julien.escario
/
acme.sh
forked from Github/acme.sh
1
0
Fork 0
Code Pull Requests Releases Activity
Browse Source

Merge branch 'dev' into all-inkl-kasserver-dns-script

none
Martin Kammerlander 7 years ago
parent
32d7bd5ab1 a5c1c30368
commit
8c634d8323
6 changed files with 154 additions and 163 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 45
      README.md
  2. 80
      acme.sh
  3. 8
      dnsapi/dns_azure.sh
  4. 8
      dnsapi/dns_cf.sh
  5. 30
      dnsapi/dns_dgon.sh
  6. 146
      dnsapi/dns_freedns.sh

45
README.md
View File

@ -37,6 +37,8 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
- [splynx](https://forum.splynx.com/t/free-ssl-cert-for-splynx-lets-encrypt/297)
- [archlinux](https://aur.archlinux.org/packages/acme.sh-git/)
- [opnsense.org](https://github.com/opnsense/plugins/tree/master/security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient)
- [CentOS Web Panel](http://centos-webpanel.com/)
- [lnmp.org](https://lnmp.org/)
- [more...](https://github.com/Neilpang/acme.sh/wiki/Blogs-and-tutorials)
# Tested OS
@ -220,22 +222,7 @@ acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
# 5. Use Standalone TLS server to issue cert
**(requires you to be root/sudoer or have permission to listen on port 443 (TCP))**
acme.sh supports `tls-sni-01` validation.
Port `443` (TCP) **MUST** be free to listen on, otherwise you will be prompted to free it and try again.
```bash
acme.sh --issue --tls -d example.com -d www.example.com -d cp.example.com
```
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
# 6. Use Apache mode
# 5. Use Apache mode
**(requires you to be root/sudoer, since it is required to interact with Apache server)**
@ -255,7 +242,7 @@ We don't want to mess your apache server, don't worry.**
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
# 7. Use Nginx mode
# 6. Use Nginx mode
**(requires you to be root/sudoer, since it is required to interact with Nginx server)**
@ -279,7 +266,7 @@ We don't want to mess your nginx server, don't worry.**
More examples: https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert
# 8. Automatic DNS API integration
# 7. Automatic DNS API integration
If your DNS provider supports API access, we can use that API to automatically issue the certs.
@ -343,7 +330,7 @@ If your DNS provider is not on the supported list above, you can write your own
For more details: [How to use DNS API](dnsapi)
# 9. Use DNS manual mode:
# 8. Use DNS manual mode:
If your dns provider doesn't support any api access, you can add the txt record by your hand.
@ -377,7 +364,7 @@ Ok, it's done.
**Please use dns api mode instead.**
# 10. Issue ECC certificates
# 9. Issue ECC certificates
`Let's Encrypt` can now issue **ECDSA** certificates.
@ -409,7 +396,7 @@ Valid values are:
# 11. Issue Wildcard certificates
# 10. Issue Wildcard certificates
It's simple, just give a wildcard domain as the `-d` parameter.
@ -419,7 +406,7 @@ acme.sh --issue -d example.com -d *.example.com --dns dns_cf
# 12. How to renew the certs
# 11. How to renew the certs
No, you don't need to renew the certs manually. All the certs will be renewed automatically every **60** days.
@ -436,7 +423,7 @@ acme.sh --renew -d example.com --force --ecc
```
# 13. How to stop cert renewal
# 12. How to stop cert renewal
To stop renewal of a cert, you can execute the following to remove the cert from the renewal list:
@ -449,7 +436,7 @@ The cert/key file is not removed from the disk.
You can remove the respective directory (e.g. `~/.acme.sh/example.com`) by yourself.
# 14. How to upgrade `acme.sh`
# 13. How to upgrade `acme.sh`
acme.sh is in constant development, so it's strongly recommended to use the latest code.
@ -474,25 +461,25 @@ acme.sh --upgrade --auto-upgrade 0
```
# 15. Issue a cert from an existing CSR
# 14. Issue a cert from an existing CSR
https://github.com/Neilpang/acme.sh/wiki/Issue-a-cert-from-existing-CSR
# 16. Under the Hood
# 15. Under the Hood
Speak ACME language using shell, directly to "Let's Encrypt".
TODO:
# 17. Acknowledgments
# 16. Acknowledgments
1. Acme-tiny: https://github.com/diafygi/acme-tiny
2. ACME protocol: https://github.com/ietf-wg-acme/acme
# 18. License & Others
# 17. License & Others
License is GPLv3
@ -501,7 +488,7 @@ Please Star and Fork me.
[Issues](https://github.com/Neilpang/acme.sh/issues) and [pull requests](https://github.com/Neilpang/acme.sh/pulls) are welcome.
# 19. Donate
# 18. Donate
Your donation makes **acme.sh** better:
1. PayPal/Alipay(支付宝)/Wechat(微信): [https://donate.acme.sh/](https://donate.acme.sh/)

80
acme.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env sh
VER=2.7.7
VER=2.7.8
PROJECT_NAME="acme.sh"
@ -47,6 +47,7 @@ DEFAULT_DNS_SLEEP=120
NO_VALUE="no"
W_TLS="tls"
W_DNS="dns"
DNS_ALIAS_PREFIX="="
MODE_STATELESS="stateless"
@ -2341,7 +2342,7 @@ _initpath() {
fi
fi
_debug2 ACME_DIRECTORY "$ACME_DIRECTORY"
_debug ACME_DIRECTORY "$ACME_DIRECTORY"
_ACME_SERVER_HOST="$(echo "$ACME_DIRECTORY" | cut -d : -f 2 | tr -s / | cut -d / -f 2)"
_debug2 "_ACME_SERVER_HOST" "$_ACME_SERVER_HOST"
@ -2998,6 +2999,8 @@ _on_before_issue() {
_chk_pre_hook="$4"
_chk_local_addr="$5"
_debug _on_before_issue
_debug _chk_main_domain "$_chk_main_domain"
_debug _chk_alt_domains "$_chk_alt_domains"
#run pre hook
if [ "$_chk_pre_hook" ]; then
_info "Run pre hook:'$_chk_pre_hook'"
@ -3018,11 +3021,17 @@ _on_before_issue() {
_debug Le_LocalAddress "$_chk_local_addr"
alldomains=$(echo "$_chk_main_domain,$_chk_alt_domains" | tr ',' ' ')
_index=1
_currentRoot=""
_addrIndex=1
for d in $alldomains; do
_w_index=1
while true; do
d="$(echo "$_chk_main_domain,$_chk_alt_domains," | cut -d , -f "$_w_index")"
_w_index="$(_math "$_w_index" + 1)"
_debug d "$d"
if [ -z "$d" ]; then
break
fi
_debug "Check for domain" "$d"
_currentRoot="$(_getfield "$_chk_web_roots" $_index)"
_debug "_currentRoot" "$_currentRoot"
@ -3118,7 +3127,7 @@ _on_issue_err() {
)
fi
if [ "$IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "dns"; then
if [ "$IS_RENEW" = "1" ] && _hasfield "$Le_Webroot" "$W_DNS"; then
_err "$_DNS_MANUAL_ERR"
fi
@ -3154,7 +3163,7 @@ _on_issue_success() {
fi
fi
if _hasfield "$Le_Webroot" "dns"; then
if _hasfield "$Le_Webroot" "$W_DNS"; then
_err "$_DNS_MANUAL_WARN"
fi
@ -3421,6 +3430,9 @@ issue() {
_main_domain=$(echo "$2,$3" | cut -d , -f 1)
_alt_domains=$(echo "$2,$3" | cut -d , -f 2- | sed "s/,${NO_VALUE}$//")
fi
_debug _main_domain "$_main_domain"
_debug _alt_domains "$_alt_domains"
_key_length="$4"
_real_cert="$5"
_real_key="$6"
@ -3551,10 +3563,15 @@ issue() {
if [ "$ACME_VERSION" = "2" ]; then
#make new order request
_identifiers="{\"type\":\"dns\",\"value\":\"$_main_domain\"}"
for d in $(echo "$_alt_domains" | tr ',' ' '); do
if [ "$d" ]; then
_identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$d\"}"
_w_index=1
while true; do
d="$(echo "$_alt_domains," | cut -d , -f "$_w_index")"
_w_index="$(_math "$_w_index" + 1)"
_debug d "$d"
if [ -z "$d" ]; then
break
fi
_identifiers="$_identifiers,{\"type\":\"dns\",\"value\":\"$d\"}"
done
_debug2 _identifiers "$_identifiers"
if ! _send_signed_request "$ACME_NEW_ORDER" "{\"identifiers\": [$_identifiers]}"; then
@ -3591,6 +3608,8 @@ issue() {
_debug2 "_authz_url" "$_authz_url"
if ! response="$(_get "$_authz_url")"; then
_err "get to authz error."
_err "_authorizations_seg" "$_authorizations_seg"
_err "_authz_url" "$_authz_url"
_clearup
_on_issue_err "$_post_hook"
return 1
@ -3609,10 +3628,16 @@ $_authorizations_map"
_debug2 _authorizations_map "$_authorizations_map"
fi
alldomains=$(echo "$_main_domain,$_alt_domains" | tr ',' ' ')
_index=0
_currentRoot=""
for d in $alldomains; do
_w_index=1
while true; do
d="$(echo "$_main_domain,$_alt_domains," | cut -d , -f "$_w_index")"
_w_index="$(_math "$_w_index" + 1)"
_debug d "$d"
if [ -z "$d" ]; then
break
fi
_info "Getting webroot for domain" "$d"
_index=$(_math $_index + 1)
_w="$(echo $_web_roots | cut -d , -f $_index)"
@ -3624,7 +3649,7 @@ $_authorizations_map"
vtype="$VTYPE_HTTP"
#todo, v2 wildcard force to use dns
if _startswith "$_currentRoot" "dns"; then
if _startswith "$_currentRoot" "$W_DNS"; then
vtype="$VTYPE_DNS"
fi
@ -3641,6 +3666,7 @@ $_authorizations_map"
_debug2 "response" "$response"
if [ -z "$response" ]; then
_err "get to authz error."
_err "_authorizations_map" "$_authorizations_map"
_clearup
_on_issue_err "$_post_hook"
return 1
@ -3751,6 +3777,10 @@ $_authorizations_map"
if [ "$d_api" ]; then
_info "Found domain api file: $d_api"
else
if [ "$_currentRoot" != "$W_DNS" ]; then
_err "Can not find dns api hook for: $_currentRoot"
_info "You need to add the txt record manually."
fi
_info "$(__red "Add the following TXT record:")"
_info "$(__red "Domain: '$(__green "$txtdomain")'")"
_info "$(__red "TXT value: '$(__green "$txt")'")"
@ -3789,7 +3819,7 @@ $_authorizations_map"
if [ "$dnsadded" = '0' ]; then
_savedomainconf "Le_Vlist" "$vlist"
_debug "Dns record not added yet, so, save to $DOMAIN_CONF and exit."
_err "Please add the TXT records to the domains, and retry again."
_err "Please add the TXT records to the domains, and re-run with --renew."
_clearup
_on_issue_err "$_post_hook"
return 1
@ -4151,7 +4181,7 @@ $_authorizations_map"
echo "$BEGIN_CERT" >"$CA_CERT_PATH"
_base64 "multiline" <"$CA_CERT_PATH.der" >>"$CA_CERT_PATH"
echo "$END_CERT" >>"$CA_CERT_PATH"
if !_checkcert "$CA_CERT_PATH"; then
if ! _checkcert "$CA_CERT_PATH"; then
_err "Can not get the ca cert."
break
fi
@ -4264,7 +4294,7 @@ renew() {
fi
. "$DOMAIN_CONF"
_debug Le_API "$Le_API"
if [ "$Le_API" ]; then
if [ "$_OLD_CA_HOST" = "$Le_API" ]; then
export Le_API="$DEFAULT_CA"
@ -4868,6 +4898,8 @@ _deactivate() {
_debug2 "authzUri" "$authzUri"
if ! response="$(_get "$authzUri")"; then
_err "get to authz error."
_err "_authorizations_seg" "$_authorizations_seg"
_err "authzUri" "$authzUri"
_clearup
_on_issue_err "$_post_hook"
return 1
@ -5399,7 +5431,6 @@ Parameters:
--webroot, -w /path/to/webroot Specifies the web root folder for web root mode.
--standalone Use standalone mode.
--stateless Use stateless mode, see: $_STATELESS_WIKI
--tls Use standalone tls mode.
--apache Use apache mode.
--dns [dns_cf|dns_dp|dns_cx|/path/to/api/file] Use dns mode or dns api.
--dnssleep [$DEFAULT_DNS_SLEEP] The time in seconds to wait for all the txt records to take effect in dns api mode. Default $DEFAULT_DNS_SLEEP seconds.
@ -5429,7 +5460,6 @@ Parameters:
--accountkey Specifies the account key path, Only valid for the '--install' command.
--days Specifies the days to renew the cert when using '--issue' command. The max value is $MAX_RENEW days.
--httpport Specifies the standalone listening port. Only valid if the server is behind a reverse proxy or load balancer.
--tlsport Specifies the standalone tls listening port. Only valid if the server is behind a reverse proxy or load balancer.
--local-address Specifies the standalone/tls server listening address, in case you have multiple ip addresses.
--listraw Only used for '--list' command, list the certs in raw format.
--stopRenewOnError, -se Only valid for '--renew-all' command. Stop if one cert has error in renewal.
@ -5780,16 +5810,8 @@ _process() {
_webroot="$_webroot,$wvalue"
fi
;;
--tls)
wvalue="$W_TLS"
if [ -z "$_webroot" ]; then
_webroot="$wvalue"
else
_webroot="$_webroot,$wvalue"
fi
;;
--dns)
wvalue="dns"
wvalue="$W_DNS"
if [ "$2" ] && ! _startswith "$2" "-"; then
wvalue="$2"
shift
@ -5883,12 +5905,6 @@ _process() {
Le_HTTPPort="$_httpport"
shift
;;
--tlsport)
_tlsport="$2"
Le_TLSPort="$_tlsport"
shift
;;
--listraw)
_listraw="raw"
;;

8
dnsapi/dns_azure.sh
View File

@ -99,6 +99,7 @@ dns_azure_add() {
_azure_rest PUT "$acmeRecordURI" "$body" "$accesstoken"
if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then
_info "validation value added"
return 0
else
_err "error adding validation value ($_code)"
return 1
@ -194,6 +195,7 @@ dns_azure_rm() {
_azure_rest PUT "$acmeRecordURI" "$body" "$accesstoken"
if [ "$_code" = "200" ] || [ "$_code" = '201' ]; then
_info "validation value removed"
return 0
else
_err "error removing validation value ($_code)"
return 1
@ -226,6 +228,7 @@ _azure_rest() {
else
response="$(_get "$ep")"
fi
_ret="$?"
_secure_debug2 "response $response"
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\r\n")"
_debug "http response code $_code"
@ -236,7 +239,7 @@ _azure_rest() {
return 1
fi
# See https://docs.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#general-rest-and-retry-guidelines for retryable HTTP codes
if [ "$?" != "0" ] || [ -z "$_code" ] || [ "$_code" = "408" ] || [ "$_code" = "500" ] || [ "$_code" = "503" ] || [ "$_code" = "504" ]; then
if [ "$_ret" != "0" ] || [ -z "$_code" ] || [ "$_code" = "408" ] || [ "$_code" = "500" ] || [ "$_code" = "503" ] || [ "$_code" = "504" ]; then
_request_retry_times="$(_math "$_request_retry_times" + 1)"
_info "REST call error $_code retrying $ep in $_request_retry_times s"
_sleep "$_request_retry_times"
@ -281,6 +284,7 @@ _azure_getaccess_token() {
body="resource=$(printf "%s" 'https://management.core.windows.net/' | _url_encode)&client_id=$(printf "%s" "$clientID" | _url_encode)&client_secret=$(printf "%s" "$clientSecret" | _url_encode)&grant_type=client_credentials"
_secure_debug2 "data $body"
response="$(_post "$body" "https://login.microsoftonline.com/$tenantID/oauth2/token" "" "POST")"
_ret="$?"
_secure_debug2 "response $response"
response="$(echo "$response" | _normalizeJson)"
accesstoken=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \")
@ -290,7 +294,7 @@ _azure_getaccess_token() {
_err "no acccess token received. Check your Azure settings see $WIKI"
return 1
fi
if [ "$?" != "0" ]; then
if [ "$_ret" != "0" ]; then
_err "error $response"
return 1
fi

8
dnsapi/dns_cf.sh
View File

@ -19,8 +19,8 @@ dns_cf_add() {
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
CF_Key=""
CF_Email=""
_err "You don't specify cloudflare api key and email yet."
_err "Please create you key and try again."
_err "You didn't specify a cloudflare api key and email yet."
_err "Please create the key and try again."
return 1
fi
@ -94,8 +94,8 @@ dns_cf_rm() {
if [ -z "$CF_Key" ] || [ -z "$CF_Email" ]; then
CF_Key=""
CF_Email=""
_err "You don't specify cloudflare api key and email yet."
_err "Please create you key and try again."
_err "You didn't specify a cloudflare api key and email yet."
_err "Please create the key and try again."
return 1
fi

30
dnsapi/dns_dgon.sh
View File

@ -20,12 +20,22 @@
dns_dgon_add() {
fulldomain="$(echo "$1" | _lower_case)"
txtvalue=$2
DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}"
# Check if API Key Exist
if [ -z "$DO_API_KEY" ]; then
DO_API_KEY=""
_err "You did not specify DigitalOcean API key."
_err "Please export DO_API_KEY and try again."
return 1
fi
_info "Using digitalocean dns validation - add record"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
## save the env vars (key and domain split location) for later automated use
_saveaccountconf DO_API_KEY "$DO_API_KEY"
_saveaccountconf_mutable DO_API_KEY "$DO_API_KEY"
## split the domain for DO API
if ! _get_base_domain "$fulldomain"; then
@ -39,7 +49,7 @@ dns_dgon_add() {
export _H1="Content-Type: application/json"
export _H2="Authorization: Bearer $DO_API_KEY"
PURL='https://api.digitalocean.com/v2/domains/'$_domain'/records'
PBODY='{"type":"TXT","name":"'$_sub_domain'","data":"'$txtvalue'"}'
PBODY='{"type":"TXT","name":"'$_sub_domain'","data":"'$txtvalue'","ttl":120}'
_debug PURL "$PURL"
_debug PBODY "$PBODY"
@ -65,6 +75,16 @@ dns_dgon_add() {
dns_dgon_rm() {
fulldomain="$(echo "$1" | _lower_case)"
txtvalue=$2
DO_API_KEY="${DO_API_KEY:-$(_readaccountconf_mutable DO_API_KEY)}"
# Check if API Key Exist
if [ -z "$DO_API_KEY" ]; then
DO_API_KEY=""
_err "You did not specify DigitalOcean API key."
_err "Please export DO_API_KEY and try again."
return 1
fi
_info "Using digitalocean dns validation - remove record"
_debug fulldomain "$fulldomain"
_debug txtvalue "$txtvalue"
@ -92,11 +112,11 @@ dns_dgon_rm() {
domain_list="$(_get "$GURL")"
## 2) find record
## check for what we are looing for: "type":"A","name":"$_sub_domain"
record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*\d+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")"
record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*[0-9]+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")"
## 3) check record and get next page
if [ -z "$record" ]; then
## find the next page if we dont have a match
nextpage="$(echo "$domain_list" | _egrep_o "\"links\".*" | _egrep_o "\"next\".*" | _egrep_o "http.*page\=\d+")"
nextpage="$(echo "$domain_list" | _egrep_o "\"links\".*" | _egrep_o "\"next\".*" | _egrep_o "http.*page\=[0-9]+")"
if [ -z "$nextpage" ]; then
_err "no record and no nextpage in digital ocean DNS removal"
return 1
@ -108,7 +128,7 @@ dns_dgon_rm() {
done
## we found the record
rec_id="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*\d+" | _egrep_o "\d+")"
rec_id="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*[0-9]+" | _egrep_o "[0-9]+")"
_debug rec_id "$rec_id"
## delete the record

146
dnsapi/dns_freedns.sh
View File

@ -53,8 +53,9 @@ dns_freedns_add() {
i="$(_math "$i" - 1)"
sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")"
_debug top_domain "$top_domain"
_debug sub_domain "$sub_domain"
_debug "top_domain: $top_domain"
_debug "sub_domain: $sub_domain"
# Sometimes FreeDNS does not return the subdomain page but rather
# returns a page regarding becoming a premium member. This usually
# happens after a period of inactivity. Immediately trying again
@ -63,6 +64,7 @@ dns_freedns_add() {
attempts=2
while [ "$attempts" -gt "0" ]; do
attempts="$(_math "$attempts" - 1)"
htmlpage="$(_freedns_retrieve_subdomain_page "$FREEDNS_COOKIE")"
if [ "$?" != "0" ]; then
if [ "$using_cached_cookies" = "true" ]; then
@ -71,10 +73,9 @@ dns_freedns_add() {
fi
return 1
fi
_debug2 htmlpage "$htmlpage"
subdomain_csv="$(echo "$htmlpage" | tr -d "\n\r" | _egrep_o '<form .*</form>' | sed 's/<tr>/@<tr>/g' | tr '@' '\n' | grep edit.php | grep "$top_domain")"
_debug2 subdomain_csv "$subdomain_csv"
_debug3 "subdomain_csv: $subdomain_csv"
# The above beauty ends with striping out rows that do not have an
# href to edit.php and do not have the top domain we are looking for.
@ -85,55 +86,25 @@ dns_freedns_add() {
lines="$(echo "$subdomain_csv" | wc -l)"
i=0
found=0
DNSdomainid=""
while [ "$i" -lt "$lines" ]; do
i="$(_math "$i" + 1)"
line="$(echo "$subdomain_csv" | sed -n "${i}p")"
_debug2 line "$line"
_debug2 "line: $line"
if [ $found = 0 ] && _contains "$line" "<td>$top_domain</td>"; then
# this line will contain DNSdomainid for the top_domain
DNSdomainid="$(echo "$line" | _egrep_o "edit_domain_id *= *.*>" | cut -d = -f 2 | cut -d '>' -f 1)"
_debug2 DNSdomainid "$DNSdomainid"
_debug2 "DNSdomainid: $DNSdomainid"
found=1
else
# lines contain DNS records for all subdomains
DNSname="$(echo "$line" | _egrep_o 'edit.php.*</a>' | cut -d '>' -f 2 | cut -d '<' -f 1)"
_debug2 DNSname "$DNSname"
DNStype="$(echo "$line" | sed 's/<td/@<td/g' | tr '@' '\n' | sed -n '4p' | cut -d '>' -f 2 | cut -d '<' -f 1)"
_debug2 DNStype "$DNStype"
if [ "$DNSname" = "$fulldomain" ] && [ "$DNStype" = "TXT" ]; then
DNSdataid="$(echo "$line" | _egrep_o 'data_id=.*' | cut -d = -f 2 | cut -d '>' -f 1)"
# Now get current value for the TXT record. This method may
# not produce accurate results as the value field is truncated
# on this webpage. To get full value we would need to load
# another page. However we don't really need this so long as
# there is only one TXT record for the acme challenge subdomain.
DNSvalue="$(echo "$line" | sed 's/<td/@<td/g' | tr '@' '\n' | sed -n '5p' | cut -d '>' -f 2 | cut -d '<' -f 1)"
_debug2 DNSvalue "$DNSvalue"
if [ $found != 0 ]; then
break
# we are breaking out of the loop at the first match of DNS name
# and DNS type (if we are past finding the domainid). This assumes
# that there is only ever one TXT record for the LetsEncrypt/acme
# challenge subdomain. This seems to be a reasonable assumption
# as the acme client deletes the TXT record on successful validation.
fi
else
DNSname=""
DNStype=""
fi
break
fi
done
_debug "DNSname: $DNSname DNStype: $DNStype DNSdomainid: $DNSdomainid DNSdataid: $DNSdataid"
_debug "DNSvalue: $DNSvalue"
if [ -z "$DNSdomainid" ]; then
# If domain ID is empty then something went wrong (top level
# domain not found at FreeDNS).
if [ "$attempts" = "0" ]; then
# exhausted maximum retry attempts
_debug "$htmlpage"
_debug "$subdomain_csv"
_err "Domain $top_domain not found at FreeDNS"
return 1
fi
@ -145,33 +116,10 @@ dns_freedns_add() {
_info "Retry loading subdomain page ($attempts attempts remaining)"
done
if [ -z "$DNSdataid" ]; then
# If data ID is empty then specific subdomain does not exist yet, need
# to create it this should always be the case as the acme client
# deletes the entry after domain is validated.
_freedns_add_txt_record "$FREEDNS_COOKIE" "$DNSdomainid" "$sub_domain" "$txtvalue"
return $?
else
if [ "$txtvalue" = "$DNSvalue" ]; then
# if value in TXT record matches value requested then DNS record
# does not need to be updated. But...
# Testing value match fails. Website is truncating the value field.
# So for now we will always go down the else path. Though in theory
# should never come here anyway as the acme client deletes
# the TXT record on successful validation, so we should not even
# have found a TXT record !!
_info "No update necessary for $fulldomain at FreeDNS"
return 0
else
# Delete the old TXT record (with the wrong value)
if _freedns_delete_txt_record "$FREEDNS_COOKIE" "$DNSdataid"; then
# And add in new TXT record with the value provided
_freedns_add_txt_record "$FREEDNS_COOKIE" "$DNSdomainid" "$sub_domain" "$txtvalue"
fi
return $?
fi
fi
return 0
# Add in new TXT record with the value provided
_debug "Adding TXT record for $fulldomain, $txtvalue"
_freedns_add_txt_record "$FREEDNS_COOKIE" "$DNSdomainid" "$sub_domain" "$txtvalue"
return $?
}
#Usage: fulldomain txtvalue
@ -205,7 +153,7 @@ dns_freedns_rm() {
fi
subdomain_csv="$(echo "$htmlpage" | tr -d "\n\r" | _egrep_o '<form .*</form>' | sed 's/<tr>/@<tr>/g' | tr '@' '\n' | grep edit.php | grep "$fulldomain")"
_debug2 subdomain_csv "$subdomain_csv"
_debug3 "subdomain_csv: $subdomain_csv"
# The above beauty ends with striping out rows that do not have an
# href to edit.php and do not have the domain name we are looking for.
@ -216,35 +164,51 @@ dns_freedns_rm() {
lines="$(echo "$subdomain_csv" | wc -l)"
i=0
found=0
DNSdataid=""
while [ "$i" -lt "$lines" ]; do
i="$(_math "$i" + 1)"
line="$(echo "$subdomain_csv" | sed -n "${i}p")"
_debug2 line "$line"
_debug3 "line: $line"
DNSname="$(echo "$line" | _egrep_o 'edit.php.*</a>' | cut -d '>' -f 2 | cut -d '<' -f 1)"
_debug2 DNSname "$DNSname"
DNStype="$(echo "$line" | sed 's/<td/@<td/g' | tr '@' '\n' | sed -n '4p' | cut -d '>' -f 2 | cut -d '<' -f 1)"
_debug2 DNStype "$DNStype"
if [ "$DNSname" = "$fulldomain" ] && [ "$DNStype" = "TXT" ]; then
DNSdataid="$(echo "$line" | _egrep_o 'data_id=.*' | cut -d = -f 2 | cut -d '>' -f 1)"
_debug2 DNSdataid "$DNSdataid"
DNSvalue="$(echo "$line" | sed 's/<td/@<td/g' | tr '@' '\n' | sed -n '5p' | cut -d '>' -f 2 | cut -d '<' -f 1)"
_debug2 DNSvalue "$DNSvalue"
# if [ "$DNSvalue" = "$txtvalue" ]; then
# Testing value match fails. Website is truncating the value
# field. So for now we will assume that there is only one TXT
# field for the sub domain and just delete it. Currently this
# is a safe assumption.
_freedns_delete_txt_record "$FREEDNS_COOKIE" "$DNSdataid"
return $?
# fi
_debug2 "DNSname: $DNSname"
if [ "$DNSname" = "$fulldomain" ]; then
DNStype="$(echo "$line" | sed 's/<td/@<td/g' | tr '@' '\n' | sed -n '4p' | cut -d '>' -f 2 | cut -d '<' -f 1)"
_debug2 "DNStype: $DNStype"
if [ "$DNStype" = "TXT" ]; then
DNSdataid="$(echo "$line" | _egrep_o 'data_id=.*' | cut -d = -f 2 | cut -d '>' -f 1)"
_debug2 "DNSdataid: $DNSdataid"
DNSvalue="$(echo "$line" | sed 's/<td/@<td/g' | tr '@' '\n' | sed -n '5p' | cut -d '>' -f 2 | cut -d '<' -f 1)"
if _startswith "$DNSvalue" "&quot;"; then
# remove the quotation from the start
DNSvalue="$(echo "$DNSvalue" | cut -c 7-)"
fi
if _endswith "$DNSvalue" "..."; then
# value was truncated, remove the dot dot dot from the end
DNSvalue="$(echo "$DNSvalue" | sed 's/...$//')"
elif _endswith "$DNSvalue" "&quot;"; then
# else remove the closing quotation from the end
DNSvalue="$(echo "$DNSvalue" | sed 's/......$//')"
fi
_debug2 "DNSvalue: $DNSvalue"
if [ -n "$DNSdataid" ] && _startswith "$txtvalue" "$DNSvalue"; then
# Found a match. But note... Website is truncating the
# value field so we are only testing that part that is not
# truncated. This should be accurate enough.
_debug "Deleting TXT record for $fulldomain, $txtvalue"
_freedns_delete_txt_record "$FREEDNS_COOKIE" "$DNSdataid"
return $?
fi
fi
fi
done
done
# If we get this far we did not find a match (after two attempts)
# Not necessarily an error, but log anyway.
_debug2 "$subdomain_csv"
_info "Cannot delete TXT record for $fulldomain/$txtvalue. Does not exist at FreeDNS"
_debug3 "$subdomain_csv"
_info "Cannot delete TXT record for $fulldomain, $txtvalue. Does not exist at FreeDNS"
return 0
}
@ -272,7 +236,7 @@ _freedns_login() {
# if cookies is not empty then logon successful
if [ -z "$cookies" ]; then
_debug "$htmlpage"
_debug3 "htmlpage: $htmlpage"
_err "FreeDNS login failed for user $username. Check $HTTP_HEADER file"
return 1
fi
@ -301,7 +265,7 @@ _freedns_retrieve_subdomain_page() {
return 1
fi
_debug2 "$htmlpage"
_debug3 "htmlpage: $htmlpage"
printf "%s" "$htmlpage"
return 0
@ -323,17 +287,17 @@ _freedns_add_txt_record() {
_err "FreeDNS failed to add TXT record for $subdomain bad RC from _post"
return 1
elif ! grep "200 OK" "$HTTP_HEADER" >/dev/null; then
_debug "$htmlpage"
_debug3 "htmlpage: $htmlpage"
_err "FreeDNS failed to add TXT record for $subdomain. Check $HTTP_HEADER file"
return 1
elif _contains "$htmlpage" "security code was incorrect"; then
_debug "$htmlpage"
_debug3 "htmlpage: $htmlpage"
_err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested security code"
_err "Note that you cannot use automatic DNS validation for FreeDNS public domains"
return 1
fi
_debug2 "$htmlpage"
_debug3 "htmlpage: $htmlpage"
_info "Added acme challenge TXT record for $fulldomain at FreeDNS"
return 0
}
@ -352,7 +316,7 @@ _freedns_delete_txt_record() {
_err "FreeDNS failed to delete TXT record for $data_id bad RC from _get"
return 1
elif ! _contains "$htmlheader" "200 OK"; then
_debug "$htmlheader"
_debug2 "htmlheader: $htmlheader"
_err "FreeDNS failed to delete TXT record $data_id"
return 1
fi

Write Preview
Loading…
Cancel
Save