184 lines
5.5 KiB

  1. #!/usr/bin/env sh
  2. # -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*-
  3. # vim: et ts=2 sw=2
  4. #
  5. # DirectAdmin 1.41.0 API
  6. # The DirectAdmin interface has it's own Let's encrypt functionality, but this
  7. # script can be used to generate certificates for names which are not hosted on
  8. # DirectAdmin
  9. #
  10. # User must provide login data and URL to DirectAdmin incl. port.
  11. # You can create login key, by using the Login Keys function
  12. # ( https://da.example.com:8443/CMD_LOGIN_KEYS ), which only has access to
  13. # - CMD_API_DNS_CONTROL
  14. # - CMD_API_SHOW_DOMAINS
  15. #
  16. # See also https://www.directadmin.com/api.php and
  17. # https://www.directadmin.com/features.php?id=1298
  18. #
  19. # Report bugs to https://github.com/TigerP/acme.sh/issues
  20. #
  21. # Values to export:
  22. # export DA_Api="https://remoteUser:remotePassword@da.example.com:8443"
  23. # export DA_Api_Insecure=1
  24. #
  25. # Set DA_Api_Insecure to 1 for insecure and 0 for secure -> difference is
  26. # whether ssl cert is checked for validity (0) or whether it is just accepted
  27. # (1)
  28. #
  29. ######## Public functions #####################
  30. # Usage: dns_myapi_add _acme-challenge.www.example.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  31. # Used to add txt record
  32. dns_da_add() {
  33. fulldomain="${1}"
  34. txtvalue="${2}"
  35. _debug "Calling: dns_da_add() '${fulldomain}' '${txtvalue}'"
  36. _DA_credentials && _DA_getDomainInfo && _DA_addTxt
  37. }
  38. # Usage: dns_da_rm _acme-challenge.www.example.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
  39. # Used to remove the txt record after validation
  40. dns_da_rm() {
  41. fulldomain="${1}"
  42. txtvalue="${2}"
  43. _debug "Calling: dns_da_rm() '${fulldomain}' '${txtvalue}'"
  44. _DA_credentials && _DA_getDomainInfo && _DA_rmTxt
  45. }
  46. #################### Private functions below ##################################
  47. # Usage: _DA_credentials
  48. # It will check if the needed settings are available
  49. _DA_credentials() {
  50. DA_Api="${DA_Api:-$(_readaccountconf_mutable DA_Api)}"
  51. DA_Api_Insecure="${DA_Api_Insecure:-$(_readaccountconf_mutable DA_Api_Insecure)}"
  52. if [ -z "${DA_Api}" ] || [ -z "${DA_Api_Insecure}" ]; then
  53. DA_Api=""
  54. DA_Api_Insecure=""
  55. _err "You haven't specified the DirectAdmin Login data, URL and whether you want check the DirectAdmin SSL cert. Please try again."
  56. return 1
  57. else
  58. _saveaccountconf_mutable DA_Api "${DA_Api}"
  59. _saveaccountconf_mutable DA_Api_Insecure "${DA_Api_Insecure}"
  60. # Set whether curl should use secure or insecure mode
  61. export HTTPS_INSECURE="${DA_Api_Insecure}"
  62. fi
  63. }
  64. # Usage: _get_root _acme-challenge.www.example.com
  65. # Split the full domain to a domain and subdomain
  66. #returns
  67. # _sub_domain=_acme-challenge.www
  68. # _domain=example.com
  69. _get_root() {
  70. domain=$1
  71. i=2
  72. p=1
  73. # Get a list of all the domains
  74. # response will contain "list[]=example.com&list[]=example.org"
  75. _da_api CMD_API_SHOW_DOMAINS "" "${domain}"
  76. while true; do
  77. h=$(printf "%s" "$domain" | cut -d . -f $i-100)
  78. _debug h "$h"
  79. if [ -z "$h" ]; then
  80. # not valid
  81. _debug "The given domain $h is not valid"
  82. return 1
  83. fi
  84. if _contains "$response" "$h" >/dev/null; then
  85. _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
  86. _domain=$h
  87. return 0
  88. fi
  89. p=$i
  90. i=$(_math "$i" + 1)
  91. done
  92. _debug "Stop on 100"
  93. return 1
  94. }
  95. # Usage: _da_api CMD_API_* data example.com
  96. # Use the DirectAdmin API and check the result
  97. # returns
  98. # response="error=0&text=Result text&details="
  99. _da_api() {
  100. cmd=$1
  101. data=$2
  102. domain=$3
  103. _debug "$domain; $data"
  104. response="$(_post "$data" "$DA_Api/$cmd" "" "POST")"
  105. if [ "$?" != "0" ]; then
  106. _err "error $cmd"
  107. return 1
  108. fi
  109. _debug response "$response"
  110. case "${cmd}" in
  111. CMD_API_DNS_CONTROL)
  112. # Parse the result in general
  113. # error=0&text=Records Deleted&details=
  114. # error=1&text=Cannot View Dns Record&details=No domain provided
  115. err_field="$(_getfield "$response" 1 '&')"
  116. txt_field="$(_getfield "$response" 2 '&')"
  117. details_field="$(_getfield "$response" 3 '&')"
  118. error="$(_getfield "$err_field" 2 '=')"
  119. text="$(_getfield "$txt_field" 2 '=')"
  120. details="$(_getfield "$details_field" 2 '=')"
  121. _debug "error: ${error}, text: ${text}, details: ${details}"
  122. if [ "$error" != "0" ]; then
  123. _err "error $response"
  124. return 1
  125. fi
  126. ;;
  127. CMD_API_SHOW_DOMAINS) ;;
  128. esac
  129. return 0
  130. }
  131. # Usage: _DA_getDomainInfo
  132. # Get the root zone if possible
  133. _DA_getDomainInfo() {
  134. _debug "First detect the root zone"
  135. if ! _get_root "$fulldomain"; then
  136. _err "invalid domain"
  137. return 1
  138. else
  139. _debug "The root domain: $_domain"
  140. _debug "The sub domain: $_sub_domain"
  141. fi
  142. return 0
  143. }
  144. # Usage: _DA_addTxt
  145. # Use the API to add a record
  146. _DA_addTxt() {
  147. curData="domain=${_domain}&action=add&type=TXT&name=${_sub_domain}&value=\"${txtvalue}\""
  148. _debug "Calling _DA_addTxt: '${curData}' '${DA_Api}/CMD_API_DNS_CONTROL'"
  149. _da_api CMD_API_DNS_CONTROL "${curData}" "${_domain}"
  150. _debug "Result of _DA_addTxt: '$response'"
  151. if _contains "${response}" 'error=0'; then
  152. _debug "Add TXT succeeded"
  153. return 0
  154. fi
  155. _debug "Add TXT failed"
  156. return 1
  157. }
  158. # Usage: _DA_rmTxt
  159. # Use the API to remove a record
  160. _DA_rmTxt() {
  161. curData="domain=${_domain}&action=select&txtrecs0=name=${_sub_domain}&value=\"${txtvalue}\""
  162. _debug "Calling _DA_rmTxt: '${curData}' '${DA_Api}/CMD_API_DNS_CONTROL'"
  163. if _da_api CMD_API_DNS_CONTROL "${curData}" "${_domain}"; then
  164. _debug "Result of _DA_rmTxt: '$response'"
  165. else
  166. _err "Result of _DA_rmTxt: '$response'"
  167. fi
  168. if _contains "${response}" 'error=0'; then
  169. _debug "RM TXT succeeded"
  170. return 0
  171. fi
  172. _debug "RM TXT failed"
  173. return 1
  174. }