forked from Github/acme.sh
nytral
8 years ago
24 changed files with 2635 additions and 504 deletions
-
9.github/PULL_REQUEST_TEMPLATE.md
-
40.travis.yml
-
211README.md
-
796acme.sh
-
1deploy/README.md
-
81deploy/kong.sh
-
285dnsapi/README.md
-
147dnsapi/dns_ad.sh
-
187dnsapi/dns_ali.sh
-
227dnsapi/dns_aws.sh
-
66dnsapi/dns_cf.sh
-
34dnsapi/dns_cx.sh
-
52dnsapi/dns_dp.sh
-
375dnsapi/dns_freedns.sh
-
6dnsapi/dns_gd.sh
-
177dnsapi/dns_ispconfig.sh
-
15dnsapi/dns_lexicon.sh
-
183dnsapi/dns_linode.sh
-
18dnsapi/dns_lua.sh
-
12dnsapi/dns_me.sh
-
45dnsapi/dns_myapi.sh
-
58dnsapi/dns_nsupdate.sh
-
12dnsapi/dns_ovh.sh
-
54dnsapi/dns_pdns.sh
@ -0,0 +1,9 @@ |
|||||
|
<!-- |
||||
|
|
||||
|
Do NOT send pull request to `master` branch. |
||||
|
|
||||
|
Please send to `dev` branch instead. |
||||
|
|
||||
|
Any PR to `master` branch will NOT be merged. |
||||
|
|
||||
|
--> |
796
acme.sh
File diff suppressed because it is too large
View File
File diff suppressed because it is too large
View File
@ -0,0 +1 @@ |
|||||
|
#Using deploy api |
@ -0,0 +1,81 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# This deploy hook will deploy ssl cert on kong proxy engine based on api request_host parameter. |
||||
|
# Note that ssl plugin should be available on Kong instance |
||||
|
# The hook will match cdomain to request_host, in case of multiple domain it will always take the first |
||||
|
# one (acme.sh behaviour). |
||||
|
# If ssl config already exist it will update only cert and key not touching other parameter |
||||
|
# If ssl config doesn't exist it will only upload cert and key and not set other parameter |
||||
|
# Not that we deploy full chain |
||||
|
# See https://getkong.org/plugins/dynamic-ssl/ for other options |
||||
|
# Written by Geoffroi Genot <ggenot@voxbone.com> |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
kong_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
_info "Deploying certificate on Kong instance" |
||||
|
if [ -z "$KONG_URL" ]; then |
||||
|
_debug "KONG_URL Not set, using default http://localhost:8001" |
||||
|
KONG_URL="http://localhost:8001" |
||||
|
fi |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
#Get uuid linked to the domain |
||||
|
uuid=$(_get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}') |
||||
|
if [ -z "$uuid" ]; then |
||||
|
_err "Unable to get Kong uuid for domain $_cdomain" |
||||
|
_err "Make sure that KONG_URL is correctly configured" |
||||
|
_err "Make sure that a Kong api request_host match the domain" |
||||
|
_err "Kong url: $KONG_URL" |
||||
|
return 1 |
||||
|
fi |
||||
|
#Save kong url if it's succesful (First run case) |
||||
|
_saveaccountconf KONG_URL "$KONG_URL" |
||||
|
#Generate DEIM |
||||
|
delim="-----MultipartDelimeter$(date "+%s%N")" |
||||
|
nl="\015\012" |
||||
|
#Set Header |
||||
|
_H1="Content-Type: multipart/form-data; boundary=$delim" |
||||
|
#Generate data for request (Multipart/form-data with mixed content) |
||||
|
#set name to ssl |
||||
|
content="--$delim${nl}Content-Disposition: form-data; name=\"name\"${nl}${nl}ssl" |
||||
|
#add key |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")" |
||||
|
#Add cert |
||||
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")" |
||||
|
#Close multipart |
||||
|
content="$content${nl}--$delim--${nl}" |
||||
|
#Convert CRLF |
||||
|
content=$(printf %b "$content") |
||||
|
#DEBUG |
||||
|
_debug header "$_H1" |
||||
|
_debug content "$content" |
||||
|
#Check if ssl plugins is aready enabled (if not => POST else => PATCH) |
||||
|
ssl_uuid=$(_get "$KONG_URL/apis/$uuid/plugins" | _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}') |
||||
|
_debug ssl_uuid "$ssl_uuid" |
||||
|
if [ -z "$ssl_uuid" ]; then |
||||
|
#Post certificate to Kong |
||||
|
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST") |
||||
|
else |
||||
|
#patch |
||||
|
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH") |
||||
|
fi |
||||
|
if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then |
||||
|
_err "An error occured with cert upload. Check response:" |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug response "$response" |
||||
|
_info "Certificate successfully deployed" |
||||
|
} |
@ -0,0 +1,147 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# |
||||
|
#AD_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje" |
||||
|
|
||||
|
#This is the Alwaysdata api wrapper for acme.sh |
||||
|
# |
||||
|
#Author: Paul Koppen |
||||
|
#Report Bugs here: https://github.com/wpk-/acme.sh |
||||
|
|
||||
|
AD_API_URL="https://$AD_API_KEY:@api.alwaysdata.com/v1" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_ad_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if [ -z "$AD_API_KEY" ]; then |
||||
|
AD_API_KEY="" |
||||
|
_err "You didn't specify the AD api key yet." |
||||
|
_err "Please create you key and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf AD_API_KEY "$AD_API_KEY" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_ad_tmpl_json="{\"domain\":$_domain_id,\"type\":\"TXT\",\"name\":\"$_sub_domain\",\"value\":\"$txtvalue\"}" |
||||
|
|
||||
|
if _ad_rest POST "record/" "$_ad_tmpl_json" && [ -z "$response" ]; then |
||||
|
_info "txt record updated success." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#fulldomain txtvalue |
||||
|
dns_ad_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_debug "Getting txt records" |
||||
|
_ad_rest GET "record/?domain=$_domain_id&name=$_sub_domain" |
||||
|
|
||||
|
if [ -n "$response" ]; then |
||||
|
record_id=$(printf "%s\n" "$response" | _egrep_o "\"id\":\s*[0-9]+" | cut -d : -f 2 | tr -d " " | _head_n 1) |
||||
|
_debug record_id "$record_id" |
||||
|
if [ -z "$record_id" ]; then |
||||
|
_err "Can not get record id to remove." |
||||
|
return 1 |
||||
|
fi |
||||
|
if _ad_rest DELETE "record/$record_id/" && [ -z "$response" ]; then |
||||
|
_info "txt record deleted success." |
||||
|
return 0 |
||||
|
fi |
||||
|
_debug response "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
# _domain_id=12345 |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=2 |
||||
|
p=1 |
||||
|
|
||||
|
if _ad_rest GET "domain/"; then |
||||
|
response="$(echo "$response" | tr -d "\n" | sed 's/{/\n&/g')" |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
hostedzone="$(echo "$response" | _egrep_o "{.*\"name\":\s*\"$h\".*}")" |
||||
|
if [ "$hostedzone" ]; then |
||||
|
_domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"id\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
fi |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#method uri qstr data |
||||
|
_ad_rest() { |
||||
|
mtd="$1" |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
|
||||
|
_debug mtd "$mtd" |
||||
|
_debug ep "$ep" |
||||
|
|
||||
|
export _H1="Accept: application/json" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
|
||||
|
if [ "$mtd" != "GET" ]; then |
||||
|
# both POST and DELETE. |
||||
|
_debug data "$data" |
||||
|
response="$(_post "$data" "$AD_API_URL/$ep" "" "$mtd")" |
||||
|
else |
||||
|
response="$(_get "$AD_API_URL/$ep")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,187 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
Ali_API="https://alidns.aliyuncs.com/" |
||||
|
|
||||
|
#Ali_Key="LTqIA87hOKdjevsf5" |
||||
|
#Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2" |
||||
|
|
||||
|
#Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_ali_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then |
||||
|
Ali_Key="" |
||||
|
Ali_Secret="" |
||||
|
_err "You don't specify aliyun api key and secret yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the api key and secret to the account conf file. |
||||
|
_saveaccountconf Ali_Key "$Ali_Key" |
||||
|
_saveaccountconf Ali_Secret "$Ali_Secret" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "Add record" |
||||
|
_add_record_query "$_domain" "$_sub_domain" "$txtvalue" && _ali_rest "Add record" |
||||
|
} |
||||
|
|
||||
|
dns_ali_rm() { |
||||
|
fulldomain=$1 |
||||
|
_clean |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=2 |
||||
|
p=1 |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_describe_records_query "$h" |
||||
|
if ! _ali_rest "Get root" "ignore"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "PageNumber"; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_domain="$h" |
||||
|
_debug _domain "$_domain" |
||||
|
return 0 |
||||
|
fi |
||||
|
p="$i" |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_ali_rest() { |
||||
|
signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64) |
||||
|
signature=$(_ali_urlencode "$signature") |
||||
|
url="$Ali_API?$query&Signature=$signature" |
||||
|
|
||||
|
if ! response="$(_get "$url")"; then |
||||
|
_err "Error <$1>" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$2" ]; then |
||||
|
message="$(printf "%s" "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")" |
||||
|
if [ -n "$message" ]; then |
||||
|
_err "$message" |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_ali_urlencode() { |
||||
|
_str="$1" |
||||
|
_str_len=${#_str} |
||||
|
_u_i=1 |
||||
|
while [ "$_u_i" -le "$_str_len" ]; do |
||||
|
_str_c="$(printf "%s" "$_str" | cut -c "$_u_i")" |
||||
|
case $_str_c in [a-zA-Z0-9.~_-]) |
||||
|
printf "%s" "$_str_c" |
||||
|
;; |
||||
|
*) |
||||
|
printf "%%%02X" "'$_str_c" |
||||
|
;; |
||||
|
esac |
||||
|
_u_i="$(_math "$_u_i" + 1)" |
||||
|
done |
||||
|
} |
||||
|
|
||||
|
_ali_nonce() { |
||||
|
#_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31 |
||||
|
#Not so good... |
||||
|
date +"%s%N" |
||||
|
} |
||||
|
|
||||
|
_check_exist_query() { |
||||
|
query='' |
||||
|
query=$query'AccessKeyId='$Ali_Key |
||||
|
query=$query'&Action=DescribeDomainRecords' |
||||
|
query=$query'&DomainName='$1 |
||||
|
query=$query'&Format=json' |
||||
|
query=$query'&RRKeyWord=_acme-challenge' |
||||
|
query=$query'&SignatureMethod=HMAC-SHA1' |
||||
|
query=$query"&SignatureNonce=$(_ali_nonce)" |
||||
|
query=$query'&SignatureVersion=1.0' |
||||
|
query=$query'&Timestamp='$(_timestamp) |
||||
|
query=$query'&TypeKeyWord=TXT' |
||||
|
query=$query'&Version=2015-01-09' |
||||
|
} |
||||
|
|
||||
|
_add_record_query() { |
||||
|
query='' |
||||
|
query=$query'AccessKeyId='$Ali_Key |
||||
|
query=$query'&Action=AddDomainRecord' |
||||
|
query=$query'&DomainName='$1 |
||||
|
query=$query'&Format=json' |
||||
|
query=$query'&RR='$2 |
||||
|
query=$query'&SignatureMethod=HMAC-SHA1' |
||||
|
query=$query"&SignatureNonce=$(_ali_nonce)" |
||||
|
query=$query'&SignatureVersion=1.0' |
||||
|
query=$query'&Timestamp='$(_timestamp) |
||||
|
query=$query'&Type=TXT' |
||||
|
query=$query'&Value='$3 |
||||
|
query=$query'&Version=2015-01-09' |
||||
|
} |
||||
|
|
||||
|
_delete_record_query() { |
||||
|
query='' |
||||
|
query=$query'AccessKeyId='$Ali_Key |
||||
|
query=$query'&Action=DeleteDomainRecord' |
||||
|
query=$query'&Format=json' |
||||
|
query=$query'&RecordId='$1 |
||||
|
query=$query'&SignatureMethod=HMAC-SHA1' |
||||
|
query=$query"&SignatureNonce=$(_ali_nonce)" |
||||
|
query=$query'&SignatureVersion=1.0' |
||||
|
query=$query'&Timestamp='$(_timestamp) |
||||
|
query=$query'&Version=2015-01-09' |
||||
|
} |
||||
|
|
||||
|
_describe_records_query() { |
||||
|
query='' |
||||
|
query=$query'AccessKeyId='$Ali_Key |
||||
|
query=$query'&Action=DescribeDomainRecords' |
||||
|
query=$query'&DomainName='$1 |
||||
|
query=$query'&Format=json' |
||||
|
query=$query'&SignatureMethod=HMAC-SHA1' |
||||
|
query=$query"&SignatureNonce=$(_ali_nonce)" |
||||
|
query=$query'&SignatureVersion=1.0' |
||||
|
query=$query'&Timestamp='$(_timestamp) |
||||
|
query=$query'&Version=2015-01-09' |
||||
|
} |
||||
|
|
||||
|
_clean() { |
||||
|
_check_exist_query "$_domain" |
||||
|
if ! _ali_rest "Check exist records" "ignore"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
records="$(echo "$response" -n | _egrep_o "\"RecordId\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")" |
||||
|
printf "%s" "$records" \ |
||||
|
| while read -r record_id; do |
||||
|
_delete_record_query "$record_id" |
||||
|
_ali_rest "Delete record $record_id" "ignore" |
||||
|
done |
||||
|
} |
||||
|
|
||||
|
_timestamp() { |
||||
|
date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ" |
||||
|
} |
@ -0,0 +1,227 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# |
||||
|
#AWS_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje" |
||||
|
# |
||||
|
#AWS_SECRET_ACCESS_KEY="xxxxxxx" |
||||
|
|
||||
|
#This is the Amazon Route53 api wrapper for acme.sh |
||||
|
|
||||
|
AWS_HOST="route53.amazonaws.com" |
||||
|
AWS_URL="https://$AWS_HOST" |
||||
|
|
||||
|
AWS_WIKI="https://github.com/Neilpang/acme.sh/wiki/How-to-use-Amazon-Route53-API" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_aws_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then |
||||
|
AWS_ACCESS_KEY_ID="" |
||||
|
AWS_SECRET_ACCESS_KEY="" |
||||
|
_err "You don't specify aws route53 api key id and and api key secret yet." |
||||
|
_err "Please create you key and try again. see $(__green $AWS_WIKI)" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$AWS_SESSION_TOKEN" ]; then |
||||
|
_saveaccountconf AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID" |
||||
|
_saveaccountconf AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY" |
||||
|
fi |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_aws_tmpl_xml="<ChangeResourceRecordSetsRequest xmlns=\"https://route53.amazonaws.com/doc/2013-04-01/\"><ChangeBatch><Changes><Change><Action>UPSERT</Action><ResourceRecordSet><Name>$fulldomain</Name><Type>TXT</Type><TTL>300</TTL><ResourceRecords><ResourceRecord><Value>\"$txtvalue\"</Value></ResourceRecord></ResourceRecords></ResourceRecordSet></Change></Changes></ChangeBatch></ChangeResourceRecordSetsRequest>" |
||||
|
|
||||
|
if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then |
||||
|
_info "txt record updated success." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#fulldomain txtvalue |
||||
|
dns_aws_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_aws_tmpl_xml="<ChangeResourceRecordSetsRequest xmlns=\"https://route53.amazonaws.com/doc/2013-04-01/\"><ChangeBatch><Changes><Change><Action>DELETE</Action><ResourceRecordSet><ResourceRecords><ResourceRecord><Value>\"$txtvalue\"</Value></ResourceRecord></ResourceRecords><Name>$fulldomain.</Name><Type>TXT</Type><TTL>300</TTL></ResourceRecordSet></Change></Changes></ChangeBatch></ChangeResourceRecordSetsRequest>" |
||||
|
|
||||
|
if aws_rest POST "2013-04-01$_domain_id/rrset/" "" "$_aws_tmpl_xml" && _contains "$response" "ChangeResourceRecordSetsResponse"; then |
||||
|
_info "txt record deleted success." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
|
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=2 |
||||
|
p=1 |
||||
|
|
||||
|
if aws_rest GET "2013-04-01/hostedzone"; then |
||||
|
_debug "response" "$response" |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "<Name>$h.</Name>"; then |
||||
|
hostedzone="$(echo "$response" | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<.HostedZone>")" |
||||
|
_debug hostedzone "$hostedzone" |
||||
|
if [ -z "$hostedzone" ]; then |
||||
|
_err "Error, can not get hostedzone." |
||||
|
return 1 |
||||
|
fi |
||||
|
_domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "<Id>.*<.Id>" | head -n 1 | _egrep_o ">.*<" | tr -d "<>") |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
fi |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#method uri qstr data |
||||
|
aws_rest() { |
||||
|
mtd="$1" |
||||
|
ep="$2" |
||||
|
qsr="$3" |
||||
|
data="$4" |
||||
|
|
||||
|
_debug mtd "$mtd" |
||||
|
_debug ep "$ep" |
||||
|
_debug qsr "$qsr" |
||||
|
_debug data "$data" |
||||
|
|
||||
|
CanonicalURI="/$ep" |
||||
|
_debug2 CanonicalURI "$CanonicalURI" |
||||
|
|
||||
|
CanonicalQueryString="$qsr" |
||||
|
_debug2 CanonicalQueryString "$CanonicalQueryString" |
||||
|
|
||||
|
RequestDate="$(date -u +"%Y%m%dT%H%M%SZ")" |
||||
|
_debug2 RequestDate "$RequestDate" |
||||
|
|
||||
|
#RequestDate="20161120T141056Z" ############## |
||||
|
|
||||
|
export _H1="x-amz-date: $RequestDate" |
||||
|
|
||||
|
aws_host="$AWS_HOST" |
||||
|
CanonicalHeaders="host:$aws_host\nx-amz-date:$RequestDate\n" |
||||
|
SignedHeaders="host;x-amz-date" |
||||
|
if [ -n "$AWS_SESSION_TOKEN" ]; then |
||||
|
export _H2="x-amz-security-token: $AWS_SESSION_TOKEN" |
||||
|
CanonicalHeaders="${CanonicalHeaders}x-amz-security-token:$AWS_SESSION_TOKEN\n" |
||||
|
SignedHeaders="${SignedHeaders};x-amz-security-token" |
||||
|
fi |
||||
|
_debug2 CanonicalHeaders "$CanonicalHeaders" |
||||
|
_debug2 SignedHeaders "$SignedHeaders" |
||||
|
|
||||
|
RequestPayload="$data" |
||||
|
_debug2 RequestPayload "$RequestPayload" |
||||
|
|
||||
|
Hash="sha256" |
||||
|
|
||||
|
CanonicalRequest="$mtd\n$CanonicalURI\n$CanonicalQueryString\n$CanonicalHeaders\n$SignedHeaders\n$(printf "%s" "$RequestPayload" | _digest "$Hash" hex)" |
||||
|
_debug2 CanonicalRequest "$CanonicalRequest" |
||||
|
|
||||
|
HashedCanonicalRequest="$(printf "$CanonicalRequest%s" | _digest "$Hash" hex)" |
||||
|
_debug2 HashedCanonicalRequest "$HashedCanonicalRequest" |
||||
|
|
||||
|
Algorithm="AWS4-HMAC-SHA256" |
||||
|
_debug2 Algorithm "$Algorithm" |
||||
|
|
||||
|
RequestDateOnly="$(echo "$RequestDate" | cut -c 1-8)" |
||||
|
_debug2 RequestDateOnly "$RequestDateOnly" |
||||
|
|
||||
|
Region="us-east-1" |
||||
|
Service="route53" |
||||
|
|
||||
|
CredentialScope="$RequestDateOnly/$Region/$Service/aws4_request" |
||||
|
_debug2 CredentialScope "$CredentialScope" |
||||
|
|
||||
|
StringToSign="$Algorithm\n$RequestDate\n$CredentialScope\n$HashedCanonicalRequest" |
||||
|
|
||||
|
_debug2 StringToSign "$StringToSign" |
||||
|
|
||||
|
kSecret="AWS4$AWS_SECRET_ACCESS_KEY" |
||||
|
|
||||
|
#kSecret="wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY" ############################ |
||||
|
|
||||
|
_debug2 kSecret "$kSecret" |
||||
|
|
||||
|
kSecretH="$(printf "%s" "$kSecret" | _hex_dump | tr -d " ")" |
||||
|
_debug2 kSecretH "$kSecretH" |
||||
|
|
||||
|
kDateH="$(printf "$RequestDateOnly%s" | _hmac "$Hash" "$kSecretH" hex)" |
||||
|
_debug2 kDateH "$kDateH" |
||||
|
|
||||
|
kRegionH="$(printf "$Region%s" | _hmac "$Hash" "$kDateH" hex)" |
||||
|
_debug2 kRegionH "$kRegionH" |
||||
|
|
||||
|
kServiceH="$(printf "$Service%s" | _hmac "$Hash" "$kRegionH" hex)" |
||||
|
_debug2 kServiceH "$kServiceH" |
||||
|
|
||||
|
kSigningH="$(printf "aws4_request%s" | _hmac "$Hash" "$kServiceH" hex)" |
||||
|
_debug2 kSigningH "$kSigningH" |
||||
|
|
||||
|
signature="$(printf "$StringToSign%s" | _hmac "$Hash" "$kSigningH" hex)" |
||||
|
_debug2 signature "$signature" |
||||
|
|
||||
|
Authorization="$Algorithm Credential=$AWS_ACCESS_KEY_ID/$CredentialScope, SignedHeaders=$SignedHeaders, Signature=$signature" |
||||
|
_debug2 Authorization "$Authorization" |
||||
|
|
||||
|
_H3="Authorization: $Authorization" |
||||
|
_debug _H3 "$_H3" |
||||
|
|
||||
|
url="$AWS_URL/$ep" |
||||
|
|
||||
|
if [ "$mtd" = "GET" ]; then |
||||
|
response="$(_get "$url")" |
||||
|
else |
||||
|
response="$(_post "$data" "$url")" |
||||
|
fi |
||||
|
|
||||
|
_ret="$?" |
||||
|
if [ "$_ret" = "0" ]; then |
||||
|
if _contains "$response" "<ErrorResponse"; then |
||||
|
_err "Response error:$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
return "$_ret" |
||||
|
} |
@ -0,0 +1,375 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#This file name is "dns_freedns.sh" |
||||
|
#So, here must be a method dns_freedns_add() |
||||
|
#Which will be called by acme.sh to add the txt record to your api system. |
||||
|
#returns 0 means success, otherwise error. |
||||
|
# |
||||
|
#Author: David Kerr |
||||
|
#Report Bugs here: https://github.com/dkerr64/acme.sh |
||||
|
# |
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
# Export FreeDNS userid and password in folowing variables... |
||||
|
# FREEDNS_User=username |
||||
|
# FREEDNS_Password=password |
||||
|
# login cookie is saved in acme account config file so userid / pw |
||||
|
# need to be set only when changed. |
||||
|
|
||||
|
#Usage: dns_freedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_freedns_add() { |
||||
|
fulldomain="$1" |
||||
|
txtvalue="$2" |
||||
|
|
||||
|
_info "Add TXT record using FreeDNS" |
||||
|
_debug "fulldomain: $fulldomain" |
||||
|
_debug "txtvalue: $txtvalue" |
||||
|
|
||||
|
if [ -z "$FREEDNS_User" ] || [ -z "$FREEDNS_Password" ]; then |
||||
|
FREEDNS_User="" |
||||
|
FREEDNS_Password="" |
||||
|
if [ -z "$FREEDNS_COOKIE" ]; then |
||||
|
_err "You did not specify the FreeDNS username and password yet." |
||||
|
_err "Please export as FREEDNS_User / FREEDNS_Password and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
using_cached_cookies="true" |
||||
|
else |
||||
|
FREEDNS_COOKIE="$(_freedns_login "$FREEDNS_User" "$FREEDNS_Password")" |
||||
|
if [ -z "$FREEDNS_COOKIE" ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
using_cached_cookies="false" |
||||
|
fi |
||||
|
|
||||
|
_debug "FreeDNS login cookies: $FREEDNS_COOKIE (cached = $using_cached_cookies)" |
||||
|
|
||||
|
_saveaccountconf FREEDNS_COOKIE "$FREEDNS_COOKIE" |
||||
|
|
||||
|
# split our full domain name into two parts... |
||||
|
i="$(echo "$fulldomain" | tr '.' ' ' | wc -w)" |
||||
|
i="$(_math "$i" - 1)" |
||||
|
top_domain="$(echo "$fulldomain" | cut -d. -f "$i"-100)" |
||||
|
i="$(_math "$i" - 1)" |
||||
|
sub_domain="$(echo "$fulldomain" | cut -d. -f -"$i")" |
||||
|
|
||||
|
# Sometimes FreeDNS does not reurn the subdomain page but rather |
||||
|
# returns a page regarding becoming a premium member. This usually |
||||
|
# happens after a period of inactivity. Immediately trying again |
||||
|
# returns the correct subdomain page. So, we will try twice to |
||||
|
# load the page and obtain our domain ID |
||||
|
attempts=2 |
||||
|
while [ "$attempts" -gt "0" ]; do |
||||
|
attempts="$(_math "$attempts" - 1)" |
||||
|
|
||||
|
htmlpage="$(_freedns_retrieve_subdomain_page "$FREEDNS_COOKIE")" |
||||
|
if [ "$?" != "0" ]; then |
||||
|
if [ "$using_cached_cookies" = "true" ]; then |
||||
|
_err "Has your FreeDNS username and password channged? If so..." |
||||
|
_err "Please export as FREEDNS_User / FREEDNS_Password and try again." |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# Now convert the tables in the HTML to CSV. This litte gem from |
||||
|
# http://stackoverflow.com/questions/1403087/how-can-i-convert-an-html-table-to-csv |
||||
|
subdomain_csv="$(echo "$htmlpage" \ |
||||
|
| grep -i -e '</\?TABLE\|</\?TD\|</\?TR\|</\?TH' \ |
||||
|
| sed 's/^[\ \t]*//g' \ |
||||
|
| tr -d '\n' \ |
||||
|
| sed 's/<\/TR[^>]*>/\n/Ig' \ |
||||
|
| sed 's/<\/\?\(TABLE\|TR\)[^>]*>//Ig' \ |
||||
|
| sed 's/^<T[DH][^>]*>\|<\/\?T[DH][^>]*>$//Ig' \ |
||||
|
| sed 's/<\/T[DH][^>]*><T[DH][^>]*>/,/Ig' \ |
||||
|
| grep 'edit.php?' \ |
||||
|
| grep "$top_domain")" |
||||
|
# The above beauty ends with striping out rows that do not have an |
||||
|
# href to edit.php and do not have the top domain we are looking for. |
||||
|
# So all we should be left with is CSV of table of subdomains we are |
||||
|
# interested in. |
||||
|
|
||||
|
# Now we have to read through this table and extract the data we need |
||||
|
lines="$(echo "$subdomain_csv" | wc -l)" |
||||
|
nl=' |
||||
|
' |
||||
|
i=0 |
||||
|
found=0 |
||||
|
while [ "$i" -lt "$lines" ]; do |
||||
|
i="$(_math "$i" + 1)" |
||||
|
line="$(echo "$subdomain_csv" | cut -d "$nl" -f "$i")" |
||||
|
tmp="$(echo "$line" | cut -d ',' -f 1)" |
||||
|
if [ $found = 0 ] && _startswith "$tmp" "<td>$top_domain"; then |
||||
|
# this line will contain DNSdomainid for the top_domain |
||||
|
DNSdomainid="$(echo "$line" | cut -d ',' -f 2 | sed 's/^.*domain_id=//;s/>.*//')" |
||||
|
found=1 |
||||
|
else |
||||
|
# lines contain DNS records for all subdomains |
||||
|
DNSname="$(echo "$line" | cut -d ',' -f 2 | sed 's/^[^>]*>//;s/<\/a>.*//')" |
||||
|
DNStype="$(echo "$line" | cut -d ',' -f 3)" |
||||
|
if [ "$DNSname" = "$fulldomain" ] && [ "$DNStype" = "TXT" ]; then |
||||
|
DNSdataid="$(echo "$line" | cut -d ',' -f 2 | sed 's/^.*data_id=//;s/>.*//')" |
||||
|
# Now get current value for the TXT record. This method may |
||||
|
# not produce accurate results as the value field is truncated |
||||
|
# on this webpage. To get full value we would need to load |
||||
|
# another page. However we don't really need this so long as |
||||
|
# there is only one TXT record for the acme chalenge subdomain. |
||||
|
DNSvalue="$(echo "$line" | cut -d ',' -f 4 | sed 's/^[^"]*"//;s/".*//;s/<\/td>.*//')" |
||||
|
if [ $found != 0 ]; then |
||||
|
break |
||||
|
# we are breaking out of the loop at the first match of DNS name |
||||
|
# and DNS type (if we are past finding the domainid). This assumes |
||||
|
# that there is only ever one TXT record for the LetsEncrypt/acme |
||||
|
# challenge subdomain. This seems to be a reasonable assumption |
||||
|
# as the acme client deletes the TXT record on successful validation. |
||||
|
fi |
||||
|
else |
||||
|
DNSname="" |
||||
|
DNStype="" |
||||
|
fi |
||||
|
fi |
||||
|
done |
||||
|
|
||||
|
_debug "DNSname: $DNSname DNStype: $DNStype DNSdomainid: $DNSdomainid DNSdataid: $DNSdataid" |
||||
|
_debug "DNSvalue: $DNSvalue" |
||||
|
|
||||
|
if [ -z "$DNSdomainid" ]; then |
||||
|
# If domain ID is empty then something went wrong (top level |
||||
|
# domain not found at FreeDNS). |
||||
|
if [ "$attempts" = "0" ]; then |
||||
|
# exhausted maximum retry attempts |
||||
|
_debug "$htmlpage" |
||||
|
_debug "$subdomain_csv" |
||||
|
_err "Domain $top_domain not found at FreeDNS" |
||||
|
return 1 |
||||
|
fi |
||||
|
else |
||||
|
# break out of the 'retry' loop... we have found our domain ID |
||||
|
break |
||||
|
fi |
||||
|
_info "Domain $top_domain not found at FreeDNS" |
||||
|
_info "Retry loading subdomain page ($attempts attempts remaining)" |
||||
|
done |
||||
|
|
||||
|
if [ -z "$DNSdataid" ]; then |
||||
|
# If data ID is empty then specific subdomain does not exist yet, need |
||||
|
# to create it this should always be the case as the acme client |
||||
|
# deletes the entry after domain is validated. |
||||
|
_freedns_add_txt_record "$FREEDNS_COOKIE" "$DNSdomainid" "$sub_domain" "$txtvalue" |
||||
|
return $? |
||||
|
else |
||||
|
if [ "$txtvalue" = "$DNSvalue" ]; then |
||||
|
# if value in TXT record matches value requested then DNS record |
||||
|
# does not need to be updated. But... |
||||
|
# Testing value match fails. Website is truncating the value field. |
||||
|
# So for now we will always go down the else path. Though in theory |
||||
|
# should never come here anyway as the acme client deletes |
||||
|
# the TXT record on successful validation, so we should not even |
||||
|
# have found a TXT record !! |
||||
|
_info "No update necessary for $fulldomain at FreeDNS" |
||||
|
return 0 |
||||
|
else |
||||
|
# Delete the old TXT record (with the wrong value) |
||||
|
_freedns_delete_txt_record "$FREEDNS_COOKIE" "$DNSdataid" |
||||
|
if [ "$?" = "0" ]; then |
||||
|
# And add in new TXT record with the value provided |
||||
|
_freedns_add_txt_record "$FREEDNS_COOKIE" "$DNSdomainid" "$sub_domain" "$txtvalue" |
||||
|
fi |
||||
|
return $? |
||||
|
fi |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#Usage: fulldomain txtvalue |
||||
|
#Remove the txt record after validation. |
||||
|
dns_freedns_rm() { |
||||
|
fulldomain="$1" |
||||
|
txtvalue="$2" |
||||
|
|
||||
|
_info "Delete TXT record using FreeDNS" |
||||
|
_debug "fulldomain: $fulldomain" |
||||
|
_debug "txtvalue: $txtvalue" |
||||
|
|
||||
|
# Need to read cookie from conf file again in case new value set |
||||
|
# during login to FreeDNS when TXT record was created. |
||||
|
# acme.sh does not have a _readaccountconf() fuction |
||||
|
FREEDNS_COOKIE="$(_read_conf "$ACCOUNT_CONF_PATH" "FREEDNS_COOKIE")" |
||||
|
_debug "FreeDNS login cookies: $FREEDNS_COOKIE" |
||||
|
|
||||
|
# Sometimes FreeDNS does not reurn the subdomain page but rather |
||||
|
# returns a page regarding becoming a premium member. This usually |
||||
|
# happens after a period of inactivity. Immediately trying again |
||||
|
# returns the correct subdomain page. So, we will try twice to |
||||
|
# load the page and obtain our TXT record. |
||||
|
attempts=2 |
||||
|
while [ "$attempts" -gt "0" ]; do |
||||
|
attempts="$(_math "$attempts" - 1)" |
||||
|
|
||||
|
htmlpage="$(_freedns_retrieve_subdomain_page "$FREEDNS_COOKIE")" |
||||
|
if [ "$?" != "0" ]; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# Now convert the tables in the HTML to CSV. This litte gem from |
||||
|
# http://stackoverflow.com/questions/1403087/how-can-i-convert-an-html-table-to-csv |
||||
|
subdomain_csv="$(echo "$htmlpage" \ |
||||
|
| grep -i -e '</\?TABLE\|</\?TD\|</\?TR\|</\?TH' \ |
||||
|
| sed 's/^[\ \t]*//g' \ |
||||
|
| tr -d '\n' \ |
||||
|
| sed 's/<\/TR[^>]*>/\n/Ig' \ |
||||
|
| sed 's/<\/\?\(TABLE\|TR\)[^>]*>//Ig' \ |
||||
|
| sed 's/^<T[DH][^>]*>\|<\/\?T[DH][^>]*>$//Ig' \ |
||||
|
| sed 's/<\/T[DH][^>]*><T[DH][^>]*>/,/Ig' \ |
||||
|
| grep 'edit.php?' \ |
||||
|
| grep "$fulldomain")" |
||||
|
# The above beauty ends with striping out rows that do not have an |
||||
|
# href to edit.php and do not have the domain name we are looking for. |
||||
|
# So all we should be left with is CSV of table of subdomains we are |
||||
|
# interested in. |
||||
|
|
||||
|
# Now we have to read through this table and extract the data we need |
||||
|
lines="$(echo "$subdomain_csv" | wc -l)" |
||||
|
nl=' |
||||
|
' |
||||
|
i=0 |
||||
|
found=0 |
||||
|
while [ "$i" -lt "$lines" ]; do |
||||
|
i="$(_math "$i" + 1)" |
||||
|
line="$(echo "$subdomain_csv" | cut -d "$nl" -f "$i")" |
||||
|
DNSname="$(echo "$line" | cut -d ',' -f 2 | sed 's/^[^>]*>//;s/<\/a>.*//')" |
||||
|
DNStype="$(echo "$line" | cut -d ',' -f 3)" |
||||
|
if [ "$DNSname" = "$fulldomain" ] && [ "$DNStype" = "TXT" ]; then |
||||
|
DNSdataid="$(echo "$line" | cut -d ',' -f 2 | sed 's/^.*data_id=//;s/>.*//')" |
||||
|
DNSvalue="$(echo "$line" | cut -d ',' -f 4 | sed 's/^[^"]*"//;s/".*//;s/<\/td>.*//')" |
||||
|
_debug "DNSvalue: $DNSvalue" |
||||
|
# if [ "$DNSvalue" = "$txtvalue" ]; then |
||||
|
# Testing value match fails. Website is truncating the value |
||||
|
# field. So for now we will assume that there is only one TXT |
||||
|
# field for the sub domain and just delete it. Currently this |
||||
|
# is a safe assumption. |
||||
|
_freedns_delete_txt_record "$FREEDNS_COOKIE" "$DNSdataid" |
||||
|
return $? |
||||
|
# fi |
||||
|
fi |
||||
|
done |
||||
|
done |
||||
|
|
||||
|
# If we get this far we did not find a match (after two attempts) |
||||
|
# Not necessarily an error, but log anyway. |
||||
|
_debug2 "$subdomain_csv" |
||||
|
_info "Cannot delete TXT record for $fulldomain/$txtvalue. Does not exist at FreeDNS" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
# usage: _freedns_login username password |
||||
|
# print string "cookie=value" etc. |
||||
|
# returns 0 success |
||||
|
_freedns_login() { |
||||
|
export _H1="Accept-Language:en-US" |
||||
|
username="$1" |
||||
|
password="$2" |
||||
|
url="https://freedns.afraid.org/zc.php?step=2" |
||||
|
|
||||
|
_debug "Login to FreeDNS as user $username" |
||||
|
|
||||
|
htmlpage="$(_post "username=$(printf '%s' "$username" | _url_encode)&password=$(printf '%s' "$password" | _url_encode)&submit=Login&action=auth" "$url")" |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "FreeDNS login failed for user $username bad RC from _post" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
cookies="$(grep -i '^Set-Cookie.*dns_cookie.*$' "$HTTP_HEADER" | _head_n 1 | tr -d "\r\n" | cut -d " " -f 2)" |
||||
|
|
||||
|
# if cookies is not empty then logon successful |
||||
|
if [ -z "$cookies" ]; then |
||||
|
_debug "$htmlpage" |
||||
|
_err "FreeDNS login failed for user $username. Check $HTTP_HEADER file" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
printf "%s" "$cookies" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# usage _freedns_retrieve_subdomain_page login_cookies |
||||
|
# echo page retrieved (html) |
||||
|
# returns 0 success |
||||
|
_freedns_retrieve_subdomain_page() { |
||||
|
export _H1="Cookie:$1" |
||||
|
export _H2="Accept-Language:en-US" |
||||
|
url="https://freedns.afraid.org/subdomain/" |
||||
|
|
||||
|
_debug "Retrieve subdmoain page from FreeDNS" |
||||
|
|
||||
|
htmlpage="$(_get "$url")" |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "FreeDNS retrieve subdomins failed bad RC from _get" |
||||
|
return 1 |
||||
|
elif [ -z "$htmlpage" ]; then |
||||
|
_err "FreeDNS returned empty subdomain page" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug2 "$htmlpage" |
||||
|
|
||||
|
printf "%s" "$htmlpage" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# usage _freedns_add_txt_record login_cookies domain_id subdomain value |
||||
|
# returns 0 success |
||||
|
_freedns_add_txt_record() { |
||||
|
export _H1="Cookie:$1" |
||||
|
export _H2="Accept-Language:en-US" |
||||
|
domain_id="$2" |
||||
|
subdomain="$3" |
||||
|
value="$(printf '%s' "$4" | _url_encode)" |
||||
|
url="http://freedns.afraid.org/subdomain/save.php?step=2" |
||||
|
|
||||
|
htmlpage="$(_post "type=TXT&domain_id=$domain_id&subdomain=$subdomain&address=%22$value%22&send=Save%21" "$url")" |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "FreeDNS failed to add TXT record for $subdomain bad RC from _post" |
||||
|
return 1 |
||||
|
elif ! grep "200 OK" "$HTTP_HEADER" >/dev/null; then |
||||
|
_debug "$htmlpage" |
||||
|
_err "FreeDNS failed to add TXT record for $subdomain. Check $HTTP_HEADER file" |
||||
|
return 1 |
||||
|
elif _contains "$htmlpage" "security code was incorrect"; then |
||||
|
_debug "$htmlpage" |
||||
|
_err "FreeDNS failed to add TXT record for $subdomain as FreeDNS requested seurity code" |
||||
|
_err "Note that you cannot use automatic DNS validation for FreeDNS public domains" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug2 "$htmlpage" |
||||
|
_info "Added acme challenge TXT record for $fulldomain at FreeDNS" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
# usage _freedns_delete_txt_record login_cookies data_id |
||||
|
# returns 0 success |
||||
|
_freedns_delete_txt_record() { |
||||
|
export _H1="Cookie:$1" |
||||
|
export _H2="Accept-Language:en-US" |
||||
|
data_id="$2" |
||||
|
url="https://freedns.afraid.org/subdomain/delete2.php" |
||||
|
|
||||
|
htmlheader="$(_get "$url?data_id%5B%5D=$data_id&submit=delete+selected" "onlyheader")" |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "FreeDNS failed to delete TXT record for $data_id bad RC from _get" |
||||
|
return 1 |
||||
|
elif ! _contains "$htmlheader" "200 OK"; then |
||||
|
_debug "$htmlheader" |
||||
|
_err "FreeDNS failed to delete TXT record $data_id" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Deleted acme challenge TXT record for $fulldomain at FreeDNS" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,177 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# ISPConfig 3.1 API |
||||
|
# User must provide login data and URL to the ISPConfig installation incl. port. The remote user in ISPConfig must have access to: |
||||
|
# - DNS zone Functions |
||||
|
# - DNS txt Functions |
||||
|
|
||||
|
# Report bugs to https://github.com/sjau/acme.sh |
||||
|
|
||||
|
# Values to export: |
||||
|
# export ISPC_User="remoteUser" |
||||
|
# export ISPC_Password="remotePassword" |
||||
|
# export ISPC_Api="https://ispc.domain.tld:8080/remote/json.php" |
||||
|
# export ISPC_Api_Insecure=1 # Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1) |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_ispconfig_add() { |
||||
|
fulldomain="${1}" |
||||
|
txtvalue="${2}" |
||||
|
_debug "Calling: dns_ispconfig_add() '${fulldomain}' '${txtvalue}'" |
||||
|
_ISPC_credentials && _ISPC_login && _ISPC_getZoneInfo && _ISPC_addTxt |
||||
|
} |
||||
|
|
||||
|
#Usage: dns_myapi_rm _acme-challenge.www.domain.com |
||||
|
dns_ispconfig_rm() { |
||||
|
fulldomain="${1}" |
||||
|
_debug "Calling: dns_ispconfig_rm() '${fulldomain}'" |
||||
|
_ISPC_credentials && _ISPC_login && _ISPC_rmTxt |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_ISPC_credentials() { |
||||
|
if [ -z "${ISPC_User}" ] || [ -z "$ISPC_Password" ] || [ -z "${ISPC_Api}" ] || [ -z "${ISPC_Api_Insecure}" ]; then |
||||
|
ISPC_User="" |
||||
|
ISPC_Password="" |
||||
|
ISPC_Api="" |
||||
|
ISPC_Api_Insecure="" |
||||
|
_err "You haven't specified the ISPConfig Login data, URL and whether you want check the ISPC SSL cert. Please try again." |
||||
|
return 1 |
||||
|
else |
||||
|
_saveaccountconf ISPC_User "${ISPC_User}" |
||||
|
_saveaccountconf ISPC_Password "${ISPC_Password}" |
||||
|
_saveaccountconf ISPC_Api "${ISPC_Api}" |
||||
|
_saveaccountconf ISPC_Api_Insecure "${ISPC_Api_Insecure}" |
||||
|
# Set whether curl should use secure or insecure mode |
||||
|
export HTTPS_INSECURE="${ISPC_Api_Insecure}" |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
_ISPC_login() { |
||||
|
_info "Getting Session ID" |
||||
|
curData="{\"username\":\"${ISPC_User}\",\"password\":\"${ISPC_Password}\",\"client_login\":false}" |
||||
|
curResult="$(_post "${curData}" "${ISPC_Api}?login")" |
||||
|
_debug "Calling _ISPC_login: '${curData}' '${ISPC_Api}?login'" |
||||
|
_debug "Result of _ISPC_login: '$curResult'" |
||||
|
if _contains "${curResult}" '"code":"ok"'; then |
||||
|
sessionID=$(echo "${curResult}" | _egrep_o "response.*" | cut -d ':' -f 2 | cut -d '"' -f 2) |
||||
|
_info "Retrieved Session ID." |
||||
|
_debug "Session ID: '${sessionID}'" |
||||
|
else |
||||
|
_err "Couldn't retrieve the Session ID." |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
_ISPC_getZoneInfo() { |
||||
|
_info "Getting Zoneinfo" |
||||
|
zoneEnd=false |
||||
|
curZone="${fulldomain}" |
||||
|
while [ "${zoneEnd}" = false ]; do |
||||
|
# we can strip the first part of the fulldomain, since it's just the _acme-challenge string |
||||
|
curZone="${curZone#*.}" |
||||
|
# suffix . needed for zone -> domain.tld. |
||||
|
curData="{\"session_id\":\"${sessionID}\",\"primary_id\":{\"origin\":\"${curZone}.\"}}" |
||||
|
curResult="$(_post "${curData}" "${ISPC_Api}?dns_zone_get")" |
||||
|
_debug "Calling _ISPC_getZoneInfo: '${curData}' '${ISPC_Api}?login'" |
||||
|
_debug "Result of _ISPC_getZoneInfo: '$curResult'" |
||||
|
if _contains "${curResult}" '"id":"'; then |
||||
|
zoneFound=true |
||||
|
zoneEnd=true |
||||
|
_info "Retrieved zone data." |
||||
|
_debug "Zone data: '${curResult}'" |
||||
|
fi |
||||
|
if [ "${curZone#*.}" != "$curZone" ]; then |
||||
|
_debug2 "$curZone still contains a '.' - so we can check next higher level" |
||||
|
else |
||||
|
zoneEnd=true |
||||
|
_err "Couldn't retrieve zone data." |
||||
|
return 1 |
||||
|
fi |
||||
|
done |
||||
|
if [ "${zoneFound}" ]; then |
||||
|
server_id=$(echo "${curResult}" | _egrep_o "server_id.*" | cut -d ':' -f 2 | cut -d '"' -f 2) |
||||
|
_debug "Server ID: '${server_id}'" |
||||
|
case "${server_id}" in |
||||
|
'' | *[!0-9]*) |
||||
|
_err "Server ID is not numeric." |
||||
|
return 1 |
||||
|
;; |
||||
|
*) _info "Retrieved Server ID" ;; |
||||
|
esac |
||||
|
zone=$(echo "${curResult}" | _egrep_o "\"id.*" | cut -d ':' -f 2 | cut -d '"' -f 2) |
||||
|
_debug "Zone: '${zone}'" |
||||
|
case "${zone}" in |
||||
|
'' | *[!0-9]*) |
||||
|
_err "Zone ID is not numeric." |
||||
|
return 1 |
||||
|
;; |
||||
|
*) _info "Retrieved Zone ID" ;; |
||||
|
esac |
||||
|
client_id=$(echo "${curResult}" | _egrep_o "sys_userid.*" | cut -d ':' -f 2 | cut -d '"' -f 2) |
||||
|
_debug "Client ID: '${client_id}'" |
||||
|
case "${client_id}" in |
||||
|
'' | *[!0-9]*) |
||||
|
_err "Client ID is not numeric." |
||||
|
return 1 |
||||
|
;; |
||||
|
*) _info "Retrieved Client ID." ;; |
||||
|
esac |
||||
|
zoneFound="" |
||||
|
zoneEnd="" |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
_ISPC_addTxt() { |
||||
|
curSerial="$(date +%s)" |
||||
|
curStamp="$(date +'%F %T')" |
||||
|
params="\"server_id\":\"${server_id}\",\"zone\":\"${zone}\",\"name\":\"${fulldomain}.\",\"type\":\"txt\",\"data\":\"${txtvalue}\",\"aux\":\"0\",\"ttl\":\"3600\",\"active\":\"y\",\"stamp\":\"${curStamp}\",\"serial\":\"${curSerial}\"" |
||||
|
curData="{\"session_id\":\"${sessionID}\",\"client_id\":\"${client_id}\",\"params\":{${params}}}" |
||||
|
curResult="$(_post "${curData}" "${ISPC_Api}?dns_txt_add")" |
||||
|
_debug "Calling _ISPC_addTxt: '${curData}' '${ISPC_Api}?dns_txt_add'" |
||||
|
_debug "Result of _ISPC_addTxt: '$curResult'" |
||||
|
record_id=$(echo "${curResult}" | _egrep_o "\"response.*" | cut -d ':' -f 2 | cut -d '"' -f 2) |
||||
|
_debug "Record ID: '${record_id}'" |
||||
|
case "${record_id}" in |
||||
|
'' | *[!0-9]*) |
||||
|
_err "Couldn't add ACME Challenge TXT record to zone." |
||||
|
return 1 |
||||
|
;; |
||||
|
*) _info "Added ACME Challenge TXT record to zone." ;; |
||||
|
esac |
||||
|
} |
||||
|
|
||||
|
_ISPC_rmTxt() { |
||||
|
# Need to get the record ID. |
||||
|
curData="{\"session_id\":\"${sessionID}\",\"primary_id\":{\"name\":\"${fulldomain}.\",\"type\":\"TXT\"}}" |
||||
|
curResult="$(_post "${curData}" "${ISPC_Api}?dns_txt_get")" |
||||
|
_debug "Calling _ISPC_rmTxt: '${curData}' '${ISPC_Api}?dns_txt_get'" |
||||
|
_debug "Result of _ISPC_rmTxt: '$curResult'" |
||||
|
if _contains "${curResult}" '"code":"ok"'; then |
||||
|
record_id=$(echo "${curResult}" | _egrep_o "\"id.*" | cut -d ':' -f 2 | cut -d '"' -f 2) |
||||
|
_debug "Record ID: '${record_id}'" |
||||
|
case "${record_id}" in |
||||
|
'' | *[!0-9]*) |
||||
|
_err "Record ID is not numeric." |
||||
|
return 1 |
||||
|
;; |
||||
|
*) |
||||
|
unset IFS |
||||
|
_info "Retrieved Record ID." |
||||
|
curData="{\"session_id\":\"${sessionID}\",\"primary_id\":\"${record_id}\"}" |
||||
|
curResult="$(_post "${curData}" "${ISPC_Api}?dns_txt_delete")" |
||||
|
_debug "Calling _ISPC_rmTxt: '${curData}' '${ISPC_Api}?dns_txt_delete'" |
||||
|
_debug "Result of _ISPC_rmTxt: '$curResult'" |
||||
|
if _contains "${curResult}" '"code":"ok"'; then |
||||
|
_info "Removed ACME Challenge TXT record from zone." |
||||
|
else |
||||
|
_err "Couldn't remove ACME Challenge TXT record from zone." |
||||
|
return 1 |
||||
|
fi |
||||
|
;; |
||||
|
esac |
||||
|
fi |
||||
|
} |
@ -0,0 +1,183 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Author: Philipp Grosswiler <philipp.grosswiler@swiss-design.net> |
||||
|
|
||||
|
LINODE_API_URL="https://api.linode.com/?api_key=$LINODE_API_KEY&api_action=" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: dns_linode_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_linode_add() { |
||||
|
fulldomain="${1}" |
||||
|
txtvalue="${2}" |
||||
|
|
||||
|
if ! _Linode_API; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Using Linode" |
||||
|
_debug "Calling: dns_linode_add() '${fulldomain}' '${txtvalue}'" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Domain does not exist." |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_parameters="&DomainID=$_domain_id&Type=TXT&Name=$_sub_domain&Target=$txtvalue" |
||||
|
|
||||
|
if _rest GET "domain.resource.create" "$_parameters" && [ -n "$response" ]; then |
||||
|
_resource_id=$(printf "%s\n" "$response" | _egrep_o "\"ResourceID\":\s*[0-9]+" | cut -d : -f 2 | tr -d " " | _head_n 1) |
||||
|
_debug _resource_id "$_resource_id" |
||||
|
|
||||
|
if [ -z "$_resource_id" ]; then |
||||
|
_err "Error adding the domain resource." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Domain resource successfully added." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#Usage: dns_linode_rm _acme-challenge.www.domain.com |
||||
|
dns_linode_rm() { |
||||
|
fulldomain="${1}" |
||||
|
|
||||
|
if ! _Linode_API; then |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Using Linode" |
||||
|
_debug "Calling: dns_linode_rm() '${fulldomain}'" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "Domain does not exist." |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_parameters="&DomainID=$_domain_id" |
||||
|
|
||||
|
if _rest GET "domain.resource.list" "$_parameters" && [ -n "$response" ]; then |
||||
|
response="$(echo "$response" | tr -d "\n" | sed 's/{/\n&/g')" |
||||
|
|
||||
|
resource="$(echo "$response" | _egrep_o "{.*\"NAME\":\s*\"$_sub_domain\".*}")" |
||||
|
if [ "$resource" ]; then |
||||
|
_resource_id=$(printf "%s\n" "$resource" | _egrep_o "\"RESOURCEID\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) |
||||
|
if [ "$_resource_id" ]; then |
||||
|
_debug _resource_id "$_resource_id" |
||||
|
|
||||
|
_parameters="&DomainID=$_domain_id&ResourceID=$_resource_id" |
||||
|
|
||||
|
if _rest GET "domain.resource.delete" "$_parameters" && [ -n "$response" ]; then |
||||
|
_resource_id=$(printf "%s\n" "$response" | _egrep_o "\"ResourceID\":\s*[0-9]+" | cut -d : -f 2 | tr -d " " | _head_n 1) |
||||
|
_debug _resource_id "$_resource_id" |
||||
|
|
||||
|
if [ -z "$_resource_id" ]; then |
||||
|
_err "Error deleting the domain resource." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Domain resource successfully deleted." |
||||
|
return 0 |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_Linode_API() { |
||||
|
if [ -z "$LINODE_API_KEY" ]; then |
||||
|
LINODE_API_KEY="" |
||||
|
|
||||
|
_err "You didn't specify the Linode API key yet." |
||||
|
_err "Please create your key and try again." |
||||
|
|
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_saveaccountconf LINODE_API_KEY "$LINODE_API_KEY" |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
# _domain_id=12345 |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=2 |
||||
|
p=1 |
||||
|
|
||||
|
if _rest GET "domain.list"; then |
||||
|
response="$(echo "$response" | tr -d "\n" | sed 's/{/\n&/g')" |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
hostedzone="$(echo "$response" | _egrep_o "{.*\"DOMAIN\":\s*\"$h\".*}")" |
||||
|
if [ "$hostedzone" ]; then |
||||
|
_domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "\"DOMAINID\":\s*[0-9]+" | _head_n 1 | cut -d : -f 2 | tr -d \ ) |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain=$h |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
fi |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#method method action data |
||||
|
_rest() { |
||||
|
mtd="$1" |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
|
||||
|
_debug mtd "$mtd" |
||||
|
_debug ep "$ep" |
||||
|
|
||||
|
export _H1="Accept: application/json" |
||||
|
export _H2="Content-Type: application/json" |
||||
|
|
||||
|
if [ "$mtd" != "GET" ]; then |
||||
|
# both POST and DELETE. |
||||
|
_debug data "$data" |
||||
|
response="$(_post "$data" "$LINODE_API_URL$ep" "" "$mtd")" |
||||
|
else |
||||
|
response="$(_get "$LINODE_API_URL$ep$data")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,58 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: dns_nsupdate_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_nsupdate_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
_checkKeyFile || return 1 |
||||
|
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost" |
||||
|
# save the dns server and key to the account conf file. |
||||
|
_saveaccountconf NSUPDATE_SERVER "${NSUPDATE_SERVER}" |
||||
|
_saveaccountconf NSUPDATE_KEY "${NSUPDATE_KEY}" |
||||
|
_info "adding ${fulldomain}. 60 in txt \"${txtvalue}\"" |
||||
|
nsupdate -k "${NSUPDATE_KEY}" <<EOF |
||||
|
server ${NSUPDATE_SERVER} |
||||
|
update add ${fulldomain}. 60 in txt "${txtvalue}" |
||||
|
send |
||||
|
EOF |
||||
|
if [ $? -ne 0 ]; then |
||||
|
_err "error updating domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#Usage: dns_nsupdate_rm _acme-challenge.www.domain.com |
||||
|
dns_nsupdate_rm() { |
||||
|
fulldomain=$1 |
||||
|
_checkKeyFile || return 1 |
||||
|
[ -n "${NSUPDATE_SERVER}" ] || NSUPDATE_SERVER="localhost" |
||||
|
_info "removing ${fulldomain}. txt" |
||||
|
nsupdate -k "${NSUPDATE_KEY}" <<EOF |
||||
|
server ${NSUPDATE_SERVER} |
||||
|
update delete ${fulldomain}. txt |
||||
|
send |
||||
|
EOF |
||||
|
if [ $? -ne 0 ]; then |
||||
|
_err "error updating domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_checkKeyFile() { |
||||
|
if [ -z "${NSUPDATE_KEY}" ]; then |
||||
|
_err "you must specify a path to the nsupdate key file" |
||||
|
return 1 |
||||
|
fi |
||||
|
if [ ! -r "${NSUPDATE_KEY}" ]; then |
||||
|
_err "key ${NSUPDATE_KEY} is unreadable" |
||||
|
return 1 |
||||
|
fi |
||||
|
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue