From 0fb206fe15107ca80a9199a0efec4e4a006ebb44 Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Wed, 26 Oct 2016 11:52:26 +0200 Subject: [PATCH 1/5] add nsupdate script for dns-01 --- dnsapi/dns_nsupdate.sh | 94 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100755 dnsapi/dns_nsupdate.sh diff --git a/dnsapi/dns_nsupdate.sh b/dnsapi/dns_nsupdate.sh new file mode 100755 index 0000000..fd16c56 --- /dev/null +++ b/dnsapi/dns_nsupdate.sh @@ -0,0 +1,94 @@ +#!/usr/bin/env bash + + +######## Public functions ##################### + +#Usage: dns_nsupdate_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_nsupdate_add() { + fulldomain=$1 + txtvalue=$2 + _checkKeyFile || return 1 + NSUPDATE_SERVER=${NSUPDATE_SERVER:-localhost} + # save the dns server and key to the account conf file. + _saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}" + _saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}" + tmp=$(mktemp --tmpdir acme_nsupdate.XXXXXX) + cat > ${tmp} < ${tmp} <&2 + return 1 +} + +_debug() { + if [ -z "$DEBUG" ] ; then + return + fi + _err "$@" + return 0 +} + +_debug2() { + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + _debug "$@" + fi + return +} From 2d279c4c5cb49405d01a996a0ea11c0e8711662f Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Wed, 26 Oct 2016 11:57:45 +0200 Subject: [PATCH 2/5] add nsupdate to sample config --- acme.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/acme.sh b/acme.sh index ce12579..cbd7f0d 100755 --- a/acme.sh +++ b/acme.sh @@ -3363,6 +3363,11 @@ _initconf() { # #GD_Secret=\"sADDsdasdfsdfdssdgdsf\" +####################### +#nsupdate: +#NSUPDATE_KEY=\"/path/to/update.key\" +#NSUPDATE_SERVER=\"192.168.0.1\" + ####################### #PowerDNS: #PDNS_Url=\"http://ns.example.com:8081\" From 54d61bdc4ac46437c16f81fe0593c92610fce0e3 Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Wed, 26 Oct 2016 16:14:47 +0200 Subject: [PATCH 3/5] - get rid of bash-only syntax like ${foo:-bar} - use sh instead of bash - remove redundant functions _info, _err, _debug and _debug2 - get rid of mktemp, pipe commands directly to nsupdate --- dnsapi/dns_nsupdate.sh | 46 +++++++----------------------------------- 1 file changed, 7 insertions(+), 39 deletions(-) diff --git a/dnsapi/dns_nsupdate.sh b/dnsapi/dns_nsupdate.sh index fd16c56..5602332 100755 --- a/dnsapi/dns_nsupdate.sh +++ b/dnsapi/dns_nsupdate.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh ######## Public functions ##################### @@ -8,18 +8,16 @@ dns_nsupdate_add() { fulldomain=$1 txtvalue=$2 _checkKeyFile || return 1 - NSUPDATE_SERVER=${NSUPDATE_SERVER:-localhost} + [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost" # save the dns server and key to the account conf file. _saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}" _saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}" - tmp=$(mktemp --tmpdir acme_nsupdate.XXXXXX) - cat > ${tmp} < ${tmp} <&2 - return 1 -} - -_debug() { - if [ -z "$DEBUG" ] ; then - return - fi - _err "$@" - return 0 -} - -_debug2() { - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then - _debug "$@" - fi - return -} From 243593cdaa716393283bb8f879517f2146d8b57b Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Mon, 14 Nov 2016 14:06:30 +0100 Subject: [PATCH 4/5] fix warnings and remove unused ${tmp} variable --- dnsapi/dns_nsupdate.sh | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/dnsapi/dns_nsupdate.sh b/dnsapi/dns_nsupdate.sh index 5602332..a024e31 100755 --- a/dnsapi/dns_nsupdate.sh +++ b/dnsapi/dns_nsupdate.sh @@ -13,16 +13,15 @@ dns_nsupdate_add() { _saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}" _saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}" _info "adding ${fulldomain}. 60 in txt \"${txtvalue}\"" - nsupdate -k ${NSUPDATE_KEY} < Date: Mon, 14 Nov 2016 15:56:07 +0100 Subject: [PATCH 5/5] add documentation for dns_nsupdate --- README.md | 1 + dnsapi/README.md | 50 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/README.md b/README.md index e86392e..58cadc6 100644 --- a/README.md +++ b/README.md @@ -244,6 +244,7 @@ You don't have do anything manually! 7. PowerDNS API 8. lexicon dns api: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api (DigitalOcean, DNSimple, DnsMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.) +9. nsupdate ##### More APIs are coming soon... diff --git a/dnsapi/README.md b/dnsapi/README.md index 9460315..a56f68b 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -112,10 +112,60 @@ acme.sh --issue --dns dns_pdns -d example.com -d www.example.com The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf`. + ## Use OVH/kimsufi/soyoustart/runabove API https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api +## Use nsupdate to automatically issue cert + +First, generate a key for updating the zone +``` +b=$(dnssec-keygen -a hmac-sha512 -b 512 -n USER -K /tmp foo) +cat > /etc/named/keys/update.key <