From 175c9decd7189f15f47f8175f2cad9656a4dddcf Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 30 Jan 2016 21:00:36 +0800 Subject: [PATCH 1/8] init dnsapi --- dnsapi/dns-cf.sh | 139 +++++++++++++++++++++++++++++++++++++++++++++++ le.sh | 61 ++++++++++++++++----- 2 files changed, 187 insertions(+), 13 deletions(-) create mode 100644 dnsapi/dns-cf.sh diff --git a/dnsapi/dns-cf.sh b/dnsapi/dns-cf.sh new file mode 100644 index 0000000..40987a2 --- /dev/null +++ b/dnsapi/dns-cf.sh @@ -0,0 +1,139 @@ +#!/bin/bash + + +# +#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" +# +#CF_Email="xxxx@sss.com" + + +CF_Api="https://api.cloudflare.com/client/v4/" + +#Usage: _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +dns-cf-add() { + fulldomain=$1 + txtvalue=$2 + + _info "first detect the root zone" + if ! _get_root $fulldomain > /dev/null ; then + _err "invalid domain" + return 1 + fi + + _cf_rest GET "/zones/$_domain_id/dns_records?type=TXT&name=$fulldomain" + + if [ "$?" != "0" ] || ! printf $response | grep \"success\":true > /dev/null ; then + _err "Error" + return 1 + fi + + count=$(printf $response | grep -o \"count\":[^,]* | cut -d : -f 2) + + if [ "$count" == "0" ] ; then + _info "Adding record" + if _cf_rest GET "/zones/$_domain_id/dns_records?type=TXT&name=$fulldomain&content=$txtvalue" ; then + _info "Added, sleeping 10 seconds" + sleep 10 + return 0 + fi + _err "Add txt record error." + else + _info "Updating record" + record_id=$(printf $response | grep -o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") + _info "record_id" $record_id + + _cf_rest PUT "/zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}" + if [ "$?" == "0" ]; then + _info "Updated, sleeping 10 seconds" + sleep 10 + return 0; + fi + _err "Update error" + return 1 + fi + +} + + +#_acme-challenge.www.domain.com +# _sub_domain=_acme-challenge.www +# _domain=domain.com +# _domain_id=sdjkglgdfewsdfg +_get_root() { + domain=$1 + i=2 + p=1 + while [ '1' ] ; do + h=$(printf $domain | cut -d . -f $i-100) + if [ -z "$h" ] ; then + #not valid + return 1; + fi + + if ! _cf_get "zones?name=$h" ; then + return 1 + fi + + if printf $response | grep \"name\":\"$h\" ; then + _domain_id=$(printf $response | grep -o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") + if [ "$_domain_id" ] ; then + _sub_domain=$(printf $domain | cut -d . -f 1-$p) + _domain=$h + return 0 + fi + return 1 + fi + p=$i + let "i+=1" + done + return 1 +} + + +_cf_rest() { + m=$1 + ep="$2" + echo $ep + if [ "$3" ] ; then + data="--data \"$3\"" + fi + response="$(curl --silent -X $m "$CF_Api/$ep" -H "X-Auth-Email: $CF_Email" -H "X-Auth-Key: $CF_Key" -H "Content-Type: application/json" $data)" + if [ "$?" != "0" ] ; then + echo $error $ep + return 1 + fi + echo $response + return 0 +} + + +_debug() { + + if [ -z "$DEBUG" ] ; then + return + fi + + if [ -z "$2" ] ; then + echo $1 + else + echo "$1"="$2" + fi +} + +_info() { + if [ -z "$2" ] ; then + echo "$1" + else + echo "$1"="$2" + fi +} + +_err() { + if [ -z "$2" ] ; then + echo "$1" >&2 + else + echo "$1"="$2" >&2 + fi +} + + diff --git a/le.sh b/le.sh index f90ebe3..8e70b04 100755 --- a/le.sh +++ b/le.sh @@ -320,7 +320,6 @@ _initpath() { if [ -z "$CA_CERT_PATH" ] ; then CA_CERT_PATH="$WORKING_DIR/$domain/ca.cer" fi - } @@ -619,12 +618,44 @@ issue() { _debug txt "$txt" #dns #1. check use api - _err "Add the following TXT record:" - _err "Domain: $txtdomain" - _err "TXT value: $txt" - _err "Please be aware that you prepend _acme-challenge. before your domain" - _err "so the resulting subdomain will be: $txtdomain" - #dnsadded='1' + d_api="" + if [ -f "$WORKING_DIR/$d/$Le_Webroot" ] ; then + d_api="$WORKING_DIR/$d/$Le_Webroot" + elif [ -f "$WORKING_DIR/$d/$Le_Webroot.sh" ] ; then + d_api="$WORKING_DIR/$d/$Le_Webroot.sh" + elif [ -f "$WORKING_DIR/$Le_Webroot" ] ; then + d_api="$WORKING_DIR/$Le_Webroot" + elif [ -f "$WORKING_DIR/$Le_Webroot.sh" ] ; then + d_api="$WORKING_DIR/$Le_Webroot.sh" + fi + + if [ "$d_api" ]; then + _info "Found domain api file: $d_api" + else + _err "Add the following TXT record:" + _err "Domain: $txtdomain" + _err "TXT value: $txt" + _err "Please be aware that you prepend _acme-challenge. before your domain" + _err "so the resulting subdomain will be: $txtdomain" + continue + fi + + if ! source $d_api ; then + _err "Load file $d_api error. Please check your api file and try again." + return 1 + fi + + addcommand="$Le_Webroot-add" + if ! command -v $addcommand ; then + _err "It seems that your api file is not correct, it must have a function named: $Le_Webroot" + return 1 + fi + + if ! $addcommand $txtdomain $txt ; then + _err "Error add txt for domain:$txtdomain" + return 1 + fi + dnsadded='1' fi done @@ -806,13 +837,17 @@ renew() { _initpath $Le_Domain - if [ -f "$DOMAIN_CONF" ] ; then - source "$DOMAIN_CONF" - if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then - _info "Skip, Next renewal time is: $Le_NextRenewTimeStr" - return 2 - fi + if [ ! -f "$DOMAIN_CONF" ] ; then + _err "$Le_Domain is not a issued domain, skip." + return 1; + fi + + source "$DOMAIN_CONF" + if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then + _info "Skip, Next renewal time is: $Le_NextRenewTimeStr" + return 2 fi + IS_RENEW="1" issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd" IS_RENEW="" From 23bcf2c62371cbe669d1f8e7cec635eb02c15aab Mon Sep 17 00:00:00 2001 From: root Date: Sat, 30 Jan 2016 16:16:29 +0300 Subject: [PATCH 2/8] exec --- dnsapi/dns-cf.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 dnsapi/dns-cf.sh diff --git a/dnsapi/dns-cf.sh b/dnsapi/dns-cf.sh old mode 100644 new mode 100755 From b4a156da60d8a6d08c43185b4beb8696976b57e2 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 30 Jan 2016 21:08:43 +0800 Subject: [PATCH 3/8] install dnsapi --- le.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/le.sh b/le.sh index 8e70b04..d8a4a81 100755 --- a/le.sh +++ b/le.sh @@ -1028,6 +1028,8 @@ install() { rm -f $WORKING_DIR/le ln -s $WORKING_DIR/le.sh $WORKING_DIR/le + cp -r dnsapi $WORKING_DIR/dnsapi + installcronjob _info OK From 611f6877392d56945d2037c916d981c7b68654da Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 30 Jan 2016 21:14:41 +0800 Subject: [PATCH 4/8] dnsapi folder --- le.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/le.sh b/le.sh index d8a4a81..c443782 100755 --- a/le.sh +++ b/le.sh @@ -627,7 +627,12 @@ issue() { d_api="$WORKING_DIR/$Le_Webroot" elif [ -f "$WORKING_DIR/$Le_Webroot.sh" ] ; then d_api="$WORKING_DIR/$Le_Webroot.sh" + elif [ -f "$WORKING_DIR/dnsapi/$Le_Webroot" ] ; then + d_api="$WORKING_DIR/dnsapi/$Le_Webroot" + elif [ -f "$WORKING_DIR/dnsapi/$Le_Webroot.sh" ] ; then + d_api="$WORKING_DIR/dnsapi/$Le_Webroot.sh" fi + _debug d_api "$d_api" if [ "$d_api" ]; then _info "Found domain api file: $d_api" From 1b5bd0e03ef7749d3b32f358e815f44dbfc453b0 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 30 Jan 2016 22:11:09 +0800 Subject: [PATCH 5/8] minor fix --- dnsapi/dns-cf.sh | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/dnsapi/dns-cf.sh b/dnsapi/dns-cf.sh index 40987a2..547a077 100755 --- a/dnsapi/dns-cf.sh +++ b/dnsapi/dns-cf.sh @@ -14,12 +14,13 @@ dns-cf-add() { fulldomain=$1 txtvalue=$2 - _info "first detect the root zone" - if ! _get_root $fulldomain > /dev/null ; then + _debug "First detect the root zone" + if ! _get_root $fulldomain ; then _err "invalid domain" return 1 fi + _debug "Getting txt records" _cf_rest GET "/zones/$_domain_id/dns_records?type=TXT&name=$fulldomain" if [ "$?" != "0" ] || ! printf $response | grep \"success\":true > /dev/null ; then @@ -31,7 +32,7 @@ dns-cf-add() { if [ "$count" == "0" ] ; then _info "Adding record" - if _cf_rest GET "/zones/$_domain_id/dns_records?type=TXT&name=$fulldomain&content=$txtvalue" ; then + if _cf_rest POST "/zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then _info "Added, sleeping 10 seconds" sleep 10 return 0 @@ -56,6 +57,7 @@ dns-cf-add() { #_acme-challenge.www.domain.com +#returns # _sub_domain=_acme-challenge.www # _domain=domain.com # _domain_id=sdjkglgdfewsdfg @@ -70,7 +72,7 @@ _get_root() { return 1; fi - if ! _cf_get "zones?name=$h" ; then + if ! _cf_rest GET "zones?name=$h" ; then return 1 fi @@ -95,7 +97,8 @@ _cf_rest() { ep="$2" echo $ep if [ "$3" ] ; then - data="--data \"$3\"" + data="--data \'$3\'" + _debug data "$data" fi response="$(curl --silent -X $m "$CF_Api/$ep" -H "X-Auth-Email: $CF_Email" -H "X-Auth-Key: $CF_Key" -H "Content-Type: application/json" $data)" if [ "$?" != "0" ] ; then From 638b9a0559d50088db1888b8d97e53e4a7c1786b Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 30 Jan 2016 22:34:35 +0800 Subject: [PATCH 6/8] fix bugs --- dnsapi/dns-cf.sh | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/dnsapi/dns-cf.sh b/dnsapi/dns-cf.sh index 547a077..ac3643c 100755 --- a/dnsapi/dns-cf.sh +++ b/dnsapi/dns-cf.sh @@ -9,7 +9,9 @@ CF_Api="https://api.cloudflare.com/client/v4/" -#Usage: _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" +######## Public functions ##################### + +#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" dns-cf-add() { fulldomain=$1 txtvalue=$2 @@ -33,15 +35,20 @@ dns-cf-add() { if [ "$count" == "0" ] ; then _info "Adding record" if _cf_rest POST "/zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then - _info "Added, sleeping 10 seconds" - sleep 10 - return 0 + if printf $response | grep $fulldomain > /dev/null ; then + _info "Added, sleeping 10 seconds" + sleep 1 + return 0 + else + _err "Add txt record error." + return 1 + fi fi _err "Add txt record error." else _info "Updating record" record_id=$(printf $response | grep -o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \") - _info "record_id" $record_id + _debug "record_id" $record_id _cf_rest PUT "/zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}" if [ "$?" == "0" ]; then @@ -56,6 +63,10 @@ dns-cf-add() { } + + + +#################### Private functions bellow ################################## #_acme-challenge.www.domain.com #returns # _sub_domain=_acme-challenge.www @@ -95,17 +106,20 @@ _get_root() { _cf_rest() { m=$1 ep="$2" - echo $ep + _debug $ep if [ "$3" ] ; then - data="--data \'$3\'" + data="$3" _debug data "$data" + response="$(curl --silent -X $m "$CF_Api/$ep" -H "X-Auth-Email: $CF_Email" -H "X-Auth-Key: $CF_Key" -H "Content-Type: application/json" --data $data)" + else + response="$(curl --silent -X $m "$CF_Api/$ep" -H "X-Auth-Email: $CF_Email" -H "X-Auth-Key: $CF_Key" -H "Content-Type: application/json")" fi - response="$(curl --silent -X $m "$CF_Api/$ep" -H "X-Auth-Email: $CF_Email" -H "X-Auth-Key: $CF_Key" -H "Content-Type: application/json" $data)" + if [ "$?" != "0" ] ; then - echo $error $ep + _err "error $ep" return 1 fi - echo $response + _debug response "$response" return 0 } From 0ed4c9391e2956769bdb1be64c8a05df1e312293 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 30 Jan 2016 22:47:22 +0800 Subject: [PATCH 7/8] sleep to wait dns record to take effect. --- dnsapi/dns-cf.sh | 4 +++- le.sh | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/dnsapi/dns-cf.sh b/dnsapi/dns-cf.sh index ac3643c..888e9b3 100755 --- a/dnsapi/dns-cf.sh +++ b/dnsapi/dns-cf.sh @@ -37,7 +37,8 @@ dns-cf-add() { if _cf_rest POST "/zones/$_domain_id/dns_records" "{\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"ttl\":120}"; then if printf $response | grep $fulldomain > /dev/null ; then _info "Added, sleeping 10 seconds" - sleep 1 + sleep 10 + #todo: check if the record takes effect return 0 else _err "Add txt record error." @@ -54,6 +55,7 @@ dns-cf-add() { if [ "$?" == "0" ]; then _info "Updated, sleeping 10 seconds" sleep 10 + #todo: check if the record takes effect return 0; fi _err "Update error" diff --git a/le.sh b/le.sh index c443782..a612241 100755 --- a/le.sh +++ b/le.sh @@ -673,6 +673,10 @@ issue() { fi + if [ "$dnsadded" == '1' ] ; then + _info "Sleep 60 seconds for the txt records to take effect" + sleep 60 + fi _debug "ok, let's start to verify" ventries=$(echo "$vlist" | sed "s/,/ /g") From a28b3a653cdb8fd9cf041365ae6e488d8bbd07ad Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 30 Jan 2016 22:51:36 +0800 Subject: [PATCH 8/8] install dnsapi --- le.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/le.sh b/le.sh index a612241..768efcf 100755 --- a/le.sh +++ b/le.sh @@ -1037,7 +1037,8 @@ install() { rm -f $WORKING_DIR/le ln -s $WORKING_DIR/le.sh $WORKING_DIR/le - cp -r dnsapi $WORKING_DIR/dnsapi + mkdir -p $WORKING_DIR/dnsapi + cp dnsapi/* $WORKING_DIR/dnsapi/ installcronjob