Commit Graph

1469 Commits

Author SHA1 Message Date
Avi Miller
1d089d4541
fix: refactor the way the config is read from file and envvars
The plugin will use the following order of precedence:

environment value > file value > default value

See the wiki for details on environment variable names.

Signed-off-by: Avi Miller <avi.miller@oracle.com>
2021-06-20 17:00:53 +10:00
Avi Miller
7666022840
fix: revert _readini() function to be more generic
Also switched [::space::] with a literal space for better
cross-platform compatibility.

Signed-off-by: Avi Miller <avi.miller@oracle.com>
2021-06-20 13:12:14 +10:00
Avi Miller
946c8b498a
feat: enable automatic configuration from an OCI configuration file
The individual parameters can still be overridden via the
corresponding OCI_CLI environment variable.

Signed-off-by: Avi Miller <avi.miller@oracle.com>
2021-06-20 09:10:24 +10:00
Avi Miller
ed971df93a
fix: add missing else/return 1 to if block
Signed-off-by: Avi Miller <avi.miller@oracle.com>
2021-06-19 15:41:34 +10:00
Avi Miller
017a10189c
fix: switch to using functions instead of calling OpenSSL directly
Also reduced the number of environment variables which simplifies
the documentation and requirements. The variable names now match
those used by the OCI CLI.

Signed-off-by: Avi Miller <avi.miller@oracle.com>
2021-06-18 12:00:42 +10:00
Avi Miller
6f88c81616
Add DNS API plugin for Oracle Cloud Infrastructure DNS Service
This plugin is has noticeably more required fields than most
other plugins due to the requirement that all requests to
the OCI REST API must be cryptographically signed by the client
using the draft standard proposed in draft-cavage-http-signatures-08[1].

The OCI specific implementation details of the draft standard are
documented in the Developer Guide[2].

NOTE: there is maximum allowed clock skew of five minutes between the
client and the API endpoint. Requests will be denied if the skew is
greater.

This PR also includes a minor tweak to the Solaris job in the DNS
workflow so that it uses the pre-installed GNU tools, curl and OpenSSL 1.1.1.
Without these changes, the signature generation function does not
work on Solaris.

[1]: https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-08
[2]: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm#five

Signed-off-by: Avi Miller <avi.miller@oracle.com>
2021-06-05 21:55:40 +10:00
neil
d154118600 fix bug 2021-06-01 22:21:17 +08:00
neil
c2273d2c8e add debug info 2021-06-01 22:15:53 +08:00
neil
495ba01d8e
Merge pull request #3529 from Haarolean/bugfix/porkbun-fixes
Porkbun DNS API fixes
2021-06-01 21:29:14 +08:00
neil
9edda556de
Merge pull request #3530 from DerVerruckteFuchs/1984-login-fix
1984 login fix
2021-06-01 21:10:52 +08:00
Christophe B Billheimer
3891a52aeb change "$url" -> $url so the value of $url gets passed by reference, and the string "$url" does not erroneously get passed as a variable into _post() 2021-05-31 15:24:41 -04:00
Roman Zabaluev
1e5e3353f3 Fix porkbun issues
See gh-3450
2021-05-30 18:23:13 +03:00
neilpang
7909273a21 add debug info 2021-05-25 21:57:15 +08:00
neil
461f602992
Merge pull request #3505 from willbrowningme/patch-1
dnsapi/dns_desec.sh remove DEDYN_NAME variable
2021-05-08 21:12:56 +08:00
neilpang
46180435cc minor 2021-05-08 21:09:56 +08:00
Will Browning
c5557fc488
Remove DEDYN_NAME variable from dns_desec.sh 2021-05-06 16:51:43 +01:00
neil
509d3f6d30
Merge pull request #3392 from akulumbeg/dev
Adding DNSAPI wrapper for Websupport webhosting (Slovakia)
2021-04-19 09:46:33 +08:00
neil
c576af7c6f
Merge pull request #3460 from JaZo/feature/aurora
Add Aurora DNS API
2021-04-17 22:17:35 +08:00
neilpang
f3682f0e8e fix format 2021-04-17 22:09:59 +08:00
Jasper Zonneveld
1c58913eeb
Add Aurora DNS API 2021-04-15 08:59:16 +02:00
neilpang
cfbc294832 fix onecom api 2021-04-14 22:18:01 +08:00
neil
9ea1238e1b
Merge pull request #3445 from woutd/constellix-wildcard-support
Add wildcard certificate support for dns_constellix
2021-03-27 08:10:59 +08:00
wout
3bfcd18a03 Workaround for Solaris, as it does not support non-greedy regex 2021-03-24 13:56:14 +01:00
wout
6b7db22981 Catch the situation when the TXT record is updated with the same value 2021-03-24 09:01:54 +01:00
wout
8adb8a6986 While [0-9]+ is a bit more correct than [0-9]*, the former does not seem to work on Solaris. 2021-03-23 21:20:27 +01:00
Alexander Kulumbeg
051775b9b4
String update
Hopefully the last one
2021-03-21 16:25:04 +01:00
qkdreyer
4dd2027428 fix: prevent rate limit 2021-03-21 16:20:32 +01:00
Quentin Dreyer
42ab98b830 feat: add dns_porkbun 2021-03-21 16:20:32 +01:00
neil
2b2bce6457 fix format 2021-03-21 16:20:32 +01:00
anom-human
2cbf3f7e15 Update dns_servercow.sh to support wildcard certs
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
2021-03-21 16:20:32 +01:00
anom-human
923eece3f5 Update dns_servercow.sh to support wildcard certs
Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.
2021-03-21 16:20:32 +01:00
neilpang
d4fb313ff0 fix format 2021-03-21 16:20:32 +01:00
neilpang
7dce465c06 fix https://github.com/acmesh-official/acme.sh/issues/3019 2021-03-21 16:20:32 +01:00
Lukas Brocke
fd406af962 dnsapi/ionos: Use POST instead of PATCH for adding TXT record
The API now supports a POST route for adding records. Therefore
checking for already existing records and including them in a PATCH
request is no longer necessary.
2021-03-21 16:20:32 +01:00
Kristian Johansson
0fe3538331 Adds comment 2021-03-21 16:20:32 +01:00
Kristian Johansson
b0f5ad75ae Fixes response handling and thereby allow issuing of subdomain certs 2021-03-21 16:20:32 +01:00
czeming
d078ce794e Update dns_dp.sh
没有encode中文字符会导致提交失败
2021-03-21 16:20:32 +01:00
Easton Man
8fbec785e8 feat: add huaweicloud error handling 2021-03-21 16:20:32 +01:00
jerrm
b1988c7b67 duckdns - fix "integer expression expected" errors (#3397)
* fix "integer expression expected" errors

* duckdns fix

* Update dns_duckdns.sh

* Update dns_duckdns.sh
2021-03-21 16:20:32 +01:00
manuel
016dca654e dnsapi/pdns: also normalize json response in detecting root zone 2021-03-21 16:20:32 +01:00
Vahid Fardi
91a739af6e change name actor 2021-03-21 16:20:32 +01:00
Vahid Fardi
e232565971 change Author name 2021-03-21 16:20:32 +01:00
Vahid Fardi
472488ebe8 change arvan api script 2021-03-21 16:20:32 +01:00
Alexander Kulumbeg
8de3698b23 Revert "Syncing with the original repo (#2)"
This reverts commit c384ed960c.
2021-03-21 16:16:38 +01:00
Alexander Kulumbeg
c384ed960c
Syncing with the original repo (#2)
* change arvan api script

* change Author name

* change name actor

* Updated --preferred-chain to issue ISRG properly

To support different openssl crl2pkcs7 help cli format

* dnsapi/pdns: also normalize json response in detecting root zone

* Chain (#3408)

* fix https://github.com/acmesh-official/acme.sh/issues/3384
match the issuer to the root CA cert subject

* fix format

* fix https://github.com/acmesh-official/acme.sh/issues/3384

* remove the alt files. https://github.com/acmesh-official/acme.sh/issues/3384

* upgrade freebsd and solaris

* duckdns - fix "integer expression expected" errors (#3397)

* fix "integer expression expected" errors

* duckdns fix

* Update dns_duckdns.sh

* Update dns_duckdns.sh

* Implement smtp notify hook

Support notifications via direct SMTP server connection.
Uses Python (2.7.x or 3.4+) to communicate with SMTP server.

* Make shfmt happy

(I'm open to better ways of formatting the heredoc
that embeds the Python script.)

* Only save config if send is successful

* Add instructions for reporting bugs

* Prep for curl or Python; clean up SMTP_* variable usage

* Implement curl version of smtp notify-hook

* More than one blank line is an abomination, apparently

I will not try to use whitespace to group code visually

* Fix: Unifi deploy hook support Unifi Cloud Key (#3327)

* fix: unifi deploy hook also update Cloud Key nginx certs

When running on a Unifi Cloud Key device, also deploy to
/etc/ssl/private/cloudkey.{crt,key} and reload nginx. This
makes the new cert available for the Cloud Key management
app running via nginx on port 443 (as well as the port 8443
Unifi Controller app the deploy hook already supported).

Fixes #3326

* Improve settings documentation comments

* Improve Cloud Key pre-flight error messaging

* Fix typo

* Add support for UnifiOS (Cloud Key Gen2)

Since UnifiOS does not use the Java keystore (like a Unifi
Controller or Cloud Key Gen1 deploy), this also reworks
the settings validation and error messaging somewhat.

* PR review fixes

* Detect unsupported Cloud Key java keystore location

* Don't try to restart inactive services

(and remove extra spaces from reload command)

* Clean up error messages and internal variables

* Change to _getdeployconf/_savedeployconf

* Switch from cp to cat to preserve file permissions

* feat: add huaweicloud error handling

* fix: fix freebsd and solaris

* support openssl 3.0
fix https://github.com/acmesh-official/acme.sh/issues/3399

* make the fix for rsa key only

* Use PROJECT_NAME and VER for X-Mailer header

Also add X-Mailer header to Python version

* Add _clearaccountconf_mutable()

* Rework read/save config to not save default values

Add and use _readaccountconf_mutable_default and
_saveaccountconf_mutable_default helpers to capture
common default value handling.

New approach also eliminates need for separate
underscore-prefixed version of each conf var.

* Implement _rfc2822_date helper

* Clean email headers and warn on unsupported address format

Just in case, make sure CR or NL don't end up in
an email header.

* Clarify _readaccountconf_mutable_default

* Add Date email header in Python implementation

* Use email.policy.default in Python 3 implementation

Improves standards compatibility and utf-8 handling
in Python 3.3-3.8. (email.policy.default becomes the
default in Python 3.9.)

* Prefer Python to curl when both available

* Change default SMTP_SECURE to "tls"

Secure by default. Also try to minimize configuration errors.
(Many ESPs/ISPs require STARTTLS, and most support it.)

* Update dns_dp.sh

没有encode中文字符会导致提交失败

* No need to include EC parameters explicitly with the private key.
(they are embedded)

* Fixes response handling and thereby allow issuing of subdomain certs

* Adds comment

* fix https://github.com/acmesh-official/acme.sh/issues/3402

* dnsapi/ionos: Use POST instead of PATCH for adding TXT record

The API now supports a POST route for adding records. Therefore
checking for already existing records and including them in a PATCH
request is no longer necessary.

* fix https://github.com/acmesh-official/acme.sh/issues/3433

* fix https://github.com/acmesh-official/acme.sh/issues/3019

* fix format

* Update dns_servercow.sh to support wildcard certs

Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.

* Update dns_servercow.sh to support wildcard certs

Updated dns_servercow.sh to support txt records with multiple entries. This supports wildcard certificates that require txt records with the same name and different contents.

* fix https://github.com/acmesh-official/acme.sh/issues/3312

* fix format

* feat: add dns_porkbun

* fix: prevent rate limit

Co-authored-by: Vahid Fardi <vahid.fardi@snapp.cab>
Co-authored-by: neil <github@neilpang.com>
Co-authored-by: Gnought <1684105+gnought@users.noreply.github.com>
Co-authored-by: manuel <manuel@mausz.at>
Co-authored-by: jerrm <jerrm@users.noreply.github.com>
Co-authored-by: medmunds <medmunds@gmail.com>
Co-authored-by: Mike Edmunds <github@to.mikeedmunds.com>
Co-authored-by: Easton Man <manyang.me@outlook.com>
Co-authored-by: czeming <loser_wind@163.com>
Co-authored-by: Geert Hendrickx <geert@hendrickx.be>
Co-authored-by: Kristian Johansson <kristian.johansson86@gmail.com>
Co-authored-by: Lukas Brocke <lukas@brocke.net>
Co-authored-by: anom-human <80478363+anom-human@users.noreply.github.com>
Co-authored-by: neil <win10@neilpang.com>
Co-authored-by: Quentin Dreyer <quentin.dreyer@rgsystem.com>
2021-03-20 16:01:09 +01:00
Alexander Kulumbeg
2386d2e299
String change 2021-03-20 15:26:32 +01:00
qkdreyer
2e34e11b02 fix: prevent rate limit 2021-03-13 14:53:43 +01:00
Quentin Dreyer
8eda5f36fb feat: add dns_porkbun 2021-03-13 14:25:05 +01:00
neil
3dbe5d872b fix format 2021-03-13 20:46:12 +08:00
neil
f594ed659e
Merge pull request #3449 from anom-human/master
Update dns_servercow.sh to support wildcard certs
2021-03-13 20:42:12 +08:00