forked from Github/acme.sh
Browse Source
sync (#2127)
sync (#2127)
* Support for MyDevil.net (#2076) support mydevil * Fix verification for namecheap domains not *owned* by the calling user (#2106) * Peb (#2126) * support pebble * support async finalize order * add Pebblemaster
neil
6 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 307 additions and 14 deletions
-
2README.md
-
86acme.sh
-
10deploy/README.md
-
59deploy/mydevil.sh
-
20dnsapi/README.md
-
97dnsapi/dns_mydevil.sh
-
45dnsapi/dns_namecheap.sh
@ -0,0 +1,59 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# MyDevil.net API (2019-02-03) |
||||
|
# |
||||
|
# MyDevil.net already supports automatic Let's Encrypt certificates, |
||||
|
# except for wildcard domains. |
||||
|
# |
||||
|
# This script depends on `devil` command that MyDevil.net provides, |
||||
|
# which means that it works only on server side. |
||||
|
# |
||||
|
# Author: Marcin Konicki <https://ahwayakchih.neoni.net> |
||||
|
# |
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
# Usage: mydevil_deploy domain keyfile certfile cafile fullchain |
||||
|
mydevil_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
ip="" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
if ! _exists "devil"; then |
||||
|
_err "Could not find 'devil' command." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
ip=$(mydevil_get_ip "$_cdomain") |
||||
|
if [ -z "$ip" ]; then |
||||
|
_err "Could not find IP for domain $_cdomain." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# Delete old certificate first |
||||
|
_info "Removing old certificate for $_cdomain at $ip" |
||||
|
devil ssl www del "$ip" "$_cdomain" |
||||
|
|
||||
|
# Add new certificate |
||||
|
_info "Adding new certificate for $_cdomain at $ip" |
||||
|
devil ssl www add "$ip" "$_cfullchain" "$_ckey" "$_cdomain" || return 1 |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
# Usage: ip=$(mydevil_get_ip domain.com) |
||||
|
# echo $ip |
||||
|
mydevil_get_ip() { |
||||
|
devil dns list "$1" | cut -w -s -f 3,7 | grep "^A$(printf '\t')" | cut -w -s -f 2 || return 1 |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,97 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# MyDevil.net API (2019-02-03) |
||||
|
# |
||||
|
# MyDevil.net already supports automatic Let's Encrypt certificates, |
||||
|
# except for wildcard domains. |
||||
|
# |
||||
|
# This script depends on `devil` command that MyDevil.net provides, |
||||
|
# which means that it works only on server side. |
||||
|
# |
||||
|
# Author: Marcin Konicki <https://ahwayakchih.neoni.net> |
||||
|
# |
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: dns_mydevil_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_mydevil_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
domain="" |
||||
|
|
||||
|
if ! _exists "devil"; then |
||||
|
_err "Could not find 'devil' command." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Using mydevil" |
||||
|
|
||||
|
domain=$(mydevil_get_domain "$fulldomain") |
||||
|
if [ -z "$domain" ]; then |
||||
|
_err "Invalid domain name: could not find root domain of $fulldomain." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# No need to check if record name exists, `devil` always adds new record. |
||||
|
# In worst case scenario, we end up with multiple identical records. |
||||
|
|
||||
|
_info "Adding $fulldomain record for domain $domain" |
||||
|
if devil dns add "$domain" "$fulldomain" TXT "$txtvalue"; then |
||||
|
_info "Successfully added TXT record, ready for validation." |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Unable to add DNS record." |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
#Usage: fulldomain txtvalue |
||||
|
#Remove the txt record after validation. |
||||
|
dns_mydevil_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
domain="" |
||||
|
|
||||
|
if ! _exists "devil"; then |
||||
|
_err "Could not find 'devil' command." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Using mydevil" |
||||
|
|
||||
|
domain=$(mydevil_get_domain "$fulldomain") |
||||
|
if [ -z "$domain" ]; then |
||||
|
_err "Invalid domain name: could not find root domain of $fulldomain." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# catch one or more numbers |
||||
|
num='[0-9][0-9]*' |
||||
|
# catch one or more whitespace |
||||
|
w=$(printf '[\t ][\t ]*') |
||||
|
# catch anything, except newline |
||||
|
any='.*' |
||||
|
# filter to make sure we do not delete other records |
||||
|
validRecords="^${num}${w}${fulldomain}${w}TXT${w}${any}${txtvalue}$" |
||||
|
for id in $(devil dns list "$domain" | tail -n+2 | grep "${validRecords}" | cut -w -s -f 1); do |
||||
|
_info "Removing record $id from domain $domain" |
||||
|
devil dns del "$domain" "$id" || _err "Could not remove DNS record." |
||||
|
done |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
# Usage: domain=$(mydevil_get_domain "_acme-challenge.www.domain.com" || _err "Invalid domain name") |
||||
|
# echo $domain |
||||
|
mydevil_get_domain() { |
||||
|
fulldomain=$1 |
||||
|
domain="" |
||||
|
|
||||
|
for domain in $(devil dns list | cut -w -s -f 1 | tail -n+2); do |
||||
|
if _endswith "$fulldomain" "$domain"; then |
||||
|
printf -- "%s" "$domain" |
||||
|
return 0 |
||||
|
fi |
||||
|
done |
||||
|
|
||||
|
return 1 |
||||
|
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue