forked from Github/acme.sh
justmwa
8 years ago
committed by
GitHub
22 changed files with 1522 additions and 174 deletions
-
59Dockerfile
-
40README.md
-
290acme.sh
-
5deploy/README.md
-
4deploy/exim4.sh
-
54deploy/kong.sh
-
4deploy/vsftpd.sh
-
106dnsapi/README.md
-
24dnsapi/dns_aws.sh
-
17dnsapi/dns_cf.sh
-
170dnsapi/dns_cloudns.sh
-
7dnsapi/dns_cx.sh
-
2dnsapi/dns_cyon.sh
-
205dnsapi/dns_dgon.sh
-
215dnsapi/dns_dnsimple.sh
-
216dnsapi/dns_dynu.sh
-
20dnsapi/dns_freedns.sh
-
2dnsapi/dns_gandi_livedns.sh
-
97dnsapi/dns_infoblox.sh
-
8dnsapi/dns_ovh.sh
-
2dnsapi/dns_pdns.sh
-
149dnsapi/dns_vscale.sh
@ -0,0 +1,59 @@ |
|||
FROM alpine |
|||
|
|||
RUN apk update -f \ |
|||
&& apk --no-cache add -f \ |
|||
openssl \ |
|||
curl \ |
|||
netcat-openbsd |
|||
|
|||
ENV LE_CONFIG_HOME /acme.sh |
|||
|
|||
ENV AUTO_UPGRADE 1 |
|||
|
|||
#Install |
|||
RUN mkdir -p /install_acme.sh/ |
|||
ADD ./ /install_acme.sh/ |
|||
RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) |
|||
RUN rm -rf /install_acme.sh/ |
|||
|
|||
RUN ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh |
|||
|
|||
RUN for verb in help \ |
|||
version \ |
|||
install \ |
|||
uninstall \ |
|||
upgrade \ |
|||
issue \ |
|||
signcsr \ |
|||
deploy \ |
|||
install-cert \ |
|||
renew \ |
|||
renew-all \ |
|||
revoke \ |
|||
remove \ |
|||
list \ |
|||
showcsr \ |
|||
install-cronjob \ |
|||
uninstall-cronjob \ |
|||
cron \ |
|||
toPkcs \ |
|||
toPkcs8 \ |
|||
update-account \ |
|||
register-account \ |
|||
create-account-key \ |
|||
create-domain-key \ |
|||
createCSR \ |
|||
deactivate \ |
|||
; do \ |
|||
printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \ |
|||
; done |
|||
|
|||
RUN printf "%b" '#!'"/usr/bin/env sh\n \ |
|||
if [ \"\$1\" = \"daemon\" ]; then \n \ |
|||
crond; tail -f /dev/null;\n \ |
|||
else \n \ |
|||
/root/.acme.sh/acme.sh --config-home /acme.sh \"\$@\"\n \ |
|||
fi" >/entry.sh && chmod +x /entry.sh |
|||
|
|||
ENTRYPOINT ["/entry.sh"] |
|||
CMD ["--help"] |
@ -0,0 +1,170 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Author: Boyan Peychev <boyan at cloudns dot net> |
|||
# Repository: https://github.com/ClouDNS/acme.sh/ |
|||
|
|||
#CLOUDNS_AUTH_ID=XXXXX |
|||
#CLOUDNS_AUTH_PASSWORD="YYYYYYYYY" |
|||
CLOUDNS_API="https://api.cloudns.net" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_cloudns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_cloudns_add() { |
|||
_info "Using cloudns" |
|||
|
|||
if ! _dns_cloudns_init_check; then |
|||
return 1 |
|||
fi |
|||
|
|||
zone="$(_dns_cloudns_get_zone_name "$1")" |
|||
if [ -z "$zone" ]; then |
|||
_err "Missing DNS zone at ClouDNS. Please log into your control panel and create the required DNS zone for the initial setup." |
|||
return 1 |
|||
fi |
|||
|
|||
host="$(echo "$1" | sed "s/\.$zone\$//")" |
|||
record=$2 |
|||
record_id=$(_dns_cloudns_get_record_id "$zone" "$host") |
|||
|
|||
_debug zone "$zone" |
|||
_debug host "$host" |
|||
_debug record "$record" |
|||
_debug record_id "$record_id" |
|||
|
|||
if [ -z "$record_id" ]; then |
|||
_info "Adding the TXT record for $1" |
|||
_dns_cloudns_http_api_call "dns/add-record.json" "domain-name=$zone&record-type=TXT&host=$host&record=$record&ttl=60" |
|||
if ! _contains "$response" "\"status\":\"Success\""; then |
|||
_err "Record cannot be added." |
|||
return 1 |
|||
fi |
|||
_info "Added." |
|||
else |
|||
_info "Updating the TXT record for $1" |
|||
_dns_cloudns_http_api_call "dns/mod-record.json" "domain-name=$zone&record-id=$record_id&record-type=TXT&host=$host&record=$record&ttl=60" |
|||
if ! _contains "$response" "\"status\":\"Success\""; then |
|||
_err "The TXT record for $1 cannot be updated." |
|||
return 1 |
|||
fi |
|||
_info "Updated." |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#Usage: dns_cloudns_rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_cloudns_rm() { |
|||
_info "Using cloudns" |
|||
|
|||
if ! _dns_cloudns_init_check; then |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$zone" ]; then |
|||
zone="$(_dns_cloudns_get_zone_name "$1")" |
|||
if [ -z "$zone" ]; then |
|||
_err "Missing DNS zone at ClouDNS. Please log into your control panel and create the required DNS zone for the initial setup." |
|||
return 1 |
|||
fi |
|||
fi |
|||
|
|||
host="$(echo "$1" | sed "s/\.$zone\$//")" |
|||
record=$2 |
|||
record_id=$(_dns_cloudns_get_record_id "$zone" "$host") |
|||
|
|||
_debug zone "$zone" |
|||
_debug host "$host" |
|||
_debug record "$record" |
|||
_debug record_id "$record_id" |
|||
|
|||
if [ ! -z "$record_id" ]; then |
|||
_info "Deleting the TXT record for $1" |
|||
_dns_cloudns_http_api_call "dns/delete-record.json" "domain-name=$zone&record-id=$record_id" |
|||
if ! _contains "$response" "\"status\":\"Success\""; then |
|||
_err "The TXT record for $1 cannot be deleted." |
|||
return 1 |
|||
fi |
|||
_info "Deleted." |
|||
fi |
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
_dns_cloudns_init_check() { |
|||
if [ ! -z "$CLOUDNS_INIT_CHECK_COMPLETED" ]; then |
|||
return 0 |
|||
fi |
|||
|
|||
if [ -z "$CLOUDNS_AUTH_ID" ]; then |
|||
_err "CLOUDNS_AUTH_ID is not configured" |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$CLOUDNS_AUTH_PASSWORD" ]; then |
|||
_err "CLOUDNS_AUTH_PASSWORD is not configured" |
|||
return 1 |
|||
fi |
|||
|
|||
_dns_cloudns_http_api_call "dns/login.json" "" |
|||
|
|||
if ! _contains "$response" "\"status\":\"Success\""; then |
|||
_err "Invalid CLOUDNS_AUTH_ID or CLOUDNS_AUTH_PASSWORD. Please check your login credentials." |
|||
return 1 |
|||
fi |
|||
|
|||
CLOUDNS_INIT_CHECK_COMPLETED=1 |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
_dns_cloudns_get_zone_name() { |
|||
i=2 |
|||
while true; do |
|||
zoneForCheck=$(printf "%s" "$1" | cut -d . -f $i-100) |
|||
|
|||
if [ -z "$zoneForCheck" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug zoneForCheck "$zoneForCheck" |
|||
|
|||
_dns_cloudns_http_api_call "dns/get-zone-info.json" "domain-name=$zoneForCheck" |
|||
|
|||
if ! _contains "$response" "\"status\":\"Failed\""; then |
|||
echo "$zoneForCheck" |
|||
return 0 |
|||
fi |
|||
|
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_dns_cloudns_get_record_id() { |
|||
_dns_cloudns_http_api_call "dns/records.json" "domain-name=$1&host=$2&type=TXT" |
|||
if _contains "$response" "\"id\":"; then |
|||
echo "$response" | cut -d '"' -f 2 |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
_dns_cloudns_http_api_call() { |
|||
method=$1 |
|||
|
|||
_debug CLOUDNS_AUTH_ID "$CLOUDNS_AUTH_ID" |
|||
_debug CLOUDNS_AUTH_PASSWORD "$CLOUDNS_AUTH_PASSWORD" |
|||
|
|||
if [ -z "$2" ]; then |
|||
data="auth-id=$CLOUDNS_AUTH_ID&auth-password=$CLOUDNS_AUTH_PASSWORD" |
|||
else |
|||
data="auth-id=$CLOUDNS_AUTH_ID&auth-password=$CLOUDNS_AUTH_PASSWORD&$2" |
|||
fi |
|||
|
|||
response="$(_get "$CLOUDNS_API/$method?$data")" |
|||
|
|||
_debug2 response "$response" |
|||
|
|||
return 0 |
|||
} |
@ -0,0 +1,205 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
## Will be called by acme.sh to add the txt record to your api system. |
|||
## returns 0 means success, otherwise error. |
|||
|
|||
## Author: thewer <github at thewer.com> |
|||
## GitHub: https://github.com/gitwer/acme.sh |
|||
|
|||
## |
|||
## Environment Variables Required: |
|||
## |
|||
## DO_API_KEY="75310dc4ca779ac39a19f6355db573b49ce92ae126553ebd61ac3a3ae34834cc" |
|||
## |
|||
|
|||
##################### Public functions ##################### |
|||
|
|||
## Create the text record for validation. |
|||
## Usage: fulldomain txtvalue |
|||
## EG: "_acme-challenge.www.other.domain.com" "XKrxpRBosdq0HG9i01zxXp5CPBs" |
|||
dns_dgon_add() { |
|||
fulldomain="$(echo "$1" | _lower_case)" |
|||
txtvalue=$2 |
|||
_info "Using digitalocean dns validation - add record" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
## save the env vars (key and domain split location) for later automated use |
|||
_saveaccountconf DO_API_KEY "$DO_API_KEY" |
|||
|
|||
## split the domain for DO API |
|||
if ! _get_base_domain "$fulldomain"; then |
|||
_err "domain not found in your account for addition" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
## Set the header with our post type and key auth key |
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Authorization: Bearer $DO_API_KEY" |
|||
PURL='https://api.digitalocean.com/v2/domains/'$_domain'/records' |
|||
PBODY='{"type":"TXT","name":"'$_sub_domain'","data":"'$txtvalue'"}' |
|||
|
|||
_debug PURL "$PURL" |
|||
_debug PBODY "$PBODY" |
|||
|
|||
## the create request - post |
|||
## args: BODY, URL, [need64, httpmethod] |
|||
response="$(_post "$PBODY" "$PURL")" |
|||
|
|||
## check response |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in response: $response" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
|
|||
## finished correctly |
|||
return 0 |
|||
} |
|||
|
|||
## Remove the txt record after validation. |
|||
## Usage: fulldomain txtvalue |
|||
## EG: "_acme-challenge.www.other.domain.com" "XKrxpRBosdq0HG9i01zxXp5CPBs" |
|||
dns_dgon_rm() { |
|||
fulldomain="$(echo "$1" | _lower_case)" |
|||
txtvalue=$2 |
|||
_info "Using digitalocean dns validation - remove record" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
## split the domain for DO API |
|||
if ! _get_base_domain "$fulldomain"; then |
|||
_err "domain not found in your account for removal" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
## Set the header with our post type and key auth key |
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Authorization: Bearer $DO_API_KEY" |
|||
## get URL for the list of domains |
|||
## may get: "links":{"pages":{"last":".../v2/domains/DOM/records?page=2","next":".../v2/domains/DOM/records?page=2"}} |
|||
GURL="https://api.digitalocean.com/v2/domains/$_domain/records" |
|||
|
|||
## while we dont have a record ID we keep going |
|||
while [ -z "$record" ]; do |
|||
## 1) get the URL |
|||
## the create request - get |
|||
## args: URL, [onlyheader, timeout] |
|||
domain_list="$(_get "$GURL")" |
|||
## 2) find record |
|||
## check for what we are looing for: "type":"A","name":"$_sub_domain" |
|||
record="$(echo "$domain_list" | _egrep_o "\"id\"\s*\:\s*\"*\d+\"*[^}]*\"name\"\s*\:\s*\"$_sub_domain\"[^}]*\"data\"\s*\:\s*\"$txtvalue\"")" |
|||
## 3) check record and get next page |
|||
if [ -z "$record" ]; then |
|||
## find the next page if we dont have a match |
|||
nextpage="$(echo "$domain_list" | _egrep_o "\"links\".*" | _egrep_o "\"next\".*" | _egrep_o "http.*page\=\d+")" |
|||
if [ -z "$nextpage" ]; then |
|||
_err "no record and no nextpage in digital ocean DNS removal" |
|||
return 1 |
|||
fi |
|||
_debug2 nextpage "$nextpage" |
|||
GURL="$nextpage" |
|||
fi |
|||
## we break out of the loop when we have a record |
|||
done |
|||
|
|||
## we found the record |
|||
rec_id="$(echo "$record" | _egrep_o "id\"\s*\:\s*\"*\d+" | _egrep_o "\d+")" |
|||
_debug rec_id "$rec_id" |
|||
|
|||
## delete the record |
|||
## delete URL for removing the one we dont want |
|||
DURL="https://api.digitalocean.com/v2/domains/$_domain/records/$rec_id" |
|||
|
|||
## the create request - delete |
|||
## args: BODY, URL, [need64, httpmethod] |
|||
response="$(_post "" "$DURL" "" "DELETE")" |
|||
|
|||
## check response (sort of) |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in remove response: $response" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
|
|||
## finished correctly |
|||
return 0 |
|||
} |
|||
|
|||
##################### Private functions below ##################### |
|||
|
|||
## Split the domain provided into the "bade domain" and the "start prefix". |
|||
## This function searches for the longest subdomain in your account |
|||
## for the full domain given and splits it into the base domain (zone) |
|||
## and the prefix/record to be added/removed |
|||
## USAGE: fulldomain |
|||
## EG: "_acme-challenge.two.three.four.domain.com" |
|||
## returns |
|||
## _sub_domain="_acme-challenge.two" |
|||
## _domain="three.four.domain.com" *IF* zone "three.four.domain.com" exists |
|||
## if only "domain.com" exists it will return |
|||
## _sub_domain="_acme-challenge.two.three.four" |
|||
## _domain="domain.com" |
|||
_get_base_domain() { |
|||
# args |
|||
fulldomain="$(echo "$1" | tr '[:upper:]' '[:lower:]')" |
|||
_debug fulldomain "$fulldomain" |
|||
|
|||
# domain max legal length = 253 |
|||
MAX_DOM=255 |
|||
|
|||
## get a list of domains for the account to check thru |
|||
## Set the headers |
|||
export _H1="Content-Type: application/json" |
|||
export _H2="Authorization: Bearer $DO_API_KEY" |
|||
_debug DO_API_KEY "$DO_API_KEY" |
|||
## get URL for the list of domains |
|||
## havent seen this request paginated, tested with 18 domains (more requires manual requests with DO) |
|||
DOMURL="https://api.digitalocean.com/v2/domains" |
|||
|
|||
## get the domain list (DO gives basically a full XFER!) |
|||
domain_list="$(_get "$DOMURL")" |
|||
|
|||
## check response |
|||
if [ "$?" != "0" ]; then |
|||
_err "error in domain_list response: $domain_list" |
|||
return 1 |
|||
fi |
|||
_debug2 domain_list "$domain_list" |
|||
|
|||
## for each shortening of our $fulldomain, check if it exists in the $domain_list |
|||
## can never start on 1 (aka whole $fulldomain) as $fulldomain starts with "_acme-challenge" |
|||
i=2 |
|||
while [ $i -gt 0 ]; do |
|||
## get next longest domain |
|||
_domain=$(printf "%s" "$fulldomain" | cut -d . -f "$i"-"$MAX_DOM") |
|||
## check we got something back from our cut (or are we at the end) |
|||
if [ -z "$_domain" ]; then |
|||
## we got to the end of the domain - invalid domain |
|||
_err "domain not found in DigitalOcean account" |
|||
return 1 |
|||
fi |
|||
## we got part of a domain back - grep it out |
|||
found="$(echo "$domain_list" | _egrep_o "\"name\"\s*\:\s*\"$_domain\"")" |
|||
## check if it exists |
|||
if [ ! -z "$found" ]; then |
|||
## exists - exit loop returning the parts |
|||
sub_point=$(_math $i - 1) |
|||
_sub_domain=$(printf "%s" "$fulldomain" | cut -d . -f 1-"$sub_point") |
|||
_debug _domain "$_domain" |
|||
_debug _sub_domain "$_sub_domain" |
|||
return 0 |
|||
fi |
|||
## increment cut point $i |
|||
i=$(_math $i + 1) |
|||
done |
|||
|
|||
## we went through the entire domain zone list and dint find one that matched |
|||
## doesnt look like we can add in the record |
|||
_err "domain not found in DigitalOcean account, but we should never get here" |
|||
return 1 |
|||
} |
@ -0,0 +1,215 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# DNSimple domain api |
|||
# https://github.com/pho3nixf1re/acme.sh/issues |
|||
# |
|||
# This is your oauth token which can be acquired on the account page. Please |
|||
# note that this must be an _account_ token and not a _user_ token. |
|||
# https://dnsimple.com/a/<your account id>/account/access_tokens |
|||
# DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje" |
|||
|
|||
DNSimple_API="https://api.dnsimple.com/v2" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_dnsimple_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
if [ -z "$DNSimple_OAUTH_TOKEN" ]; then |
|||
DNSimple_OAUTH_TOKEN="" |
|||
_err "You have not set the dnsimple oauth token yet." |
|||
_err "Please visit https://dnsimple.com/user to generate it." |
|||
return 1 |
|||
fi |
|||
|
|||
# save the oauth token for later |
|||
_saveaccountconf DNSimple_OAUTH_TOKEN "$DNSimple_OAUTH_TOKEN" |
|||
|
|||
if ! _get_account_id; then |
|||
_err "failed to retrive account id" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_get_records "$_account_id" "$_domain" "$_sub_domain" |
|||
|
|||
if [ "$_records_count" = "0" ]; then |
|||
_info "Adding record" |
|||
if _dnsimple_rest POST "$_account_id/zones/$_domain/records" "{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then |
|||
if printf -- "%s" "$response" | grep "\"name\":\"$_sub_domain\"" >/dev/null; then |
|||
_info "Added" |
|||
return 0 |
|||
else |
|||
_err "Unexpected response while adding text record." |
|||
return 1 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
else |
|||
_info "Updating record" |
|||
_extract_record_id "$_records" "$_sub_domain" |
|||
|
|||
if _dnsimple_rest \ |
|||
PATCH \ |
|||
"$_account_id/zones/$_domain/records/$_record_id" \ |
|||
"{\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then |
|||
|
|||
_info "Updated!" |
|||
return 0 |
|||
fi |
|||
|
|||
_err "Update error" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
# fulldomain |
|||
dns_dnsimple_rm() { |
|||
fulldomain=$1 |
|||
|
|||
if ! _get_account_id; then |
|||
_err "failed to retrive account id" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
|
|||
_get_records "$_account_id" "$_domain" "$_sub_domain" |
|||
_extract_record_id "$_records" "$_sub_domain" |
|||
|
|||
if [ "$_record_id" ]; then |
|||
|
|||
if _dnsimple_rest DELETE "$_account_id/zones/$_domain/records/$_record_id"; then |
|||
_info "removed record" "$_record_id" |
|||
return 0 |
|||
fi |
|||
fi |
|||
|
|||
_err "failed to remove record" "$_record_id" |
|||
return 1 |
|||
|
|||
} |
|||
|
|||
#################### Private functions bellow ################################## |
|||
# _acme-challenge.www.domain.com |
|||
# returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=2 |
|||
previous=1 |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
if [ -z "$h" ]; then |
|||
# not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _dnsimple_rest GET "$_account_id/zones/$h"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" 'not found'; then |
|||
_debug "$h not found" |
|||
else |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$previous) |
|||
_domain="$h" |
|||
|
|||
_debug _domain "$_domain" |
|||
_debug _sub_domain "$_sub_domain" |
|||
|
|||
return 0 |
|||
fi |
|||
|
|||
previous="$i" |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
# returns _account_id |
|||
_get_account_id() { |
|||
_debug "retrive account id" |
|||
if ! _dnsimple_rest GET "whoami"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"account\":null"; then |
|||
_err "no account associated with this token" |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "timeout"; then |
|||
_err "timeout retrieving account id" |
|||
return 1 |
|||
fi |
|||
|
|||
_account_id=$(printf "%s" "$response" | _egrep_o "\"id\":[^,]*,\"email\":" | cut -d: -f2 | cut -d, -f1) |
|||
_debug _account_id "$_account_id" |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
# returns |
|||
# _records |
|||
# _records_count |
|||
_get_records() { |
|||
account_id=$1 |
|||
domain=$2 |
|||
sub_domain=$3 |
|||
|
|||
_debug "fetching txt records" |
|||
_dnsimple_rest GET "$account_id/zones/$domain/records?per_page=100" |
|||
|
|||
if ! _contains "$response" "\"id\":"; then |
|||
_err "failed to retrieve records" |
|||
return 1 |
|||
fi |
|||
|
|||
_records_count=$(printf "%s" "$response" | _egrep_o "\"name\":\"$sub_domain\"" | wc -l | _egrep_o "[0-9]+") |
|||
_records=$response |
|||
_debug _records_count "$_records_count" |
|||
} |
|||
|
|||
# returns _record_id |
|||
_extract_record_id() { |
|||
_record_id=$(printf "%s" "$_records" | _egrep_o "\"id\":[^,]*,\"zone_id\":\"[^,]*\",\"parent_id\":null,\"name\":\"$_sub_domain\"" | cut -d: -f2 | cut -d, -f1) |
|||
_debug "_record_id" "$_record_id" |
|||
} |
|||
|
|||
# returns response |
|||
_dnsimple_rest() { |
|||
method=$1 |
|||
path="$2" |
|||
data="$3" |
|||
request_url="$DNSimple_API/$path" |
|||
_debug "$path" |
|||
|
|||
export _H1="Accept: application/json" |
|||
export _H2="Authorization: Bearer $DNSimple_OAUTH_TOKEN" |
|||
|
|||
if [ "$data" ] || [ "$method" = "DELETE" ]; then |
|||
_H1="Content-Type: application/json" |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$request_url" "" "$method")" |
|||
else |
|||
response="$(_get "$request_url" "" "" "$method")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $request_url" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
@ -0,0 +1,216 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Client ID |
|||
#Dynu_ClientId="0b71cae7-a099-4f6b-8ddf-94571cdb760d" |
|||
# |
|||
#Secret |
|||
#Dynu_Secret="aCUEY4BDCV45KI8CSIC3sp2LKQ9" |
|||
# |
|||
#Token |
|||
Dynu_Token="" |
|||
# |
|||
#Endpoint |
|||
Dynu_EndPoint="https://api.dynu.com/v1" |
|||
# |
|||
#Author: Dynu Systems, Inc. |
|||
#Report Bugs here: https://github.com/shar0119/acme.sh |
|||
# |
|||
######## Public functions ##################### |
|||
|
|||
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_dynu_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
if [ -z "$Dynu_ClientId" ] || [ -z "$Dynu_Secret" ]; then |
|||
Dynu_ClientId="" |
|||
Dynu_Secret="" |
|||
_err "Dynu client id and secret is not specified." |
|||
_err "Please create you API client id and secret and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the client id and secret to the account conf file. |
|||
_saveaccountconf Dynu_ClientId "$Dynu_ClientId" |
|||
_saveaccountconf Dynu_Secret "$Dynu_Secret" |
|||
|
|||
if [ -z "$Dynu_Token" ]; then |
|||
_info "Getting Dynu token." |
|||
if ! _dynu_authentication; then |
|||
_err "Can not get token." |
|||
fi |
|||
fi |
|||
|
|||
_debug "Detect root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _node "$_node" |
|||
_debug _domain_name "$_domain_name" |
|||
|
|||
_info "Creating TXT record." |
|||
if ! _dynu_rest POST "dns/record/add" "{\"domain_name\":\"$_domain_name\",\"node_name\":\"$_node\",\"record_type\":\"TXT\",\"text_data\":\"$txtvalue\",\"state\":true,\"ttl\":90}"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _contains "$response" "text_data"; then |
|||
_err "Could not add TXT record." |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#Usage: rm _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_dynu_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
if [ -z "$Dynu_ClientId" ] || [ -z "$Dynu_Secret" ]; then |
|||
Dynu_ClientId="" |
|||
Dynu_Secret="" |
|||
_err "Dynu client id and secret is not specified." |
|||
_err "Please create you API client id and secret and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the client id and secret to the account conf file. |
|||
_saveaccountconf Dynu_ClientId "$Dynu_ClientId" |
|||
_saveaccountconf Dynu_Secret "$Dynu_Secret" |
|||
|
|||
if [ -z "$Dynu_Token" ]; then |
|||
_info "Getting Dynu token." |
|||
if ! _dynu_authentication; then |
|||
_err "Can not get token." |
|||
fi |
|||
fi |
|||
|
|||
_debug "Detect root zone." |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Invalid domain." |
|||
return 1 |
|||
fi |
|||
|
|||
_debug _node "$_node" |
|||
_debug _domain_name "$_domain_name" |
|||
|
|||
_info "Checking for TXT record." |
|||
if ! _get_recordid "$fulldomain" "$txtvalue"; then |
|||
_err "Could not get TXT record id." |
|||
return 1 |
|||
fi |
|||
|
|||
if [ "$_dns_record_id" = "" ]; then |
|||
_err "TXT record not found." |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Removing TXT record." |
|||
if ! _delete_txt_record "$_dns_record_id"; then |
|||
_err "Could not remove TXT record $_dns_record_id." |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
######## Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _node=_acme-challenge.www |
|||
# _domain_name=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
if ! _dynu_rest GET "dns/getroot/$domain"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _contains "$response" "domain_name"; then |
|||
_debug "Domain name not found." |
|||
return 1 |
|||
fi |
|||
|
|||
_domain_name=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 1 | cut -d : -f 2 | cut -d '"' -f 2) |
|||
_node=$(printf "%s" "$response" | tr -d "{}" | cut -d , -f 3 | cut -d : -f 2 | cut -d '"' -f 2) |
|||
return 0 |
|||
} |
|||
|
|||
_get_recordid() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
if ! _dynu_rest GET "dns/record/get?hostname=$fulldomain&rrtype=TXT"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _contains "$response" "$txtvalue"; then |
|||
_dns_record_id=0 |
|||
return 0 |
|||
fi |
|||
|
|||
_dns_record_id=$(printf "%s" "$response" | _egrep_o "{[^}]*}" | grep "\"text_data\":\"$txtvalue\"" | _egrep_o ",[^,]*," | grep ',"id":' | tr -d ",," | cut -d : -f 2) |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
_delete_txt_record() { |
|||
_dns_record_id=$1 |
|||
|
|||
if ! _dynu_rest GET "dns/record/delete/$_dns_record_id"; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _contains "$response" "true"; then |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
_dynu_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
export _H1="Authorization: Bearer $Dynu_Token" |
|||
export _H2="Content-Type: application/json" |
|||
|
|||
if [ "$data" ]; then |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$Dynu_EndPoint/$ep" "" "$m")" |
|||
else |
|||
_info "Getting $Dynu_EndPoint/$ep" |
|||
response="$(_get "$Dynu_EndPoint/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
_dynu_authentication() { |
|||
realm="$(printf "%s" "$Dynu_ClientId:$Dynu_Secret" | _base64)" |
|||
|
|||
export _H1="Authorization: Basic $realm" |
|||
export _H2="Content-Type: application/json" |
|||
|
|||
response="$(_get "$Dynu_EndPoint/oauth2/token")" |
|||
if [ "$?" != "0" ]; then |
|||
_err "Authentication failed." |
|||
return 1 |
|||
fi |
|||
if _contains "$response" "accessToken"; then |
|||
Dynu_Token=$(printf "%s" "$response" | tr -d "[]" | cut -d , -f 2 | cut -d : -f 2 | cut -d '"' -f 2) |
|||
fi |
|||
if _contains "$Dynu_Token" "null"; then |
|||
Dynu_Token="" |
|||
fi |
|||
|
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
@ -0,0 +1,97 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
## Infoblox API integration by Jason Keller and Elijah Tenai |
|||
## |
|||
## Report any bugs via https://github.com/jasonkeller/acme.sh |
|||
|
|||
dns_infoblox_add() { |
|||
|
|||
## Nothing to see here, just some housekeeping |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue" |
|||
|
|||
_info "Using Infoblox API" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
## Check for the credentials |
|||
if [ -z "$Infoblox_Creds" ] || [ -z "$Infoblox_Server" ]; then |
|||
Infoblox_Creds="" |
|||
Infoblox_Server="" |
|||
_err "You didn't specify the credentials or server yet (Infoblox_Creds and Infoblox_Server)." |
|||
_err "Please set them via EXPORT ([username:password] and [ip or hostname]) and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
## Save the credentials to the account file |
|||
_saveaccountconf Infoblox_Creds "$Infoblox_Creds" |
|||
_saveaccountconf Infoblox_Server "$Infoblox_Server" |
|||
|
|||
## Base64 encode the credentials |
|||
Infoblox_CredsEncoded=$(printf "%b" "$Infoblox_Creds" | _base64) |
|||
|
|||
## Construct the HTTP Authorization header |
|||
export _H1="Accept-Language:en-US" |
|||
export _H2="Authorization: Basic $Infoblox_CredsEncoded" |
|||
|
|||
## Add the challenge record to the Infoblox grid member |
|||
result=$(_post "" "$baseurlnObject" "" "POST") |
|||
|
|||
## Let's see if we get something intelligible back from the unit |
|||
if echo "$result" | egrep 'record:txt/.*:.*/default'; then |
|||
_info "Successfully created the txt record" |
|||
return 0 |
|||
else |
|||
_err "Error encountered during record addition" |
|||
_err "$result" |
|||
return 1 |
|||
fi |
|||
|
|||
} |
|||
|
|||
dns_infoblox_rm() { |
|||
|
|||
## Nothing to see here, just some housekeeping |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_info "Using Infoblox API" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
## Base64 encode the credentials |
|||
Infoblox_CredsEncoded=$(printf "%b" "$Infoblox_Creds" | _base64) |
|||
|
|||
## Construct the HTTP Authorization header |
|||
export _H1="Accept-Language:en-US" |
|||
export _H2="Authorization: Basic $Infoblox_CredsEncoded" |
|||
|
|||
## Does the record exist? Let's check. |
|||
baseurlnObject="https://$Infoblox_Server/wapi/v2.2.2/record:txt?name=$fulldomain&text=$txtvalue&_return_type=xml-pretty" |
|||
result=$(_get "$baseurlnObject") |
|||
|
|||
## Let's see if we get something intelligible back from the grid |
|||
if echo "$result" | egrep 'record:txt/.*:.*/default'; then |
|||
## Extract the object reference |
|||
objRef=$(printf "%b" "$result" | _egrep_o 'record:txt/.*:.*/default') |
|||
objRmUrl="https://$Infoblox_Server/wapi/v2.2.2/$objRef" |
|||
## Delete them! All the stale records! |
|||
rmResult=$(_post "" "$objRmUrl" "" "DELETE") |
|||
## Let's see if that worked |
|||
if echo "$rmResult" | egrep 'record:txt/.*:.*/default'; then |
|||
_info "Successfully deleted $objRef" |
|||
return 0 |
|||
else |
|||
_err "Error occurred during txt record delete" |
|||
_err "$rmResult" |
|||
return 1 |
|||
fi |
|||
else |
|||
_err "Record to delete didn't match an existing record" |
|||
_err "$result" |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
@ -0,0 +1,149 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#This is the vscale.io api wrapper for acme.sh |
|||
# |
|||
#Author: Alex Loban |
|||
#Report Bugs here: https://github.com/LAV45/acme.sh |
|||
|
|||
#VSCALE_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" |
|||
VSCALE_API_URL="https://api.vscale.io/v1" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_vscale_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
if [ -z "$VSCALE_API_KEY" ]; then |
|||
VSCALE_API_KEY="" |
|||
_err "You didn't specify the VSCALE api key yet." |
|||
_err "Please create you key and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf VSCALE_API_KEY "$VSCALE_API_KEY" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_vscale_tmpl_json="{\"type\":\"TXT\",\"name\":\"$_sub_domain.$_domain\",\"content\":\"$txtvalue\"}" |
|||
|
|||
if _vscale_rest POST "domains/$_domain_id/records/" "$_vscale_tmpl_json"; then |
|||
response=$(printf "%s\n" "$response" | _egrep_o "{\"error\": \".+\"" | cut -d : -f 2) |
|||
if [ -z "$response" ]; then |
|||
_info "txt record updated success." |
|||
return 0 |
|||
fi |
|||
fi |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
#fulldomain txtvalue |
|||
dns_vscale_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _domain_id "$_domain_id" |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
|
|||
_debug "Getting txt records" |
|||
_vscale_rest GET "domains/$_domain_id/records/" |
|||
|
|||
if [ -n "$response" ]; then |
|||
record_id=$(printf "%s\n" "$response" | _egrep_o "\"TXT\", \"id\": [0-9]+, \"name\": \"$_sub_domain.$_domain\"" | cut -d : -f 2 | tr -d ", \"name\"") |
|||
_debug record_id "$record_id" |
|||
if [ -z "$record_id" ]; then |
|||
_err "Can not get record id to remove." |
|||
return 1 |
|||
fi |
|||
if _vscale_rest DELETE "domains/$_domain_id/records/$record_id" && [ -z "$response" ]; then |
|||
_info "txt record deleted success." |
|||
return 0 |
|||
fi |
|||
_debug response "$response" |
|||
return 1 |
|||
fi |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=12345 |
|||
_get_root() { |
|||
domain=$1 |
|||
i=2 |
|||
p=1 |
|||
|
|||
if _vscale_rest GET "domains/"; then |
|||
response="$(echo "$response" | tr -d "\n" | sed 's/{/\n&/g')" |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug h "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
hostedzone="$(echo "$response" | _egrep_o "{.*\"name\":\s*\"$h\".*}")" |
|||
if [ "$hostedzone" ]; then |
|||
_domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) |
|||
if [ "$_domain_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
return 1 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
fi |
|||
return 1 |
|||
} |
|||
|
|||
#method uri qstr data |
|||
_vscale_rest() { |
|||
mtd="$1" |
|||
ep="$2" |
|||
data="$3" |
|||
|
|||
_debug mtd "$mtd" |
|||
_debug ep "$ep" |
|||
|
|||
export _H1="Accept: application/json" |
|||
export _H2="Content-Type: application/json" |
|||
export _H3="X-Token: ${VSCALE_API_KEY}" |
|||
|
|||
if [ "$mtd" != "GET" ]; then |
|||
# both POST and DELETE. |
|||
_debug data "$data" |
|||
response="$(_post "$data" "$VSCALE_API_URL/$ep" "" "$mtd")" |
|||
else |
|||
response="$(_get "$VSCALE_API_URL/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue