
return $?
|
||||||
}
|
}
|
||||||
|
|
||||||
#################### own Private functions below ##################################
|
#################### own Private functions below ##################################
|
||||||
@ -38,6 +40,18 @@ _hostingde_apiKey() {
|
|||||||
_saveaccountconf_mutable HOSTINGDE_ENDPOINT "$HOSTINGDE_ENDPOINT"
|
_saveaccountconf_mutable HOSTINGDE_ENDPOINT "$HOSTINGDE_ENDPOINT"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_hostingde_parse() {
|
||||||
|
find="${1}"
|
||||||
|
if [ "${2}" ]; then
|
||||||
|
notfind="${2}"
|
||||||
|
fi
|
||||||
|
if [ "${notfind}" ]; then
|
||||||
|
_egrep_o \""${find}\":.*" | grep -v "${notfind}" | cut -d ':' -f 2 | cut -d ',' -f 1 | tr -d ' '
|
||||||
|
else
|
||||||
|
_egrep_o \""${find}\":.*" | cut -d ':' -f 2 | cut -d ',' -f 1 | tr -d ' '
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
_hostingde_getZoneConfig() {
|
_hostingde_getZoneConfig() {
|
||||||
_info "Getting ZoneConfig"
|
_info "Getting ZoneConfig"
|
||||||
curZone="${fulldomain#*.}"
|
curZone="${fulldomain#*.}"
|
||||||
@ -59,18 +73,18 @@ _hostingde_getZoneConfig() {
|
|||||||
if _contains "${curResult}" '"totalEntries": 1'; then
|
if _contains "${curResult}" '"totalEntries": 1'; then
|
||||||
_info "Retrieved zone data."
|
_info "Retrieved zone data."
|
||||||
_debug "Zone data: '${curResult}'"
|
_debug "Zone data: '${curResult}'"
|
||||||
zoneConfigId=$(echo "${curResult}" | _egrep_o '"id":.*' | cut -d ':' -f 2 | cut -d '"' -f 2)
|
zoneConfigId=$(echo "${curResult}" | _hostingde_parse "id")
|
||||||
zoneConfigName=$(echo "${curResult}" | _egrep_o '"name":.*' | cut -d ':' -f 2 | cut -d '"' -f 2)
|
zoneConfigName=$(echo "${curResult}" | _hostingde_parse "name")
|
||||||
zoneConfigType=$(echo "${curResult}" | grep -v "FindZoneConfigsResult" | _egrep_o '"type":.*' | cut -d ':' -f 2 | cut -d '"' -f 2)
|
zoneConfigType=$(echo "${curResult}" | _hostingde_parse "type" "FindZoneConfigsResult")
|
||||||
zoneConfigExpire=$(echo "${curResult}" | _egrep_o '"expire":.*' | cut -d ':' -f 2 | cut -d '"' -f 2 | cut -d ',' -f 1)
|
zoneConfigExpire=$(echo "${curResult}" | _hostingde_parse "expire")
|
||||||
zoneConfigNegativeTtl=$(echo "${curResult}" | _egrep_o '"negativeTtl":.*' | cut -d ':' -f 2 | cut -d '"' -f 2 | cut -d ',' -f 1)
|
zoneConfigNegativeTtl=$(echo "${curResult}" | _hostingde_parse "negativeTtl")
|
||||||
zoneConfigRefresh=$(echo "${curResult}" | _egrep_o '"refresh":.*' | cut -d ':' -f 2 | cut -d '"' -f 2 | cut -d ',' -f 1)
|
zoneConfigRefresh=$(echo "${curResult}" | _hostingde_parse "refresh")
|
||||||
zoneConfigRetry=$(echo "${curResult}" | _egrep_o '"retry":.*' | cut -d ':' -f 2 | cut -d '"' -f 2 | cut -d ',' -f 1)
|
zoneConfigRetry=$(echo "${curResult}" | _hostingde_parse "retry")
|
||||||
zoneConfigTtl=$(echo "${curResult}" | _egrep_o '"ttl":.*' | cut -d ':' -f 2 | cut -d '"' -f 2 | cut -d ',' -f 1)
|
zoneConfigTtl=$(echo "${curResult}" | _hostingde_parse "ttl")
|
||||||
zoneConfigDnsServerGroupId=$(echo "${curResult}" | _egrep_o '"dnsServerGroupId":.*' | cut -d ':' -f 2 | cut -d '"' -f 2)
|
zoneConfigDnsServerGroupId=$(echo "${curResult}" | _hostingde_parse "dnsServerGroupId")
|
||||||
zoneConfigEmailAddress=$(echo "${curResult}" | _egrep_o '"emailAddress":.*' | cut -d ':' -f 2 | cut -d '"' -f 2)
|
zoneConfigEmailAddress=$(echo "${curResult}" | _hostingde_parse "emailAddress")
|
||||||
zoneConfigDnsSecMode=$(echo "${curResult}" | _egrep_o '"dnsSecMode":.*' | cut -d ':' -f 2 | cut -d '"' -f 2)
|
zoneConfigDnsSecMode=$(echo "${curResult}" | _hostingde_parse "dnsSecMode")
|
||||||
if [ "${zoneConfigType}" != "NATIVE" ]; then
|
if [ "${zoneConfigType}" != "\"NATIVE\"" ]; then
|
||||||
_err "Zone is not native"
|
_err "Zone is not native"
|
||||||
returnCode=1
|
returnCode=1
|
||||||
break
|
break
|
||||||
@ -89,11 +103,11 @@ _hostingde_getZoneConfig() {
|
|||||||
|
|
||||||
_hostingde_getZoneStatus() {
|
_hostingde_getZoneStatus() {
|
||||||
_debug "Checking Zone status"
|
_debug "Checking Zone status"
|
||||||
curData="{\"filter\":{\"field\":\"zoneConfigId\",\"value\":\"${zoneConfigId}\"},\"limit\":1,\"authToken\":\"${HOSTINGDE_APIKEY}\"}"
|
curData="{\"filter\":{\"field\":\"zoneConfigId\",\"value\":${zoneConfigId}},\"limit\":1,\"authToken\":\"${HOSTINGDE_APIKEY}\"}"
|
||||||
curResult="$(_post "${curData}" "${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zonesFind")"
|
curResult="$(_post "${curData}" "${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zonesFind")"
|
||||||
_debug "Calling zonesFind '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zonesFind'"
|
_debug "Calling zonesFind '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zonesFind'"
|
||||||
_debug "Result of zonesFind '$curResult'"
|
_debug "Result of zonesFind '$curResult'"
|
||||||
zoneStatus=$(echo "${curResult}" | grep -v success | _egrep_o '"status":.*' | cut -d ':' -f 2 | cut -d '"' -f 2)
|
zoneStatus=$(echo "${curResult}" | _hostingde_parse "status" "success")
|
||||||
_debug "zoneStatus '${zoneStatus}'"
|
_debug "zoneStatus '${zoneStatus}'"
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@ -102,12 +116,12 @@ _hostingde_addRecord() {
|
|||||||
_info "Adding record to zone"
|
_info "Adding record to zone"
|
||||||
_hostingde_getZoneStatus
|
_hostingde_getZoneStatus
|
||||||
_debug "Result of zoneStatus: '${zoneStatus}'"
|
_debug "Result of zoneStatus: '${zoneStatus}'"
|
||||||
while [ "${zoneStatus}" != "active" ]; do
|
while [ "${zoneStatus}" != "\"active\"" ]; do
|
||||||
_sleep 5
|
_sleep 5
|
||||||
_hostingde_getZoneStatus
|
_hostingde_getZoneStatus
|
||||||
_debug "Result of zoneStatus: '${zoneStatus}'"
|
_debug "Result of zoneStatus: '${zoneStatus}'"
|
||||||
done
|
done
|
||||||
curData="{\"authToken\":\"${HOSTINGDE_APIKEY}\",\"zoneConfig\":{\"id\":\"${zoneConfigId}\",\"name\":\"${zoneConfigName}\",\"type\":\"${zoneConfigType}\",\"dnsServerGroupId\":\"${zoneConfigDnsServerGroupId}\",\"dnsSecMode\":\"${zoneConfigDnsSecMode}\",\"emailAddress\":\"${zoneConfigEmailAddress}\",\"soaValues\":{\"expire\":${zoneConfigExpire},\"negativeTtl\":${zoneConfigNegativeTtl},\"refresh\":${zoneConfigRefresh},\"retry\":${zoneConfigRetry},\"ttl\":${zoneConfigTtl}}},\"recordsToAdd\":[{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"\\\"${txtvalue}\\\"\",\"ttl\":3600}]}"
|
curData="{\"authToken\":\"${HOSTINGDE_APIKEY}\",\"zoneConfig\":{\"id\":${zoneConfigId},\"name\":${zoneConfigName},\"type\":${zoneConfigType},\"dnsServerGroupId\":${zoneConfigDnsServerGroupId},\"dnsSecMode\":${zoneConfigDnsSecMode},\"emailAddress\":${zoneConfigEmailAddress},\"soaValues\":{\"expire\":${zoneConfigExpire},\"negativeTtl\":${zoneConfigNegativeTtl},\"refresh\":${zoneConfigRefresh},\"retry\":${zoneConfigRetry},\"ttl\":${zoneConfigTtl}}},\"recordsToAdd\":[{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"\\\"${txtvalue}\\\"\",\"ttl\":3600}]}"
|
||||||
curResult="$(_post "${curData}" "${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate")"
|
curResult="$(_post "${curData}" "${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate")"
|
||||||
_debug "Calling zoneUpdate: '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate'"
|
_debug "Calling zoneUpdate: '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate'"
|
||||||
_debug "Result of zoneUpdate: '$curResult'"
|
_debug "Result of zoneUpdate: '$curResult'"
|
||||||
@ -126,12 +140,12 @@ _hostingde_removeRecord() {
|
|||||||
_info "Removing record from zone"
|
_info "Removing record from zone"
|
||||||
_hostingde_getZoneStatus
|
_hostingde_getZoneStatus
|
||||||
_debug "Result of zoneStatus: '$zoneStatus'"
|
_debug "Result of zoneStatus: '$zoneStatus'"
|
||||||
while [ "$zoneStatus" != "active" ]; do
|
while [ "$zoneStatus" != "\"active\"" ]; do
|
||||||
_sleep 5
|
_sleep 5
|
||||||
_hostingde_getZoneStatus
|
_hostingde_getZoneStatus
|
||||||
_debug "Result of zoneStatus: '$zoneStatus'"
|
_debug "Result of zoneStatus: '$zoneStatus'"
|
||||||
done
|
done
|
||||||
curData="{\"authToken\":\"${HOSTINGDE_APIKEY}\",\"zoneConfig\":{\"id\":\"${zoneConfigId}\",\"name\":\"${zoneConfigName}\",\"type\":\"${zoneConfigType}\",\"dnsServerGroupId\":\"${zoneConfigDnsServerGroupId}\",\"dnsSecMode\":\"${zoneConfigDnsSecMode}\",\"emailAddress\":\"${zoneConfigEmailAddress}\",\"soaValues\":{\"expire\":${zoneConfigExpire},\"negativeTtl\":${zoneConfigNegativeTtl},\"refresh\":${zoneConfigRefresh},\"retry\":${zoneConfigRetry},\"ttl\":${zoneConfigTtl}}},\"recordsToDelete\":[{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"\\\"${txtvalue}\\\"\"}]}"
|
curData="{\"authToken\":\"${HOSTINGDE_APIKEY}\",\"zoneConfig\":{\"id\":${zoneConfigId},\"name\":${zoneConfigName},\"type\":${zoneConfigType},\"dnsServerGroupId\":${zoneConfigDnsServerGroupId},\"dnsSecMode\":${zoneConfigDnsSecMode},\"emailAddress\":${zoneConfigEmailAddress},\"soaValues\":{\"expire\":${zoneConfigExpire},\"negativeTtl\":${zoneConfigNegativeTtl},\"refresh\":${zoneConfigRefresh},\"retry\":${zoneConfigRetry},\"ttl\":${zoneConfigTtl}}},\"recordsToDelete\":[{\"name\":\"${fulldomain}\",\"type\":\"TXT\",\"content\":\"\\\"${txtvalue}\\\"\"}]}"
|
||||||
curResult="$(_post "${curData}" "${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate")"
|
curResult="$(_post "${curData}" "${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate")"
|
||||||
_debug "Calling zoneUpdate: '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate'"
|
_debug "Calling zoneUpdate: '${curData}' '${HOSTINGDE_ENDPOINT}/api/dns/v1/json/zoneUpdate'"
|
||||||
_debug "Result of zoneUpdate: '$curResult'"
|
_debug "Result of zoneUpdate: '$curResult'"
|
||||||
|
@ -46,7 +46,7 @@ dns_nsone_add() {
|
|||||||
if [ "$count" = "0" ]; then
|
if [ "$count" = "0" ]; then
|
||||||
_info "Adding record"
|
_info "Adding record"
|
||||||
|
|
||||||
if _nsone_rest PUT "zones/$_domain/$fulldomain/TXT" "{\"answers\":[{\"answer\":[\"$txtvalue\"]}],\"type\":\"TXT\",\"domain\":\"$fulldomain\",\"zone\":\"$_domain\"}"; then
|
if _nsone_rest PUT "zones/$_domain/$fulldomain/TXT" "{\"answers\":[{\"answer\":[\"$txtvalue\"]}],\"type\":\"TXT\",\"domain\":\"$fulldomain\",\"zone\":\"$_domain\",\"ttl\":0}"; then
|
||||||
if _contains "$response" "$fulldomain"; then
|
if _contains "$response" "$fulldomain"; then
|
||||||
_info "Added"
|
_info "Added"
|
||||||
#todo: check if the record takes effect
|
#todo: check if the record takes effect
|
||||||
@ -62,7 +62,7 @@ dns_nsone_add() {
|
|||||||
prev_txt=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain\",\"short_answers\":\[\"[^,]*\]" | _head_n 1 | cut -d: -f3 | cut -d, -f1)
|
prev_txt=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain\",\"short_answers\":\[\"[^,]*\]" | _head_n 1 | cut -d: -f3 | cut -d, -f1)
|
||||||
_debug "prev_txt" "$prev_txt"
|
_debug "prev_txt" "$prev_txt"
|
||||||
|
|
||||||
_nsone_rest POST "zones/$_domain/$fulldomain/TXT" "{\"answers\": [{\"answer\": [\"$txtvalue\"]},{\"answer\": $prev_txt}],\"type\": \"TXT\",\"domain\":\"$fulldomain\",\"zone\": \"$_domain\"}"
|
_nsone_rest POST "zones/$_domain/$fulldomain/TXT" "{\"answers\": [{\"answer\": [\"$txtvalue\"]},{\"answer\": $prev_txt}],\"type\": \"TXT\",\"domain\":\"$fulldomain\",\"zone\": \"$_domain\",\"ttl\":0}"
|
||||||
if [ "$?" = "0" ] && _contains "$response" "$fulldomain"; then
|
if [ "$?" = "0" ] && _contains "$response" "$fulldomain"; then
|
||||||
_info "Updated!"
|
_info "Updated!"
|
||||||
#todo: check if the record takes effect
|
#todo: check if the record takes effect
|
||||||
|
211
dnsapi/dns_nw.sh
Normal file
211
dnsapi/dns_nw.sh
Normal file
@ -0,0 +1,211 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
########################################################################
|
||||||
|
# NocWorx script for acme.sh
|
||||||
|
#
|
||||||
|
# Handles DNS Updates for the Following vendors:
|
||||||
|
# - Nexcess.net
|
||||||
|
# - Thermo.io
|
||||||
|
# - Futurehosting.com
|
||||||
|
#
|
||||||
|
# Environment variables:
|
||||||
|
#
|
||||||
|
# - NW_API_TOKEN (Your API Token)
|
||||||
|
# - NW_API_ENDPOINT (One of the following listed below)
|
||||||
|
#
|
||||||
|
# Endpoints:
|
||||||
|
# - https://portal.nexcess.net (default)
|
||||||
|
# - https://core.thermo.io
|
||||||
|
# - https://my.futurehosting.com
|
||||||
|
#
|
||||||
|
# Note: If you do not have an API token, one can be generated at one
|
||||||
|
# of the following URLs:
|
||||||
|
# - https://portal.nexcess.net/api-token
|
||||||
|
# - https://core.thermo.io/api-token
|
||||||
|
# - https://my.futurehosting.com/api-token
|
||||||
|
#
|
||||||
|
# Author: Frank Laszlo <flaszlo@nexcess.net>
|
||||||
|
|
||||||
|
NW_API_VERSION="0"
|
||||||
|
|
||||||
|
# dns_nw_add() - Add TXT record
|
||||||
|
# Usage: dns_nw_add _acme-challenge.subdomain.domain.com "XyZ123..."
|
||||||
|
dns_nw_add() {
|
||||||
|
host="${1}"
|
||||||
|
txtvalue="${2}"
|
||||||
|
|
||||||
|
_debug host "${host}"
|
||||||
|
_debug txtvalue "${txtvalue}"
|
||||||
|
|
||||||
|
if ! _check_nw_api_creds; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_info "Using NocWorx (${NW_API_ENDPOINT})"
|
||||||
|
_debug "Calling: dns_nw_add() '${host}' '${txtvalue}'"
|
||||||
|
|
||||||
|
_debug "Detecting root zone"
|
||||||
|
if ! _get_root "${host}"; then
|
||||||
|
_err "Zone for domain does not exist."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug _zone_id "${_zone_id}"
|
||||||
|
_debug _sub_domain "${_sub_domain}"
|
||||||
|
_debug _domain "${_domain}"
|
||||||
|
|
||||||
|
_post_data="{\"zone_id\": \"${_zone_id}\", \"type\": \"TXT\", \"host\": \"${host}\", \"target\": \"${txtvalue}\", \"ttl\": \"300\"}"
|
||||||
|
|
||||||
|
if _rest POST "dns-record" "${_post_data}" && [ -n "${response}" ]; then
|
||||||
|
_record_id=$(printf "%s\n" "${response}" | _egrep_o "\"record_id\": *[0-9]+" | cut -d : -f 2 | tr -d " " | _head_n 1)
|
||||||
|
_debug _record_id "${_record_id}"
|
||||||
|
|
||||||
|
if [ -z "$_record_id" ]; then
|
||||||
|
_err "Error adding the TXT record."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_info "TXT record successfully added."
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# dns_nw_rm() - Remove TXT record
|
||||||
|
# Usage: dns_nw_rm _acme-challenge.subdomain.domain.com "XyZ123..."
|
||||||
|
dns_nw_rm() {
|
||||||
|
host="${1}"
|
||||||
|
txtvalue="${2}"
|
||||||
|
|
||||||
|
_debug host "${host}"
|
||||||
|
_debug txtvalue "${txtvalue}"
|
||||||
|
|
||||||
|
if ! _check_nw_api_creds; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_info "Using NocWorx (${NW_API_ENDPOINT})"
|
||||||
|
_debug "Calling: dns_nw_rm() '${host}'"
|
||||||
|
|
||||||
|
_debug "Detecting root zone"
|
||||||
|
if ! _get_root "${host}"; then
|
||||||
|
_err "Zone for domain does not exist."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug _zone_id "${_zone_id}"
|
||||||
|
_debug _sub_domain "${_sub_domain}"
|
||||||
|
_debug _domain "${_domain}"
|
||||||
|
|
||||||
|
_parameters="?zone_id=${_zone_id}"
|
||||||
|
|
||||||
|
if _rest GET "dns-record" "${_parameters}" && [ -n "${response}" ]; then
|
||||||
|
response="$(echo "${response}" | tr -d "\n" | sed 's/^\[\(.*\)\]$/\1/' | sed -e 's/{"record_id":/|"record_id":/g' | sed 's/|/&{/g' | tr "|" "\n")"
|
||||||
|
_debug response "${response}"
|
||||||
|
|
||||||
|
record="$(echo "${response}" | _egrep_o "{.*\"host\": *\"${_sub_domain}\", *\"target\": *\"${txtvalue}\".*}")"
|
||||||
|
_debug record "${record}"
|
||||||
|
|
||||||
|
if [ "${record}" ]; then
|
||||||
|
_record_id=$(printf "%s\n" "${record}" | _egrep_o "\"record_id\": *[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ )
|
||||||
|
if [ "${_record_id}" ]; then
|
||||||
|
_debug _record_id "${_record_id}"
|
||||||
|
|
||||||
|
_rest DELETE "dns-record/${_record_id}"
|
||||||
|
|
||||||
|
_info "TXT record successfully deleted."
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
_check_nw_api_creds() {
|
||||||
|
NW_API_TOKEN="${NW_API_TOKEN:-$(_readaccountconf_mutable NW_API_TOKEN)}"
|
||||||
|
NW_API_ENDPOINT="${NW_API_ENDPOINT:-$(_readaccountconf_mutable NW_API_ENDPOINT)}"
|
||||||
|
|
||||||
|
if [ -z "${NW_API_ENDPOINT}" ]; then
|
||||||
|
NW_API_ENDPOINT="https://portal.nexcess.net"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${NW_API_TOKEN}" ]; then
|
||||||
|
_err "You have not defined your NW_API_TOKEN."
|
||||||
|
_err "Please create your token and try again."
|
||||||
|
_err "If you need to generate a new token, please visit one of the following URLs:"
|
||||||
|
_err " - https://portal.nexcess.net/api-token"
|
||||||
|
_err " - https://core.thermo.io/api-token"
|
||||||
|
_err " - https://my.futurehosting.com/api-token"
|
||||||
|
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_saveaccountconf_mutable NW_API_TOKEN "${NW_API_TOKEN}"
|
||||||
|
_saveaccountconf_mutable NW_API_ENDPOINT "${NW_API_ENDPOINT}"
|
||||||
|
}
|
||||||
|
|
||||||
|
_get_root() {
|
||||||
|
domain="${1}"
|
||||||
|
i=2
|
||||||
|
p=1
|
||||||
|
|
||||||
|
if _rest GET "dns-zone"; then
|
||||||
|
response="$(echo "${response}" | tr -d "\n" | sed 's/^\[\(.*\)\]$/\1/' | sed -e 's/{"zone_id":/|"zone_id":/g' | sed 's/|/&{/g' | tr "|" "\n")"
|
||||||
|
|
||||||
|
_debug response "${response}"
|
||||||
|
while true; do
|
||||||
|
h=$(printf "%s" "${domain}" | cut -d . -f $i-100)
|
||||||
|
_debug h "${h}"
|
||||||
|
if [ -z "${h}" ]; then
|
||||||
|
#not valid
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
hostedzone="$(echo "${response}" | _egrep_o "{.*\"domain\": *\"${h}\".*}")"
|
||||||
|
if [ "${hostedzone}" ]; then
|
||||||
|
_zone_id=$(printf "%s\n" "${hostedzone}" | _egrep_o "\"zone_id\": *[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ )
|
||||||
|
if [ "${_zone_id}" ]; then
|
||||||
|
_sub_domain=$(printf "%s" "${domain}" | cut -d . -f 1-${p})
|
||||||
|
_domain="${h}"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
p=$i
|
||||||
|
i=$(_math "${i}" + 1)
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
_rest() {
|
||||||
|
method="${1}"
|
||||||
|
ep="/${2}"
|
||||||
|
data="${3}"
|
||||||
|
|
||||||
|
_debug method "${method}"
|
||||||
|
_debug ep "${ep}"
|
||||||
|
|
||||||
|
export _H1="Accept: application/json"
|
||||||
|
export _H2="Content-Type: application/json"
|
||||||
|
export _H3="Api-Version: ${NW_API_VERSION}"
|
||||||
|
export _H4="User-Agent: NW-ACME-CLIENT"
|
||||||
|
export _H5="Authorization: Bearer ${NW_API_TOKEN}"
|
||||||
|
|
||||||
|
if [ "${method}" != "GET" ]; then
|
||||||
|
_debug data "${data}"
|
||||||
|
response="$(_post "${data}" "${NW_API_ENDPOINT}${ep}" "" "${method}")"
|
||||||
|
else
|
||||||
|
response="$(_get "${NW_API_ENDPOINT}${ep}${data}")"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "${?}" != "0" ]; then
|
||||||
|
_err "error ${ep}"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug2 response "${response}"
|
||||||
|
return 0
|
||||||
|
}
|
217
dnsapi/dns_online.sh
Executable file
217
dnsapi/dns_online.sh
Executable file
@ -0,0 +1,217 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
|
# Online API
|
||||||
|
# https://console.online.net/en/api/
|
||||||
|
#
|
||||||
|
# Requires Online API key set in ONLINE_API_KEY
|
||||||
|
|
||||||
|
######## Public functions #####################
|
||||||
|
|
||||||
|
ONLINE_API="https://api.online.net/api/v1"
|
||||||
|
|
||||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||||
|
dns_online_add() {
|
||||||
|
fulldomain=$1
|
||||||
|
txtvalue=$2
|
||||||
|
|
||||||
|
if ! _online_check_config; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_debug "First detect the root zone"
|
||||||
|
if ! _get_root "$fulldomain"; then
|
||||||
|
_err "invalid domain"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_debug _sub_domain "$_sub_domain"
|
||||||
|
_debug _domain "$_domain"
|
||||||
|
_debug _real_dns_version "$_real_dns_version"
|
||||||
|
|
||||||
|
_info "Creating temporary zone version"
|
||||||
|
_online_create_temporary_zone_version
|
||||||
|
_info "Enabling temporary zone version"
|
||||||
|
_online_enable_zone "$_temporary_dns_version"
|
||||||
|
|
||||||
|
_info "Adding record"
|
||||||
|
_online_create_TXT_record "$_real_dns_version" "$_sub_domain" "$txtvalue"
|
||||||
|
_info "Disabling temporary version"
|
||||||
|
_online_enable_zone "$_real_dns_version"
|
||||||
|
_info "Destroying temporary version"
|
||||||
|
_online_destroy_zone "$_temporary_dns_version"
|
||||||
|
|
||||||
|
_info "Record added."
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
#fulldomain
|
||||||
|
dns_online_rm() {
|
||||||
|
fulldomain=$1
|
||||||
|
txtvalue=$2
|
||||||
|
|
||||||
|
if ! _online_check_config; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_debug "First detect the root zone"
|
||||||
|
if ! _get_root "$fulldomain"; then
|
||||||
|
_err "invalid domain"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_debug _sub_domain "$_sub_domain"
|
||||||
|
_debug _domain "$_domain"
|
||||||
|
_debug _real_dns_version "$_real_dns_version"
|
||||||
|
|
||||||
|
_debug "Getting txt records"
|
||||||
|
if ! _online_rest GET "domain/$_domain/version/active"; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
rid=$(echo "$response" | _egrep_o "\"id\":[0-9]+,\"name\":\"$_sub_domain\",\"data\":\"\\\u0022$txtvalue\\\u0022\"" | cut -d ':' -f 2 | cut -d ',' -f 1)
|
||||||
|
_debug rid "$rid"
|
||||||
|
if [ -z "$rid" ]; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_info "Creating temporary zone version"
|
||||||
|
_online_create_temporary_zone_version
|
||||||
|
_info "Enabling temporary zone version"
|
||||||
|
_online_enable_zone "$_temporary_dns_version"
|
||||||
|
|
||||||
|
_info "Removing DNS record"
|
||||||
|
_online_rest DELETE "domain/$_domain/version/$_real_dns_version/zone/$rid"
|
||||||
|
_info "Disabling temporary version"
|
||||||
|
_online_enable_zone "$_real_dns_version"
|
||||||
|
_info "Destroying temporary version"
|
||||||
|
_online_destroy_zone "$_temporary_dns_version"
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
#################### Private functions below ##################################
|
||||||
|
|
||||||
|
_online_check_config() {
|
||||||
|
ONLINE_API_KEY="${ONLINE_API_KEY:-$(_readaccountconf_mutable ONLINE_API_KEY)}"
|
||||||
|
if [ -z "$ONLINE_API_KEY" ]; then
|
||||||
|
_err "No API key specified for Online API."
|
||||||
|
_err "Create your key and export it as ONLINE_API_KEY"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
if ! _online_rest GET "domain/"; then
|
||||||
|
_err "Invalid API key specified for Online API."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_saveaccountconf_mutable ONLINE_API_KEY "$ONLINE_API_KEY"
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
#_acme-challenge.www.domain.com
|
||||||
|
#returns
|
||||||
|
# _sub_domain=_acme-challenge.www
|
||||||
|
# _domain=domain.com
|
||||||
|
_get_root() {
|
||||||
|
domain=$1
|
||||||
|
i=2
|
||||||
|
p=1
|
||||||
|
while true; do
|
||||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||||
|
if [ -z "$h" ]; then
|
||||||
|
#not valid
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_online_rest GET "domain/$h/version/active"
|
||||||
|
|
||||||
|
if ! _contains "$response" "Domain not found" >/dev/null; then
|
||||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||||
|
_domain="$h"
|
||||||
|
_real_dns_version=$(echo "$response" | _egrep_o '"uuid_ref":.*' | cut -d ':' -f 2 | cut -d '"' -f 2)
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
p=$i
|
||||||
|
i=$(_math "$i" + 1)
|
||||||
|
done
|
||||||
|
_err "Unable to retrive DNS zone matching this domain"
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# this function create a temporary zone version
|
||||||
|
# as online.net does not allow updating an active version
|
||||||
|
_online_create_temporary_zone_version() {
|
||||||
|
|
||||||
|
_online_rest POST "domain/$_domain/version" "name=acme.sh"
|
||||||
|
if [ "$?" != "0" ]; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
_temporary_dns_version=$(echo "$response" | _egrep_o '"uuid_ref":.*' | cut -d ':' -f 2 | cut -d '"' -f 2)
|
||||||
|
|
||||||
|
# Creating a dummy record in this temporary version, because online.net doesn't accept enabling an empty version
|
||||||
|
_online_create_TXT_record "$_temporary_dns_version" "dummy.acme.sh" "dummy"
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
_online_destroy_zone() {
|
||||||
|
version_id=$1
|
||||||
|
_online_rest DELETE "domain/$_domain/version/$version_id"
|
||||||
|
|
||||||
|
if [ "$?" != "0" ]; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
_online_enable_zone() {
|
||||||
|
version_id=$1
|
||||||
|
_online_rest PATCH "domain/$_domain/version/$version_id/enable"
|
||||||
|
|
||||||
|
if [ "$?" != "0" ]; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
_online_create_TXT_record() {
|
||||||
|
version=$1
|
||||||
|
txt_name=$2
|
||||||
|
txt_value=$3
|
||||||
|
|
||||||
|
_online_rest POST "domain/$_domain/version/$version/zone" "type=TXT&name=$txt_name&data=%22$txt_value%22&ttl=60&priority=0"
|
||||||
|
|
||||||
|
# Note : the normal, expected response SHOULD be "Unknown method".
|
||||||
|
# this happens because the API HTTP response contains a Location: header, that redirect
|
||||||
|
# to an unknown online.net endpoint.
|
||||||
|
if [ "$?" != "0" ] || _contains "$response" "Unknown method" || _contains "$response" "\$ref"; then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
_err "error $response"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
_online_rest() {
|
||||||
|
m=$1
|
||||||
|
ep="$2"
|
||||||
|
data="$3"
|
||||||
|
_debug "$ep"
|
||||||
|
_online_url="$ONLINE_API/$ep"
|
||||||
|
_debug2 _online_url "$_online_url"
|
||||||
|
export _H1="Authorization: Bearer $ONLINE_API_KEY"
|
||||||
|
export _H2="X-Pretty-JSON: 1"
|
||||||
|
if [ "$data" ] || [ "$m" != "GET" ]; then
|
||||||
|
_debug data "$data"
|
||||||
|
response="$(_post "$data" "$_online_url" "" "$m")"
|
||||||
|
else
|
||||||
|
response="$(_get "$_online_url")"
|
||||||
|
fi
|
||||||
|
if [ "$?" != "0" ] || _contains "$response" "invalid_grant" || _contains "$response" "Method not allowed"; then
|
||||||
|
_err "error $response"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug2 response "$response"
|
||||||
|
return 0
|
||||||
|
}
|
207
dnsapi/dns_rackspace.sh
Normal file
207
dnsapi/dns_rackspace.sh
Normal file
@ -0,0 +1,207 @@
|
|||||||
|
#!/usr/bin/env sh
|
||||||
|
#
|
||||||
|
#
|
||||||
|
#RACKSPACE_Username=""
|
||||||
|
#
|
||||||
|
#RACKSPACE_Apikey=""
|
||||||
|
|
||||||
|
RACKSPACE_Endpoint="https://dns.api.rackspacecloud.com/v1.0"
|
||||||
|
|
||||||
|
# 20190213 - The name & id fields swapped in the API response; fix sed
|
||||||
|
# 20190101 - Duplicating file for new pull request to dev branch
|
||||||
|
# Original - tcocca:rackspace_dnsapi https://github.com/Neilpang/acme.sh/pull/1297
|
||||||
|
|
||||||
|
######## Public functions #####################
|
||||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
|
||||||
|
dns_rackspace_add() {
|
||||||
|
fulldomain="$1"
|
||||||
|
_debug fulldomain="$fulldomain"
|
||||||
|
txtvalue="$2"
|
||||||
|
_debug txtvalue="$txtvalue"
|
||||||
|
_rackspace_check_auth || return 1
|
||||||
|
_rackspace_check_rootzone || return 1
|
||||||
|
_info "Creating TXT record."
|
||||||
|
if ! _rackspace_rest POST "$RACKSPACE_Tenant/domains/$_domain_id/records" "{\"records\":[{\"name\":\"$fulldomain\",\"type\":\"TXT\",\"data\":\"$txtvalue\",\"ttl\":300}]}"; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug2 response "$response"
|
||||||
|
if ! _contains "$response" "$txtvalue" >/dev/null; then
|
||||||
|
_err "Could not add TXT record."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
#fulldomain txtvalue
|
||||||
|
dns_rackspace_rm() {
|
||||||
|
fulldomain=$1
|
||||||
|
_debug fulldomain="$fulldomain"
|
||||||
|
txtvalue=$2
|
||||||
|
_debug txtvalue="$txtvalue"
|
||||||
|
_rackspace_check_auth || return 1
|
||||||
|
_rackspace_check_rootzone || return 1
|
||||||
|
_info "Checking for TXT record."
|
||||||
|
if ! _get_recordid "$_domain_id" "$fulldomain" "$txtvalue"; then
|
||||||
|
_err "Could not get TXT record id."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
if [ "$_dns_record_id" = "" ]; then
|
||||||
|
_err "TXT record not found."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_info "Removing TXT record."
|
||||||
|
if ! _delete_txt_record "$_domain_id" "$_dns_record_id"; then
|
||||||
|
_err "Could not remove TXT record $_dns_record_id."
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
#################### Private functions below ##################################
|
||||||
|
#_acme-challenge.www.domain.com
|
||||||
|
#returns
|
||||||
|
# _sub_domain=_acme-challenge.www
|
||||||
|
# _domain=domain.com
|
||||||
|
# _domain_id=sdjkglgdfewsdfg
|
||||||
|
_get_root_zone() {
|
||||||
|
domain="$1"
|
||||||
|
i=2
|
||||||
|
p=1
|
||||||
|
while true; do
|
||||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
|
||||||
|
_debug h "$h"
|
||||||
|
if [ -z "$h" ]; then
|
||||||
|
#not valid
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
if ! _rackspace_rest GET "$RACKSPACE_Tenant/domains"; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug2 response "$response"
|
||||||
|
if _contains "$response" "\"name\":\"$h\"" >/dev/null; then
|
||||||
|
# Response looks like:
|
||||||
|
# {"ttl":300,"accountId":12345,"id":1111111,"name":"example.com","emailAddress": ...<and so on>
|
||||||
|
_domain_id=$(echo "$response" | sed -n "s/^.*\"id\":\([^,]*\),\"name\":\"$h\",.*/\1/p")
|
||||||
|
_debug2 domain_id "$_domain_id"
|
||||||
|
if [ -n "$_domain_id" ]; then
|
||||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
|
||||||
|
_domain=$h
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
p=$i
|
||||||
|
i=$(_math "$i" + 1)
|
||||||
|
done
|
||||||
|
return 1
|
||||||
|
}
|
||||||
|
|
||||||
|
_get_recordid() {
|
||||||
|
domainid="$1"
|
||||||
|
fulldomain="$2"
|
||||||
|
txtvalue="$3"
|
||||||
|
if ! _rackspace_rest GET "$RACKSPACE_Tenant/domains/$domainid/records?name=$fulldomain&type=TXT"; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug response "$response"
|
||||||
|
if ! _contains "$response" "$txtvalue"; then
|
||||||
|
_dns_record_id=0
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
_dns_record_id=$(echo "$response" | tr '{' "\n" | grep "\"data\":\"$txtvalue\"" | sed -n 's/^.*"id":"\([^"]*\)".*/\1/p')
|
||||||
|
_debug _dns_record_id "$_dns_record_id"
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
_delete_txt_record() {
|
||||||
|
domainid="$1"
|
||||||
|
_dns_record_id="$2"
|
||||||
|
if ! _rackspace_rest DELETE "$RACKSPACE_Tenant/domains/$domainid/records?id=$_dns_record_id"; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug response "$response"
|
||||||
|
if ! _contains "$response" "RUNNING"; then
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
_rackspace_rest() {
|
||||||
|
m="$1"
|
||||||
|
ep="$2"
|
||||||
|
data="$3"
|
||||||
|
_debug ep "$ep"
|
||||||
|
export _H1="Accept: application/json"
|
||||||
|
export _H2="X-Auth-Token: $RACKSPACE_Token"
|
||||||
|
export _H3="X-Project-Id: $RACKSPACE_Tenant"
|
||||||
|
export _H4="Content-Type: application/json"
|
||||||
|
if [ "$m" != "GET" ]; then
|
||||||
|
_debug data "$data"
|
||||||
|
response="$(_post "$data" "$RACKSPACE_Endpoint/$ep" "" "$m")"
|
||||||
|
retcode=$?
|
||||||
|
else
|
||||||
|
_info "Getting $RACKSPACE_Endpoint/$ep"
|
||||||
|
response="$(_get "$RACKSPACE_Endpoint/$ep")"
|
||||||
|
retcode=$?
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$retcode" != "0" ]; then
|
||||||
|
_err "error $ep"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug2 response "$response"
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
_rackspace_authorization() {
|
||||||
|
export _H1="Content-Type: application/json"
|
||||||
|
data="{\"auth\":{\"RAX-KSKEY:apiKeyCredentials\":{\"username\":\"$RACKSPACE_Username\",\"apiKey\":\"$RACKSPACE_Apikey\"}}}"
|
||||||
|
_debug data "$data"
|
||||||
|
response="$(_post "$data" "https://identity.api.rackspacecloud.com/v2.0/tokens" "" "POST")"
|
||||||
|
retcode=$?
|
||||||
|
_debug2 response "$response"
|
||||||
|
if [ "$retcode" != "0" ]; then
|
||||||
|
_err "Authentication failed."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
if _contains "$response" "token"; then
|
||||||
|
RACKSPACE_Token="$(echo "$response" | _normalizeJson | sed -n 's/^.*"token":{.*,"id":"\([^"]*\)",".*/\1/p')"
|
||||||
|
RACKSPACE_Tenant="$(echo "$response" | _normalizeJson | sed -n 's/^.*"token":{.*,"id":"\([^"]*\)"}.*/\1/p')"
|
||||||
|
_debug RACKSPACE_Token "$RACKSPACE_Token"
|
||||||
|
_debug RACKSPACE_Tenant "$RACKSPACE_Tenant"
|
||||||
|
fi
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
_rackspace_check_auth() {
|
||||||
|
# retrieve the rackspace creds
|
||||||
|
RACKSPACE_Username="${RACKSPACE_Username:-$(_readaccountconf_mutable RACKSPACE_Username)}"
|
||||||
|
RACKSPACE_Apikey="${RACKSPACE_Apikey:-$(_readaccountconf_mutable RACKSPACE_Apikey)}"
|
||||||
|
# check their vals for null
|
||||||
|
if [ -z "$RACKSPACE_Username" ] || [ -z "$RACKSPACE_Apikey" ]; then
|
||||||
|
RACKSPACE_Username=""
|
||||||
|
RACKSPACE_Apikey=""
|
||||||
|
_err "You didn't specify a Rackspace username and api key."
|
||||||
|
_err "Please set those values and try again."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
# save the username and api key to the account conf file.
|
||||||
|
_saveaccountconf_mutable RACKSPACE_Username "$RACKSPACE_Username"
|
||||||
|
_saveaccountconf_mutable RACKSPACE_Apikey "$RACKSPACE_Apikey"
|
||||||
|
if [ -z "$RACKSPACE_Token" ]; then
|
||||||
|
_info "Getting authorization token."
|
||||||
|
if ! _rackspace_authorization; then
|
||||||
|
_err "Can not get token."
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
_rackspace_check_rootzone() {
|
||||||
|
_debug "First detect the root zone"
|
||||||
|
if ! _get_root_zone "$fulldomain"; then
|
||||||
|
_err "invalid domain"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
_debug _domain_id "$_domain_id"
|
||||||
|
_debug _sub_domain "$_sub_domain"
|
||||||
|
_debug _domain "$_domain"
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user