From 7d0452c7e330c53dd810964c7590876348642c75 Mon Sep 17 00:00:00 2001 From: nytral Date: Wed, 8 Mar 2017 22:12:37 +0100 Subject: [PATCH 01/17] added NS1. support --- README.md | 1 + dnsapi/README.md | 11 +++ dnsapi/dns_nsone.sh | 159 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 171 insertions(+) create mode 100644 dnsapi/dns_nsone.sh diff --git a/README.md b/README.md index 7d5ab84..5d1ddc5 100644 --- a/README.md +++ b/README.md @@ -308,6 +308,7 @@ You don't have to do anything manually! 1. Domain-Offensive/Resellerinterface/Domainrobot API 1. Gandi LiveDNS API 1. Knot DNS API +1. NS1. API **More APIs coming soon...** diff --git a/dnsapi/README.md b/dnsapi/README.md index 5b71e89..c1e98a6 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -394,6 +394,17 @@ acme.sh --issue --dns dns_knot -d example.com -d www.example.com The `KNOT_SERVER` and `KNOT_KEY` settings will be saved in `~/.acme.sh/account.conf` and will be reused when needed. +## 20. Use NS1. API + +``` +export NS1_Key="fdmlfsdklmfdkmqsdfk" +``` + +Ok, let's issue a cert now: +``` +acme.sh --issue --dns dns_nsone -d example.com -d www.example.com +``` + # Use custom API If your API is not supported yet, you can write your own DNS API. diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh new file mode 100644 index 0000000..6a7d600 --- /dev/null +++ b/dnsapi/dns_nsone.sh @@ -0,0 +1,159 @@ +#!/usr/bin/env sh + +# bug reports to dev@1e.ca + +# +#NS1_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" +# +#NS1_Email="user@luadns.net" + +NS1_Api="https://api.nsone.net/v1" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_nsone_add() { + fulldomain=$1 + txtvalue=$2 + + if [ -z "$NS1_Key" ]; then + NS1_Key="" + _err "You didn't specify nsone dns api key yet." + _err "Please create you key and try again." + return 1 + fi + + #save the api key and email to the account conf file. + _saveaccountconf NS1_Key "$NS1_Key" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _nsone_rest GET "zones/${_domain}" + + if ! _contains "$response" "\"records\":"; then + _err "Error" + return 1 + fi + + count=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain.\",[^{]*\"type\":\"TXT\"" | wc -l | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Adding record" + + if _nsone_rest PUT "zones/$_domain/$fulldomain/TXT" "{\"answers\":[{\"answer\":[\"$txtvalue\"]}],\"type\":\"TXT\",\"domain\":\"$fulldomain\",\"zone\":\"$_domain\"}"; then + if _contains "$response" "$fulldomain"; then + _info "Added" + #todo: check if the record takes effect + return 0 + else + _err "Add txt record error." + return 1 + fi + fi + _err "Add txt record error." + else + _info "Updating record" + record_id=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain.\",[^{]*\"type\":\"TXT\",\"id\":\"[^,]*\"" | _head_n 1 | cut -d: -f7 | cut -d, -f1) + _debug "record_id" "$record_id" + + _nsone_rest POST "zones/$_domain_/$fulldomain/TXT" "{\"answers\": [{\"answer\": [\"$txtvalue\"]}],\"type\": \"TXT\",\"domain\":\"$fulldomain\",\"zone\": \"$_domain\"}" + if [ "$?" = "0" ] && _contains "$response" "$fulldomain"; then + _info "Updated!" + #todo: check if the record takes effect + return 0 + fi + _err "Update error" + return 1 + fi + +} + +#fulldomain +dns_nsone_rm() { + fulldomain=$1 + txtvalue=$2 + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _nsone_rest GET "zones/${_domain}/$fulldomain/TXT" + + count=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain\",.*\"type\":\"TXT\"" | wc -l | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Don't need to remove." + else + if ! _nsone_rest DELETE "zones/${_domain}/$fulldomain/TXT"; then + _err "Delete record error." + return 1 + fi + _contains "$response" "" + fi +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + if ! _nsone_rest GET "zones"; then + return 1 + fi + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if _contains "$response" "\"zone\":\"$h\""; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + return 0 + fi + p=$i + i=$(_math "$i" + 1) + done + return 1 +} + +_nsone_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + export _H1="Accept: application/json" + export _H2="X-NSONE-Key: $NS1_Key" + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$NS1_Api/$ep" "" "$m")" + else + response="$(_get "$NS1_Api/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From 17361df66b9f8a4a4aabc7b1ab789d7d3ef5bb47 Mon Sep 17 00:00:00 2001 From: nytral Date: Wed, 8 Mar 2017 22:15:07 +0100 Subject: [PATCH 02/17] cleanup --- dnsapi/dns_nsone.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index 6a7d600..898319b 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -5,7 +5,6 @@ # #NS1_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" # -#NS1_Email="user@luadns.net" NS1_Api="https://api.nsone.net/v1" From d3c4cd8270d2ee84e2dd20976156b7bdfdce42df Mon Sep 17 00:00:00 2001 From: nytral Date: Wed, 8 Mar 2017 22:21:25 +0100 Subject: [PATCH 03/17] bugfix --- dnsapi/dns_nsone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index 898319b..a5ea05f 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -41,7 +41,7 @@ dns_nsone_add() { return 1 fi - count=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain.\",[^{]*\"type\":\"TXT\"" | wc -l | tr -d " ") + count=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain\",[^{]*\"type\":\"TXT\"" | wc -l | tr -d " ") _debug count "$count" if [ "$count" = "0" ]; then _info "Adding record" From 1e5e03cc4603a65d4bb0b0d2c3932cbe070e5b96 Mon Sep 17 00:00:00 2001 From: nytral Date: Wed, 8 Mar 2017 22:22:48 +0100 Subject: [PATCH 04/17] typo... --- dnsapi/dns_nsone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index a5ea05f..0f6e441 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -62,7 +62,7 @@ dns_nsone_add() { record_id=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain.\",[^{]*\"type\":\"TXT\",\"id\":\"[^,]*\"" | _head_n 1 | cut -d: -f7 | cut -d, -f1) _debug "record_id" "$record_id" - _nsone_rest POST "zones/$_domain_/$fulldomain/TXT" "{\"answers\": [{\"answer\": [\"$txtvalue\"]}],\"type\": \"TXT\",\"domain\":\"$fulldomain\",\"zone\": \"$_domain\"}" + _nsone_rest POST "zones/$_domain/$fulldomain/TXT" "{\"answers\": [{\"answer\": [\"$txtvalue\"]}],\"type\": \"TXT\",\"domain\":\"$fulldomain\",\"zone\": \"$_domain\"}" if [ "$?" = "0" ] && _contains "$response" "$fulldomain"; then _info "Updated!" #todo: check if the record takes effect From cc1d3b20b60a9f729bbd0f61f6563d2fe34772d4 Mon Sep 17 00:00:00 2001 From: wizard1024 Date: Fri, 5 May 2017 14:55:51 +0300 Subject: [PATCH 05/17] Update dns_aws.sh to work only with public zones --- dnsapi/dns_aws.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_aws.sh b/dnsapi/dns_aws.sh index 21e8668..800c3d0 100755 --- a/dnsapi/dns_aws.sh +++ b/dnsapi/dns_aws.sh @@ -106,7 +106,7 @@ _get_root() { fi if _contains "$response" "$h."; then - hostedzone="$(echo "$response" | sed 's//#&/g' | tr '#' '\n' | _egrep_o "[^<]*<.Id>$h.<.Name>.*<.HostedZone>")" + hostedzone="$(echo "$response" | sed 's//#&/g' | tr '#' '\n' | _egrep_o "[^<]*<.Id>$h.<.Name>.*false<.PrivateZone>.*<.HostedZone>")" _debug hostedzone "$hostedzone" if [ -z "$hostedzone" ]; then _err "Error, can not get hostedzone." From 5e3a5f627a94efea26d18d7eebb022a99a6149dd Mon Sep 17 00:00:00 2001 From: nytral Date: Mon, 8 May 2017 15:51:01 +0200 Subject: [PATCH 06/17] last but not least --- README.md | 1 + dnsapi/README.md | 11 +++ dnsapi/dns_nsone.sh | 158 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 170 insertions(+) create mode 100644 dnsapi/dns_nsone.sh diff --git a/README.md b/README.md index 0cb800e..b816ec7 100644 --- a/README.md +++ b/README.md @@ -329,6 +329,7 @@ You don't have to do anything manually! 1. Infoblox NIOS API (https://www.infoblox.com/) 1. VSCALE (https://vscale.io/) 1. Dynu API (https://www.dynu.com) +1. NS1.com API **More APIs coming soon...** diff --git a/dnsapi/README.md b/dnsapi/README.md index f53d8ad..dff6239 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -494,6 +494,17 @@ be reused when needed. If you have any issues with this integration please report them to https://github.com/pho3nixf1re/acme.sh/issues. +## 26. Use NS1.com API + +``` +export NS1_Key="fdmlfsdklmfdkmqsdfk" +``` + +Ok, let's issue a cert now: +``` +acme.sh --issue --dns dns_nsone -d example.com -d www.example.com +``` + # Use custom API If your API is not supported yet, you can write your own DNS API. diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh new file mode 100644 index 0000000..48e4397 --- /dev/null +++ b/dnsapi/dns_nsone.sh @@ -0,0 +1,158 @@ +#!/bin/bash + +# bug reports to dev@1e.ca + +# +#NS1_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" +# + +NS1_Api="https://api.nsone.net/v1" + +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_nsone_add() { + fulldomain=$1 + txtvalue=$2 + + if [ -z "$NS1_Key" ]; then + NS1_Key="" + _err "You didn't specify nsone dns api key yet." + _err "Please create you key and try again." + return 1 + fi + + #save the api key and email to the account conf file. + _saveaccountconf NS1_Key "$NS1_Key" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _nsone_rest GET "zones/${_domain}" + + if ! _contains "$response" "\"records\":"; then + _err "Error" + return 1 + fi + + count=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain\",[^{]*\"type\":\"TXT\"" | wc -l | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Adding record" + + if _nsone_rest PUT "zones/$_domain/$fulldomain/TXT" "{\"answers\":[{\"answer\":[\"$txtvalue\"]}],\"type\":\"TXT\",\"domain\":\"$fulldomain\",\"zone\":\"$_domain\"}"; then + if _contains "$response" "$fulldomain"; then + _info "Added" + #todo: check if the record takes effect + return 0 + else + _err "Add txt record error." + return 1 + fi + fi + _err "Add txt record error." + else + _info "Updating record" + record_id=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain.\",[^{]*\"type\":\"TXT\",\"id\":\"[^,]*\"" | _head_n 1 | cut -d: -f7 | cut -d, -f1) + _debug "record_id" "$record_id" + + _nsone_rest POST "zones/$_domain/$fulldomain/TXT" "{\"answers\": [{\"answer\": [\"$txtvalue\"]}],\"type\": \"TXT\",\"domain\":\"$fulldomain\",\"zone\": \"$_domain\"}" + if [ "$?" = "0" ] && _contains "$response" "$fulldomain"; then + _info "Updated!" + #todo: check if the record takes effect + return 0 + fi + _err "Update error" + return 1 + fi + +} + +#fulldomain +dns_nsone_rm() { + fulldomain=$1 + txtvalue=$2 + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + _err "invalid domain" + return 1 + fi + _debug _sub_domain "$_sub_domain" + _debug _domain "$_domain" + + _debug "Getting txt records" + _nsone_rest GET "zones/${_domain}/$fulldomain/TXT" + + count=$(printf "%s\n" "$response" | _egrep_o "\"domain\":\"$fulldomain\",.*\"type\":\"TXT\"" | wc -l | tr -d " ") + _debug count "$count" + if [ "$count" = "0" ]; then + _info "Don't need to remove." + else + if ! _nsone_rest DELETE "zones/${_domain}/$fulldomain/TXT"; then + _err "Delete record error." + return 1 + fi + _contains "$response" "" + fi +} + +#################### Private functions below ################################## +#_acme-challenge.www.domain.com +#returns +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + if ! _nsone_rest GET "zones"; then + return 1 + fi + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + _debug h "$h" + if [ -z "$h" ]; then + #not valid + return 1 + fi + + if _contains "$response" "\"zone\":\"$h\""; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + return 0 + fi + p=$i + i=$(_math "$i" + 1) + done + return 1 +} + +_nsone_rest() { + m=$1 + ep="$2" + data="$3" + _debug "$ep" + + export _H1="Accept: application/json" + export _H2="X-NSONE-Key: $NS1_Key" + if [ "$m" != "GET" ]; then + _debug data "$data" + response="$(_post "$data" "$NS1_Api/$ep" "" "$m")" + else + response="$(_get "$NS1_Api/$ep")" + fi + + if [ "$?" != "0" ]; then + _err "error $ep" + return 1 + fi + _debug2 response "$response" + return 0 +} From dff641a665bffab928ebf0121ff15e86a608de96 Mon Sep 17 00:00:00 2001 From: nytral Date: Mon, 8 May 2017 16:07:45 +0200 Subject: [PATCH 07/17] I can do it... just discovered vmdiff --- README.md | 1 - dnsapi/README.md | 5 +---- dnsapi/dns_nsone.sh | 2 -- 3 files changed, 1 insertion(+), 7 deletions(-) diff --git a/README.md b/README.md index a67a906..b816ec7 100644 --- a/README.md +++ b/README.md @@ -324,7 +324,6 @@ You don't have to do anything manually! 1. Domain-Offensive/Resellerinterface/Domainrobot API 1. Gandi LiveDNS API 1. Knot DNS API -1. NS1.com API 1. DigitalOcean API (native) 1. ClouDNS.net API 1. Infoblox NIOS API (https://www.infoblox.com/) diff --git a/dnsapi/README.md b/dnsapi/README.md index 25ba1c3..dff6239 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -494,8 +494,7 @@ be reused when needed. If you have any issues with this integration please report them to https://github.com/pho3nixf1re/acme.sh/issues. -<<<<<<< HEAD -## 28. Use NS1.com API +## 26. Use NS1.com API ``` export NS1_Key="fdmlfsdklmfdkmqsdfk" @@ -505,8 +504,6 @@ Ok, let's issue a cert now: ``` acme.sh --issue --dns dns_nsone -d example.com -d www.example.com ``` -======= ->>>>>>> 9201e0a5b905812da1157efa075dd1ab52362c09 # Use custom API diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index ced65ac..0f6e441 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -1,6 +1,4 @@ -<<<<<<< HEAD #!/usr/bin/env sh ->>>>>>> 9201e0a5b905812da1157efa075dd1ab52362c09 # bug reports to dev@1e.ca From 9bc5f686ebb7e866bb8d0bf7299989d86a1c8d63 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 8 May 2017 22:25:06 +0800 Subject: [PATCH 08/17] fix list order --- README.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index b816ec7..7e6b122 100644 --- a/README.md +++ b/README.md @@ -304,17 +304,14 @@ You don't have to do anything manually! 1. CloudFlare.com API 1. DNSPod.cn API -1. DNSimple API 1. CloudXNS.com API 1. GoDaddy.com API -1. OVH, kimsufi, soyoustart and runabove API -1. AWS Route 53 1. PowerDNS.com API -1. lexicon DNS API: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api - (DigitalOcean, DNSimple, DNSMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.) +1. OVH, kimsufi, soyoustart and runabove API +1. nsupdate API 1. LuaDNS.com API 1. DNSMadeEasy.com API -1. nsupdate API +1. AWS Route 53 1. aliyun.com(阿里云) API 1. ISPConfig 3.1 API 1. Alwaysdata.com API @@ -329,9 +326,18 @@ You don't have to do anything manually! 1. Infoblox NIOS API (https://www.infoblox.com/) 1. VSCALE (https://vscale.io/) 1. Dynu API (https://www.dynu.com) +1. DNSimple API 1. NS1.com API + +And: + +1. lexicon DNS API: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api + (DigitalOcean, DNSimple, DNSMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.) + + + **More APIs coming soon...** If your DNS provider is not on the supported list above, you can write your own DNS API script easily. If you do, please consider submitting a [Pull Request](https://github.com/Neilpang/acme.sh/pulls) and contribute it to the project. From 5da1d3b73bdbec8fb5db9283d2755106c23847e0 Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 8 May 2017 22:55:21 +0800 Subject: [PATCH 09/17] minor fix format --- dnsapi/dns_nsone.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index 0f6e441..7af0f81 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -45,7 +45,7 @@ dns_nsone_add() { _debug count "$count" if [ "$count" = "0" ]; then _info "Adding record" - + if _nsone_rest PUT "zones/$_domain/$fulldomain/TXT" "{\"answers\":[{\"answer\":[\"$txtvalue\"]}],\"type\":\"TXT\",\"domain\":\"$fulldomain\",\"zone\":\"$_domain\"}"; then if _contains "$response" "$fulldomain"; then _info "Added" @@ -124,9 +124,9 @@ _get_root() { fi if _contains "$response" "\"zone\":\"$h\""; then - _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) - _domain="$h" - return 0 + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _domain="$h" + return 0 fi p=$i i=$(_math "$i" + 1) From a20707cd731f98b820f56dbd92bad0477c91ea1c Mon Sep 17 00:00:00 2001 From: neilpang Date: Mon, 8 May 2017 22:57:23 +0800 Subject: [PATCH 10/17] fix format --- dnsapi/dns_nsone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_nsone.sh b/dnsapi/dns_nsone.sh index 7af0f81..adf1f42 100644 --- a/dnsapi/dns_nsone.sh +++ b/dnsapi/dns_nsone.sh @@ -45,7 +45,7 @@ dns_nsone_add() { _debug count "$count" if [ "$count" = "0" ]; then _info "Adding record" - + if _nsone_rest PUT "zones/$_domain/$fulldomain/TXT" "{\"answers\":[{\"answer\":[\"$txtvalue\"]}],\"type\":\"TXT\",\"domain\":\"$fulldomain\",\"zone\":\"$_domain\"}"; then if _contains "$response" "$fulldomain"; then _info "Added" From 0f48b15695d5c04e98e6a36d7c59dcc47ebe1666 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 9 May 2017 13:33:54 +0800 Subject: [PATCH 11/17] update doc --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7e6b122..a163f23 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ - Just one script to issue, renew and install your certificates automatically. - DOES NOT require `root/sudoer` access. - Docker friendly +- IPv6 support It's probably the `easiest & smartest` shell script to automatically issue & renew the free certificates from Let's Encrypt. From c487cd6af2067bbfee9d66465503cdac9bbbb102 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 11 May 2017 20:51:16 +0800 Subject: [PATCH 12/17] add VOLUME --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index feb89b0..3b26261 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,5 +55,7 @@ else \n \ /root/.acme.sh/acme.sh --config-home /acme.sh \"\$@\"\n \ fi" >/entry.sh && chmod +x /entry.sh +VOLUME /acme.sh + ENTRYPOINT ["/entry.sh"] CMD ["--help"] From d61ef6b49ae442b93b36aba67ba6037a0a5948d1 Mon Sep 17 00:00:00 2001 From: neil Date: Fri, 12 May 2017 11:27:06 +0800 Subject: [PATCH 13/17] gandi dns api updated. --- dnsapi/dns_gandi_livedns.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dnsapi/dns_gandi_livedns.sh b/dnsapi/dns_gandi_livedns.sh index 28b8f99..82ed599 100755 --- a/dnsapi/dns_gandi_livedns.sh +++ b/dnsapi/dns_gandi_livedns.sh @@ -37,7 +37,7 @@ dns_gandi_livedns_add() { _debug sub_domain "$_sub_domain" _gandi_livedns_rest PUT "domains/$_domain/records/$_sub_domain/TXT" "{\"rrset_ttl\": 300, \"rrset_values\":[\"$txtvalue\"]}" \ - && _contains "$response" '{"message": "Zone Record Created"}' \ + && _contains "$response" '{"message": "DNS Record Created"}' \ && _info "Add $(__green "success")" } From 319d49ddbe81a7d72009f203e1a56f1c6e614742 Mon Sep 17 00:00:00 2001 From: The Gitter Badger Date: Fri, 12 May 2017 05:37:15 +0000 Subject: [PATCH 14/17] Add Gitter badge --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index a163f23..afdda8a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ # An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh) + +[![Join the chat at https://gitter.im/acme-sh/Lobby](https://badges.gitter.im/acme-sh/Lobby.svg)](https://gitter.im/acme-sh/Lobby?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) - An ACME protocol client written purely in Shell (Unix shell) language. - Full ACME protocol implementation. - Simple, powerful and very easy to use. You only need 3 minutes to learn it. From df037db0bb804eb05352974b66dfd564fff7608c Mon Sep 17 00:00:00 2001 From: neilpang Date: Sun, 14 May 2017 10:15:40 +0800 Subject: [PATCH 15/17] clean cache --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3b26261..4cb3313 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,17 +4,17 @@ RUN apk update -f \ && apk --no-cache add -f \ openssl \ curl \ - netcat-openbsd + netcat-openbsd \ + && rm -rf /var/cache/apk/* ENV LE_CONFIG_HOME /acme.sh ENV AUTO_UPGRADE 1 #Install -RUN mkdir -p /install_acme.sh/ ADD ./ /install_acme.sh/ -RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) -RUN rm -rf /install_acme.sh/ +RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) && rm -rf /install_acme.sh/ + RUN ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh From 2844d73dc752138c48c7ec05a93869d931782ff5 Mon Sep 17 00:00:00 2001 From: neil Date: Mon, 15 May 2017 20:46:02 +0800 Subject: [PATCH 16/17] fix https://github.com/Neilpang/acme.sh/issues/844 --- acme.sh | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/acme.sh b/acme.sh index 7ce947e..77be3fd 100755 --- a/acme.sh +++ b/acme.sh @@ -1244,17 +1244,20 @@ createDomainKey() { fi domain=$1 - length=$2 + _cdl=$2 - if [ -z "$length" ]; then + if [ -z "$_cdl" ]; then _debug "Use DEFAULT_DOMAIN_KEY_LENGTH=$DEFAULT_DOMAIN_KEY_LENGTH" - length="$DEFAULT_DOMAIN_KEY_LENGTH" + _cdl="$DEFAULT_DOMAIN_KEY_LENGTH" fi - _initpath "$domain" "$length" + _initpath "$domain" "$_cdl" if [ ! -f "$CERT_KEY_PATH" ] || ([ "$FORCE" ] && ! [ "$IS_RENEW" ]); then - _createkey "$length" "$CERT_KEY_PATH" + if _createkey "$_cdl" "$CERT_KEY_PATH"; then + _savedomainconf Le_Keylength "$_cdl" + _info "The domain key is here: $(__green $CERT_KEY_PATH)" + fi else if [ "$IS_RENEW" ]; then _info "Domain key exists, skip" From b420ec6cb96f625e400fccfe60c3ad6256f03c32 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 17 May 2017 13:16:53 +0800 Subject: [PATCH 17/17] fix for performance of _h2b() function --- acme.sh | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/acme.sh b/acme.sh index 77be3fd..8edf2c6 100755 --- a/acme.sh +++ b/acme.sh @@ -444,19 +444,27 @@ if [ "$(printf '\x41')" != 'A' ]; then fi _h2b() { + if _exists xxd; then + xxd -r -p + return + fi + hex=$(cat) i=1 j=2 - - _debug3 _URGLY_PRINTF "$_URGLY_PRINTF" - while true; do - if [ -z "$_URGLY_PRINTF" ]; then + _debug2 _URGLY_PRINTF "$_URGLY_PRINTF" + if [ -z "$_URGLY_PRINTF" ]; then + while true; do h="$(printf "%s" "$hex" | cut -c $i-$j)" if [ -z "$h" ]; then break fi printf "\x$h%s" - else + i="$(_math "$i" + 2)" + j="$(_math "$j" + 2)" + done + else + while true; do ic="$(printf "%s" "$hex" | cut -c $i)" jc="$(printf "%s" "$hex" | cut -c $j)" if [ -z "$ic$jc" ]; then @@ -465,12 +473,11 @@ _h2b() { ic="$(_h_char_2_dec "$ic")" jc="$(_h_char_2_dec "$jc")" printf '\'"$(printf "%o" "$(_math "$ic" \* 16 + $jc)")""%s" - fi - - i="$(_math "$i" + 2)" - j="$(_math "$j" + 2)" + i="$(_math "$i" + 2)" + j="$(_math "$j" + 2)" + done + fi - done } _is_solaris() {