From 79db8dadddee3f5ebbe5f8c989ec78ee10fd249d Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 24 Nov 2016 13:39:46 +0800 Subject: [PATCH 1/6] fix CI --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index d70b7e4..efa4790 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,6 +33,7 @@ install: fi script: + - echo "TRAVIS_PULL_REQUEST_BRANCH=$TRAVIS_PULL_REQUEST_BRANCH" - echo "TEST_LOCAL=$TEST_LOCAL" - echo "NGROK_TOKEN=$(echo "$NGROK_TOKEN" | wc -c)" - which openssl && openssl version From 72349507c4a57106d6d2864436787e5f31c37056 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 24 Nov 2016 13:45:00 +0800 Subject: [PATCH 2/6] fix ci --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index efa4790..b7d92da 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,7 +33,7 @@ install: fi script: - - echo "TRAVIS_PULL_REQUEST_BRANCH=$TRAVIS_PULL_REQUEST_BRANCH" + - env - echo "TEST_LOCAL=$TEST_LOCAL" - echo "NGROK_TOKEN=$(echo "$NGROK_TOKEN" | wc -c)" - which openssl && openssl version From 9e04222ee63016ab6675cf78dd4614cc31a8c45c Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 24 Nov 2016 13:58:14 +0800 Subject: [PATCH 3/6] fix ci --- .travis.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index b7d92da..94848c1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -33,7 +33,6 @@ install: fi script: - - env - echo "TEST_LOCAL=$TEST_LOCAL" - echo "NGROK_TOKEN=$(echo "$NGROK_TOKEN" | wc -c)" - which openssl && openssl version @@ -45,8 +44,8 @@ script: - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then shellcheck -e SC2021,SC2126,SC2034 **/*.sh && echo "shellcheck OK" ; fi - cd .. - git clone https://github.com/Neilpang/acmetest.git && cp -r acme.sh acmetest/ && cd acmetest - - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo NGROK_TOKEN="$NGROK_TOKEN" ./letest.sh ; fi - - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then sudo NGROK_TOKEN="$NGROK_TOKEN" OPENSSL_BIN="$OPENSSL_BIN" ./letest.sh ; fi + - if [[ "$TRAVIS_OS_NAME" == "linux" ]] && [[ "$NGROK_TOKEN" ]]; then sudo NGROK_TOKEN="$NGROK_TOKEN" ./letest.sh ; fi + - if [[ "$TRAVIS_OS_NAME" == "osx" ]] && [[ "$NGROK_TOKEN" ]]; then sudo NGROK_TOKEN="$NGROK_TOKEN" OPENSSL_BIN="$OPENSSL_BIN" ./letest.sh ; fi matrix: From be39ab32d1d1d4654a8bf053d0636b9737a271c1 Mon Sep 17 00:00:00 2001 From: baiyangliu Date: Thu, 24 Nov 2016 21:49:45 +0800 Subject: [PATCH 4/6] Add DNS API support for aliyun (#410) * Add DNS API support for aliyun * Update README.md * format * format * format * format... * format... * format * format * fix bug * fix bug * code format * code format * fix bug * just ok... * fix bug * fix bug * fix bug * change "echo" to "printf" * fix bug * code format * fix bug."head -c" in function _ali_nonce not supported by solaris * fix bug."head -c" in function _ali_nonce not supported by solaris * format * fix bug._ali_nonce not work on solaris * fix bug. _ali_nonce not work on solaris * fix bug. _ali_nonce not work on solaris * add aliyun.com to README.md --- README.md | 1 + dnsapi/README.md | 21 +++++- dnsapi/dns_ali.sh | 186 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 206 insertions(+), 2 deletions(-) create mode 100644 dnsapi/dns_ali.sh diff --git a/README.md b/README.md index 69348bf..724f6ee 100644 --- a/README.md +++ b/README.md @@ -260,6 +260,7 @@ You don't have to do anything manually! 1. LuaDNS.com API 1. DNSMadeEasy.com API 1. nsupdate API +1. aliyun.com(阿里云) API **More APIs coming soon...** diff --git a/dnsapi/README.md b/dnsapi/README.md index 9a8730c..ca9b08d 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -201,7 +201,24 @@ acme.sh --issue --dns dns_aws -d example.com -d www.example.com The `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. -# 11. Use custom API +## 11. Use Aliyun domain API to automatically issue cert + +First you need to login to your Aliyun account to get your API key. +[https://ak-console.aliyun.com/#/accesskey](https://ak-console.aliyun.com/#/accesskey) + +``` +export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" +export Ali_Secret="jlsdflanljkljlfdsaklkjflsa" +``` + +Ok, let's issue a cert now: +``` +acme.sh --issue --dns dns_ali -d example.com -d www.example.com +``` + +The `Ali_Key` and `Ali_Secret` will be saved in `~/.acme.sh/account.conf` and will be reused when needed. + +# 12. Use custom API If your API is not supported yet, you can write your own DNS API. @@ -218,6 +235,6 @@ acme.sh --issue --dns dns_myapi -d example.com -d www.example.com For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh) -## 12. Use lexicon DNS API +## 13. Use lexicon DNS API https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api diff --git a/dnsapi/dns_ali.sh b/dnsapi/dns_ali.sh new file mode 100644 index 0000000..97b450a --- /dev/null +++ b/dnsapi/dns_ali.sh @@ -0,0 +1,186 @@ +#!/usr/bin/env sh + +Ali_API="https://alidns.aliyuncs.com/" + +#Ali_Key="LTqIA87hOKdjevsf5" +#Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2" + +#Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_ali_add() { + fulldomain=$1 + txtvalue=$2 + + if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then + Ali_Key="" + Ali_Secret="" + _err "You don't specify aliyun api key and secret yet." + return 1 + fi + + #save the api key and secret to the account conf file. + _saveaccountconf Ali_Key "$Ali_Key" + _saveaccountconf Ali_Secret "$Ali_Secret" + + _debug "First detect the root zone" + if ! _get_root "$fulldomain"; then + return 1 + fi + + _add_record_query "$_domain" "$_sub_domain" "$txtvalue" && _ali_rest "Add record" +} + +dns_ali_rm() { + fulldomain=$1 + _clean +} + +#################### Private functions bellow ################################## + +_get_root() { + domain=$1 + i=2 + p=1 + while true; do + h=$(printf "%s" "$domain" | cut -d . -f $i-100) + if [ -z "$h" ]; then + #not valid + return 1 + fi + + _describe_records_query "$h" + if ! _ali_rest "Get root" "ignore"; then + return 1 + fi + + if _contains "$response" "PageNumber"; then + _sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) + _debug _sub_domain "$_sub_domain" + _domain="$h" + _debug _domain "$_domain" + return 0 + fi + p="$i" + i=$(_math "$i" + 1) + done + return 1 +} + +_ali_rest() { + signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(_hex "$Ali_Secret&")" | _base64) + signature=$(_ali_urlencode "$signature") + url="$Ali_API?$query&Signature=$signature" + + if ! response="$(_get "$url")"; then + _err "Error <$1>" + return 1 + fi + + if [ -z "$2" ]; then + message="$(printf "%s" "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")" + if [ -n "$message" ]; then + _err "$message" + return 1 + fi + fi + + _debug2 response "$response" + return 0 +} + +_ali_urlencode() { + _str="$1" + _str_len=${#_str} + _u_i=1 + while [ "$_u_i" -le "$_str_len" ]; do + _str_c="$(printf "%s" "$_str" | cut -c "$_u_i")" + case $_str_c in [a-zA-Z0-9.~_-]) + printf "%s" "$_str_c" + ;; + *) + printf "%%%02X" "'$_str_c" + ;; + esac + _u_i="$(_math "$_u_i" + 1)" + done +} + +_ali_nonce() { + #_head_n 1 Date: Thu, 24 Nov 2016 22:27:14 +0800 Subject: [PATCH 5/6] fix for aliyun api --- acme.sh | 2 +- dnsapi/dns_ali.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index 674a428..f695ded 100755 --- a/acme.sh +++ b/acme.sh @@ -90,7 +90,7 @@ _printargs() { if [ -z "$2" ]; then printf -- "[$(date)] $1" else - printf -- "[$(date)] $1='$2'" + printf -- "%s" "[$(date)] $1='$2'" fi printf "\n" } diff --git a/dnsapi/dns_ali.sh b/dnsapi/dns_ali.sh index 97b450a..3086721 100644 --- a/dnsapi/dns_ali.sh +++ b/dnsapi/dns_ali.sh @@ -26,6 +26,7 @@ dns_ali_add() { return 1 fi + _debug "Add record" _add_record_query "$_domain" "$_sub_domain" "$txtvalue" && _ali_rest "Add record" } From 93f3098aec5c47070236104d52d3a1f38f6b7a80 Mon Sep 17 00:00:00 2001 From: neilpang Date: Thu, 24 Nov 2016 22:36:21 +0800 Subject: [PATCH 6/6] minor --- acme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme.sh b/acme.sh index f695ded..bcaa301 100755 --- a/acme.sh +++ b/acme.sh @@ -2797,7 +2797,7 @@ issue() { status=$(echo "$response" | _egrep_o '"status":"[^"]*' | cut -d : -f 2 | tr -d '"') if [ "$status" = "valid" ]; then - _info "Success" + _info "$(__green Success)" _stopserver "$serverproc" serverproc="" _clearupwebbroot "$_currentRoot" "$removelevel" "$token"