forked from Github/acme.sh
David Kerr
7 years ago
14 changed files with 414 additions and 177 deletions
-
3.travis.yml
-
4Dockerfile
-
181acme.sh
-
46deploy/README.md
-
29deploy/cpanel.sh
-
64deploy/cpanel_uapi.sh
-
108deploy/fritzbox.sh
-
32deploy/strongswan.sh
-
6dnsapi/README.md
-
19dnsapi/dns_aws.sh
-
14dnsapi/dns_cloudns.sh
-
79dnsapi/dns_duckdns.sh
-
2dnsapi/dns_gandi_livedns.sh
-
4dnsapi/dns_he.sh
@ -1,29 +0,0 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Here is the script to deploy the cert to your cpanel account by the cpanel APIs. |
|||
|
|||
#returns 0 means success, otherwise error. |
|||
|
|||
#export DEPLOY_CPANEL_USER=myusername |
|||
#export DEPLOY_CPANEL_PASSWORD=PASSWORD |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
cpanel_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
_err "Not implemented yet" |
|||
return 1 |
|||
|
|||
} |
@ -0,0 +1,64 @@ |
|||
#!/usr/bin/env sh |
|||
# Here is the script to deploy the cert to your cpanel using the cpanel API. |
|||
# Uses command line uapi. --user option is needed only if run as root. |
|||
# Returns 0 when success. |
|||
# Written by Santeri Kannisto <santeri.kannisto@2globalnomads.info> |
|||
# Public domain, 2017 |
|||
|
|||
#export DEPLOY_CPANEL_USER=myusername |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
|
|||
cpanel_uapi_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
if ! _exists uapi; then |
|||
_err "The command uapi is not found." |
|||
return 1 |
|||
fi |
|||
if ! _exists php; then |
|||
_err "The command php is not found." |
|||
return 1 |
|||
fi |
|||
# read cert and key files and urlencode both |
|||
_certstr=$(cat "$_ccert") |
|||
_keystr=$(cat "$_ckey") |
|||
_cert=$(php -r "echo urlencode(\"$_certstr\");") |
|||
_key=$(php -r "echo urlencode(\"$_keystr\");") |
|||
|
|||
_debug _cert "$_cert" |
|||
_debug _key "$_key" |
|||
|
|||
if [ "$(id -u)" = 0 ]; then |
|||
if [ -z "$DEPLOY_CPANEL_USER" ]; then |
|||
_err "It seems that you are root, please define the target user name: export DEPLOY_CPANEL_USER=username" |
|||
return 1 |
|||
fi |
|||
_savedomainconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER" |
|||
_response=$(uapi --user="$DEPLOY_CPANEL_USER" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key") |
|||
else |
|||
_response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key") |
|||
fi |
|||
error_response="status: 0" |
|||
if test "${_response#*$error_response}" != "$_response"; then |
|||
_err "Error in deploying certificate:" |
|||
_err "$_response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug response "$_response" |
|||
_info "Certificate successfully deployed" |
|||
return 0 |
|||
} |
@ -0,0 +1,108 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Here is a script to deploy cert to an AVM FRITZ!Box router. |
|||
|
|||
#returns 0 means success, otherwise error. |
|||
|
|||
#DEPLOY_FRITZBOX_USERNAME="username" |
|||
#DEPLOY_FRITZBOX_PASSWORD="password" |
|||
#DEPLOY_FRITZBOX_URL="https://fritz.box" |
|||
|
|||
# Kudos to wikrie at Github for his FRITZ!Box update script: |
|||
# https://gist.github.com/wikrie/f1d5747a714e0a34d0582981f7cb4cfb |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
fritzbox_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
if ! _exists iconv; then |
|||
_err "iconv not found" |
|||
return 1 |
|||
fi |
|||
|
|||
_fritzbox_username="${DEPLOY_FRITZBOX_USERNAME}" |
|||
_fritzbox_password="${DEPLOY_FRITZBOX_PASSWORD}" |
|||
_fritzbox_url="${DEPLOY_FRITZBOX_URL}" |
|||
|
|||
_debug _fritzbox_url "$_fritzbox_url" |
|||
_debug _fritzbox_username "$_fritzbox_username" |
|||
_secure_debug _fritzbox_password "$_fritzbox_password" |
|||
if [ -z "$_fritzbox_username" ]; then |
|||
_err "FRITZ!Box username is not found, please define DEPLOY_FRITZBOX_USERNAME." |
|||
return 1 |
|||
fi |
|||
if [ -z "$_fritzbox_password" ]; then |
|||
_err "FRITZ!Box password is not found, please define DEPLOY_FRITZBOX_PASSWORD." |
|||
return 1 |
|||
fi |
|||
if [ -z "$_fritzbox_url" ]; then |
|||
_err "FRITZ!Box url is not found, please define DEPLOY_FRITZBOX_URL." |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf DEPLOY_FRITZBOX_USERNAME "${_fritzbox_username}" |
|||
_saveaccountconf DEPLOY_FRITZBOX_PASSWORD "${_fritzbox_password}" |
|||
_saveaccountconf DEPLOY_FRITZBOX_URL "${_fritzbox_url}" |
|||
|
|||
# Do not check for a valid SSL certificate, because initially the cert is not valid, so it could not install the LE generated certificate |
|||
export HTTPS_INSECURE=1 |
|||
|
|||
_info "Log in to the FRITZ!Box" |
|||
_fritzbox_challenge="$(_get "${_fritzbox_url}/login_sid.lua" | sed -e 's/^.*<Challenge>//' -e 's/<\/Challenge>.*$//')" |
|||
_fritzbox_hash="$(printf "%s-%s" "${_fritzbox_challenge}" "${_fritzbox_password}" | iconv -f ASCII -t UTF16LE | md5sum | awk '{print $1}')" |
|||
_fritzbox_sid="$(_get "${_fritzbox_url}/login_sid.lua?sid=0000000000000000&username=${_fritzbox_username}&response=${_fritzbox_challenge}-${_fritzbox_hash}" | sed -e 's/^.*<SID>//' -e 's/<\/SID>.*$//')" |
|||
|
|||
if [ -z "${_fritzbox_sid}" ] || [ "${_fritzbox_sid}" = "0000000000000000" ]; then |
|||
_err "Logging in to the FRITZ!Box failed. Please check username, password and URL." |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Generate form POST request" |
|||
_post_request="$(_mktemp)" |
|||
_post_boundary="---------------------------$(date +%Y%m%d%H%M%S)" |
|||
# _CERTPASSWORD_ is unset because Let's Encrypt certificates don't have a password. But if they ever do, here's the place to use it! |
|||
_CERTPASSWORD_= |
|||
{ |
|||
printf -- "--" |
|||
printf -- "%s\r\n" "${_post_boundary}" |
|||
printf "Content-Disposition: form-data; name=\"sid\"\r\n\r\n%s\r\n" "${_fritzbox_sid}" |
|||
printf -- "--" |
|||
printf -- "%s\r\n" "${_post_boundary}" |
|||
printf "Content-Disposition: form-data; name=\"BoxCertPassword\"\r\n\r\n%s\r\n" "${_CERTPASSWORD_}" |
|||
printf -- "--" |
|||
printf -- "%s\r\n" "${_post_boundary}" |
|||
printf "Content-Disposition: form-data; name=\"BoxCertImportFile\"; filename=\"BoxCert.pem\"\r\n" |
|||
printf "Content-Type: application/octet-stream\r\n\r\n" |
|||
cat "${_ckey}" "${_cfullchain}" |
|||
printf "\r\n" |
|||
printf -- "--" |
|||
printf -- "%s--" "${_post_boundary}" |
|||
} >>"${_post_request}" |
|||
|
|||
_info "Upload certificate to the FRITZ!Box" |
|||
|
|||
export _H1="Content-type: multipart/form-data boundary=${_post_boundary}" |
|||
_post "$(cat "${_post_request}")" "${_fritzbox_url}/cgi-bin/firmwarecfg" | grep SSL |
|||
|
|||
retval=$? |
|||
if [ $retval = 0 ]; then |
|||
_info "Upload successful" |
|||
else |
|||
_err "Upload failed" |
|||
fi |
|||
rm "${_post_request}" |
|||
|
|||
return $retval |
|||
} |
@ -0,0 +1,32 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Here is a sample custom api script. |
|||
#This file name is "myapi.sh" |
|||
#So, here must be a method myapi_deploy() |
|||
#Which will be called by acme.sh to deploy the cert |
|||
#returns 0 means success, otherwise error. |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
strongswan_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
cat "$_ckey" >"/etc/ipsec.d/private/$(basename "$_ckey")" |
|||
cat "$_ccert" >"/etc/ipsec.d/certs/$(basename "$_ccert")" |
|||
cat "$_cca" >"/etc/ipsec.d/cacerts/$(basename "$_cca")" |
|||
cat "$_cfullchain" >"/etc/ipsec.d/cacerts/$(basename "$_cfullchain")" |
|||
|
|||
ipsec reload |
|||
|
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue