forked from Github/acme.sh
neil
6 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 319 additions and 5 deletions
-
1README.md
-
49deploy/README.md
-
92deploy/qiniu.sh
-
18dnsapi/README.md
-
141dnsapi/dns_active24.sh
-
2dnsapi/dns_dnsimple.sh
-
21dnsapi/dns_hostingde.sh
@ -0,0 +1,92 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Script to create certificate to qiniu.com |
|||
# |
|||
# This deployment required following variables |
|||
# export QINIU_AK="QINIUACCESSKEY" |
|||
# export QINIU_SK="QINIUSECRETKEY" |
|||
# export QINIU_CDN_DOMAIN="cdn.example.com" |
|||
|
|||
QINIU_API_BASE="https://api.qiniu.com" |
|||
|
|||
qiniu_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
if [ -z "$QINIU_AK" ]; then |
|||
_err "QINIU_AK is not defined." |
|||
return 1 |
|||
else |
|||
_savedomainconf QINIU_AK "$QINIU_AK" |
|||
fi |
|||
|
|||
if [ -z "$QINIU_SK" ]; then |
|||
_err "QINIU_SK is not defined." |
|||
return 1 |
|||
else |
|||
_savedomainconf QINIU_SK "$QINIU_SK" |
|||
fi |
|||
|
|||
if [ "$QINIU_CDN_DOMAIN" ]; then |
|||
_savedomainconf QINIU_CDN_DOMAIN "$QINIU_CDN_DOMAIN" |
|||
else |
|||
QINIU_CDN_DOMAIN="$_cdomain" |
|||
fi |
|||
|
|||
## upload certificate |
|||
string_fullchain=$(sed 's/$/\\n/' "$_cfullchain" | tr -d '\n') |
|||
string_key=$(sed 's/$/\\n/' "$_ckey" | tr -d '\n') |
|||
|
|||
sslcert_path="/sslcert" |
|||
sslcerl_body="{\"name\":\"$_cdomain\",\"common_name\":\"$QINIU_CDN_DOMAIN\",\"ca\":\"$string_fullchain\",\"pri\":\"$string_key\"}" |
|||
sslcert_access_token="$(_make_access_token "$sslcert_path")" |
|||
_debug sslcert_access_token "$sslcert_access_token" |
|||
export _H1="Authorization: QBox $sslcert_access_token" |
|||
sslcert_response=$(_post "$sslcerl_body" "$QINIU_API_BASE$sslcert_path" 0 "POST" "application/json" | _dbase64 "multiline") |
|||
|
|||
if ! _contains "$sslcert_response" "certID"; then |
|||
_err "Error in creating certificate:" |
|||
_err "$sslcert_response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug sslcert_response "$sslcert_response" |
|||
_info "Certificate successfully uploaded, updating domain $_cdomain" |
|||
|
|||
## extract certId |
|||
_certId="$(printf "%s" "$sslcert_response" | _normalizeJson | _egrep_o "certID\": *\"[^\"]*\"" | cut -d : -f 2)" |
|||
_debug certId "$_certId" |
|||
|
|||
## update domain ssl config |
|||
update_path="/domain/$QINIU_CDN_DOMAIN/httpsconf" |
|||
update_body="{\"certid\":$_certId,\"forceHttps\":false}" |
|||
update_access_token="$(_make_access_token "$update_path")" |
|||
_debug update_access_token "$update_access_token" |
|||
export _H1="Authorization: QBox $update_access_token" |
|||
update_response=$(_post "$update_body" "$QINIU_API_BASE$update_path" 0 "PUT" "application/json" | _dbase64 "multiline") |
|||
|
|||
if _contains "$update_response" "error"; then |
|||
_err "Error in updating domain httpsconf:" |
|||
_err "$update_response" |
|||
return 1 |
|||
fi |
|||
|
|||
_debug update_response "$update_response" |
|||
_info "Certificate successfully deployed" |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
_make_access_token() { |
|||
_token="$(printf "%s\n" "$1" | _hmac "sha1" "$(printf "%s" "$QINIU_SK" | _hex_dump | tr -d " ")" | _base64)" |
|||
echo "$QINIU_AK:$_token" |
|||
} |
@ -0,0 +1,141 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#ACTIVE24_Token="sdfsdfsdfljlbjkljlkjsdfoiwje" |
|||
|
|||
ACTIVE24_Api="https://api.active24.com" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
# Used to add txt record |
|||
dns_active24_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_active24_init |
|||
|
|||
_info "Adding txt record" |
|||
if _active24_rest POST "dns/$_domain/txt/v1" "{\"name\":\"$_sub_domain\",\"text\":\"$txtvalue\",\"ttl\":0}"; then |
|||
if _contains "$response" "errors"; then |
|||
_err "Add txt record error." |
|||
return 1 |
|||
else |
|||
_info "Added, OK" |
|||
return 0 |
|||
fi |
|||
fi |
|||
_err "Add txt record error." |
|||
return 1 |
|||
} |
|||
|
|||
# Usage: fulldomain txtvalue |
|||
# Used to remove the txt record after validation |
|||
dns_active24_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_active24_init |
|||
|
|||
_debug "Getting txt records" |
|||
_active24_rest GET "dns/$_domain/records/v1" |
|||
|
|||
if _contains "$response" "errors"; then |
|||
_err "Error" |
|||
return 1 |
|||
fi |
|||
|
|||
hash_ids=$(echo "$response" | _egrep_o "[^{]+${txtvalue}[^}]+" | _egrep_o "hashId\":\"[^\"]+" | cut -c10-) |
|||
|
|||
for hash_id in $hash_ids; do |
|||
_debug "Removing hash_id" "$hash_id" |
|||
if _active24_rest DELETE "dns/$_domain/$hash_id/v1" ""; then |
|||
if _contains "$response" "errors"; then |
|||
_err "Unable to remove txt record." |
|||
return 1 |
|||
else |
|||
_info "Removed txt record." |
|||
return 0 |
|||
fi |
|||
fi |
|||
done |
|||
|
|||
_err "No txt records found." |
|||
return 1 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.www.domain.com |
|||
#returns |
|||
# _sub_domain=_acme-challenge.www |
|||
# _domain=domain.com |
|||
# _domain_id=sdjkglgdfewsdfg |
|||
_get_root() { |
|||
domain=$1 |
|||
|
|||
if ! _active24_rest GET "dns/domains/v1"; then |
|||
return 1 |
|||
fi |
|||
|
|||
i=2 |
|||
p=1 |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug "h" "$h" |
|||
if [ -z "$h" ]; then |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
if _contains "$response" "\"$h\"" >/dev/null; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
return 0 |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
return 1 |
|||
} |
|||
|
|||
_active24_rest() { |
|||
m=$1 |
|||
ep="$2" |
|||
data="$3" |
|||
_debug "$ep" |
|||
|
|||
export _H1="Authorization: Bearer $ACTIVE24_Token" |
|||
|
|||
if [ "$m" != "GET" ]; then |
|||
_debug "data" "$data" |
|||
response="$(_post "$data" "$ACTIVE24_Api/$ep" "" "$m" "application/json")" |
|||
else |
|||
response="$(_get "$ACTIVE24_Api/$ep")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $ep" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
return 0 |
|||
} |
|||
|
|||
_active24_init() { |
|||
ACTIVE24_Token="${ACTIVE24_Token:-$(_readaccountconf_mutable ACTIVE24_Token)}" |
|||
if [ -z "$ACTIVE24_Token" ]; then |
|||
ACTIVE24_Token="" |
|||
_err "You didn't specify a Active24 api token yet." |
|||
_err "Please create the token and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable ACTIVE24_Token "ACTIVE24_Token" |
|||
|
|||
_debug "First detect the root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
_err "invalid domain" |
|||
return 1 |
|||
fi |
|||
_debug _sub_domain "$_sub_domain" |
|||
_debug _domain "$_domain" |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue