From 0fb206fe15107ca80a9199a0efec4e4a006ebb44 Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Wed, 26 Oct 2016 11:52:26 +0200 Subject: [PATCH 1/7] add nsupdate script for dns-01 --- dnsapi/dns_nsupdate.sh | 94 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100755 dnsapi/dns_nsupdate.sh diff --git a/dnsapi/dns_nsupdate.sh b/dnsapi/dns_nsupdate.sh new file mode 100755 index 0000000..fd16c56 --- /dev/null +++ b/dnsapi/dns_nsupdate.sh @@ -0,0 +1,94 @@ +#!/usr/bin/env bash + + +######## Public functions ##################### + +#Usage: dns_nsupdate_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns_nsupdate_add() { + fulldomain=$1 + txtvalue=$2 + _checkKeyFile || return 1 + NSUPDATE_SERVER=${NSUPDATE_SERVER:-localhost} + # save the dns server and key to the account conf file. + _saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}" + _saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}" + tmp=$(mktemp --tmpdir acme_nsupdate.XXXXXX) + cat > ${tmp} < ${tmp} <&2 + return 1 +} + +_debug() { + if [ -z "$DEBUG" ] ; then + return + fi + _err "$@" + return 0 +} + +_debug2() { + if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then + _debug "$@" + fi + return +} From 2d279c4c5cb49405d01a996a0ea11c0e8711662f Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Wed, 26 Oct 2016 11:57:45 +0200 Subject: [PATCH 2/7] add nsupdate to sample config --- acme.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/acme.sh b/acme.sh index ce12579..cbd7f0d 100755 --- a/acme.sh +++ b/acme.sh @@ -3363,6 +3363,11 @@ _initconf() { # #GD_Secret=\"sADDsdasdfsdfdssdgdsf\" +####################### +#nsupdate: +#NSUPDATE_KEY=\"/path/to/update.key\" +#NSUPDATE_SERVER=\"192.168.0.1\" + ####################### #PowerDNS: #PDNS_Url=\"http://ns.example.com:8081\" From 54d61bdc4ac46437c16f81fe0593c92610fce0e3 Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Wed, 26 Oct 2016 16:14:47 +0200 Subject: [PATCH 3/7] - get rid of bash-only syntax like ${foo:-bar} - use sh instead of bash - remove redundant functions _info, _err, _debug and _debug2 - get rid of mktemp, pipe commands directly to nsupdate --- dnsapi/dns_nsupdate.sh | 46 +++++++----------------------------------- 1 file changed, 7 insertions(+), 39 deletions(-) diff --git a/dnsapi/dns_nsupdate.sh b/dnsapi/dns_nsupdate.sh index fd16c56..5602332 100755 --- a/dnsapi/dns_nsupdate.sh +++ b/dnsapi/dns_nsupdate.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh ######## Public functions ##################### @@ -8,18 +8,16 @@ dns_nsupdate_add() { fulldomain=$1 txtvalue=$2 _checkKeyFile || return 1 - NSUPDATE_SERVER=${NSUPDATE_SERVER:-localhost} + [ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost" # save the dns server and key to the account conf file. _saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}" _saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}" - tmp=$(mktemp --tmpdir acme_nsupdate.XXXXXX) - cat > ${tmp} < ${tmp} <&2 - return 1 -} - -_debug() { - if [ -z "$DEBUG" ] ; then - return - fi - _err "$@" - return 0 -} - -_debug2() { - if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ] ; then - _debug "$@" - fi - return -} From a2e62f8e1d05fe200c079a832388ad2419b9eba6 Mon Sep 17 00:00:00 2001 From: neil Date: Wed, 9 Nov 2016 23:44:24 +0800 Subject: [PATCH 4/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 104532b..258cc02 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# An ACME Shell script: acme.sh +# An ACME Shell script: acme.sh [![Build Status](https://travis-ci.org/Neilpang/acme.sh.svg?branch=master)](https://travis-ci.org/Neilpang/acme.sh) - An ACME protocol client written purely in Shell (Unix shell) language. - Fully ACME protocol implementation. - Simple, powerful and very easy to use. You only need 3 minutes to learn. From 243593cdaa716393283bb8f879517f2146d8b57b Mon Sep 17 00:00:00 2001 From: Philippe Kueck Date: Mon, 14 Nov 2016 14:06:30 +0100 Subject: [PATCH 5/7] fix warnings and remove unused ${tmp} variable --- dnsapi/dns_nsupdate.sh | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/dnsapi/dns_nsupdate.sh b/dnsapi/dns_nsupdate.sh index 5602332..a024e31 100755 --- a/dnsapi/dns_nsupdate.sh +++ b/dnsapi/dns_nsupdate.sh @@ -13,16 +13,15 @@ dns_nsupdate_add() { _saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}" _saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}" _info "adding ${fulldomain}. 60 in txt \"${txtvalue}\"" - nsupdate -k ${NSUPDATE_KEY} < Date: Mon, 14 Nov 2016 15:56:07 +0100 Subject: [PATCH 6/7] add documentation for dns_nsupdate --- README.md | 1 + dnsapi/README.md | 50 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/README.md b/README.md index e86392e..58cadc6 100644 --- a/README.md +++ b/README.md @@ -244,6 +244,7 @@ You don't have do anything manually! 7. PowerDNS API 8. lexicon dns api: https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api (DigitalOcean, DNSimple, DnsMadeEasy, DNSPark, EasyDNS, Namesilo, NS1, PointHQ, Rage4 and Vultr etc.) +9. nsupdate ##### More APIs are coming soon... diff --git a/dnsapi/README.md b/dnsapi/README.md index 9460315..a56f68b 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -112,10 +112,60 @@ acme.sh --issue --dns dns_pdns -d example.com -d www.example.com The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf`. + ## Use OVH/kimsufi/soyoustart/runabove API https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api +## Use nsupdate to automatically issue cert + +First, generate a key for updating the zone +``` +b=$(dnssec-keygen -a hmac-sha512 -b 512 -n USER -K /tmp foo) +cat > /etc/named/keys/update.key < Date: Tue, 15 Nov 2016 17:28:15 +0800 Subject: [PATCH 7/7] Update README.md --- dnsapi/README.md | 60 +++++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/dnsapi/README.md b/dnsapi/README.md index 8f7df7b..34be507 100644 --- a/dnsapi/README.md +++ b/dnsapi/README.md @@ -1,6 +1,6 @@ # How to use dns api -## Use CloudFlare domain api to automatically issue cert +## 1. Use CloudFlare domain api to automatically issue cert For now, we support clourflare integeration. @@ -22,7 +22,7 @@ The `CF_Key` and `CF_Email` will be saved in `~/.acme.sh/account.conf`, when ne -## Use Dnspod.cn domain api to automatically issue cert +## 2. Use Dnspod.cn domain api to automatically issue cert For now, we support dnspod.cn integeration. @@ -43,7 +43,7 @@ acme.sh --issue --dns dns_dp -d example.com -d www.example.com The `DP_Id` and `DP_Key` will be saved in `~/.acme.sh/account.conf`, when next time you use dnspod.cn api, it will reuse this key. -## Use Cloudxns.com domain api to automatically issue cert +## 3. Use Cloudxns.com domain api to automatically issue cert For now, we support Cloudxns.com integeration. @@ -64,7 +64,7 @@ acme.sh --issue --dns dns_cx -d example.com -d www.example.com The `CX_Key` and `CX_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use Cloudxns.com api, it will reuse this key. -## Use Godaddy.com domain api to automatically issue cert +## 4. Use Godaddy.com domain api to automatically issue cert We support Godaddy integration. @@ -89,7 +89,7 @@ acme.sh --issue --dns dns_gd -d example.com -d www.example.com The `GD_Key` and `GD_Secret` will be saved in `~/.acme.sh/account.conf`, when next time you use cloudflare api, it will reuse this key. -## Use PowerDNS embedded api to automatically issue cert +## 5. Use PowerDNS embedded api to automatically issue cert We support PowerDNS embedded API integration. @@ -113,11 +113,11 @@ acme.sh --issue --dns dns_pdns -d example.com -d www.example.com The `PDNS_Url`, `PDNS_ServerId`, `PDNS_Token` and `PDNS_Ttl` will be saved in `~/.acme.sh/account.conf`. -## Use OVH/kimsufi/soyoustart/runabove API +## 6. Use OVH/kimsufi/soyoustart/runabove API https://github.com/Neilpang/acme.sh/wiki/How-to-use-OVH-domain-api -## Use nsupdate to automatically issue cert +## 7. Use nsupdate to automatically issue cert First, generate a key for updating the zone ``` @@ -166,27 +166,7 @@ acme.sh --issue --dns dns_nsupdate -d example.com -d www.example.com The `NSUPDATE_SERVER` and `NSUPDATE_KEY` settings will be saved in `~/.acme.sh/account.conf`. -# Use custom api - -If your api is not supported yet, you can write your own dns api. - -Let's assume you want to name it 'myapi', - -1. Create a bash script named `~/.acme.sh/dns_myapi.sh`, -2. In the script, you must have a function named `dns_myapi_add()`. Which will be called by acme.sh to add dns records. -3. Then you can use your api to issue cert like: - -``` -acme.sh --issue --dns dns_myapi -d example.com -d www.example.com -``` - -For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh) - -# Use lexicon dns api - -https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api - -## Use LuaDNS domain API +## 8. Use LuaDNS domain API Get your API token at https://api.luadns.com/settings @@ -204,7 +184,7 @@ acme.sh --issue --dns dns_lua --dnssleep 3 -d example.com -d www.example.c The `LUA_Key` and `LUA_Email` will be saved in `~/.acme.sh/account.conf`, and will be reused when needed. -## Use DNSMadeEasy domain API +## 9. Use DNSMadeEasy domain API Get your API credentials at https://cp.dnsmadeeasy.com/account/info @@ -222,5 +202,27 @@ acme.sh --issue --dns dns_me --dnssleep 3 -d example.com -d www.example.co The `ME_Key` and `ME_Secret` will be saved in `~/.acme.sh/account.conf`, and will be reused when needed. +# 10. Use custom api + +If your api is not supported yet, you can write your own dns api. + +Let's assume you want to name it 'myapi', + +1. Create a bash script named `~/.acme.sh/dns_myapi.sh`, +2. In the script, you must have a function named `dns_myapi_add()`. Which will be called by acme.sh to add dns records. +3. Then you can use your api to issue cert like: + +``` +acme.sh --issue --dns dns_myapi -d example.com -d www.example.com +``` + +For more details, please check our sample script: [dns_myapi.sh](dns_myapi.sh) + +# 11. Use lexicon dns api + +https://github.com/Neilpang/acme.sh/wiki/How-to-use-lexicon-dns-api + + +