ervin/acme.sh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #1 from acmesh-official/master

Browse Source 
fetch
This commit is contained in:
flywithu 2020-09-12 17:16:49 +09:00 committed by GitHub
commit 6a7ad0f901
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 567 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
.github/workflows/LetsEncrypt.yml vendored Normal file
View File

@ -0,0 +1,99 @@
name: LetsEncrypt
on:
push:
branches:
- '*'
paths:
- '**.sh'
- '**.yml'
pull_request:
branches:
- dev
paths:
- '**.sh'
- '**.yml'
jobs:
CheckToken:
runs-on: ubuntu-latest
outputs:
hasToken: ${{ steps.step_one.outputs.hasToken }}
env:
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
steps:
- name: Set the value
id: step_one
run: |
if [ "$NGROK_TOKEN" ] ; then
echo "::set-output name=hasToken::true"
else
echo "::set-output name=hasToken::false"
fi
- name: Check the value
run: echo ${{ steps.step_one.outputs.hasToken }}
Ubuntu:
runs-on: ubuntu-latest
needs: CheckToken
if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
env:
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
TEST_LOCAL: 1
steps:
- uses: actions/checkout@v2
- name: Install tools
run: sudo apt-get install -y socat
- name: Clone acmetest
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest
run: cd ../acmetest && sudo --preserve-env ./letest.sh
MacOS:
runs-on: macos-latest
needs: Ubuntu
env:
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
TEST_LOCAL: 1
steps:
- uses: actions/checkout@v2
- name: Install tools
run: brew update && brew install socat;
- name: Clone acmetest
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest
run: cd ../acmetest && sudo --preserve-env ./letest.sh
Windows:
runs-on: windows-latest
needs: MacOS
env:
NGROK_TOKEN : ${{ secrets.NGROK_TOKEN }}
TEST_LOCAL: 1
#The 80 port is used by Windows server, we have to use a custom port, ngrok will also use this port.
Le_HTTPPort: 8888
steps:
- name: Set git to use LF
run: |
git config --global core.autocrlf false
- uses: actions/checkout@v2
- name: Install cygwin base packages with chocolatey
run: |
choco config get cacheLocation
choco install --no-progress cygwin
shell: cmd
- name: Install cygwin additional packages
run: |
C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
shell: cmd
- name: Set ENV
run: |
echo '::set-env name=PATH::C:\tools\cygwin\bin;C:\tools\cygwin\usr\bin'
- name: Clone acmetest
shell: cmd
run: cd .. && git clone https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Run acmetest
shell: cmd
run: cd ../acmetest && bash.exe -c ./letest.sh

14
.github/workflows/PebbleStrict.yml vendored
View File

@ -1,5 +1,17 @@
name: PebbleStrict name: PebbleStrict
on: [push, pull_request] on:
push:
branches:
- '*'
paths:
- '**.sh'
- '**.yml'
pull_request:
branches:
- dev
paths:
- '**.sh'
- '**.yml'
jobs: jobs:
PebbleStrict: PebbleStrict:

56
.github/workflows/dockerhub.yml vendored
View File

@ -2,15 +2,65 @@
name: Build DockerHub name: Build DockerHub
on: on:
push: push:
branches: [ master, dev ] branches:
- '*'
tags:
- '*'
jobs: jobs:
CheckToken:
runs-on: ubuntu-latest
outputs:
hasToken: ${{ steps.step_one.outputs.hasToken }}
env:
DOCKER_PASSWORD : ${{ secrets.DOCKER_PASSWORD }}
steps:
- name: Set the value
id: step_one
run: |
if [ "$DOCKER_PASSWORD" ] ; then
echo "::set-output name=hasToken::true"
else
echo "::set-output name=hasToken::false"
fi
- name: Check the value
run: echo ${{ steps.step_one.outputs.hasToken }}
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: CheckToken
if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
steps: steps:
- name: trigger - name: checkout code
run: curl -X POST https://hub.docker.com/api/build/v1/source/1813a660-2ee5-4583-a238-dd54e9a6ebac/trigger/c8cd9f1f-f269-45bc-9750-a08327257f62/call/ uses: actions/checkout@v2
- name: install buildx
id: buildx
uses: crazy-max/ghaction-docker-buildx@v3
with:
buildx-version: latest
qemu-version: latest
- name: login to docker hub
run: |
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
- name: build and push the image
run: |
DOCKER_IMAGE=neilpang/acme.sh
if [[ $GITHUB_REF == refs/tags/* ]]; then
DOCKER_IMAGE_TAG=${GITHUB_REF#refs/tags/}
fi
if [[ $GITHUB_REF == refs/heads/* ]]; then
DOCKER_IMAGE_TAG=${GITHUB_REF#refs/heads/}
if [[ $DOCKER_IMAGE_TAG == master ]]; then
DOCKER_IMAGE_TAG=latest
AUTO_UPGRADE=1
fi
fi
docker buildx build \
--tag ${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG} \
--output "type=image,push=true" \
--build-arg AUTO_UPGRADE=${AUTO_UPGRADE} \
--platform linux/arm64/v8,linux/amd64,linux/arm/v6,linux/arm/v7,linux/386 .

23
.github/workflows/shellcheck.yml vendored
View File

@ -1,8 +1,20 @@
name: shellcheck name: Shellcheck
on: [push, pull_request] on:
push:
branches:
- '*'
paths:
- '**.sh'
- '**.yml'
pull_request:
branches:
- dev
paths:
- '**.sh'
- '**.yml'
jobs: jobs:
formatCheck: ShellCheck:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
@ -10,6 +22,11 @@ jobs:
run: sudo apt-get install -y shellcheck run: sudo apt-get install -y shellcheck
- name: DoShellcheck - name: DoShellcheck
run: shellcheck -V && shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" run: shellcheck -V && shellcheck -e SC2181 **/*.sh && echo "shellcheck OK"
shfmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Install shfmt - name: Install shfmt
run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt
- name: shfmt - name: shfmt

37
.travis.yml
View File

@ -1,37 +0,0 @@
language: shell
dist: bionic
os:
- linux
- osx
services:
- docker
env:
global:
- SHFMT_URL=https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64
install:
- if [ "$TRAVIS_OS_NAME" = 'osx' ]; then
brew update && brew install socat;
export PATH="/usr/local/opt/openssl@1.1/bin:$PATH" ;
fi
script:
- echo "NGROK_TOKEN=$(echo "$NGROK_TOKEN" | wc -c)"
- command -V openssl && openssl version
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then curl -sSL $SHFMT_URL -o ~/shfmt && chmod +x ~/shfmt && ~/shfmt -l -w -i 2 . ; fi
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then git diff --exit-code && echo "shfmt OK" ; fi
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -V ; fi
- if [ "$TRAVIS_OS_NAME" = "linux" ]; then shellcheck -e SC2181 **/*.sh && echo "shellcheck OK" ; fi
- cd ..
- git clone --depth 1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/ && cd acmetest
- if [ "$TRAVIS_OS_NAME" = "linux" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ./rundocker.sh testplat ubuntu:latest ; fi
- if [ "$TRAVIS_OS_NAME" = "osx" -a "$NGROK_TOKEN" ]; then sudo TEST_LOCAL="$TEST_LOCAL" NGROK_TOKEN="$NGROK_TOKEN" ACME_OPENSSL_BIN="$ACME_OPENSSL_BIN" ./letest.sh ; fi
matrix:
fast_finish: true

5
Dockerfile
View File

@ -15,7 +15,9 @@ RUN apk update -f \
ENV LE_CONFIG_HOME /acme.sh ENV LE_CONFIG_HOME /acme.sh
ENV AUTO_UPGRADE 1 ARG AUTO_UPGRADE=1
ENV AUTO_UPGRADE $AUTO_UPGRADE
#Install #Install
ADD ./ /install_acme.sh/ ADD ./ /install_acme.sh/
@ -52,6 +54,7 @@ RUN for verb in help \
deactivate \ deactivate \
deactivate-account \ deactivate-account \
set-notify \ set-notify \
set-default-ca \
; do \ ; do \
printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \ printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
; done ; done

13
README.md
View File

@ -1,13 +1,16 @@
# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh) # An ACME Shell script: acme.sh
![LetsEncrypt](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)
![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg)
![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
![DockerHub](https://github.com/acmesh-official/acme.sh/workflows/Build%20DockerHub/badge.svg)
<a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a> <a href="https://opencollective.com/acmesh" alt="Financial Contributors on Open Collective"><img src="https://opencollective.com/acmesh/all/badge.svg?label=financial+contributors" /></a>
[![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
[![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub") [![Docker stars](https://img.shields.io/docker/stars/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
[![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub") [![Docker pulls](https://img.shields.io/docker/pulls/neilpang/acme.sh.svg)](https://hub.docker.com/r/neilpang/acme.sh "Click to view the image on Docker Hub")
![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/shellcheck/badge.svg)
![shellcheck](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
acme.sh is being sponsored by the following tool; please help to support us by taking a look and signing up to a free trial
- An ACME protocol client written purely in Shell (Unix shell) language. - An ACME protocol client written purely in Shell (Unix shell) language.
@ -73,7 +76,7 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
|17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT) |17|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
|18|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|SunOS/Solaris |18|[![](https://acmesh-official.github.io/acmetest/status/solaris.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|SunOS/Solaris
|19|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Gentoo Linux |19|[![](https://acmesh-official.github.io/acmetest/status/gentoo-stage3-amd64.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|Gentoo Linux
|20|[![Build Status](https://travis-ci.org/acmesh-official/acme.sh.svg?branch=master)](https://travis-ci.org/acmesh-official/acme.sh)|Mac OSX |20|[![Build Status](https://github.com/acmesh-official/acme.sh/workflows/LetsEncrypt/badge.svg)](https://github.com/acmesh-official/acme.sh/actions?query=workflow%3ALetsEncrypt)|Mac OSX
|21|[![](https://acmesh-official.github.io/acmetest/status/clearlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|ClearLinux |21|[![](https://acmesh-official.github.io/acmetest/status/clearlinux-latest.svg)](https://github.com/acmesh-official/acmetest#here-are-the-latest-status)|ClearLinux
For all build statuses, check our [weekly build project](https://github.com/acmesh-official/acmetest): For all build statuses, check our [weekly build project](https://github.com/acmesh-official/acmetest):

242
acme.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env sh #!/usr/bin/env sh
VER=2.8.7 VER=2.8.8
PROJECT_NAME="acme.sh" PROJECT_NAME="acme.sh"
@ -956,9 +956,9 @@ _dbase64() {
_checkcert() { _checkcert() {
_cf="$1" _cf="$1"
if [ "$DEBUG" ]; then if [ "$DEBUG" ]; then
openssl x509 -noout -text -in "$_cf" ${ACME_OPENSSL_BIN:-openssl} x509 -noout -text -in "$_cf"
else else
openssl x509 -noout -text -in "$_cf" >/dev/null 2>&1 ${ACME_OPENSSL_BIN:-openssl} x509 -noout -text -in "$_cf" >/dev/null 2>&1
fi fi
} }
@ -1375,7 +1375,7 @@ toPkcs() {
domain="$1" domain="$1"
pfxPassword="$2" pfxPassword="$2"
if [ -z "$domain" ]; then if [ -z "$domain" ]; then
_usage "Usage: $PROJECT_ENTRY --toPkcs -d domain [--password pfx-password]" _usage "Usage: $PROJECT_ENTRY --to-pkcs12 --domain <domain.tld> [--password <password>] [--ecc]"
return 1 return 1
fi fi
@ -1396,7 +1396,7 @@ toPkcs8() {
domain="$1" domain="$1"
if [ -z "$domain" ]; then if [ -z "$domain" ]; then
_usage "Usage: $PROJECT_ENTRY --toPkcs8 -d domain [--ecc]" _usage "Usage: $PROJECT_ENTRY --to-pkcs8 --domain <domain.tld> [--ecc]"
return 1 return 1
fi fi
@ -1416,7 +1416,7 @@ toPkcs8() {
createAccountKey() { createAccountKey() {
_info "Creating account key" _info "Creating account key"
if [ -z "$1" ]; then if [ -z "$1" ]; then
_usage "Usage: $PROJECT_ENTRY --createAccountKey --accountkeylength 2048" _usage "Usage: $PROJECT_ENTRY --create-account-key [--accountkeylength <bits>]"
return return
fi fi
@ -1459,7 +1459,7 @@ _create_account_key() {
createDomainKey() { createDomainKey() {
_info "Creating domain key" _info "Creating domain key"
if [ -z "$1" ]; then if [ -z "$1" ]; then
_usage "Usage: $PROJECT_ENTRY --createDomainKey -d domain.com [ --keylength 2048 ]" _usage "Usage: $PROJECT_ENTRY --create-domain-key --domain <domain.tld> [--keylength <bits>]"
return return
fi fi
@ -1499,7 +1499,7 @@ createDomainKey() {
createCSR() { createCSR() {
_info "Creating csr" _info "Creating csr"
if [ -z "$1" ]; then if [ -z "$1" ]; then
_usage "Usage: $PROJECT_ENTRY --createCSR -d domain1.com [-d domain2.com -d domain3.com ... ]" _usage "Usage: $PROJECT_ENTRY --create-csr --domain <domain.tld> [--domain <domain2.tld> ...]"
return return
fi fi
@ -2888,7 +2888,7 @@ Allow from all
if _restoreApache; then if _restoreApache; then
_err "The apache config file is restored." _err "The apache config file is restored."
else else
_err "Sorry, The apache config file can not be restored, please report bug." _err "Sorry, the apache config file can not be restored, please report bug."
fi fi
return 1 return 1
fi fi
@ -3994,7 +3994,7 @@ _check_dns_entries() {
_get_cert_issuers() { _get_cert_issuers() {
_cfile="$1" _cfile="$1"
if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7"; then if _contains "$(${ACME_OPENSSL_BIN:-openssl} help crl2pkcs7 2>&1)" "Usage: crl2pkcs7"; then
${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | openssl pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 ${ACME_OPENSSL_BIN:-openssl} crl2pkcs7 -nocrl -certfile $_cfile | ${ACME_OPENSSL_BIN:-openssl} pkcs7 -print_certs -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
else else
${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2 ${ACME_OPENSSL_BIN:-openssl} x509 -in $_cfile -text -noout | grep 'Issuer:' | _egrep_o "CN *=[^,]*" | cut -d = -f 2
fi fi
@ -4006,13 +4006,18 @@ _match_issuer() {
_missuer="$2" _missuer="$2"
_fissuers="$(_get_cert_issuers $_cfile)" _fissuers="$(_get_cert_issuers $_cfile)"
_debug2 _fissuers "$_fissuers" _debug2 _fissuers "$_fissuers"
if _contains "$_fissuers" "$_missuer"; then
return 0
fi
_fissuers="$(echo "$_fissuers" | _lower_case)"
_missuer="$(echo "$_missuer" | _lower_case)"
_contains "$_fissuers" "$_missuer" _contains "$_fissuers" "$_missuer"
} }
#webroot, domain domainlist keylength #webroot, domain domainlist keylength
issue() { issue() {
if [ -z "$2" ]; then if [ -z "$2" ]; then
_usage "Usage: $PROJECT_ENTRY --issue -d a.com -w /path/to/webroot/a.com/ " _usage "Usage: $PROJECT_ENTRY --issue --domain <domain.tld> --webroot <directory>"
return 1 return 1
fi fi
if [ -z "$1" ]; then if [ -z "$1" ]; then
@ -4709,7 +4714,7 @@ $_authorizations_map"
return 1 return 1
fi fi
if [ -z "$Le_LinkOrder" ]; then if [ -z "$Le_LinkOrder" ]; then
Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n" | cut -d ":" -f 2-)" Le_LinkOrder="$(echo "$responseHeaders" | grep -i '^Location.*$' | _tail_n 1 | tr -d "\r\n \t" | cut -d ":" -f 2-)"
fi fi
_savedomainconf "Le_LinkOrder" "$Le_LinkOrder" _savedomainconf "Le_LinkOrder" "$Le_LinkOrder"
@ -4973,7 +4978,7 @@ $_authorizations_map"
fi fi
} }
#in_out_cert out_fullchain out out_ca #in_out_cert out_fullchain out_ca
_split_cert_chain() { _split_cert_chain() {
_certf="$1" _certf="$1"
_fullchainf="$2" _fullchainf="$2"
@ -4993,7 +4998,7 @@ _split_cert_chain() {
renew() { renew() {
Le_Domain="$1" Le_Domain="$1"
if [ -z "$Le_Domain" ]; then if [ -z "$Le_Domain" ]; then
_usage "Usage: $PROJECT_ENTRY --renew -d domain.com [--ecc]" _usage "Usage: $PROJECT_ENTRY --renew --domain <domain.tld> [--ecc]"
return 1 return 1
fi fi
@ -5003,7 +5008,7 @@ renew() {
_info "$(__green "Renew: '$Le_Domain'")" _info "$(__green "Renew: '$Le_Domain'")"
if [ ! -f "$DOMAIN_CONF" ]; then if [ ! -f "$DOMAIN_CONF" ]; then
_info "'$Le_Domain' is not a issued domain, skip." _info "'$Le_Domain' is not an issued domain, skip."
return $RENEW_SKIP return $RENEW_SKIP
fi fi
@ -5082,7 +5087,7 @@ renewAll() {
for di in "${CERT_HOME}"/*.*/; do for di in "${CERT_HOME}"/*.*/; do
_debug di "$di" _debug di "$di"
if ! [ -d "$di" ]; then if ! [ -d "$di" ]; then
_debug "Not directory, skip: $di" _debug "Not a directory, skip: $di"
continue continue
fi fi
d=$(basename "$di") d=$(basename "$di")
@ -5185,7 +5190,7 @@ signcsr() {
_csrfile="$1" _csrfile="$1"
_csrW="$2" _csrW="$2"
if [ -z "$_csrfile" ] || [ -z "$_csrW" ]; then if [ -z "$_csrfile" ] || [ -z "$_csrW" ]; then
_usage "Usage: $PROJECT_ENTRY --signcsr --csr mycsr.csr -w /path/to/webroot/a.com/ " _usage "Usage: $PROJECT_ENTRY --sign-csr --csr <csr-file> --webroot <directory>"
return 1 return 1
fi fi
@ -5253,7 +5258,7 @@ showcsr() {
_csrfile="$1" _csrfile="$1"
_csrd="$2" _csrd="$2"
if [ -z "$_csrfile" ] && [ -z "$_csrd" ]; then if [ -z "$_csrfile" ] && [ -z "$_csrd" ]; then
_usage "Usage: $PROJECT_ENTRY --showcsr --csr mycsr.csr" _usage "Usage: $PROJECT_ENTRY --show-csr --csr <csr-file>"
return 1 return 1
fi fi
@ -5370,7 +5375,7 @@ deploy() {
_hooks="$2" _hooks="$2"
_isEcc="$3" _isEcc="$3"
if [ -z "$_hooks" ]; then if [ -z "$_hooks" ]; then
_usage "Usage: $PROJECT_ENTRY --deploy -d domain.com --deploy-hook cpanel [--ecc] " _usage "Usage: $PROJECT_ENTRY --deploy --domain <domain.tld> --deploy-hook <hookname> [--ecc] "
return 1 return 1
fi fi
@ -5391,7 +5396,7 @@ deploy() {
installcert() { installcert() {
_main_domain="$1" _main_domain="$1"
if [ -z "$_main_domain" ]; then if [ -z "$_main_domain" ]; then
_usage "Usage: $PROJECT_ENTRY --installcert -d domain.com [--ecc] [--cert-file cert-file-path] [--key-file key-file-path] [--ca-file ca-cert-file-path] [ --reloadCmd reloadCmd] [--fullchain-file fullchain-path]" _usage "Usage: $PROJECT_ENTRY --install-cert --domain <domain.tld> [--ecc] [--cert-file <file>] [--key-file <file>] [--ca-file <file>] [ --reloadcmd <command>] [--fullchain-file <file>]"
return 1 return 1
fi fi
@ -5670,7 +5675,7 @@ uninstallcronjob() {
revoke() { revoke() {
Le_Domain="$1" Le_Domain="$1"
if [ -z "$Le_Domain" ]; then if [ -z "$Le_Domain" ]; then
_usage "Usage: $PROJECT_ENTRY --revoke -d domain.com [--ecc]" _usage "Usage: $PROJECT_ENTRY --revoke --domain <domain.tld> [--ecc]"
return 1 return 1
fi fi
@ -5741,7 +5746,7 @@ revoke() {
remove() { remove() {
Le_Domain="$1" Le_Domain="$1"
if [ -z "$Le_Domain" ]; then if [ -z "$Le_Domain" ]; then
_usage "Usage: $PROJECT_ENTRY --remove -d domain.com [--ecc]" _usage "Usage: $PROJECT_ENTRY --remove --domain <domain.tld> [--ecc]"
return 1 return 1
fi fi
@ -5901,7 +5906,7 @@ deactivate() {
_initAPI _initAPI
_debug _d_domain_list "$_d_domain_list" _debug _d_domain_list "$_d_domain_list"
if [ -z "$(echo $_d_domain_list | cut -d , -f 1)" ]; then if [ -z "$(echo $_d_domain_list | cut -d , -f 1)" ]; then
_usage "Usage: $PROJECT_ENTRY --deactivate -d domain.com [-d domain.com]" _usage "Usage: $PROJECT_ENTRY --deactivate --domain <domain.tld> [--domain <domain2.tld> ...]"
return 1 return 1
fi fi
for _d_dm in $(echo "$_d_domain_list" | tr ',' ' '); do for _d_dm in $(echo "$_d_domain_list" | tr ',' ' '); do
@ -6361,7 +6366,7 @@ setnotify() {
_initpath _initpath
if [ -z "$_nhook$_nlevel$_nmode" ]; then if [ -z "$_nhook$_nlevel$_nmode" ]; then
_usage "Usage: $PROJECT_ENTRY --set-notify [--notify-hook mailgun] [--notify-level $NOTIFY_LEVEL_DEFAULT] [--notify-mode $NOTIFY_MODE_DEFAULT]" _usage "Usage: $PROJECT_ENTRY --set-notify [--notify-hook <hookname>] [--notify-level <0|1|2|3>] [--notify-mode <0|1>]"
_usage "$_NOTIFY_WIKI" _usage "$_NOTIFY_WIKI"
return 1 return 1
fi fi
@ -6400,146 +6405,141 @@ setnotify() {
showhelp() { showhelp() {
_initpath _initpath
version version
echo "Usage: $PROJECT_ENTRY command ...[parameters].... echo "Usage: $PROJECT_ENTRY <command> ... [parameters ...]
Commands: Commands:
--help, -h Show this help message. -h, --help Show this help message.
--version, -v Show version info. -v, --version Show version info.
--install Install $PROJECT_NAME to your system. --install Install $PROJECT_NAME to your system.
--uninstall Uninstall $PROJECT_NAME, and uninstall the cron job. --uninstall Uninstall $PROJECT_NAME, and uninstall the cron job.
--upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT. --upgrade Upgrade $PROJECT_NAME to the latest code from $PROJECT.
--issue Issue a cert. --issue Issue a cert.
--signcsr Issue a cert from an existing csr.
--deploy Deploy the cert to your server. --deploy Deploy the cert to your server.
--install-cert Install the issued cert to apache/nginx or any other server. -i, --install-cert Install the issued cert to apache/nginx or any other server.
--renew, -r Renew a cert. -r, --renew Renew a cert.
--renew-all Renew all the certs. --renew-all Renew all the certs.
--revoke Revoke a cert. --revoke Revoke a cert.
--remove Remove the cert from list of certs known to $PROJECT_NAME. --remove Remove the cert from list of certs known to $PROJECT_NAME.
--list List all the certs. --list List all the certs.
--showcsr Show the content of a csr. --to-pkcs12 Export the certificate and key to a pfx file.
--install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job. --to-pkcs8 Convert to pkcs8 format.
--uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically. --sign-csr Issue a cert from an existing csr.
--cron Run cron job to renew all the certs. --show-csr Show the content of a csr.
--toPkcs Export the certificate and key to a pfx file. -ccr, --create-csr Create CSR, professional use.
--toPkcs8 Convert to pkcs8 format. --create-domain-key Create an domain private key, professional use.
--update-account Update account info. --update-account Update account info.
--register-account Register account key. --register-account Register account key.
--deactivate-account Deactivate the account. --deactivate-account Deactivate the account.
--create-account-key Create an account private key, professional use. --create-account-key Create an account private key, professional use.
--create-domain-key Create an domain private key, professional use. --install-cronjob Install the cron job to renew certs, you don't need to call this. The 'install' command can automatically install the cron job.
--createCSR, -ccsr Create CSR , professional use. --uninstall-cronjob Uninstall the cron job. The 'uninstall' command can do this automatically.
--deactivate Deactivate the domain authz, professional use. --cron Run cron job to renew all the certs.
--set-notify Set the cron notification hook, level or mode. --set-notify Set the cron notification hook, level or mode.
--set-default-ca Used with '--server' , to set the default CA to use to use. --deactivate Deactivate the domain authz, professional use.
--set-default-ca Used with '--server', Set the default CA to use.
See: $_SERVER_WIKI
Parameters: Parameters:
--domain, -d domain.tld Specifies a domain, used to issue, renew or revoke etc. -d, --domain <domain.tld> Specifies a domain, used to issue, renew or revoke etc.
--challenge-alias domain.tld The challenge domain alias for DNS alias mode. --challenge-alias <domain.tld> The challenge domain alias for DNS alias mode.
See: $_DNS_ALIAS_WIKI See: $_DNS_ALIAS_WIKI
--domain-alias domain.tld The domain alias for DNS alias mode. --domain-alias <domain.tld> The domain alias for DNS alias mode.
See: $_DNS_ALIAS_WIKI See: $_DNS_ALIAS_WIKI
--preferred-chain CHAIN If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. --preferred-chain <chain> If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
If no match, the default offered chain will be used. (default: empty) If no match, the default offered chain will be used. (default: empty)
See: $_PREFERRED_CHAIN_WIKI See: $_PREFERRED_CHAIN_WIKI
--force, -f Used to force to install or force to renew a cert immediately. -f, --force Force install, force cert renewal or override sudo restrictions.
--staging, --test Use staging server, just for test. --staging, --test Use staging server, for testing.
--debug Output debug info. --debug [0|1|2|3] Output debug info. Defaults to 1 if argument is omitted.
--output-insecure Output all the sensitive messages. --output-insecure Output all the sensitive messages.
By default all the credentials/sensitive messages are hidden from the output/debug/log for security. By default all the credentials/sensitive messages are hidden from the output/debug/log for security.
-w, --webroot <directory> Specifies the web root folder for web root mode.
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
--standalone Use standalone mode. --standalone Use standalone mode.
--alpn Use standalone alpn mode. --alpn Use standalone alpn mode.
--stateless Use stateless mode. --stateless Use stateless mode.
See: $_STATELESS_WIKI See: $_STATELESS_WIKI
--apache Use apache mode. --apache Use apache mode.
--dns [dns_hook] Use dns mode or dns api. --dns [dns_hook] Use dns manual mode or dns api. Defaults to manual mode when argument is omitted.
See: $_DNS_API_WIKI See: $_DNS_API_WIKI
--dnssleep 300 The time in seconds to wait for all the txt records to propagate in dns api mode. --dnssleep <seconds> The time in seconds to wait for all the txt records to propagate in dns api mode.
It's not necessary to use this by default, $PROJECT_NAME polls dns status by DOH automatically. It's not necessary to use this by default, $PROJECT_NAME polls dns status by DOH automatically.
-k, --keylength <bits> Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521.
--keylength, -k [2048] Specifies the domain key length: 2048, 3072, 4096, 8192 or ec-256, ec-384, ec-521. -ak, --accountkeylength <bits> Specifies the account key length: 2048, 3072, 4096
--accountkeylength, -ak [2048] Specifies the account key length: 2048, 3072, 4096 --log [file] Specifies the log file. Defaults to \"$DEFAULT_LOG_FILE\" if argument is omitted.
--log [/path/to/logfile] Specifies the log file. The default is: \"$DEFAULT_LOG_FILE\" if you don't give a file path here. --log-level <1|2> Specifies the log level, default is 1.
--log-level 1|2 Specifies the log level, default is 1. --syslog <0|3|6|7> Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug.
--syslog [0|3|6|7] Syslog level, 0: disable syslog, 3: error, 6: info, 7: debug. --eab-kid <eab_key_id> Key Identifier for External Account Binding.
--eab-hmac-key <eab_hmac_key> HMAC key for External Account Binding.
--eab-kid EAB_KID Key Identifier for External Account Binding.
--eab-hmac-key EAB_HMAC_KEY HMAC key for External Account Binding.
These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert: These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert:
--cert-file After issue/renew, the cert will be copied to this path. --cert-file <file> Path to copy the cert file to after issue/renew..
--key-file After issue/renew, the key will be copied to this path. --key-file <file> Path to copy the key file to after issue/renew.
--ca-file After issue/renew, the intermediate cert will be copied to this path. --ca-file <file> Path to copy the intermediate cert file to after issue/renew.
--fullchain-file After issue/renew, the fullchain cert will be copied to this path. --fullchain-file <file> Path to copy the fullchain cert file to after issue/renew.
--reloadcmd <command> Command to execute after issue/renew to reload the server.
--reloadcmd \"service nginx reload\" After issue/renew, it's used to reload the server. --server <server_uri> ACME Directory Resource URI. (default: $DEFAULT_CA)
--server SERVER ACME Directory Resource URI. (default: $DEFAULT_CA)
See: $_SERVER_WIKI See: $_SERVER_WIKI
--accountconf Specifies a customized account config file. --accountconf <file> Specifies a customized account config file.
--home Specifies the home dir for $PROJECT_NAME. --home <directory> Specifies the home dir for $PROJECT_NAME.
--cert-home Specifies the home dir to save all the certs, only valid for '--install' command. --cert-home <directory> Specifies the home dir to save all the certs, only valid for '--install' command.
--config-home Specifies the home dir to save all the configurations. --config-home <directory> Specifies the home dir to save all the configurations.
--useragent Specifies the user agent string. it will be saved for future use too. --useragent <string> Specifies the user agent string. it will be saved for future use too.
--accountemail, -m Specifies the account email, only valid for the '--install' and '--update-account' command. -m, --accountemail <email> Specifies the account email, only valid for the '--install' and '--update-account' command.
--accountkey Specifies the account key path, only valid for the '--install' command. --accountkey <file> Specifies the account key path, only valid for the '--install' command.
--days Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days. --days <ndays> Specifies the days to renew the cert when using '--issue' command. The default value is $DEFAULT_RENEW days.
--httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer. --httpport <port> Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
--tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer. --tlsport <port> Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
--local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses. --local-address <ip> Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
--listraw Only used for '--list' command, list the certs in raw format. --listraw Only used for '--list' command, list the certs in raw format.
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal. -se, --stop-renew-on-error Only valid for '--renew-all' command. Stop if one cert has error in renewal.
--insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted. --insecure Do not check the server certificate, in some devices, the api server's certificate may not be trusted.
--ca-bundle Specifies the path to the CA certificate bundle to verify api server's certificate. --ca-bundle <file> Specifies the path to the CA certificate bundle to verify api server's certificate.
--ca-path Specifies directory containing CA certificates in PEM format, used by wget or curl. --ca-path <directory> Specifies directory containing CA certificates in PEM format, used by wget or curl.
--nocron Only valid for '--install' command, which means: do not install the default cron job. --nocron Only valid for '--install' command, which means: do not install the default cron job.
In this case, the certs will not be renewed automatically. In this case, the certs will not be renewed automatically.
--noprofile Only valid for '--install' command, which means: do not install aliases to user profile. --noprofile Only valid for '--install' command, which means: do not install aliases to user profile.
--no-color Do not output color text. --no-color Do not output color text.
--force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails. --force-color Force output of color text. Useful for non-interactive use with the aha tool for HTML E-Mails.
--ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--toPkcs' and '--createCSR' --ecc Specifies to use the ECC cert. Valid for '--install-cert', '--renew', '--revoke', '--to-pkcs12' and '--create-csr'
--csr Specifies the input csr. --csr <file> Specifies the input csr.
--pre-hook Command to be run before obtaining any certificates. --pre-hook <command> Command to be run before obtaining any certificates.
--post-hook Command to be run after attempting to obtain/renew certificates. No matter the obtain/renew is success or failed. --post-hook <command> Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed.
--renew-hook Command to be run once for each successfully renewed certificate. --renew-hook <command> Command to be run after each successfully renewed certificate.
--deploy-hook The hook file to deploy cert --deploy-hook <hookname> The hook file to deploy cert
--ocsp-must-staple, --ocsp Generate ocsp must Staple extension. --ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension.
--always-force-new-domain-key Generate new domain key when renewal. Otherwise, the domain key is not changed by default. --always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default.
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. --auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted.
--listen-v4 Force standalone/tls server to listen at ipv4. --listen-v4 Force standalone/tls server to listen at ipv4.
--listen-v6 Force standalone/tls server to listen at ipv6. --listen-v6 Force standalone/tls server to listen at ipv6.
--openssl-bin Specifies a custom openssl bin location. --openssl-bin <file> Specifies a custom openssl bin location.
--use-wget Force to use wget, if you have both curl and wget installed. --use-wget Force to use wget, if you have both curl and wget installed.
--yes-I-know-dns-manual-mode-enough-go-ahead-please Force to use dns manual mode. --yes-I-know-dns-manual-mode-enough-go-ahead-please Force use of dns manual mode.
See: $_DNS_MANUAL_WIKI See: $_DNS_MANUAL_WIKI
--branch, -b Only valid for '--upgrade' command, specifies the branch name to upgrade to. -b, --branch <branch> Only valid for '--upgrade' command, specifies the branch name to upgrade to.
--notify-level <0|1|2|3> Set the notification level: Default value is $NOTIFY_LEVEL_DEFAULT.
--notify-level 0|1|2|3 Set the notification level: Default value is $NOTIFY_LEVEL_DEFAULT.
0: disabled, no notification will be sent. 0: disabled, no notification will be sent.
1: send notifications only when there is an error. 1: send notifications only when there is an error.
2: send notifications when a cert is successfully renewed, or there is an error. 2: send notifications when a cert is successfully renewed, or there is an error.
3: send notifications when a cert is skipped, renewed, or error. 3: send notifications when a cert is skipped, renewed, or error.
--notify-mode <0|1> Set notification mode. Default value is $NOTIFY_MODE_DEFAULT.
--notify-mode 0|1 Set notification mode. Default value is $NOTIFY_MODE_DEFAULT.
0: Bulk mode. Send all the domain's notifications in one message(mail). 0: Bulk mode. Send all the domain's notifications in one message(mail).
1: Cert mode. Send a message for every single cert. 1: Cert mode. Send a message for every single cert.
--notify-hook <hookname> Set the notify hook
--notify-hook [hookname] Set the notify hook --revoke-reason <0-10> The reason for revocation, can be used in conjunction with the '--revoke' command.
--revoke-reason [0-10] The reason for '--revoke' command.
See: $_REVOKE_WIKI See: $_REVOKE_WIKI
--password <password> Add a password to exported pfx file. Use with --to-pkcs12.
" "
} }
@ -6797,19 +6797,19 @@ _process() {
--deploy) --deploy)
_CMD="deploy" _CMD="deploy"
;; ;;
--signcsr) --sign-csr | --signcsr)
_CMD="signcsr" _CMD="signcsr"
;; ;;
--showcsr) --show-csr | --showcsr)
_CMD="showcsr" _CMD="showcsr"
;; ;;
--installcert | -i | --install-cert) -i | --install-cert | --installcert)
_CMD="installcert" _CMD="installcert"
;; ;;
--renew | -r) --renew | -r)
_CMD="renew" _CMD="renew"
;; ;;
--renewAll | --renewall | --renew-all) --renew-all | --renewAll | --renewall)
_CMD="renewAll" _CMD="renewAll"
;; ;;
--revoke) --revoke)
@ -6821,37 +6821,37 @@ _process() {
--list) --list)
_CMD="list" _CMD="list"
;; ;;
--installcronjob | --install-cronjob) --install-cronjob | --installcronjob)
_CMD="installcronjob" _CMD="installcronjob"
;; ;;
--uninstallcronjob | --uninstall-cronjob) --uninstall-cronjob | --uninstallcronjob)
_CMD="uninstallcronjob" _CMD="uninstallcronjob"
;; ;;
--cron) --cron)
_CMD="cron" _CMD="cron"
;; ;;
--toPkcs) --to-pkcs12 | --to-pkcs | --toPkcs)
_CMD="toPkcs" _CMD="toPkcs"
;; ;;
--toPkcs8) --to-pkcs8 | --toPkcs8)
_CMD="toPkcs8" _CMD="toPkcs8"
;; ;;
--createAccountKey | --createaccountkey | -cak | --create-account-key) --create-account-key | --createAccountKey | --createaccountkey | -cak)
_CMD="createAccountKey" _CMD="createAccountKey"
;; ;;
--createDomainKey | --createdomainkey | -cdk | --create-domain-key) --create-domain-key | --createDomainKey | --createdomainkey | -cdk)
_CMD="createDomainKey" _CMD="createDomainKey"
;; ;;
--createCSR | --createcsr | -ccr) -ccr | --create-csr | --createCSR | --createcsr)
_CMD="createCSR" _CMD="createCSR"
;; ;;
--deactivate) --deactivate)
_CMD="deactivate" _CMD="deactivate"
;; ;;
--updateaccount | --update-account) --update-account | --updateaccount)
_CMD="updateaccount" _CMD="updateaccount"
;; ;;
--registeraccount | --register-account) --register-account | --registeraccount)
_CMD="registeraccount" _CMD="registeraccount"
;; ;;
--deactivate-account) --deactivate-account)
@ -6863,7 +6863,7 @@ _process() {
--set-default-ca) --set-default-ca)
_CMD="setdefaultca" _CMD="setdefaultca"
;; ;;
--domain | -d) -d | --domain)
_dvalue="$2" _dvalue="$2"
if [ "$_dvalue" ]; then if [ "$_dvalue" ]; then
@ -6894,7 +6894,7 @@ _process() {
shift shift
;; ;;
--force | -f) -f | --force)
FORCE="1" FORCE="1"
;; ;;
--staging | --test) --staging | --test)
@ -6916,7 +6916,7 @@ _process() {
--output-insecure) --output-insecure)
export OUTPUT_INSECURE=1 export OUTPUT_INSECURE=1
;; ;;
--webroot | -w) -w | --webroot)
wvalue="$2" wvalue="$2"
if [ -z "$_webroot" ]; then if [ -z "$_webroot" ]; then
_webroot="$wvalue" _webroot="$wvalue"
@ -7006,7 +7006,7 @@ _process() {
_keylength="$2" _keylength="$2"
shift shift
;; ;;
--accountkeylength | -ak) -ak | --accountkeylength)
_accountkeylength="$2" _accountkeylength="$2"
shift shift
;; ;;
@ -7044,7 +7044,7 @@ _process() {
LE_WORKING_DIR="$2" LE_WORKING_DIR="$2"
shift shift
;; ;;
--certhome | --cert-home) --cert-home | --certhome)
_certhome="$2" _certhome="$2"
CERT_HOME="$_certhome" CERT_HOME="$_certhome"
shift shift
@ -7059,7 +7059,7 @@ _process() {
USER_AGENT="$_useragent" USER_AGENT="$_useragent"
shift shift
;; ;;
--accountemail | -m) -m | --accountemail)
_accountemail="$2" _accountemail="$2"
ACCOUNT_EMAIL="$_accountemail" ACCOUNT_EMAIL="$_accountemail"
shift shift
@ -7087,7 +7087,7 @@ _process() {
--listraw) --listraw)
_listraw="raw" _listraw="raw"
;; ;;
--stopRenewOnError | --stoprenewonerror | -se) -se | --stop-renew-on-error | --stopRenewOnError | --stoprenewonerror)
_stopRenewOnError="1" _stopRenewOnError="1"
;; ;;
--insecure) --insecure)

240
dnsapi/dns_dynv6.sh
View File

@ -1,35 +1,41 @@
#!/usr/bin/env sh #!/usr/bin/env sh
#Author StefanAbl #Author StefanAbl
#Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"' #Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"'
#or use the HTTP REST API by by specifying a token 'export DYNV6_TOKEN="value"
#if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub #if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub
dynv6_api="https://dynv6.com/api/v2"
######## Public functions ##################### ######## Public functions #####################
# Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide # Please Read this guide first: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" #Usage: dns_dynv6_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_dynv6_add() { dns_dynv6_add() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
_info "Using dynv6 api" _info "Using dynv6 api"
_debug fulldomain "$fulldomain" _debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue" _debug txtvalue "$txtvalue"
_get_keyfile _get_authentication
if [ "$dynv6_token" ]; then
_dns_dynv6_add_http
return $?
else
_info "using key file $dynv6_keyfile" _info "using key file $dynv6_keyfile"
_get_domain "$fulldomain"
_your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
if ! _contains "$_your_hosts" "$_host"; then if ! _get_domain "$fulldomain" "$_your_hosts"; then
_debug "The host is $_host and the record $_record" _err "Host not found on your account"
_debug "Dynv6 returned $_your_hosts"
_err "The host $_host does not exist on your dynv6 account"
return 1 return 1
fi fi
_debug "found host on your account" _debug "found host on your account"
returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")" returnval="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts \""$_host"\" records set \""$_record"\" txt data \""$txtvalue"\")"
_debug "Dynv6 returend this after record was added: $returnval" _debug "Dynv6 returned this after record was added: $returnval"
if _contains "$returnval" "created"; then if _contains "$returnval" "created"; then
return 0 return 0
elif _contains "$returnval" "updated"; then elif _contains "$returnval" "updated"; then
return 0 return 0
else else
_err "Something went wrong! it does not seem like the record was added succesfully" _err "Something went wrong! it does not seem like the record was added successfully"
return 1
fi
return 1 return 1
fi fi
return 1 return 1
@ -39,23 +45,24 @@ dns_dynv6_add() {
dns_dynv6_rm() { dns_dynv6_rm() {
fulldomain=$1 fulldomain=$1
txtvalue=$2 txtvalue=$2
_info "Using dynv6 api" _info "Using dynv6 API"
_debug fulldomain "$fulldomain" _debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue" _debug txtvalue "$txtvalue"
_get_keyfile _get_authentication
if [ "$dynv6_token" ]; then
_dns_dynv6_rm_http
return $?
else
_info "using key file $dynv6_keyfile" _info "using key file $dynv6_keyfile"
_get_domain "$fulldomain"
_your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)" _your_hosts="$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts)"
if ! _contains "$_your_hosts" "$_host"; then if ! _get_domain "$fulldomain" "$_your_hosts"; then
_debug "The host is $_host and the record $_record" _err "Host not found on your account"
_debug "Dynv6 returned $_your_hosts"
_err "The host $_host does not exist on your dynv6 account"
return 1 return 1
fi fi
_debug "found host on your account" _debug "found host on your account"
_info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)" _info "$(ssh -i "$dynv6_keyfile" api@dynv6.com hosts "\"$_host\"" records del "\"$_record\"" txt)"
return 0 return 0
fi
} }
#################### Private functions below ################################## #################### Private functions below ##################################
#Usage: No Input required #Usage: No Input required
@ -72,45 +79,53 @@ _generate_new_key() {
return 1 return 1
fi fi
} }
#Usage: _acme-challenge.www.example.dynv6.net
#Usage: _acme-challenge.www.example.dynv6.net "$_your_hosts"
#where _your_hosts is the output of ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts
#returns #returns
#_host= example.dynv6.net #_host= example.dynv6.net
#_record=_acme-challenge.www #_record=_acme-challenge.www
#aborts if not a valid domain #aborts if not a valid domain
_get_domain() { _get_domain() {
#_your_hosts="$(ssh -i ~/.ssh/dynv6.pub api@dynv6.com hosts)"
_full_domain="$1" _full_domain="$1"
_debug "getting domain for $_full_domain" _your_hosts="$2"
if ! _contains "$_full_domain" 'dynv6.net' && ! _contains "$_full_domain" 'dns.army' && ! _contains "$_full_domain" 'dns.navy' && ! _contains "$_full_domain" 'v6.rocks'; then
_err "The hosts does not seem to be a dynv6 host"
return 1
fi
_record="${_full_domain%.*}"
_record="${_record%.*}"
_record="${_record%.*}"
_debug "The record we are ging to use is $_record"
_host="$_full_domain"
while [ "$(echo "$_host" | grep -o '\.' | wc -l)" != "2" ]; do
_host="${_host#*.}"
done
_debug "And the host is $_host"
return 0
_your_hosts="$(echo "$_your_hosts" | awk '/\./ {print $1}')"
for l in $_your_hosts; do
#echo "host: $l"
if test "${_full_domain#*$l}" != "$_full_domain"; then
_record="${_full_domain%.$l}"
_host=$l
_debug "The host is $_host and the record $_record"
return 0
fi
done
_err "Either their is no such host on your dnyv6 account or it cannot be accessed with this key"
return 1
} }
# Usage: No input required # Usage: No input required
#returns #returns
#dynv6_keyfile path to the key that will be used #dynv6_keyfile path to the key that will be used
_get_keyfile() { _get_authentication() {
_debug "get keyfile method called" dynv6_token="${DYNV6_TOKEN:-$(_readaccountconf_mutable dynv6_token)}"
if [ "$dynv6_token" ]; then
_debug "Found HTTP Token. Going to use the HTTP API and not the SSH API"
if [ "$DYNV6_TOKEN" ]; then
_saveaccountconf_mutable dynv6_token "$dynv6_token"
fi
else
_debug "no HTTP token found. Looking for an SSH key"
dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}" dynv6_keyfile="${dynv6_keyfile:-$(_readaccountconf_mutable dynv6_keyfile)}"
_debug Your key is "$dynv6_keyfile" _debug "Your key is $dynv6_keyfile"
if [ -z "$dynv6_keyfile" ]; then if [ -z "$dynv6_keyfile" ]; then
if [ -z "$KEY" ]; then if [ -z "$KEY" ]; then
_err "You did not specify a key to use with dynv6" _err "You did not specify a key to use with dynv6"
_info "Creating new dynv6 api key to add to dynv6.com" _info "Creating new dynv6 API key to add to dynv6.com"
_generate_new_key _generate_new_key
_info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")" _info "Please add this key to dynv6.com $(cat "$dynv6_keyfile.pub")"
_info "Hit Enter to contiue" _info "Hit Enter to continue"
read -r _ read -r _
#save the credentials to the account conf file. #save the credentials to the account conf file.
else else
@ -118,4 +133,153 @@ _get_keyfile() {
fi fi
_saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile" _saveaccountconf_mutable dynv6_keyfile "$dynv6_keyfile"
fi fi
fi
}
_dns_dynv6_add_http() {
_debug "Got HTTP token form _get_authentication method. Going to use the HTTP API"
if ! _get_zone_id "$fulldomain"; then
_err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone"
return 1
fi
_get_zone_name "$_zone_id"
record="${fulldomain%%.$_zone_name}"
_set_record TXT "$record" "$txtvalue"
if _contains "$response" "$txtvalue"; then
_info "Successfully added record"
return 0
else
_err "Something went wrong while adding the record"
return 1
fi
}
_dns_dynv6_rm_http() {
_debug "Got HTTP token form _get_authentication method. Going to use the HTTP API"
if ! _get_zone_id "$fulldomain"; then
_err "Could not find a matching zone for $fulldomain. Maybe your HTTP Token is not authorized to access the zone"
return 1
fi
_get_zone_name "$_zone_id"
record="${fulldomain%%.$_zone_name}"
_get_record_id "$_zone_id" "$record" "$txtvalue"
_del_record "$_zone_id" "$_record_id"
if [ -z "$response" ]; then
_info "Successfully deleted record"
return 0
else
_err "Something went wrong while deleting the record"
return 1
fi
}
#get the zoneid for a specifc record or zone
#usage: _get_zone_id §record
#where $record is the record to get the id for
#returns _zone_id the id of the zone
_get_zone_id() {
record="$1"
_debug "getting zone id for $record"
_dynv6_rest GET zones
zones="$(echo "$response" | tr '}' '\n' | tr ',' '\n' | grep name | sed 's/\[//g' | tr -d '{' | tr -d '"')"
#echo $zones
selected=""
for z in $zones; do
z="${z#name:}"
_debug zone: "$z"
if _contains "$record" "$z"; then
_debug "$z found in $record"
selected="$z"
fi
done
if [ -z "$selected" ]; then
_err "no zone found"
return 1
fi
zone_id="$(echo "$response" | tr '}' '\n' | grep "$selected" | tr ',' '\n' | grep id | tr -d '"')"
_zone_id="${zone_id#id:}"
_debug "zone id: $_zone_id"
}
_get_zone_name() {
_zone_id="$1"
_dynv6_rest GET zones/"$_zone_id"
_zone_name="$(echo "$response" | tr ',' '\n' | tr -d '{' | grep name | tr -d '"')"
_zone_name="${_zone_name#name:}"
}
#usaage _get_record_id $zone_id $record
# where zone_id is thevalue returned by _get_zone_id
# and record ist in the form _acme.www for an fqdn of _acme.www.example.com
# returns _record_id
_get_record_id() {
_zone_id="$1"
record="$2"
value="$3"
_dynv6_rest GET "zones/$_zone_id/records"
if ! _get_record_id_from_response "$response"; then
_err "no such record $record found in zone $_zone_id"
return 1
fi
}
_get_record_id_from_response() {
response="$1"
_record_id="$(echo "$response" | tr '}' '\n' | grep "\"name\":\"$record\"" | grep "\"data\":\"$value\"" | tr ',' '\n' | grep id | tr -d '"' | tr -d 'id:')"
#_record_id="${_record_id#id:}"
if [ -z "$_record_id" ]; then
_err "no such record: $record found in zone $_zone_id"
return 1
fi
_debug "record id: $_record_id"
return 0
}
#usage: _set_record TXT _acme_challenge.www longvalue 12345678
#zone id is optional can also be set as vairable bevor calling this method
_set_record() {
type="$1"
record="$2"
value="$3"
if [ "$4" ]; then
_zone_id="$4"
fi
data="{\"name\": \"$record\", \"data\": \"$value\", \"type\": \"$type\"}"
#data='{ "name": "acme.test.thorn.dynv6.net", "type": "A", "data": "192.168.0.1"}'
echo "$data"
#"{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"
_dynv6_rest POST "zones/$_zone_id/records" "$data"
}
_del_record() {
_zone_id=$1
_record_id=$2
_dynv6_rest DELETE zones/"$_zone_id"/records/"$_record_id"
}
_dynv6_rest() {
m=$1 #method GET,POST,DELETE or PUT
ep="$2" #the endpoint
data="$3"
_debug "$ep"
token_trimmed=$(echo "$dynv6_token" | tr -d '"')
export _H1="Authorization: Bearer $token_trimmed"
export _H2="Content-Type: application/json"
if [ "$m" != "GET" ]; then
_debug data "$data"
response="$(_post "$data" "$dynv6_api/$ep" "" "$m")"
else
response="$(_get "$dynv6_api/$ep")"
fi
if [ "$?" != "0" ]; then
_err "error $ep"
return 1
fi
_debug2 response "$response"
return 0
} }

4
dnsapi/dns_misaka.sh
View File

@ -47,7 +47,7 @@ dns_misaka_add() {
if [ "$count" = "0" ]; then if [ "$count" = "0" ]; then
_info "Adding record" _info "Adding record"
if _misaka_rest PUT "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\":[{\"value\":\"\\\"$txtvalue\\\"\"}],\"filters\":[],\"ttl\":1}"; then if _misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT" "{\"records\":[{\"value\":\"\\\"$txtvalue\\\"\"}],\"filters\":[],\"ttl\":1}"; then
_debug response "$response" _debug response "$response"
if _contains "$response" "$_sub_domain"; then if _contains "$response" "$_sub_domain"; then
_info "Added" _info "Added"
@ -61,7 +61,7 @@ dns_misaka_add() {
else else
_info "Updating record" _info "Updating record"
_misaka_rest POST "zones/${_domain}/recordsets/${_sub_domain}/TXT?append=true" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}" _misaka_rest PUT "zones/${_domain}/recordsets/${_sub_domain}/TXT?append=true" "{\"records\": [{\"value\": \"\\\"$txtvalue\\\"\"}],\"ttl\":1}"
if [ "$?" = "0" ] && _contains "$response" "$_sub_domain"; then if [ "$?" = "0" ] && _contains "$response" "$_sub_domain"; then
_info "Updated!" _info "Updated!"
#todo: check if the record takes effect #todo: check if the record takes effect

2
dnsapi/dns_nic.sh
View File

@ -166,7 +166,7 @@ _get_root() {
if _contains "$_all_domains" "^$h$"; then if _contains "$_all_domains" "^$h$"; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain=$h _domain=$h
_service=$(printf "%s" "$response" | grep "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/") _service=$(printf "%s" "$response" | grep -m 1 "idn-name=\"$_domain\"" | sed -r "s/.*service=\"(.*)\".*$/\1/")
return 0 return 0
fi fi
p="$i" p="$i"

10
dnsapi/dns_regru.sh
View File

@ -33,8 +33,11 @@ dns_regru_add() {
fi fi
_debug _domain "$_domain" _debug _domain "$_domain"
_subdomain=$(echo "$fulldomain" | sed -r "s/.$_domain//")
_debug _subdomain "$_subdomain"
_info "Adding TXT record to ${fulldomain}" _info "Adding TXT record to ${fulldomain}"
_regru_rest POST "zone/add_txt" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22_acme-challenge%22,%22text%22:%22${txtvalue}%22,%22output_content_type%22:%22plain%22}&input_format=json" _regru_rest POST "zone/add_txt" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22${_subdomain}%22,%22text%22:%22${txtvalue}%22,%22output_content_type%22:%22plain%22}&input_format=json"
if ! _contains "${response}" 'error'; then if ! _contains "${response}" 'error'; then
return 0 return 0
@ -64,8 +67,11 @@ dns_regru_rm() {
fi fi
_debug _domain "$_domain" _debug _domain "$_domain"
_subdomain=$(echo "$fulldomain" | sed -r "s/.$_domain//")
_debug _subdomain "$_subdomain"
_info "Deleting resource record $fulldomain" _info "Deleting resource record $fulldomain"
_regru_rest POST "zone/remove_record" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22_acme-challenge%22,%22content%22:%22${txtvalue}%22,%22record_type%22:%22TXT%22,%22output_content_type%22:%22plain%22}&input_format=json" _regru_rest POST "zone/remove_record" "input_data={%22username%22:%22${REGRU_API_Username}%22,%22password%22:%22${REGRU_API_Password}%22,%22domains%22:[{%22dname%22:%22${_domain}%22}],%22subdomain%22:%22${_subdomain}%22,%22content%22:%22${txtvalue}%22,%22record_type%22:%22TXT%22,%22output_content_type%22:%22plain%22}&input_format=json"
if ! _contains "${response}" 'error'; then if ! _contains "${response}" 'error'; then
return 0 return 0