ervin/acme.sh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated dns_nsupdate to use multiple dns update keys

Browse Source
This commit is contained in:
Marcel Schuhbauer 2018-10-17 11:08:01 +02:00
parent c31db83b26
commit 3955feae6d
2 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
dnsapi/README.md
View File

@ -147,6 +147,14 @@ export NSUPDATE_SERVER="dns.example.com"
export NSUPDATE_KEY="/path/to/your/nsupdate.key" export NSUPDATE_KEY="/path/to/your/nsupdate.key"
``` ```
If you want to use multiple update keys you can create a keyfolder and tell acme.sh to use it.
Acme.sh then tries to use the key file `${NSUPDATE_KEYDIR}/example.com.key`. If there is none it falls back to the default `NSUPDATE_KEY`.
```
mkdir ~/.acme.sh/keys
export NSUPDATE_KEYDIR="~/.acme.sh/keys"
```
Ok, let's issue a cert now: Ok, let's issue a cert now:
``` ```
acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com

23
dnsapi/dns_nsupdate.sh
View File

@ -6,16 +6,23 @@
dns_nsupdate_add() { dns_nsupdate_add() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
_checkKeyFile || return 1 basedomain=$(echo "$fulldomain" | sed -e 's/^.*\.\(.*\..*\)$/\1/')
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost" [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
[ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53 [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
# save the dns server and key to the account conf file. [ -n "${NSUPDATE_KEYDIR}" ] || NSUPDATE_KEYDIR="${LE_WORKING_DIR}/keys"
# save the dns server, keydir and key to the account conf file.
_saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}" _saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}"
_saveaccountconf NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}" _saveaccountconf NSUPDATE_SERVER_PORT "${NSUPDATE_SERVER_PORT}"
_saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}" _saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}"
_saveaccountconf NSUPDATE_KEYDIR "${NSUPDATE_KEYDIR}"
if [ -r "${NSUPDATE_KEYDIR}/${basedomain}.key" ]; then
NSUPDATE_KEY="${NSUPDATE_KEYDIR}/${basedomain}.key"
_info "using non default key ${NSUPDATE_KEYDIR}/${basedomain}.key"
fi
_checkKeyFile || return 1
_info "adding ${fulldomain}. 60 in txt \"${txtvalue}\"" _info "adding ${fulldomain}. 60 in txt \"${txtvalue}\""
nsupdate -k "${NSUPDATE_KEY}" <<EOF nsupdate -k "${NSUPDATE_KEY}" <<EOF
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT} server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
update add ${fulldomain}. 60 in txt "${txtvalue}" update add ${fulldomain}. 60 in txt "${txtvalue}"
send send
EOF EOF
@ -30,12 +37,18 @@ EOF
#Usage: dns_nsupdate_rm _acme-challenge.www.domain.com #Usage: dns_nsupdate_rm _acme-challenge.www.domain.com
dns_nsupdate_rm() { dns_nsupdate_rm() {
fulldomain=$1 fulldomain=$1
_checkKeyFile || return 1 basedomain=$(echo "$fulldomain" | sed -e 's/^.*\.\(.*\..*\)$/\1/')
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost" [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost"
[ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53 [ -n "${NSUPDATE_SERVER_PORT}" ] || NSUPDATE_SERVER_PORT=53
[ -n "${NSUPDATE_KEYDIR}" ] || NSUPDATE_KEYDIR="${LE_WORKING_DIR}/keys"
if [ -r "${NSUPDATE_KEYDIR}/${basedomain}.key" ]; then
NSUPDATE_KEY="${NSUPDATE_KEYDIR}/${basedomain}.key"
_info "using non default key ${NSUPDATE_KEYDIR}/${basedomain}.key"
fi
_checkKeyFile || return 1
_info "removing ${fulldomain}. txt" _info "removing ${fulldomain}. txt"
nsupdate -k "${NSUPDATE_KEY}" <<EOF nsupdate -k "${NSUPDATE_KEY}" <<EOF
server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT} server ${NSUPDATE_SERVER} ${NSUPDATE_SERVER_PORT}
update delete ${fulldomain}. txt update delete ${fulldomain}. txt
send send
EOF EOF