third-party-tools/acme.sh
1
0
Fork 0
mirror of https://github.com/acmesh-official/acme.sh synced 2025-11-04 22:11:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: third-party-tools:3.0.7
Branches Tags
third-party-tools:master third-party-tools:dev third-party-tools:ari third-party-tools:tlsa third-party-tools:u third-party-tools:shebang third-party-tools:json third-party-tools:dnsconf third-party-tools:cron
third-party-tools:3.1.1 third-party-tools:3.1.0 third-party-tools:3.0.9 third-party-tools:3.0.8 third-party-tools:3.0.7 third-party-tools:3.0.6 third-party-tools:3.0.5 third-party-tools:v3.0.5 third-party-tools:3.0.4 third-party-tools:3.0.3 third-party-tools:3.0.2 third-party-tools:3.0.1 third-party-tools:3.0.0 third-party-tools:2.9.0 third-party-tools:2.8.9 third-party-tools:2.8.8 third-party-tools:2.8.7 third-party-tools:2.8.6 third-party-tools:2.8.5 third-party-tools:2.8.4 third-party-tools:2.8.3 third-party-tools:2.8.2 third-party-tools:2.8.1 third-party-tools:2.8.0 third-party-tools:2.7.9 third-party-tools:2.7.8 third-party-tools:2.7.7 third-party-tools:2.7.6 third-party-tools:2.7.5 third-party-tools:2.7.4 third-party-tools:2.7.3 third-party-tools:2.7.2 third-party-tools:2.7.1 third-party-tools:v2.6.9 third-party-tools:2.6.8 third-party-tools:2.6.6 third-party-tools:2.6.5 third-party-tools:2.6.4 third-party-tools:2.6.0 third-party-tools:2.5.2 third-party-tools:2.3.0 third-party-tools:2.2.9 third-party-tools:2.0.2 third-party-tools:1.2.3 third-party-tools:1.2.2
...
compare: third-party-tools:3.0.8
Branches Tags
third-party-tools:dev third-party-tools:master third-party-tools:ari third-party-tools:tlsa third-party-tools:u third-party-tools:shebang third-party-tools:json third-party-tools:dnsconf third-party-tools:cron
third-party-tools:3.1.1 third-party-tools:3.1.0 third-party-tools:3.0.9 third-party-tools:3.0.8 third-party-tools:3.0.7 third-party-tools:3.0.6 third-party-tools:3.0.5 third-party-tools:v3.0.5 third-party-tools:3.0.4 third-party-tools:3.0.3 third-party-tools:3.0.2 third-party-tools:3.0.1 third-party-tools:3.0.0 third-party-tools:2.9.0 third-party-tools:2.8.9 third-party-tools:2.8.8 third-party-tools:2.8.7 third-party-tools:2.8.6 third-party-tools:2.8.5 third-party-tools:2.8.4 third-party-tools:2.8.3 third-party-tools:2.8.2 third-party-tools:2.8.1 third-party-tools:2.8.0 third-party-tools:2.7.9 third-party-tools:2.7.8 third-party-tools:2.7.7 third-party-tools:2.7.6 third-party-tools:2.7.5 third-party-tools:2.7.4 third-party-tools:2.7.3 third-party-tools:2.7.2 third-party-tools:2.7.1 third-party-tools:v2.6.9 third-party-tools:2.6.8 third-party-tools:2.6.6 third-party-tools:2.6.5 third-party-tools:2.6.4 third-party-tools:2.6.0 third-party-tools:2.5.2 third-party-tools:2.3.0 third-party-tools:2.2.9 third-party-tools:2.0.2 third-party-tools:1.2.3 third-party-tools:1.2.2

251 Commits
3.0.7 ... 3.0.8

Author SHA1 Message Date
neil
fb27261568 Merge pull request #5284 from acmesh-official/dev 
sync
 2024-09-15 11:09:49 +02:00
neil
5a20ce81e3 Merge pull request #5117 from alviy/master 
New Alviy provider
 2024-09-13 14:29:48 +02:00
neil
1454b85671 Merge pull request #5223 from Linkje/update-teams-notification-workflow 
Update teams notification workflow
 2024-09-13 14:25:16 +02:00
neil
fc4dba4468 Merge pull request #5187 from rwese/improve-dns_anx-performance 
improve performance and memory usage for dns_anx
 2024-09-13 14:22:01 +02:00
neil
adff28dade Merge pull request #5224 from gmanic/master 
Add optional cmd line parameter NSUPDATE_OPT to dns_nsupdate api
 2024-09-13 14:13:40 +02:00
neil
c345ecae63 Merge pull request #5141 from nikolaypronchev/master 
Add Timeweb Cloud DNS API
 2024-09-13 14:03:46 +02:00
neil
e6461380c6 Merge pull request #5205 from PMExtra/feature/ali_cdn 
feat(deploy_ali_cdn): support Alibaba Cloud CDN deployment
 2024-09-13 13:58:52 +02:00
neil
deb2a3e415 Merge pull request #5263 from i18nsite/patch-1 
Update dns_huaweicloud.sh
 2024-09-13 13:57:07 +02:00
neil
c71dcd7611 Merge pull request #5214 from WhiteAls/yandex360 
Support for the Yandex 360 for Business DNS API
 2024-09-13 13:55:01 +02:00
neil
c1e05664ed Merge pull request #5268 from lifeboy/patch-1 
Fix MIAB dns create TXT record format
 2024-09-09 15:15:23 +02:00
Nikolay Pronchev
0f1e5f4fa4 Merge branch 'acmesh-official:master' into master 2024-09-06 19:28:44 +03:00
WhiteAls
0fa20da990 Little optimisations and fixes. 
- Removed or moved `_normalizeJson` processing to occur only when needed.
- Corrected usage of `_red` to `__red`.
- Simplified JSON parsing by using more concise `cut` commands.
- Simplify token refresh logic.
 2024-09-03 17:11:43 +00:00
Lifeboy
02fb40c507 Syntax corrections, previous change broke script 2024-09-02 14:56:00 +02:00
Lifeboy
dc6ea97877 Syntax corrections, previous change broke script 2024-09-02 14:54:22 +02:00
Lifeboy
031d53b04f Syntax corrections suggested by testing script 2024-09-02 12:14:22 +02:00
Lifeboy
3006c90fb8 Syntax corrections suggested by testing script 2024-09-02 12:04:56 +02:00
Lifeboy
9cec2688ed Syntax corrections suggested by testing script 2024-09-02 11:58:27 +02:00
Lifeboy
65c3dc21f4 Added comments 2024-09-02 11:50:33 +02:00
i18n.site
cefa7d940a Update DNS.yml 
DNS.yml can be triggered manually
 2024-08-28 11:31:29 +08:00
Lifeboy
fab292d2de correct a typo 2024-08-27 17:06:36 +02:00
i18n.site
00bbe68f78 Update dns_huaweicloud.sh 
fix https://github.com/acmesh-official/acme.sh/issues/5261
 2024-08-23 16:00:08 +08:00
Lifeboy
fa3591f4f2 TXT record ADD test successfully 2024-08-22 14:39:09 +02:00
Nikolay Pronchev
10cfc6838d add Timeweb Cloud DNS API 2024-08-22 09:12:21 +03:00
Lifeboy
42e78f9a3e changes not yet tested 2024-08-21 15:42:49 +02:00
Roland Giesler
0122eabd44 Update dns_miab.sh 
Corrected typo
 2024-08-21 15:10:37 +02:00
Roland Giesler
435bb3f1d3 Update dns_miab.sh 
The MIAB API requires that the txtvlaue to a TXT record includes the "value=" and "ttl=" components as part of the TXT record when adding a new record.
 2024-08-21 12:13:04 +02:00
neil
1d59d43286 Merge pull request #5255 from acmesh-official/dev 
sync
 2024-08-20 11:59:56 +08:00
neil
fe30bf7d09 Merge pull request #5252 from williamdes/patch-1 
Add ACCOUNT_THUMBPRINT to update account
 2024-08-19 22:16:44 +08:00
neil
5f68ad4e19 fix 2024-08-19 22:15:50 +08:00
William Desportes
3fc39aad33 Add ACCOUNT_THUMBPRINT to update account 
Ref: #590
 2024-08-19 13:30:11 +00:00
neil
bb8386ab85 Merge pull request #5245 from nathanejohnson/master 
RouterOS - make deploy more resilient
 2024-08-15 19:57:44 +08:00
Nathan Johnson
e711d168df RouterOS - make deploy more resilient 
In the case where importing the cert and key removes the files from disk
the existing deploy will fail when it tries to remove those files.  This
still attempts to remove the files but catches the error and moves on instead
of bombing like before.

Similarly, if the deploy had failed before, subsequent deploys would fail
because the script already existed, so it would not be able to create
the script.  This first attempts to remove the script if it exists, and then
creates the script.
 2024-08-09 16:38:09 -05:00
WhiteAls
1700f064b3 Fix: Support for IDN 2024-08-03 18:59:29 +00:00
WhiteAls
2f08bd1965 Refactor: Improve Yandex360 DNS API integration: 
- Make YANDEX360_ORG_ID optional and auto-retrieve if not provided.
- Refactor _get_root function to search across multiple organizations.
 2024-08-01 03:28:32 +00:00
WhiteAls
13c68cd799 Refactor: Rename _check_yandex360_variables to _check_variables and improve error handling 2024-08-01 03:04:23 +00:00
WhiteAls
c7d78f4594 Fix: Corrected the entry point for Yandex 360 API 2024-08-01 02:44:22 +00:00
WhiteAls
2f1ca949f0 Fix: Make record_id extraction independent of JSON key order 2024-08-01 02:33:09 +00:00
WhiteAls
a6488ff9ac Optimizing debug output 2024-08-01 02:18:48 +00:00
gmanic
bcb7e5f2c8 Update dns_nsupdate.sh 
Corrected required variable double quote
 2024-07-24 20:28:39 +00:00
Joris van den Dries
3cefcd8204 change reference to static value 2024-07-24 15:02:48 +02:00
Joris van den Dries
4cd1871816 Removed obsolete documentation 2024-07-24 12:23:17 +02:00
Joris van den Dries
7aaa9583fa Update teams notify script to support new notification setup using workflows instead of connectors being fased out. 
Color support has been dropped since this has no support inside adaptive-card
 2024-07-24 12:05:57 +02:00
neil
5cded5b53e Merge pull request #5217 from oittaa/patch-2 
_checkSudo: [ -z "__INTERACTIVE" ] should be [ -z "$__INTERACTIVE" ]
 2024-07-23 09:05:37 +08:00
WhiteAls
7ca861805d Fixed incorrect links in informational messages 2024-07-20 19:03:38 +03:00
oittaa
6b6faa8129 _checkSudo: [ -z "__INTERACTIVE" ] should be [ -z "$__INTERACTIVE" ] 
Fixes #5216
 2024-07-20 13:31:53 +02:00
WhiteAls
f84577bcda Support for the Yandex 360 for Business DNS API 2024-07-20 05:41:54 +03:00
WhiteAls
37f9fd3498 The old Yandex DNS API was discontinued #4555 2024-07-20 05:38:51 +03:00
neil
11aef82993 Merge pull request #5139 from scruel/scruel-patch-1 
feat: guide user to run script as root to create temp admin user
 2024-07-19 11:16:44 +08:00
neil
9861e2d724 Merge pull request #5212 from allddd/dns_porkbun_grep_fix 
dns_porkbun: remove stray backslashes
 2024-07-19 10:33:49 +08:00
allddd
7ae0d0caa3 dns_porkbun: remove stray backslashes 2024-07-18 21:57:22 +02:00
neil
93d2c9a3f0 Merge pull request #5207 from scruel/patch-5 
fix(deploy): respect api path with synology Auth API
 2024-07-14 17:33:26 +08:00
Scruel Tao
60569fdd83 fix(deploy): respect api path with synology Auth API 
fix #5184
 2024-07-14 15:04:43 +08:00
neil
0f61e9c15e Merge pull request #5206 from acmesh-official/dev 
sync
 2024-07-14 14:06:00 +08:00
neil
d81fc155cb add timeout for _getRepoHash 
https://github.com/acmesh-official/acme.sh/issues/5200
 2024-07-14 13:50:35 +08:00
neil
60f7750d77 Merge pull request #4896 from vladh/master 
Improve grammar
 2024-07-14 13:23:32 +08:00
Vlad-Stefan Harbuz
9bdfd8f4fe Improve grammar 2024-07-12 13:04:42 +01:00
PMExtra
945b7de76f feat(deploy_ali_cdn): improve upper-case 2024-07-11 18:41:39 +08:00
PMExtra
3c35eadbc4 feat(deploy_ali_cdn): support Alibaba Cloud CDN deployment 2024-07-11 18:29:20 +08:00
neil
65868ab8a7 remove centos 2024-07-03 18:27:47 +08:00
René Weselowski
89586530a5 improve performance and memory usage for dns_anx 
when fetching all zones the memory usage can exceede limits and also
cause timeouts.

with this change the zone will be searched via the longest to shortest
match using the get endpoint.
 2024-06-26 15:06:19 +02:00
neil
0d93145834 Merge pull request #5133 from mdmower/ext-key-usage 
feat: Support manually defining extended key usage in CSR
 2024-06-25 05:13:46 +02:00
neil
fe4113d623 add PROJECT_API for 
https://github.com/acmesh-official/acme.sh/issues/5170
 2024-06-17 15:30:10 +02:00
neil
9a0e15cced Merge pull request #5159 from themarek/dev 
improve compatibility with FreeBSD
 2024-06-17 14:57:28 +02:00
Marek Wester
e0c63d58b2 improve compatibility with FreeBSD 
it is related to this bug report: opnsense/plugins#3525

FreeBSD's sed doesn't have the -z option, so empty certificates are delivered to vault when running the script on FreeBSD.
 2024-06-15 23:19:04 +02:00
neil
f7f8ea9b97 Merge pull request #5110 from ionos-cloud/add_ionos_cloud_script 
Feature: DNS API for IONOS cloud
 2024-06-15 14:50:32 +02:00
neil
58cad98cd8 Merge pull request #5041 from j-c-m/ksh_openbsd_porkbun_fix 
Quote echo $data in _porkbun_rest (dns_porkbun)
 2024-06-15 14:45:19 +02:00
zak905
74ffbb2172 fix forgotten parenthensis 2024-06-10 19:53:05 +02:00
zak905
cc9c85cc1a use lower_case util function instead of raw bash command 2024-06-09 21:02:54 +02:00
neil
a8f252e45d Merge pull request #5057 from phedoreanu/dev 
dns_1984.hosting - update _get_root check
 2024-05-28 09:27:30 +02:00
neil
f7e09af5c9 Merge pull request #4738 from stokito/dns_api_info 
Structured DNS provider API info
 2024-05-19 09:12:14 +02:00
neil
304cb56337 Merge pull request #4929 from jeromecst/master 
Add notification support for ntfy.sh
 2024-05-19 09:05:51 +02:00
Sergey Ponomarev
6b7b5caf54 DNS provider API: structured description 
Instead of using comments declare info in a special variable.
Then the variable can be used to print the DNS API provider usage.
The usage can be parsed on UI and show all needed inputs for options.

The info is stored in plain string that it's both human-readable and easy to parse:

    dns_example_info='API name
     An extended description.
     Multiline.
    Domains: list of alternative domains to find
    Site: the dns provider website e.g. example.com
    Docs: Link to ACME.sh wiki for the provider
    Options:
     VARIABLE1 Title for the option1.
     VARIABLE2 Title for the option2. Default "default value".
     VARIABLE3 Title for the option3. Description to show on UI. Optional.
    Issues: Link to a support ticket on https://github.com/acmesh-official/acme.sh
    Author: First Lastname <authoremail@example.com>, Another Author <https://github.com/example>;
    '

Here:
VARIABLE1 will be required.
VARIABLE2 will be required too but will be populated with a "default value".
VARIABLE3 is optional and can be empty.

A DNS provider may have alternative options like CloudFlare may use API KEY or API Token.
You can use a second section OptionsAlt: section.

Some providers may have alternative names or domains e.g. Aliyun and AlibabaCloud.
Add them to Domains: section.

Signed-off-by: Sergey Ponomarev <stokito@gmail.com>
 2024-05-18 12:06:41 +03:00
zak905
2797d2c535 fix add and rm method names 2024-05-14 19:50:44 +02:00
zak905
f440656572 create new script for ionos cloud and rollback changes to dns_ionos.sh 2024-05-14 18:35:25 +02:00
Scruel Tao
1dbc58d4e0 chore: optimize more msgs 2024-05-08 14:01:43 +08:00
Scruel Tao
47ccb28482 chore: typo 2024-05-08 04:46:51 +08:00
Scruel Tao
744dea00ca feat: guide user to run script as root to create temp admin user 
Message text and comment optimized
 2024-05-08 02:56:21 +08:00
zak905
373c2b379c remove debug print statements and usage of custom fork of acmetest 2024-05-06 14:53:51 +02:00
Matt Mower
957bbab440 feat: Support manually defining extended key usage in CSR 
- New CLI param: --extended-key-usage <string>
- When --extended-key-usage is defined:
  1. Set [v3_req]extendedKeyUsage to the provided value.
  2. Store the value in domain conf Le_ExtKeyUse for reuse.
 2024-05-04 11:58:29 -07:00
neil
bd48c99383 fix ca names 2024-05-04 16:27:31 +02:00
zak905
52d1d421a3 escape brackets in regexp and format using shfmt 2024-05-03 17:04:49 +02:00
zak905
c3cc13595d use posix compliant lower case shell command 2024-05-02 18:48:39 +02:00
zak905
adc8031e34 fix shell linter and formating 2024-04-30 17:04:24 +02:00
zak905
0974c74a89 transform record name to lower case when searching for TXT record 2024-04-30 16:59:02 +02:00
zak905
c64aae6f39 more debugging - add function argument printing 2024-04-30 16:59:02 +02:00
zak905
b7b1714637 add some debug statements 2024-04-30 16:59:02 +02:00
zak905
d8525493a1 attempt to use custom fork of acmetest 2024-04-30 16:59:02 +02:00
zak905
30d0945855 fix regexp for findind acme challenge record from API response 2024-04-30 16:59:02 +02:00
zak905
ffde1f8343 linting based on ShellCheck results 2024-04-30 16:59:02 +02:00
zak905
96c35b41ed fix TXT record lookup and removal 2024-04-30 16:59:02 +02:00
zak905
dc2979926f fix zone search 2024-04-30 16:59:02 +02:00
zak905
ff357dd3fb fix syntax error 2024-04-30 16:59:02 +02:00
zak905
f35e15204d implement dns_ionos_rm function 2024-04-30 16:59:02 +02:00
zak905
3ae4ba3300 dns_ionos.sh: implement dns_ionos_add for ionos cloud 2024-04-30 16:59:02 +02:00
neil
0d8a314bcf Merge pull request #5123 from acmesh-official/dev 
sync
 2024-04-29 20:15:14 +02:00
neil
e7cfde1904 Merge pull request #5049 from hknet/patch-2 
fixed handling of key and secret
 2024-04-29 20:14:01 +02:00
alviy
aa41df4e7d run test 2024-04-27 13:49:37 +03:00
alviy
d73953af3d spellcheck 2024-04-27 12:28:06 +03:00
alviy
54eec82311 spellcheck 2024-04-27 11:45:14 +03:00
alviy
dab244ad25 shfmt 2024-04-27 11:29:30 +03:00
alviy
dbe7cb8dbb remove rev command 2024-04-27 09:55:38 +03:00
alviy
e814cccc44 Update dns_alviy.sh 2024-04-27 00:06:22 +03:00
alviy
1078fdc157 fix Shellcheck 2024-04-26 23:25:38 +03:00
alviy
4bf4259dda Update _get_root logic 2024-04-26 23:05:42 +03:00
alviy
03b53cbb60 run DNS test 2024-04-26 20:38:01 +03:00
alviy
7ef1340e2a Update dns_alviy.sh 2024-04-25 23:16:11 +03:00
alviy
c0b87adee5 shfmt 2024-04-25 22:51:32 +03:00
alviy
4a8c2251e0 4th+ level domain 2024-04-25 22:47:53 +03:00
alviy
d1df5f3021 test DNS 2024-04-25 22:36:11 +03:00
alviy
e1acea52f8 run DNS test 2024-04-25 22:27:04 +03:00
alviy
2e9f159225 shfmt 2024-04-25 22:15:16 +03:00
alviy
2fcda9a73a Quotes recomendations 2024-04-25 22:07:29 +03:00
alviy
78ba205f4d DNS test init 2024-04-25 19:37:49 +03:00
alviy
f44dec2c8d add new provider - Alviy.com 2024-04-25 18:43:35 +03:00
neil
8c07af6fc7 Merge pull request #5113 from scruel/dev 
fix(deploy_dsm): ensure grep get the error code
 2024-04-25 09:19:08 +02:00
Scruel Tao
cd01104de9 fix(deploy_dsm): ensure grep get the error code 
Added grep -o option to ensure the script won't get other digits as the error code result
 2024-04-25 13:39:05 +08:00
neil
28f438a6bd Merge pull request #5111 from scruel/scruel-patch-1 2024-04-24 23:16:49 +02:00
Scruel Tao
9ff89b570f fix(deploy_dsm): missing gerp -P option on busybox 
Fixes:  #5105
 2024-04-25 04:02:49 +08:00
neil
bc90376489 Merge pull request #5102 from acmesh-official/dev 
sync
 2024-04-21 12:11:04 +02:00
neil
43b5ea801f convert to pkcs12 when renewal 
fix https://github.com/acmesh-official/acme.sh/issues/3474#issuecomment-2058126129
 2024-04-21 11:21:45 +02:00
neil
9863e7ea6e Merge pull request #5023 from scruel/patch-dsm-deploy 
Patch Synology DSM deploy: support DSM 6.x & user-friendly refactor.
 2024-04-21 09:45:41 +02:00
neil
ebaa39b03f Merge pull request #5075 from acmesh-official/dev 
sync
 2024-04-01 11:46:18 +02:00
neil
fa3d7ad14b Merge pull request #5069 from annieoxe/decode-eab_hmac_key 
Fix: Decode eab_hmac_key as single-line
 2024-03-31 23:02:42 +02:00
neil
c51104f956 fix format 2024-03-31 20:33:57 +02:00
neil
84795ff4d9 Merge pull request #4757 from laraveluser/master 
Add support for Lima-City
 2024-03-31 20:20:29 +02:00
neil
cc5c722e29 Merge pull request #5072 from aSauerwein/master 
feature: add template option for panos deploy hook
 2024-03-31 20:15:18 +02:00
asauerwein
4fcddd1893 add template option 2024-03-31 09:16:21 +02:00
laraveluser
c8604255e4 Merge branch 'acmesh-official:master' into master 2024-03-27 21:47:09 +01:00
annieoxi
492826a7f2 Fix: Decode eab_hmac_key as single-line 
This commit resolves the issue #5068.
 2024-03-26 12:35:54 +01:00
Adrian Fedoreanu
5e64781d65 update _get_root check 2024-03-19 19:41:33 +01:00
neil
2d4b900e33 Merge pull request #5032 from scruel/patch-3 
fix(config_migrate): always remove domain old key & replace old value by new value
 2024-03-18 21:43:03 +01:00
neil
d2481f5790 Merge pull request #5048 from hknet/patch-1 
dns-record TTL set to 300
 2024-03-18 21:25:35 +01:00
neil
49f6104f03 Merge pull request #4979 from derytim/aws_dns_imdsv2 
Aws dns imdsv2
 2024-03-18 21:16:16 +01:00
neil
2728d2aa6e fix format 2024-03-18 21:09:49 +01:00
neil
0588fc6b7c Merge pull request #4581 from wlallemand/haproxy-hot-update 
haproxy deploy hook updates existing certificate over stats socket
 2024-03-18 21:07:12 +01:00
Tim Dery
e3cd52cab4 Merge branch 'dev' into aws_dns_imdsv2 2024-03-13 11:06:52 -07:00
Tim Dery
b2c6b9a320 attempt _use_metadata fix from j-c-m 2024-03-11 10:33:14 -07:00
Harald Kapper
39fa40ab12 fixed secret+key storage-usage 
fixed the key and secret handling via acme account.conf
 2024-03-11 03:27:17 +01:00
Harald Kapper
0bf87bf4af dns-record TTL set to 300 
reduce TTL for the TXT record from 3600 to 300 to have an easier way to replicate changes for the dns-verification in case multiple submissions for a specific record/domain are done within an hour.
 2024-03-11 00:44:53 +01:00
Jesse Miller
92d37f6eaf Quote echo $data in _porkbun_rest 
Quote echo $data in _porkbun_rest to avoid
brace expansion under ksh (OpenBSD).
 2024-03-06 15:56:42 -07:00
laraveluser
d3b022fe17 Update dns_limacity.sh 2024-03-03 10:32:21 +01:00
Scruel Tao
79640f6b7d replace wired space symbol 2024-02-28 20:02:24 +08:00
Scruel Tao
2cbdf274b1 feat(config_migrate): always remove domain old key & replace old value by new value 2024-02-28 18:30:06 +08:00
Scruel Tao
6af5293315 doc: adjust 2024-02-28 02:00:07 +08:00
Scruel Tao
ff090d2f74 fix lint 2024-02-26 23:45:19 +08:00
Scruel Tao
68e3a12a91 feat: improve robustness of the usage of DSM tool synogroup 2024-02-26 23:38:44 +08:00
Scruel Tao
50eda6b678 fix: lint 2024-02-26 21:07:15 +08:00
Scruel Tao
192ec598a3 feat: add SYNO_LOCAL_HOSTNAME to prevent remote deploy via temp admin method 2024-02-26 21:03:26 +08:00
Scruel Tao
5b449999a5 refactor: unify variable naming convention again (revert some changes) 2024-02-26 20:55:49 +08:00
Scruel Tao
afed62f6de fix: should save SYNO_UseTempAdmin only after login success. 2024-02-26 07:05:00 +08:00
Scruel Tao
59d1e16f9c feat: bypass enforce temp admin 2FA 2024-02-26 06:23:47 +08:00
Scruel Tao
dbe0d477d6 feat: more user-friendly logic & error messages. 2024-02-26 06:23:46 +08:00
Scruel Tao
7248560169 feat: support DSM 6.x 2024-02-26 06:23:45 +08:00
Scruel Tao
f840f7d75b refactor: unify variable naming convention 2024-02-26 06:23:42 +08:00
neil
6e14a073ff Merge pull request #5021 from acmesh-official/dev 
sync
 2024-02-25 19:25:26 +01:00
Scruel Tao
cf3839ecec doc(deploy): update usage doc 2024-02-22 12:38:51 +08:00
neil
aa8cf76fb1 Merge pull request #4706 from scruel/syno-patch 
Add SYNO_USE_TEMP_ADMIN variable & Fix broken logic
 2024-02-13 09:57:51 +08:00
neil
10b4bb598a fix https://github.com/acmesh-official/acme.sh/issues/4995#issuecomment-1937486243 2024-02-12 13:16:08 +08:00
neil
de14d59bb3 Merge pull request #4987 from acmesh-official/dev 
sync
 2024-02-04 12:39:06 +08:00
neil
d76272f0ea fix message 2024-02-04 12:35:07 +08:00
neil
e04093efe2 remove socket err temp file 2024-02-04 12:31:34 +08:00
neil
bd6bbba948 remove socaterr temp file 2024-02-04 12:27:06 +08:00
neil
37e4f35c93 fix format 2024-02-04 12:21:50 +08:00
neil
0084cb7403 fix format 2024-02-04 12:18:58 +08:00
neil
99e5c159a7 check socat "Permission denied" 2024-02-04 12:17:03 +08:00
neil
802121d54a show dns message on any branch 2024-02-04 11:42:28 +08:00
neil
160b2e95c9 Merge pull request #4986 from acmesh-official/dev 
sync
 2024-02-04 00:11:26 +08:00
neil
7ec692cdef fix socat for netbsd: 
listens to ipv4 by default.
 2024-02-03 23:59:48 +08:00
neil
3dca67112d fix netbsd 2024-02-03 18:39:58 +08:00
neil
f8dac5905c check the status of Order object and the Authorization object. 2024-02-03 18:07:50 +08:00
Tim Dery
48e4e41e05 add cr to force a new gh actions run 2024-01-31 17:32:56 -08:00
Tim Dery
22374b81de delete a cr to force a workflow run 2024-01-31 16:02:45 -08:00
Tim Dery
b9157e29cb spacing cleanup 2024-01-31 15:52:59 -08:00
Tim Dery
bd247c35f2 remove comments 2024-01-31 15:48:44 -08:00
Tim Dery
7da9a45c61 combined functions for cleaner code 2024-01-31 15:39:08 -08:00
Tim Dery
122dfa12ac add imdsv2 support to dns_aws 2024-01-30 15:51:55 -08:00
neil
1905830b20 Merge pull request #4948 from rparenton/gandi-livedns-new-api 
Fix #4836 (Switch to new Gandi LiveDNS API)
 2024-01-14 13:04:51 +01:00
Robert
bfb41ce123 Fix acmesh-official#4836 (Switch to new Gandi LiveDNS API) 
1. Updated LiveDNS API URL for the new API to allow Personal Access Tokens to work
2. Updated authorization header syntax to allow deprecated API Keys to work with the new API
3. Removed white space in JSON response parsing to match responses returned by the server
 2024-01-13 13:39:09 -06:00
neil
85e3ecfe0b fix omnios 2024-01-13 20:28:21 +01:00
laraveluser
9e073c954d Update dns_limacity.sh 2024-01-12 20:39:44 +01:00
neil
b79c3f5cc4 fix pkg_add 2024-01-12 20:36:49 +01:00
laraveluser
ad5acb80fe Update dns_limacity.sh 2024-01-12 20:33:01 +01:00
laraveluser
7b7c834b08 Update dns_limacity.sh 2024-01-12 19:48:14 +01:00
laraveluser
42827be7c3 Update dns_limacity.sh 2024-01-12 18:39:28 +01:00
laraveluser
7022d27b8e Update dns_limacity.sh 2024-01-12 17:58:54 +01:00
laraveluser
ab911f1ce9 Update dns_limacity.sh 2024-01-12 17:54:23 +01:00
laraveluser
a6a1de50c8 Merge branch 'acmesh-official:master' into master 2024-01-12 01:07:07 +01:00
laraveluser
97723fbbc9 Update dns_limacity.sh 2024-01-08 01:45:34 +01:00
neil
2e58cf1168 Merge pull request #4940 from dario-pilori/fix-routeros-7 
Fix RouterOS deploy hook for 7
 2024-01-04 23:15:36 +01:00
Dario Pilori
3ca97d7258 Remove whitespace in script name in routeros.sh deploy hook 2024-01-04 18:28:05 +01:00
neil
9786dccdee Merge pull request #4161 from seidler2547/seidler2547-remove-do 
remove dns_do as it does not work anymore
 2024-01-02 20:34:15 +01:00
Jérôme
a3612f53dd change shebang to sh 2023-12-26 01:52:16 +01:00
Jérôme
112257c49e Add notification support for ntfy.sh 2023-12-26 01:45:38 +01:00
neil
d8e2b96bce Merge pull request #4925 from LordDarkneo/patch-1 
Logout update for DSM Deploy script (2727 issue)
 2023-12-24 16:01:25 +01:00
LordDarkneo
6992659ba9 Update synology_dsm.sh 2023-12-22 14:36:52 -05:00
LordDarkneo
05696d443a Update synology_dsm.sh 
#2727 issue when logging out on older version - using variables to unlog only for CERT user
 2023-12-22 14:34:35 -05:00
LordDarkneo
f59a925897 Update synology_dsm.sh 
Issue for lougout
 2023-12-22 09:09:29 -05:00
neil
afacdfcb95 Merge pull request #4918 from acmesh-official/dev 
sync
 2023-12-17 22:26:04 +01:00
neil
8cb1b6b5d5 update 2023-12-05 20:19:40 +01:00
neil
f7d9d53ad2 Merge pull request #4899 from acmesh-official/dev 
sync
 2023-12-05 20:16:27 +01:00
neil
f4315e2c6f fix _date2time 2023-12-05 19:33:10 +01:00
neil
f0ac566c93 add Omnios 2023-12-04 23:51:06 +01:00
neil
50f6a459cf update solaris 2023-12-04 09:41:39 +01:00
neil
179c80ae6d Merge pull request #4861 from mrbaiwei/master 
support West.cn Domain
 2023-12-04 09:35:18 +01:00
neil
6e72f161a6 Merge pull request #4872 from sandercox/patch-1 
Update dns_gcloud.sh rm logs record added
 2023-12-03 14:52:58 +01:00
neil
f71d8d7348 minor 2023-12-03 14:44:23 +01:00
neil
a12a3640a7 update 2023-12-03 14:40:32 +01:00
neil
3b7bc5a56a update dragonflybsd-vm@v1 2023-12-02 22:50:59 +01:00
William Lallemand
e09d45c844 haproxy; don't use '*' in the filename for wildcard domain 
By default acme.sh uses the '*' character in the filename for wildcard.
That can be confusing within HAProxy since the * character in front of a
filename in the stat socket is used to specified an uncommitted
transaction.

This patch replace the '*' by a '_' in the filename.
This is only done when using the default filename, the name can still be
forced with an asterisk.
 2023-12-01 15:35:31 +01:00
William Lallemand
36fc321096 haproxy: use the master CLI for hot update 
DEPLOY_HAPROXY_MASTER_CLI allows to use the HAProxy master CLI instead
of a stats socket for DEPLOY_HAPROXY_HOT_UPDATE="yes"

The syntax of the master CLI is slightly different, a prefix with the
process number need to be added before any command.

This patch uses ${_cmdpfx} in front of every socat commands which is
filled when the master CLI is used.
 2023-11-30 15:22:51 +01:00
William Lallemand
98a7a01dbb haproxy: deploy script can add a new certificate over the stats socket 
DEPLOY_HAPROXY_HOT_UPDATE="yes" now allows to add a new certificate
within HAProxy instead of updating an existing one.

In order to work, the ${DEPLOY_HAPROXY_PEM_PATH} value must be used as a
parameter to the "crt" keyword in the haproxy configuration.

The patch uses the following commands over HAProxy stats socket:
- show ssl cert
- new ssl cert
- set ssl cert
- commit ssl cert
- add ssl crt-list
 2023-11-30 14:00:44 +01:00
William Lallemand
0f7be90500 haproxy: deploy script can update existing certificate over stats socket 
Since version 2.2, HAProxy is able to update dynamically certificates,
without a reload.

This patch uses socat to push the certificate into HAProxy in order to
achieve hot update. With this method, reloading is not required.
This should be used only to update an existing certificate in haproxy.

2 new variables are available:

- DEPLOY_HAPROXY_HOT_UPDATE="yes" update over the stats socket instead
  of reloading

- DEPLOY_HAPROXY_STATS_SOCKET="UNIX:/run/haproxy/admin.sock" set the path on
  the stats socket.
 2023-11-30 14:00:44 +01:00
William Lallemand
7aaf4432d4 haproxy: sanitize the PEM in the deploy script 
Sanitize the PEM of the haproxy deploy script by removing the '\n', this
way it could be injected directly over the CLI.
 2023-11-30 14:00:41 +01:00
neil
884a8995b4 Merge pull request #4853 from Max13/deploy/proxmoxve 
Fix typo in proxmoxve deploy hook
 2023-11-22 09:19:51 +01:00
neil
bb42595275 Merge pull request #4866 from phedoreanu/dev 
dns_1984.hosting.sh: update login and account status URLs
 2023-11-21 22:23:06 +01:00
neil
a4bd89c938 fix 2023-11-21 09:00:22 +01:00
neil
f364d4fbef fix 2023-11-21 08:45:54 +01:00
neil
f899d0d8ed update 2023-11-20 23:39:25 +01:00
Sander Cox
074cf00a7c Update dns_gcloud.sh rm logs record added 
The logs show record was added twice but the second time was actual the rm command thus the removal of the record!
 2023-11-14 11:28:24 +01:00
Adrian Fedoreanu
15d10eeebc dns_1984.hosting.sh: update login and account status URLs 2023-11-10 08:22:28 +01:00
mrbaiwei
bea71f3411 Update dns_west_cn.sh 
Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>
 2023-11-07 07:20:25 +08:00
mrbaiwei
eb99803b53 Update west.cn domain api 
Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>
 2023-11-06 13:18:36 +08:00
mrbaiwei
a60d0c4108 Update dns_west_cn.sh 
Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>
 2023-11-06 11:25:09 +08:00
neil
1cc3a13c49 fix comments 2023-11-04 10:04:26 +01:00
mrbaiwei
feffbba6de Update dns_west.sh 
Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>
 2023-11-04 14:16:11 +08:00
mrbaiwei
6ea09444ec Update dns_west.sh 
Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>
 2023-11-04 00:04:05 +08:00
neil
f1f486dacf Merge pull request #4843 from trulyliu/dev 
Fix https://github.com/acmesh-official/acme.sh/issues/4460
 2023-11-03 15:57:49 +01:00
neil
fec4af3194 Merge pull request #4855 from studycom-mrobinson/aws-similar-names 
Acme2 similar names
 2023-11-03 15:56:37 +01:00
mrbaiwei
5342c7c82b support West.cn Domain 
Signed-off-by: mrbaiwei <mrbaiwei@gmail.com>
 2023-11-03 18:14:26 +08:00
Matthew Robinson
8454ffa331 Fix issue with similar domain names causing an error in selecting the proper root domain to add challenge records in 2023-11-02 08:30:44 -07:00
Gavin Leo
199977be6a Fix https://github.com/acmesh-official/acme.sh/issues/4460 
Update gcore API url.
 2023-11-02 09:27:14 +08:00
Adnan RIHAN
00dbc3881f Fixed variables 2023-11-01 20:02:16 +01:00
neil
d93a5b2d20 Merge pull request #4841 from podguzovvasily/patch-1 
Update haproxy.sh
 2023-10-29 18:11:51 +01:00
podguzovvasily
8ca5ca6594 Update haproxy.sh 
resolved issue with HAProxy https://github.com/acmesh-official/acme.sh/issues/4788
according https://serversforhackers.com/c/letsencrypt-with-haproxy
 2023-10-24 16:58:47 +03:00
neil
fe890c62f4 fix https://github.com/acmesh-official/acme.sh/issues/4835 2023-10-22 23:07:00 +08:00
neil
e15513bfdd fix format 2023-10-06 20:05:39 +08:00
neil
dbe569c0d9 Merge pull request #4622 from defragatwork/mattermost 
Add support for Mattermost notifications (Bot account)
 2023-10-06 20:01:50 +08:00
neil
f2e1b589b5 start 3.0.8 2023-10-06 20:01:28 +08:00
Scruel Tao
29b2960805 Optimze comment & remove tail space 2023-09-07 15:01:37 +08:00
Scruel Tao
f7f3a0bf0d Merge branch 'dev' into syno-patch 2023-09-07 14:57:53 +08:00
laraveluser
ef20a0128f Add support for Lima-City 2023-08-25 17:22:20 +02:00
Scruel Tao
ba468bb5e4 Fix for shfmt check 2023-07-20 13:38:36 +08:00
Scruel Tao
cf86d57a9f Fix for shfmt check 2023-07-20 13:34:57 +08:00
Scruel Tao
9e958f4e32 Fix shellcheck 2023-07-20 13:09:21 +08:00
Scruel Tao
c7f6f20c9d Add SYNO_USE_TEMP_ADMIN variable & Fix broken logic 
1. Fix the broken logic in (Sorry for including fix commit in same PR, I'm feeling quite tired and would like to go to sleep right away...)
2. Provides new method to obtain credential info for authentication, it will create a temp admin user if SYNO_USE_TEMP_ADMIN is set, instead of requiring the user's own credentials which will be saved in disk.

I do really don't like to have plaintext credentials be saved in disk, and I noticed that you've spent a lot of time fighting with 2FA related stuffs, so why not just get rid of the whole old way. :)
 2023-07-20 02:48:29 +08:00
gmanic
0b0476e196 Update dns_nsupdate.sh 2023-05-14 21:01:51 +00:00
gmanic
f99d6dac08 Push for actions 2023-05-14 20:58:48 +00:00
gmanic
cd2b7cd943 Correct Typo, add -n test 
Added a test for non-zero-string, corrected type ZONE instead of OPT
 2023-05-14 20:20:22 +00:00
gmanic
af759f2330 Enable additional command line parameters for nsupdate 
For being able to use e.g. "-v" to use TCP communication with the NSUPDATE_SERVER -> NSUPDATE_OPT has been added.
NSUPDATE_OPT will be plainly added to the command line of nsupdate.
NSUPDATE_OPT will also be saved to conf respectively read from conf
 2023-05-14 20:02:43 +00:00
Alexander Pushkarev
bb5f3cc326 Add support for Mattermost notifications. 2023-05-01 23:00:01 +03:00
seidler2547
b3529dc748 remove dns_do as it does not work anymore 
The API that it uses was shut down in May 2022
 2022-06-27 19:42:16 +00:00
179 changed files with 4345 additions and 2110 deletions
Expand all files Collapse all files

88
.github/workflows/DNS.yml vendored
View File

@@ -1,5 +1,6 @@
name: DNS
on:
workflow_dispatch:
push:
paths:
- 'dnsapi/*.sh'
@@ -65,7 +66,7 @@ jobs:
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- name: Set env file
@@ -113,7 +114,7 @@ jobs:
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install tools
run: brew install socat
- name: Clone acmetest
@@ -164,7 +165,7 @@ jobs:
- name: Set git to use LF
run: |
git config --global core.autocrlf false
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install cygwin base packages with chocolatey
run: |
choco config get cacheLocation
@@ -204,7 +205,7 @@ jobs:
FreeBSD:
runs-on: macos-12
runs-on: ubuntu-latest
needs: Windows
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
@@ -223,10 +224,10 @@ jobs:
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/freebsd-vm@v0
- uses: vmactions/freebsd-vm@v1
with:
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
prepare: pkg install -y socat curl
@@ -255,7 +256,7 @@ jobs:
OpenBSD:
runs-on: macos-12
runs-on: ubuntu-latest
needs: FreeBSD
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
@@ -274,10 +275,10 @@ jobs:
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/openbsd-vm@v0
- uses: vmactions/openbsd-vm@v1
with:
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
prepare: pkg_add socat curl
@@ -306,7 +307,7 @@ jobs:
NetBSD:
runs-on: macos-12
runs-on: ubuntu-latest
needs: OpenBSD
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
@@ -325,14 +326,14 @@ jobs:
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/netbsd-vm@v0
- uses: vmactions/netbsd-vm@v1
with:
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
prepare: |
pkg_add curl socat
/usr/sbin/pkg_add curl socat
usesh: true
copyback: false
run: |
@@ -358,7 +359,7 @@ jobs:
DragonFlyBSD:
runs-on: macos-12
runs-on: ubuntu-latest
needs: NetBSD
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
@@ -377,10 +378,10 @@ jobs:
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/dragonflybsd-vm@v0
- uses: vmactions/dragonflybsd-vm@v1
with:
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
prepare: |
@@ -413,7 +414,7 @@ jobs:
Solaris:
runs-on: macos-12
runs-on: ubuntu-latest
needs: DragonFlyBSD
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
@@ -433,10 +434,10 @@ jobs:
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/solaris-vm@v0
- uses: vmactions/solaris-vm@v1
with:
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
copyback: false
@@ -463,3 +464,52 @@ jobs:
./letest.sh
Omnios:
runs-on: ubuntu-latest
needs: Solaris
env:
TEST_DNS : ${{ secrets.TEST_DNS }}
TestingDomain: ${{ secrets.TestingDomain }}
TEST_DNS_NO_WILDCARD: ${{ secrets.TEST_DNS_NO_WILDCARD }}
TEST_DNS_NO_SUBDOMAIN: ${{ secrets.TEST_DNS_NO_SUBDOMAIN }}
TEST_DNS_SLEEP: ${{ secrets.TEST_DNS_SLEEP }}
CASE: le_test_dnsapi
TEST_LOCAL: 1
DEBUG: ${{ secrets.DEBUG }}
http_proxy: ${{ secrets.http_proxy }}
https_proxy: ${{ secrets.https_proxy }}
HTTPS_INSECURE: 1 # always set to 1 to ignore https error, since Omnios doesn't accept the expired ISRG X1 root
TokenName1: ${{ secrets.TokenName1}}
TokenName2: ${{ secrets.TokenName2}}
TokenName3: ${{ secrets.TokenName3}}
TokenName4: ${{ secrets.TokenName4}}
TokenName5: ${{ secrets.TokenName5}}
steps:
- uses: actions/checkout@v4
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/omnios-vm@v1
with:
envs: 'TEST_DNS TestingDomain TEST_DNS_NO_WILDCARD TEST_DNS_NO_SUBDOMAIN TEST_DNS_SLEEP CASE TEST_LOCAL DEBUG http_proxy https_proxy HTTPS_INSECURE TokenName1 TokenName2 TokenName3 TokenName4 TokenName5 ${{ secrets.TokenName1}} ${{ secrets.TokenName2}} ${{ secrets.TokenName3}} ${{ secrets.TokenName4}} ${{ secrets.TokenName5}}'
copyback: false
prepare: pkg install socat
run: |
if [ "${{ secrets.TokenName1}}" ] ; then
export ${{ secrets.TokenName1}}="${{ secrets.TokenValue1}}"
fi
if [ "${{ secrets.TokenName2}}" ] ; then
export ${{ secrets.TokenName2}}="${{ secrets.TokenValue2}}"
fi
if [ "${{ secrets.TokenName3}}" ] ; then
export ${{ secrets.TokenName3}}="${{ secrets.TokenValue3}}"
fi
if [ "${{ secrets.TokenName4}}" ] ; then
export ${{ secrets.TokenName4}}="${{ secrets.TokenValue4}}"
fi
if [ "${{ secrets.TokenName5}}" ] ; then
export ${{ secrets.TokenName5}}="${{ secrets.TokenValue5}}"
fi
cd ../acmetest
./letest.sh

142
.github/workflows/DragonFlyBSD.yml vendored
View File

@@ -1,71 +1,71 @@
name: DragonFlyBSD
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/DragonFlyBSD.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/DragonFlyBSD.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
DragonFlyBSD:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: macos-12
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
steps:
- uses: actions/checkout@v3
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
protocol: http
port: 8080
- name: Set envs
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/dragonflybsd-vm@v0
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN'
copyback: "false"
nat: |
"8080": "80"
prepare: |
pkg install -y curl socat libnghttp2
usesh: true
run: |
cd ../acmetest \
&& ./letest.sh
name: DragonFlyBSD
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/DragonFlyBSD.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/DragonFlyBSD.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
DragonFlyBSD:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v4
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
protocol: http
port: 8080
- name: Set envs
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/dragonflybsd-vm@v1
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
nat: |
"8080": "80"
prepare: |
pkg install -y curl socat libnghttp2
usesh: true
copyback: false
run: |
cd ../acmetest \
&& ./letest.sh

10
.github/workflows/FreeBSD.yml vendored
View File

@@ -29,19 +29,19 @@ jobs:
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
TEST_PREFERRED_CHAIN: (STAGING)
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
TEST_PREFERRED_CHAIN: (STAGING)
ACME_USE_WGET: 1
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: macos-12
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
@@ -51,7 +51,7 @@ jobs:
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
@@ -61,7 +61,7 @@ jobs:
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/freebsd-vm@v0
- uses: vmactions/freebsd-vm@v1
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
nat: |

6
.github/workflows/Linux.yml vendored
View File

@@ -26,14 +26,14 @@ jobs:
Linux:
strategy:
matrix:
os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "centos:7", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"]
os: ["ubuntu:latest", "debian:latest", "almalinux:latest", "fedora:latest", "opensuse/leap:latest", "alpine:latest", "oraclelinux:8", "kalilinux/kali", "archlinux:latest", "mageia", "gentoo/stage3"]
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
TEST_PREFERRED_CHAIN: (STAGING)
TEST_ACME_Server: "LetsEncrypt.org_test"
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Clone acmetest
run: |
cd .. \

4
.github/workflows/MacOS.yml vendored
View File

@@ -29,7 +29,7 @@ jobs:
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
TEST_PREFERRED_CHAIN: (STAGING)
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
@@ -44,7 +44,7 @@ jobs:
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install tools
run: brew install socat
- name: Clone acmetest

142
.github/workflows/NetBSD.yml vendored
View File

@@ -1,71 +1,71 @@
name: NetBSD
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/NetBSD.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/NetBSD.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
NetBSD:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: macos-12
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
steps:
- uses: actions/checkout@v3
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
protocol: http
port: 8080
- name: Set envs
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/netbsd-vm@v0
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN'
nat: |
"8080": "80"
prepare: |
pkg_add curl socat
usesh: true
copyback: false
run: |
cd ../acmetest \
&& ./letest.sh
name: NetBSD
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/NetBSD.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/NetBSD.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
NetBSD:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v4
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
protocol: http
port: 8080
- name: Set envs
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/netbsd-vm@v1
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
nat: |
"8080": "80"
prepare: |
/usr/sbin/pkg_add curl socat
usesh: true
copyback: false
run: |
cd ../acmetest \
&& ./letest.sh

75
.github/workflows/Omnios.yml vendored Normal file
View File

@@ -0,0 +1,75 @@
name: Omnios
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/Omnios.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/Omnios.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
Omnios:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
ACME_USE_WGET: 1
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v4
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
protocol: http
port: 8080
- name: Set envs
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/omnios-vm@v1
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
nat: |
"8080": "80"
prepare: pkg install socat wget
copyback: false
run: |
cd ../acmetest \
&& ./letest.sh

10
.github/workflows/OpenBSD.yml vendored
View File

@@ -29,19 +29,19 @@ jobs:
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
TEST_PREFERRED_CHAIN: (STAGING)
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
TEST_PREFERRED_CHAIN: (STAGING)
ACME_USE_WGET: 1
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: macos-12
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
@@ -51,7 +51,7 @@ jobs:
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
@@ -61,7 +61,7 @@ jobs:
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/openbsd-vm@v0
- uses: vmactions/openbsd-vm@v1
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
nat: |

6
.github/workflows/PebbleStrict.yml vendored
View File

@@ -33,11 +33,11 @@ jobs:
TEST_CA: "Pebble Intermediate CA"
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install tools
run: sudo apt-get install -y socat
- name: Run Pebble
run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker-compose up -d
run: cd .. && curl https://raw.githubusercontent.com/letsencrypt/pebble/master/docker-compose.yml >docker-compose.yml && docker compose up -d
- name: Set up Pebble
run: curl --request POST --data '{"ip":"10.30.50.1"}' http://localhost:8055/set-default-ipv4
- name: Clone acmetest
@@ -58,7 +58,7 @@ jobs:
TEST_IPCERT: 1
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install tools
run: sudo apt-get install -y socat
- name: Run Pebble

149
.github/workflows/Solaris.yml vendored
View File

@@ -1,74 +1,75 @@
name: Solaris
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/Solaris.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/Solaris.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
Solaris:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
ACME_USE_WGET: 1
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: macos-12
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v3
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
protocol: http
port: 8080
- name: Set envs
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/solaris-vm@v0
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
copyback: "false"
nat: |
"8080": "80"
prepare: pkgutil -y -i socat curl wget
run: |
cd ../acmetest \
&& ./letest.sh
name: Solaris
on:
push:
branches:
- '*'
paths:
- '*.sh'
- '.github/workflows/Solaris.yml'
pull_request:
branches:
- dev
paths:
- '*.sh'
- '.github/workflows/Solaris.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
Solaris:
strategy:
matrix:
include:
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING)
ACME_USE_WGET: 1
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
# CA_EMAIL: "githubtest@acme.sh"
# TEST_PREFERRED_CHAIN: ""
runs-on: ubuntu-latest
env:
TEST_LOCAL: 1
TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
CA_ECDSA: ${{ matrix.CA_ECDSA }}
CA: ${{ matrix.CA }}
CA_EMAIL: ${{ matrix.CA_EMAIL }}
TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v4
- uses: vmactions/cf-tunnel@v0
id: tunnel
with:
protocol: http
port: 8080
- name: Set envs
run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
- name: Clone acmetest
run: cd .. && git clone --depth=1 https://github.com/acmesh-official/acmetest.git && cp -r acme.sh acmetest/
- uses: vmactions/solaris-vm@v1
with:
envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN ACME_USE_WGET'
nat: |
"8080": "80"
prepare: pkgutil -y -i socat curl wget
copyback: false
run: |
cd ../acmetest \
&& ./letest.sh

6
.github/workflows/Ubuntu.yml vendored
View File

@@ -29,12 +29,12 @@ jobs:
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
TEST_PREFERRED_CHAIN: (STAGING)
- TEST_ACME_Server: "LetsEncrypt.org_test"
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
TEST_PREFERRED_CHAIN: (STAGING)
ACME_USE_WGET: 1
- TEST_ACME_Server: "ZeroSSL.com"
CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
@@ -70,7 +70,7 @@ jobs:
TestingDomain: ${{ matrix.TestingDomain }}
ACME_USE_WGET: ${{ matrix.ACME_USE_WGET }}
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install tools
run: sudo apt-get install -y socat wget
- name: Start StepCA

4
.github/workflows/Windows.yml vendored
View File

@@ -29,7 +29,7 @@ jobs:
CA_ECDSA: ""
CA: ""
CA_EMAIL: ""
TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
TEST_PREFERRED_CHAIN: (STAGING)
#- TEST_ACME_Server: "ZeroSSL.com"
# CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
# CA: "ZeroSSL RSA Domain Secure Site CA"
@@ -49,7 +49,7 @@ jobs:
- name: Set git to use LF
run: |
git config --global core.autocrlf false
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install cygwin base packages with chocolatey
run: |
choco config get cacheLocation

2
.github/workflows/dockerhub.yml vendored
View File

@@ -41,7 +41,7 @@ jobs:
if: "contains(needs.CheckToken.outputs.hasToken, 'true')"
steps:
- name: checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx

6
.github/workflows/pr_dns.yml vendored
View File

@@ -4,8 +4,6 @@ on:
pull_request_target:
types:
- opened
branches:
- 'dev'
paths:
- 'dnsapi/*.sh'
@@ -22,9 +20,11 @@ jobs:
owner: context.repo.owner,
repo: context.repo.repo,
body: `**Welcome**
Please make sure you're read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test).
First thing: don't send PR to the master branch, please send to the dev branch instead.
Please make sure you've read our [DNS API Dev Guide](../wiki/DNS-API-Dev-Guide) and [DNS-API-Test](../wiki/DNS-API-Test).
Then reply on this message, otherwise, your code will not be reviewed or merged.
We look forward to reviewing your Pull request shortly ✨
注意: 必须通过了 [DNS-API-Test](../wiki/DNS-API-Test) 才会被 review. 无论是修改, 还是新加的 dns api, 都必须确保通过这个测试.
`
})

2
.github/workflows/pr_notify.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
owner: context.repo.owner,
repo: context.repo.repo,
body: `**Welcome**
Please make sure you're read our [Code-of-conduct](../wiki/Code-of-conduct) and add the usage here: [notify](../wiki/notify).
Please make sure you've read our [Code-of-conduct](../wiki/Code-of-conduct) and add the usage here: [notify](../wiki/notify).
Then reply on this message, otherwise, your code will not be reviewed or merged.
We look forward to reviewing your Pull request shortly ✨
`

4
.github/workflows/shellcheck.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
ShellCheck:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install Shellcheck
run: sudo apt-get install -y shellcheck
- name: DoShellcheck
@@ -31,7 +31,7 @@ jobs:
shfmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install shfmt
run: curl -sSL https://github.com/mvdan/sh/releases/download/v3.1.2/shfmt_v3.1.2_linux_amd64 -o ~/shfmt && chmod +x ~/shfmt
- name: shfmt

31
README.md
View File

@@ -8,7 +8,7 @@
[![Windows](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Windows.yml)
[![Solaris](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Solaris.yml)
[![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml)
[![Omnios](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml)
![Shellcheck](https://github.com/acmesh-official/acme.sh/workflows/Shellcheck/badge.svg)
![PebbleStrict](https://github.com/acmesh-official/acme.sh/workflows/PebbleStrict/badge.svg)
@@ -73,20 +73,21 @@ Twitter: [@neilpangxa](https://twitter.com/neilpangxa)
|7|[![OpenBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/OpenBSD.yml)|OpenBSD
|8|[![NetBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/NetBSD.yml)|NetBSD
|9|[![DragonFlyBSD](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/DragonFlyBSD.yml)|DragonFlyBSD
|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian
|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS
|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE
|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl)
|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux
|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora
|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux
|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux
|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia
|19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux
|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux
|11|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111
|22|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
|23|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management)
|10|[![Omnios](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Omnios.yml)|Omnios
|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)| Debian
|12|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|CentOS
|13|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|openSUSE
|14|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Alpine Linux (with curl)
|15|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Archlinux
|16|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|fedora
|17|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Kali Linux
|18|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Oracle Linux
|19|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Mageia
|10|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|Gentoo Linux
|11|[![Linux](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml/badge.svg)](https://github.com/acmesh-official/acme.sh/actions/workflows/Linux.yml)|ClearLinux
|22|-----| Cloud Linux https://github.com/acmesh-official/acme.sh/issues/111
|23|-----| OpenWRT: Tested and working. See [wiki page](https://github.com/acmesh-official/acme.sh/wiki/How-to-run-on-OpenWRT)
|24|[![](https://acmesh-official.github.io/acmetest/status/proxmox.svg)](https://github.com/acmesh-official/letest#here-are-the-latest-status)| Proxmox: See Proxmox VE Wiki. Version [4.x, 5.0, 5.1](https://pve.proxmox.com/wiki/HTTPS_Certificate_Configuration_(Version_4.x,_5.0_and_5.1)#Let.27s_Encrypt_using_acme.sh), version [5.2 and up](https://pve.proxmox.com/wiki/Certificate_Management)
Check our [testing project](https://github.com/acmesh-official/acmetest):

820
acme.sh
View File

File diff suppressed because it is too large Load Diff

157
deploy/ali_cdn.sh Normal file
View File

@@ -0,0 +1,157 @@
#!/usr/bin/env sh
# Script to create certificate to Alibaba Cloud CDN
#
# This deployment required following variables
# export Ali_Key="ALIACCESSKEY"
# export Ali_Secret="ALISECRETKEY"
# export DEPLOY_ALI_CDN_DOMAIN="cdn.example.com"
# If you have more than one domain, just
# export DEPLOY_ALI_CDN_DOMAIN="cdn1.example.com cdn2.example.com"
#
# The credentials are shared with all domains, also shared with dns_ali api
Ali_API="https://cdn.aliyuncs.com/"
ali_cdn_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
Ali_Key="${Ali_Key:-$(_readaccountconf_mutable Ali_Key)}"
Ali_Secret="${Ali_Secret:-$(_readaccountconf_mutable Ali_Secret)}"
if [ -z "$Ali_Key" ] || [ -z "$Ali_Secret" ]; then
Ali_Key=""
Ali_Secret=""
_err "You don't specify aliyun api key and secret yet."
return 1
fi
#save the api key and secret to the account conf file.
_saveaccountconf_mutable Ali_Key "$Ali_Key"
_saveaccountconf_mutable Ali_Secret "$Ali_Secret"
_getdeployconf DEPLOY_ALI_CDN_DOMAIN
if [ "$DEPLOY_ALI_CDN_DOMAIN" ]; then
_savedeployconf DEPLOY_ALI_CDN_DOMAIN "$DEPLOY_ALI_CDN_DOMAIN"
else
DEPLOY_ALI_CDN_DOMAIN="$_cdomain"
fi
# read cert and key files and urlencode both
_cert=$(_url_encode_upper <"$_cfullchain")
_key=$(_url_encode_upper <"$_ckey")
_debug2 _cert "$_cert"
_debug2 _key "$_key"
## update domain ssl config
for domain in $DEPLOY_ALI_CDN_DOMAIN; do
_set_cdn_domain_ssl_certificate_query "$domain" "$_cert" "$_key"
if _ali_rest "Set CDN domain SSL certificate for $domain" "" POST; then
_info "Domain $domain certificate has been deployed successfully"
fi
done
return 0
}
#################### Private functions below ##################################
# act ign mtd
_ali_rest() {
act="$1"
ign="$2"
mtd="$3"
signature=$(printf "%s" "$mtd&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_Secret&" | _hex_dump | tr -d " ")" | _base64)
signature=$(_ali_urlencode "$signature")
url="$Ali_API?$query&Signature=$signature"
if [ "$mtd" = "GET" ]; then
response="$(_get "$url")"
else
# post payload is not supported yet because of signature
response="$(_post "" "$url")"
fi
_ret="$?"
_debug2 response "$response"
if [ "$_ret" != "0" ]; then
_err "Error <$act>"
return 1
fi
if [ -z "$ign" ]; then
message="$(echo "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")"
if [ "$message" ]; then
_err "$message"
return 1
fi
fi
}
_ali_urlencode() {
_str="$1"
_str_len=${#_str}
_u_i=1
while [ "$_u_i" -le "$_str_len" ]; do
_str_c="$(printf "%s" "$_str" | cut -c "$_u_i")"
case $_str_c in [a-zA-Z0-9.~_-])
printf "%s" "$_str_c"
;;
*)
printf "%%%02X" "'$_str_c"
;;
esac
_u_i="$(_math "$_u_i" + 1)"
done
}
_ali_nonce() {
#_head_n 1 </dev/urandom | _digest "sha256" hex | cut -c 1-31
#Not so good...
date +"%s%N" | sed 's/%N//g'
}
_timestamp() {
date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ"
}
# stdin stdout
_url_encode_upper() {
encoded=$(_url_encode)
for match in $(echo "$encoded" | _egrep_o '%..' | sort -u); do
upper=$(echo "$match" | _upper_case)
encoded=$(echo "$encoded" | sed "s/$match/$upper/g")
done
echo "$encoded"
}
# domain pub pri
_set_cdn_domain_ssl_certificate_query() {
query=''
query=$query'AccessKeyId='$Ali_Key
query=$query'&Action=SetCdnDomainSSLCertificate'
query=$query'&CertType=upload'
query=$query'&DomainName='$1
query=$query'&Format=json'
query=$query'&SSLPri='$3
query=$query'&SSLProtocol=on'
query=$query'&SSLPub='$2
query=$query'&SignatureMethod=HMAC-SHA1'
query=$query"&SignatureNonce=$(_ali_nonce)"
query=$query'&SignatureVersion=1.0'
query=$query'&Timestamp='$(_timestamp)
query=$query'&Version=2018-05-10'
}

141
deploy/haproxy.sh
View File

@@ -36,6 +36,19 @@
# Note: This functionality requires HAProxy was compiled against
# a version of OpenSSL that supports this.
#
# export DEPLOY_HAPROXY_HOT_UPDATE="yes"
# export DEPLOY_HAPROXY_STATS_SOCKET="UNIX:/run/haproxy/admin.sock"
#
# OPTIONAL: Deploy the certificate over the HAProxy stats socket without
# needing to reload HAProxy. Default is "no".
#
# Require the socat binary. DEPLOY_HAPROXY_STATS_SOCKET variable uses the socat
# address format.
#
# export DEPLOY_HAPROXY_MASTER_CLI="UNIX:/run/haproxy-master.sock"
#
# OPTIONAL: To use the master CLI with DEPLOY_HAPROXY_HOT_UPDATE="yes" instead
# of a stats socket, use this variable.
######## Public functions #####################
@@ -46,6 +59,7 @@ haproxy_deploy() {
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_cmdpfx=""
# Some defaults
DEPLOY_HAPROXY_PEM_PATH_DEFAULT="/etc/haproxy"
@@ -53,6 +67,8 @@ haproxy_deploy() {
DEPLOY_HAPROXY_BUNDLE_DEFAULT="no"
DEPLOY_HAPROXY_ISSUER_DEFAULT="no"
DEPLOY_HAPROXY_RELOAD_DEFAULT="true"
DEPLOY_HAPROXY_HOT_UPDATE_DEFAULT="no"
DEPLOY_HAPROXY_STATS_SOCKET_DEFAULT="UNIX:/run/haproxy/admin.sock"
_debug _cdomain "${_cdomain}"
_debug _ckey "${_ckey}"
@@ -86,6 +102,11 @@ haproxy_deploy() {
_savedomainconf Le_Deploy_haproxy_pem_name "${Le_Deploy_haproxy_pem_name}"
elif [ -z "${Le_Deploy_haproxy_pem_name}" ]; then
Le_Deploy_haproxy_pem_name="${DEPLOY_HAPROXY_PEM_NAME_DEFAULT}"
# We better not have '*' as the first character
if [ "${Le_Deploy_haproxy_pem_name%%"${Le_Deploy_haproxy_pem_name#?}"}" = '*' ]; then
# removes the first characters and add a _ instead
Le_Deploy_haproxy_pem_name="_${Le_Deploy_haproxy_pem_name#?}"
fi
fi
# BUNDLE is optional. If not provided then assume "${DEPLOY_HAPROXY_BUNDLE_DEFAULT}"
@@ -118,6 +139,36 @@ haproxy_deploy() {
Le_Deploy_haproxy_reload="${DEPLOY_HAPROXY_RELOAD_DEFAULT}"
fi
# HOT_UPDATE is optional. If not provided then assume "${DEPLOY_HAPROXY_HOT_UPDATE_DEFAULT}"
_getdeployconf DEPLOY_HAPROXY_HOT_UPDATE
_debug2 DEPLOY_HAPROXY_HOT_UPDATE "${DEPLOY_HAPROXY_HOT_UPDATE}"
if [ -n "${DEPLOY_HAPROXY_HOT_UPDATE}" ]; then
Le_Deploy_haproxy_hot_update="${DEPLOY_HAPROXY_HOT_UPDATE}"
_savedomainconf Le_Deploy_haproxy_hot_update "${Le_Deploy_haproxy_hot_update}"
elif [ -z "${Le_Deploy_haproxy_hot_update}" ]; then
Le_Deploy_haproxy_hot_update="${DEPLOY_HAPROXY_HOT_UPDATE_DEFAULT}"
fi
# STATS_SOCKET is optional. If not provided then assume "${DEPLOY_HAPROXY_STATS_SOCKET_DEFAULT}"
_getdeployconf DEPLOY_HAPROXY_STATS_SOCKET
_debug2 DEPLOY_HAPROXY_STATS_SOCKET "${DEPLOY_HAPROXY_STATS_SOCKET}"
if [ -n "${DEPLOY_HAPROXY_STATS_SOCKET}" ]; then
Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_STATS_SOCKET}"
_savedomainconf Le_Deploy_haproxy_stats_socket "${Le_Deploy_haproxy_stats_socket}"
elif [ -z "${Le_Deploy_haproxy_stats_socket}" ]; then
Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_STATS_SOCKET_DEFAULT}"
fi
# MASTER_CLI is optional. No defaults are used. When the master CLI is used,
# all commands are sent with a prefix.
_getdeployconf DEPLOY_HAPROXY_MASTER_CLI
_debug2 DEPLOY_HAPROXY_MASTER_CLI "${DEPLOY_HAPROXY_MASTER_CLI}"
if [ -n "${DEPLOY_HAPROXY_MASTER_CLI}" ]; then
Le_Deploy_haproxy_stats_socket="${DEPLOY_HAPROXY_MASTER_CLI}"
_savedomainconf Le_Deploy_haproxy_stats_socket "${Le_Deploy_haproxy_stats_socket}"
_cmdpfx="@1 " # command prefix used for master CLI only.
fi
# Set the suffix depending if we are creating a bundle or not
if [ "${Le_Deploy_haproxy_bundle}" = "yes" ]; then
_info "Bundle creation requested"
@@ -142,12 +193,13 @@ haproxy_deploy() {
_issuer="${_pem}.issuer"
_ocsp="${_pem}.ocsp"
_reload="${Le_Deploy_haproxy_reload}"
_statssock="${Le_Deploy_haproxy_stats_socket}"
_info "Deploying PEM file"
# Create a temporary PEM file
_temppem="$(_mktemp)"
_debug _temppem "${_temppem}"
cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}"
cat "${_ccert}" "${_cca}" "${_ckey}" | grep . >"${_temppem}"
_ret="$?"
# Check that we could create the temporary file
@@ -265,15 +317,86 @@ haproxy_deploy() {
fi
fi
# Reload HAProxy
_debug _reload "${_reload}"
eval "${_reload}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Error code ${_ret} during reload"
return ${_ret}
if [ "${Le_Deploy_haproxy_hot_update}" = "yes" ]; then
# set the socket name for messages
if [ -n "${_cmdpfx}" ]; then
_socketname="master CLI"
else
_socketname="stats socket"
fi
# Update certificate over HAProxy stats socket or master CLI.
if _exists socat; then
# look for the certificate on the stats socket, to chose between updating or creating one
_socat_cert_cmd="echo '${_cmdpfx}show ssl cert' | socat '${_statssock}' - | grep -q '^${_pem}$'"
_debug _socat_cert_cmd "${_socat_cert_cmd}"
eval "${_socat_cert_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_newcert="1"
_info "Creating new certificate '${_pem}' over HAProxy ${_socketname}."
# certificate wasn't found, it's a new one. We should check if the crt-list exists and creates/inserts the certificate.
_socat_crtlist_show_cmd="echo '${_cmdpfx}show ssl crt-list' | socat '${_statssock}' - | grep -q '^${Le_Deploy_haproxy_pem_path}$'"
_debug _socat_crtlist_show_cmd "${_socat_crtlist_show_cmd}"
eval "${_socat_crtlist_show_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Couldn't find '${Le_Deploy_haproxy_pem_path}' in haproxy 'show ssl crt-list'"
return "${_ret}"
fi
# create a new certificate
_socat_new_cmd="echo '${_cmdpfx}new ssl cert ${_pem}' | socat '${_statssock}' - | grep -q 'New empty'"
_debug _socat_new_cmd "${_socat_new_cmd}"
eval "${_socat_new_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Couldn't create '${_pem}' in haproxy"
return "${_ret}"
fi
else
_info "Update existing certificate '${_pem}' over HAProxy ${_socketname}."
fi
_socat_cert_set_cmd="echo -e '${_cmdpfx}set ssl cert ${_pem} <<\n$(cat "${_pem}")\n' | socat '${_statssock}' - | grep -q 'Transaction created'"
_debug _socat_cert_set_cmd "${_socat_cert_set_cmd}"
eval "${_socat_cert_set_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Can't update '${_pem}' in haproxy"
return "${_ret}"
fi
_socat_cert_commit_cmd="echo '${_cmdpfx}commit ssl cert ${_pem}' | socat '${_statssock}' - | grep -q '^Success!$'"
_debug _socat_cert_commit_cmd "${_socat_cert_commit_cmd}"
eval "${_socat_cert_commit_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Can't commit '${_pem}' in haproxy"
return ${_ret}
fi
if [ "${_newcert}" = "1" ]; then
# if this is a new certificate, it needs to be inserted into the crt-list`
_socat_cert_add_cmd="echo '${_cmdpfx}add ssl crt-list ${Le_Deploy_haproxy_pem_path} ${_pem}' | socat '${_statssock}' - | grep -q 'Success!'"
_debug _socat_cert_add_cmd "${_socat_cert_add_cmd}"
eval "${_socat_cert_add_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Can't update '${_pem}' in haproxy"
return "${_ret}"
fi
fi
else
_err "'socat' is not available, couldn't update over ${_socketname}"
fi
else
_info "Reload successful"
# Reload HAProxy
_debug _reload "${_reload}"
eval "${_reload}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Error code ${_ret} during reload"
return ${_ret}
else
_info "Reload successful"
fi
fi
return 0

19
deploy/panos.sh
View File

@@ -12,6 +12,9 @@
# export PANOS_USER="" #User *MUST* have Commit and Import Permissions in XML API for Admin Role
# export PANOS_PASS=""
#
# OPTIONAL
# export PANOS_TEMPLATE="" #Template Name of panorama managed devices
#
# The script will automatically generate a new API key if
# no key is found, or if a saved key has expired or is invalid.
@@ -78,6 +81,9 @@ deployer() {
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"\r\n\r\n$_panos_key"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
if [ "$_panos_template" ]; then
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl\"\r\n\r\n$_panos_template"
fi
fi
if [ "$type" = 'key' ]; then
panos_url="${panos_url}?type=import"
@@ -87,6 +93,9 @@ deployer() {
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"format\"\r\n\r\npem"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"passphrase\"\r\n\r\n123456"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"file\"; filename=\"$(basename "$_cdomain.key")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
if [ "$_panos_template" ]; then
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"target-tpl\"\r\n\r\n$_panos_template"
fi
fi
#Close multipart
content="$content${nl}--$delim--${nl}${nl}"
@@ -173,10 +182,20 @@ panos_deploy() {
unset _panos_key
fi
# PANOS_TEMPLATE
if [ "$PANOS_TEMPLATE" ]; then
_debug "Detected ENV variable PANOS_TEMPLATE. Saving to file."
_savedeployconf PANOS_TEMPLATE "$PANOS_TEMPLATE" 1
else
_debug "Attempting to load variable PANOS_TEMPLATE from file."
_getdeployconf PANOS_TEMPLATE
fi
#Store variables
_panos_host=$PANOS_HOST
_panos_user=$PANOS_USER
_panos_pass=$PANOS_PASS
_panos_template=$PANOS_TEMPLATE
#Test API Key if found. If the key is invalid, the variable _panos_key will be unset.
if [ "$_panos_host" ] && [ "$_panos_key" ]; then

8
deploy/proxmoxve.sh
View File

@@ -99,11 +99,11 @@ proxmoxve_deploy() {
_proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
_savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
fi
_debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key
_debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY "$_proxmoxve_api_token_key"
# PVE API Token header value. Used in "Authorization: PVEAPIToken".
_proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}"
_debug2 "Auth Header" _proxmoxve_header_api_token
_debug2 "Auth Header" "$_proxmoxve_header_api_token"
# Ugly. I hate putting heredocs inside functions because heredocs don't
# account for whitespace correctly but it _does_ work and is several times
@@ -124,8 +124,8 @@ HEREDOC
)
_debug2 Payload "$_json_payload"
# Push certificates to server.
export _HTTPS_INSECURE=1
_info "Push certificates to server"
export HTTPS_INSECURE=1
export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}"
_post "$_json_payload" "$_target_url" "" POST "application/json"

11
deploy/routeros.sh
View File

@@ -137,7 +137,8 @@ routeros_deploy() {
return $_err_code
fi
DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=$ROUTER_OS_USERNAME \
DEPLOY_SCRIPT_CMD=":do {/system script remove \"LECertDeploy-$_cdomain\" } on-error={ }; \
/system script add name=\"LECertDeploy-$_cdomain\" owner=$ROUTER_OS_USERNAME \
comment=\"generated by routeros deploy script in acme.sh\" \
source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\
\n/certificate remove [ find name=$_cdomain.cer_1 ];\
@@ -146,8 +147,8 @@ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\
\n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\";\
\n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\";\
\ndelay 1;\
\n/file remove $_cdomain.cer;\
\n/file remove $_cdomain.key;\
\n:do {/file remove $_cdomain.cer; } on-error={ }\
\n:do {/file remove $_cdomain.key; } on-error={ }\
\ndelay 2;\
\n/ip service set www-ssl certificate=$_cdomain.cer_0;\
\n$ROUTER_OS_ADDITIONAL_SERVICES;\
@@ -158,11 +159,11 @@ source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\
return $_err_code
fi
if ! _ssh_remote_cmd "/system script run \"LE Cert Deploy - $_cdomain\""; then
if ! _ssh_remote_cmd "/system script run \"LECertDeploy-$_cdomain\""; then
return $_err_code
fi
if ! _ssh_remote_cmd "/system script remove \"LE Cert Deploy - $_cdomain\""; then
if ! _ssh_remote_cmd "/system script remove \"LECertDeploy-$_cdomain\""; then
return $_err_code
fi

424
deploy/synology_dsm.sh
View File

@@ -8,20 +8,38 @@
# Updated: 2023-07-03
# Issues: https://github.com/acmesh-official/acme.sh/issues/2727
################################################################################
# Usage:
# 1. export SYNO_Username="adminUser"
# 2. export SYNO_Password="adminPassword"
# Optional exports (shown values are the defaults):
# - export SYNO_Certificate="" to replace a specific certificate via description
# - export SYNO_Scheme="http"
# - export SYNO_Hostname="localhost"
# - export SYNO_Port="5000"
# - export SYNO_Device_Name="CertRenewal" - required for skipping 2FA-OTP
# - export SYNO_Device_ID="" - required for skipping 2FA-OTP
# 3. acme.sh --deploy --deploy-hook synology_dsm -d example.com
# Usage (shown values are the examples):
# 1. Set required environment variables:
# - use automatically created temp admin user to authenticate
# export SYNO_USE_TEMP_ADMIN=1
# - or provide your own admin user credential to authenticate
# 1. export SYNO_USERNAME="adminUser"
# 2. export SYNO_PASSWORD="adminPassword"
# 2. Set optional environment variables
# - common optional variables
# - export SYNO_SCHEME="http" - defaults to "http"
# - export SYNO_HOSTNAME="localhost" - defaults to "localhost"
# - export SYNO_PORT="5000" - defaults to "5000"
# - export SYNO_CREATE=1 - to allow creating the cert if it doesn't exist
# - export SYNO_CERTIFICATE="" - to replace a specific cert by its
# description
# - temp admin optional variables
# - export SYNO_LOCAL_HOSTNAME=1 - if set to 1, force to treat hostname is
# targeting current local machine (since
# this method only locally supported)
# - exsiting admin 2FA-OTP optional variables
# - export SYNO_OTP_CODE="XXXXXX" - if set, script won't require to
# interactive input the OTP code
# - export SYNO_DEVICE_NAME="CertRenewal" - if set, script won't require to
# interactive input the device name
# - export SYNO_DEVICE_ID="" - (deprecated, auth with OTP code instead)
# required for omitting 2FA-OTP
# 3. Run command:
# acme.sh --deploy --deploy-hook synology_dsm -d example.com
################################################################################
# Dependencies:
# - jq & curl
# - curl
# - synouser & synogroup & synosetkeyvalue (Required for SYNO_USE_TEMP_ADMIN=1)
################################################################################
# Return value:
# 0 means success, otherwise error.
@@ -37,59 +55,89 @@ synology_dsm_deploy() {
_debug _cdomain "$_cdomain"
# Get username & password, but don't save until we authenticated successfully
_getdeployconf SYNO_Username
_getdeployconf SYNO_Password
_getdeployconf SYNO_Create
_getdeployconf SYNO_DID
_getdeployconf SYNO_TOTP_SECRET
_getdeployconf SYNO_Device_Name
_getdeployconf SYNO_Device_ID
if [ -z "${SYNO_Username:-}" ] || [ -z "${SYNO_Password:-}" ]; then
_err "SYNO_Username & SYNO_Password must be set"
# Get username and password, but don't save until we authenticated successfully
_migratedeployconf SYNO_Username SYNO_USERNAME
_migratedeployconf SYNO_Password SYNO_PASSWORD
_migratedeployconf SYNO_Device_ID SYNO_DEVICE_ID
_migratedeployconf SYNO_Device_Name SYNO_DEVICE_NAME
_getdeployconf SYNO_USERNAME
_getdeployconf SYNO_PASSWORD
_getdeployconf SYNO_DEVICE_ID
_getdeployconf SYNO_DEVICE_NAME
# Prepare to use temp admin if SYNO_USE_TEMP_ADMIN is set
_getdeployconf SYNO_USE_TEMP_ADMIN
_check2cleardeployconfexp SYNO_USE_TEMP_ADMIN
_debug2 SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
if ! _exists synouser || ! _exists synogroup || ! _exists synosetkeyvalue; then
_err "Missing required tools to creat temp admin user, please set SYNO_USERNAME and SYNO_PASSWORD instead."
_err "Notice: temp admin user authorization method only supports local deployment on DSM."
return 1
fi
if synouser --help 2>&1 | grep -q 'Permission denied'; then
_err "For creating temp admin user, the deploy script must be run as root."
return 1
fi
[ -n "$SYNO_USERNAME" ] || _savedeployconf SYNO_USERNAME ""
[ -n "$SYNO_PASSWORD" ] || _savedeployconf SYNO_PASSWORD ""
_debug "Setting temp admin user credential..."
SYNO_USERNAME=sc-acmesh-tmp
SYNO_PASSWORD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16)
# Set 2FA-OTP settings to empty consider they won't be needed.
SYNO_DEVICE_ID=
SYNO_DEVICE_NAME=
SYNO_OTP_CODE=
else
_debug2 SYNO_USERNAME "$SYNO_USERNAME"
_secure_debug2 SYNO_PASSWORD "$SYNO_PASSWORD"
_debug2 SYNO_DEVICE_NAME "$SYNO_DEVICE_NAME"
_secure_debug2 SYNO_DEVICE_ID "$SYNO_DEVICE_ID"
fi
if [ -z "$SYNO_USERNAME" ] || [ -z "$SYNO_PASSWORD" ]; then
_err "You must set either SYNO_USE_TEMP_ADMIN, or set both SYNO_USERNAME and SYNO_PASSWORD."
return 1
fi
if [ -n "${SYNO_Device_Name:-}" ] && [ -z "${SYNO_Device_ID:-}" ]; then
_err "SYNO_Device_Name set, but SYNO_Device_ID is empty"
return 1
fi
_debug2 SYNO_Username "$SYNO_Username"
_secure_debug2 SYNO_Password "$SYNO_Password"
_debug2 SYNO_Create "$SYNO_Create"
_debug2 SYNO_Device_Name "$SYNO_Device_Name"
_secure_debug2 SYNO_Device_ID "$SYNO_Device_ID"
# Optional scheme, hostname & port for Synology DSM
_getdeployconf SYNO_Scheme
_getdeployconf SYNO_Hostname
_getdeployconf SYNO_Port
# Optional scheme, hostname and port for Synology DSM
_migratedeployconf SYNO_Scheme SYNO_SCHEME
_migratedeployconf SYNO_Hostname SYNO_HOSTNAME
_migratedeployconf SYNO_Port SYNO_PORT
_getdeployconf SYNO_SCHEME
_getdeployconf SYNO_HOSTNAME
_getdeployconf SYNO_PORT
# Default values for scheme, hostname & port
# Defaulting to localhost & http, because it's localhost…
[ -n "${SYNO_Scheme}" ] || SYNO_Scheme="http"
[ -n "${SYNO_Hostname}" ] || SYNO_Hostname="localhost"
[ -n "${SYNO_Port}" ] || SYNO_Port="5000"
_savedeployconf SYNO_Scheme "$SYNO_Scheme"
_savedeployconf SYNO_Hostname "$SYNO_Hostname"
_savedeployconf SYNO_Port "$SYNO_Port"
_debug2 SYNO_Scheme "$SYNO_Scheme"
_debug2 SYNO_Hostname "$SYNO_Hostname"
_debug2 SYNO_Port "$SYNO_Port"
# Default values for scheme, hostname and port
# Defaulting to localhost and http, because it's localhost…
[ -n "$SYNO_SCHEME" ] || SYNO_SCHEME="http"
[ -n "$SYNO_HOSTNAME" ] || SYNO_HOSTNAME="localhost"
[ -n "$SYNO_PORT" ] || SYNO_PORT="5000"
_savedeployconf SYNO_SCHEME "$SYNO_SCHEME"
_savedeployconf SYNO_HOSTNAME "$SYNO_HOSTNAME"
_savedeployconf SYNO_PORT "$SYNO_PORT"
_debug2 SYNO_SCHEME "$SYNO_SCHEME"
_debug2 SYNO_HOSTNAME "$SYNO_HOSTNAME"
_debug2 SYNO_PORT "$SYNO_PORT"
# Get the certificate description, but don't save it until we verify it's real
_getdeployconf SYNO_Certificate
_debug SYNO_Certificate "${SYNO_Certificate:-}"
_migratedeployconf SYNO_Certificate SYNO_CERTIFICATE "base64"
_getdeployconf SYNO_CERTIFICATE
_check2cleardeployconfexp SYNO_CERTIFICATE
_debug SYNO_CERTIFICATE "${SYNO_CERTIFICATE:-}"
# shellcheck disable=SC1003 # We are not trying to escape a single quote
if printf "%s" "$SYNO_Certificate" | grep '\\'; then
if printf "%s" "$SYNO_CERTIFICATE" | grep '\\'; then
_err "Do not use a backslash (\) in your certificate description"
return 1
fi
_base_url="$SYNO_Scheme://$SYNO_Hostname:$SYNO_Port"
_debug "Getting API version..."
_base_url="$SYNO_SCHEME://$SYNO_HOSTNAME:$SYNO_PORT"
_debug _base_url "$_base_url"
_debug "Getting API version"
response=$(_get "$_base_url/webapi/query.cgi?api=SYNO.API.Info&version=1&method=query&query=SYNO.API.Auth")
api_path=$(echo "$response" | grep "SYNO.API.Auth" | sed -n 's/.*"path" *: *"\([^"]*\)".*/\1/p')
api_version=$(echo "$response" | grep "SYNO.API.Auth" | sed -n 's/.*"maxVersion" *: *\([0-9]*\).*/\1/p')
@@ -97,63 +145,167 @@ synology_dsm_deploy() {
_debug3 api_path "$api_path"
_debug3 api_version "$api_version"
# Login, get the session ID & SynoToken from JSON
_info "Logging into $SYNO_Hostname:$SYNO_Port"
encoded_username="$(printf "%s" "$SYNO_Username" | _url_encode)"
encoded_password="$(printf "%s" "$SYNO_Password" | _url_encode)"
# Login, get the session ID and SynoToken from JSON
_info "Logging into $SYNO_HOSTNAME:$SYNO_PORT..."
encoded_username="$(printf "%s" "$SYNO_USERNAME" | _url_encode)"
encoded_password="$(printf "%s" "$SYNO_PASSWORD" | _url_encode)"
# ## START ## - DEPRECATED, for backward compatibility
_getdeployconf SYNO_TOTP_SECRET
otp_code=""
# START - DEPRECATED, only kept for legacy compatibility reasons
if [ -n "$SYNO_TOTP_SECRET" ]; then
_info "WARNING: Usage of SYNO_TOTP_SECRET is deprecated!"
_info " See synology_dsm.sh script or ACME.sh Wiki page for details:"
_info " https://github.com/acmesh-official/acme.sh/wiki/Synology-NAS-Guide"
DEPRECATED_otp_code=""
if _exists oathtool; then
DEPRECATED_otp_code="$(oathtool --base32 --totp "${SYNO_TOTP_SECRET}" 2>/dev/null)"
else
if ! _exists oathtool; then
_err "oathtool could not be found, install oathtool to use SYNO_TOTP_SECRET"
return 1
fi
DEPRECATED_otp_code="$(oathtool --base32 --totp "$SYNO_TOTP_SECRET" 2>/dev/null)"
if [ -n "$SYNO_DID" ]; then
_H1="Cookie: did=$SYNO_DID"
if [ -z "$SYNO_DEVICE_ID" ]; then
_getdeployconf SYNO_DID
[ -n "$SYNO_DID" ] || SYNO_DEVICE_ID="$SYNO_DID"
fi
if [ -n "$SYNO_DEVICE_ID" ]; then
_H1="Cookie: did=$SYNO_DEVICE_ID"
export _H1
_debug3 H1 "${_H1}"
fi
response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$DEPRECATED_otp_code&device_name=certrenewal&device_id=$SYNO_DID" "$_base_url/webapi/auth.cgi?enable_syno_token=yes")
response=$(_post "method=login&account=$encoded_username&passwd=$encoded_password&api=SYNO.API.Auth&version=$api_version&enable_syno_token=yes&otp_code=$DEPRECATED_otp_code&device_name=certrenewal&device_id=$SYNO_DEVICE_ID" "$_base_url/webapi/$api_path?enable_syno_token=yes")
_debug3 response "$response"
# END - DEPRECATED, only kept for legacy compatibility reasons
# Get device ID if still empty first, otherwise log in right away
elif [ -z "${SYNO_Device_ID:-}" ]; then
printf "Enter OTP code for user '%s': " "$SYNO_Username"
read -r otp_code
if [ -z "${SYNO_Device_Name:-}" ]; then
# ## END ## - DEPRECATED, for backward compatibility
# If SYNO_DEVICE_ID or SYNO_OTP_CODE is set, we treat current account enabled 2FA-OTP.
# Notice that if SYNO_USE_TEMP_ADMIN=1, both variables will be unset
else
if [ -n "$SYNO_DEVICE_ID" ] || [ -n "$SYNO_OTP_CODE" ]; then
response='{"error":{"code":403}}'
# Assume the current account disabled 2FA-OTP, try to log in right away.
else
if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
_getdeployconf SYNO_LOCAL_HOSTNAME
_debug SYNO_LOCAL_HOSTNAME "${SYNO_LOCAL_HOSTNAME:-}"
if [ "$SYNO_LOCAL_HOSTNAME" != "1" ] && [ "$SYNO_LOCAL_HOSTNAME" == "$SYNO_HOSTNAME" ]; then
if [ "$SYNO_HOSTNAME" != "localhost" ] && [ "$SYNO_HOSTNAME" != "127.0.0.1" ]; then
_err "SYNO_USE_TEMP_ADMIN=1 only support local deployment, though if you are sure that the hostname $SYNO_HOSTNAME is targeting to your **current local machine**, execute 'export SYNO_LOCAL_HOSTNAME=1' then rerun."
return 1
fi
fi
_debug "Creating temp admin user in Synology DSM..."
if synogroup --help | grep -q '\-\-memberadd '; then
_temp_admin_create "$SYNO_USERNAME" "$SYNO_PASSWORD"
synogroup --memberadd administrators "$SYNO_USERNAME" >/dev/null
elif synogroup --help | grep -q '\-\-member '; then
# For supporting DSM 6.x which only has `--member` parameter.
cur_admins=$(synogroup --get administrators | awk -F '[][]' '/Group Members/,0{if(NF>1)printf "%s ", $2}')
if [ -n "$cur_admins" ]; then
_temp_admin_create "$SYNO_USERNAME" "$SYNO_PASSWORD"
_secure_debug3 admin_users "$cur_admins$SYNO_USERNAME"
# shellcheck disable=SC2086
synogroup --member administrators $cur_admins $SYNO_USERNAME >/dev/null
else
_err "The tool synogroup may be broken, please set SYNO_USERNAME and SYNO_PASSWORD instead."
return 1
fi
else
_err "Unsupported synogroup tool detected, please set SYNO_USERNAME and SYNO_PASSWORD instead."
return 1
fi
# havig a workaround to temporary disable enforce 2FA-OTP, will restore
# it soon (after a single request), though if any accident occurs like
# unexpected interruption, this setting can be easily reverted manually.
otp_enforce_option=$(synogetkeyvalue /etc/synoinfo.conf otp_enforce_option)
if [ -n "$otp_enforce_option" ] && [ "${otp_enforce_option:-"none"}" != "none" ]; then
synosetkeyvalue /etc/synoinfo.conf otp_enforce_option none
_info "Enforcing 2FA-OTP has been disabled to complete temp admin authentication."
_info "Notice: it will be restored soon, if not, you can restore it manually via Control Panel."
_info "previous_otp_enforce_option" "$otp_enforce_option"
else
otp_enforce_option=""
fi
fi
response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes")
if [ -n "$SYNO_USE_TEMP_ADMIN" ] && [ -n "$otp_enforce_option" ]; then
synosetkeyvalue /etc/synoinfo.conf otp_enforce_option "$otp_enforce_option"
_info "Restored previous enforce 2FA-OTP option."
fi
_debug3 response "$response"
fi
fi
error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*')
_debug2 error_code "$error_code"
# Account has 2FA-OTP enabled, since error 403 reported.
# https://global.download.synology.com/download/Document/Software/DeveloperGuide/Os/DSM/All/enu/DSM_Login_Web_API_Guide_enu.pdf
if [ "$error_code" == "403" ]; then
if [ -z "$SYNO_DEVICE_NAME" ]; then
printf "Enter device name or leave empty for default (CertRenewal): "
read -r SYNO_Device_Name
[ -n "${SYNO_Device_Name}" ] || SYNO_Device_Name="CertRenewal"
read -r SYNO_DEVICE_NAME
[ -n "$SYNO_DEVICE_NAME" ] || SYNO_DEVICE_NAME="CertRenewal"
fi
response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&otp_code=$otp_code&enable_syno_token=yes&enable_device_token=yes&device_name=$SYNO_Device_Name")
_secure_debug3 response "$response"
if [ -n "$SYNO_DEVICE_ID" ]; then
# Omit OTP code with SYNO_DEVICE_ID.
response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&device_name=$SYNO_DEVICE_NAME&device_id=$SYNO_DEVICE_ID")
_secure_debug3 response "$response"
else
# Require the OTP code if still unset.
if [ -z "$SYNO_OTP_CODE" ]; then
printf "Enter OTP code for user '%s': " "$SYNO_USERNAME"
read -r SYNO_OTP_CODE
fi
_secure_debug SYNO_OTP_CODE "${SYNO_OTP_CODE:-}"
id_property='device_id'
[ "${api_version}" -gt '6' ] || id_property='did'
SYNO_Device_ID=$(echo "$response" | grep "$id_property" | sed -n 's/.*"'$id_property'" *: *"\([^"]*\).*/\1/p')
_secure_debug2 SYNO_Device_ID "$SYNO_Device_ID"
else
response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&device_name=$SYNO_Device_Name&device_id=$SYNO_Device_ID")
_debug3 response "$response"
if [ -z "$SYNO_OTP_CODE" ]; then
response='{"error":{"code":404}}'
else
response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=login&format=sid&account=$encoded_username&passwd=$encoded_password&enable_syno_token=yes&enable_device_token=yes&device_name=$SYNO_DEVICE_NAME&otp_code=$SYNO_OTP_CODE")
_secure_debug3 response "$response"
id_property='device_id'
[ "${api_version}" -gt '6' ] || id_property='did'
SYNO_DEVICE_ID=$(echo "$response" | grep "$id_property" | sed -n 's/.*"'$id_property'" *: *"\([^"]*\).*/\1/p')
_secure_debug2 SYNO_DEVICE_ID "$SYNO_DEVICE_ID"
fi
fi
error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*')
_debug2 error_code "$error_code"
fi
if [ -n "$error_code" ]; then
if [ "$error_code" == "403" ] && [ -n "$SYNO_DEVICE_ID" ]; then
_cleardeployconf SYNO_DEVICE_ID
_err "Failed to authenticate with SYNO_DEVICE_ID (may expired or invalid), please try again in a new terminal window."
elif [ "$error_code" == "404" ]; then
_err "Failed to authenticate with provided 2FA-OTP code, please try again in a new terminal window."
elif [ "$error_code" == "406" ]; then
if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
_err "Failed with unexcepted error, please report this by providing full log with '--debug 3'."
else
_err "Enforce auth with 2FA-OTP enabled, please configure the user to enable 2FA-OTP to continue."
fi
elif [ "$error_code" == "400" ]; then
_err "Failed to authenticate, no such account or incorrect password."
elif [ "$error_code" == "401" ]; then
_err "Failed to authenticate with a non-existent account."
elif [ "$error_code" == "408" ] || [ "$error_code" == "409" ] || [ "$error_code" == "410" ]; then
_err "Failed to authenticate, the account password has expired or must be changed."
else
_err "Failed to authenticate with error: $error_code."
fi
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
return 1
fi
sid=$(echo "$response" | grep "sid" | sed -n 's/.*"sid" *: *"\([^"]*\).*/\1/p')
token=$(echo "$response" | grep "synotoken" | sed -n 's/.*"synotoken" *: *"\([^"]*\).*/\1/p')
_debug "Session ID" "$sid"
_debug SynoToken "$token"
if [ -z "$SYNO_DID" ] && [ -z "$SYNO_Device_ID" ] || [ -z "$sid" ] || [ -z "$token" ]; then
_err "Unable to authenticate to $_base_url - check your username & password."
_err "If two-factor authentication is enabled for the user, set SYNO_Device_ID."
if [ -z "$sid" ] || [ -z "$token" ]; then
# Still can't get necessary info even got no errors, may Synology have API updated?
_err "Unable to authenticate to $_base_url, you may report this by providing full log with '--debug 3'."
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
return 1
fi
@@ -161,36 +313,62 @@ synology_dsm_deploy() {
export _H1
_debug2 H1 "${_H1}"
# Now that we know the username & password are good, save them
_savedeployconf SYNO_Username "$SYNO_Username"
_savedeployconf SYNO_Password "$SYNO_Password"
_savedeployconf SYNO_Device_Name "$SYNO_Device_Name"
_savedeployconf SYNO_Device_ID "$SYNO_Device_ID"
# Now that we know the username and password are good, save them if not in temp admin mode.
if [ -n "$SYNO_USE_TEMP_ADMIN" ]; then
_cleardeployconf SYNO_USERNAME
_cleardeployconf SYNO_PASSWORD
_cleardeployconf SYNO_DEVICE_ID
_cleardeployconf SYNO_DEVICE_NAME
_savedeployconf SYNO_USE_TEMP_ADMIN "$SYNO_USE_TEMP_ADMIN"
_savedeployconf SYNO_LOCAL_HOSTNAME "$SYNO_HOSTNAME"
else
_savedeployconf SYNO_USERNAME "$SYNO_USERNAME"
_savedeployconf SYNO_PASSWORD "$SYNO_PASSWORD"
_savedeployconf SYNO_DEVICE_ID "$SYNO_DEVICE_ID"
_savedeployconf SYNO_DEVICE_NAME "$SYNO_DEVICE_NAME"
fi
_info "Getting certificates in Synology DSM"
_info "Getting certificates in Synology DSM..."
response=$(_post "api=SYNO.Core.Certificate.CRT&method=list&version=1&_sid=$sid" "$_base_url/webapi/entry.cgi")
_debug3 response "$response"
escaped_certificate="$(printf "%s" "$SYNO_Certificate" | sed 's/\([].*^$[]\)/\\\1/g;s/"/\\\\"/g')"
escaped_certificate="$(printf "%s" "$SYNO_CERTIFICATE" | sed 's/\([].*^$[]\)/\\\1/g;s/"/\\\\"/g')"
_debug escaped_certificate "$escaped_certificate"
id=$(echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\"id\":\"\([^\"]*\).*/\1/p")
_debug2 id "$id"
if [ -z "$id" ] && [ -z "${SYNO_Create:-}" ]; then
_err "Unable to find certificate: $SYNO_Certificate & \$SYNO_Create is not set"
error_code=$(echo "$response" | grep '"error":' | grep -o '"code":[0-9]*' | grep -o '[0-9]*')
_debug2 error_code "$error_code"
if [ -n "$error_code" ]; then
if [ "$error_code" -eq 105 ]; then
_err "Current user is not administrator and does not have sufficient permission for deploying."
else
_err "Failed to fetch certificate info: $error_code, please try again or contact Synology to learn more."
fi
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
return 1
fi
_migratedeployconf SYNO_Create SYNO_CREATE
_getdeployconf SYNO_CREATE
_debug2 SYNO_CREATE "$SYNO_CREATE"
if [ -z "$id" ] && [ -z "$SYNO_CREATE" ]; then
_err "Unable to find certificate: $SYNO_CERTIFICATE and $SYNO_CREATE is not set."
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
return 1
fi
# We've verified this certificate description is a thing, so save it
_savedeployconf SYNO_Certificate "$SYNO_Certificate" "base64"
_savedeployconf SYNO_CERTIFICATE "$SYNO_CERTIFICATE" "base64"
_info "Generate form POST request"
_info "Generating form POST request..."
nl="\0015\0012"
delim="--------------------------$(_utc_date | tr -d -- '-: ')"
content="--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")\0012"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_ccert")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ccert")\0012"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"inter_cert\"; filename=\"$(basename "$_cca")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cca")\0012"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"id\"${nl}${nl}$id"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_Certificate}"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"desc\"${nl}${nl}${SYNO_CERTIFICATE}"
if echo "$response" | sed -n "s/.*\"desc\":\"$escaped_certificate\",\([^{]*\).*/\1/p" | grep -- 'is_default":true' >/dev/null; then
_debug2 default "This is the default certificate"
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"as_default\"${nl}${nl}true"
@@ -201,21 +379,22 @@ synology_dsm_deploy() {
content="$(printf "%b_" "$content")"
content="${content%_}" # protect trailing \n
_info "Upload certificate to the Synology DSM"
_info "Upload certificate to the Synology DSM."
response=$(_post "$content" "$_base_url/webapi/entry.cgi?api=SYNO.Core.Certificate&method=import&version=1&SynoToken=$token&_sid=$sid" "" "POST" "multipart/form-data; boundary=${delim}")
_debug3 response "$response"
if ! echo "$response" | grep '"error":' >/dev/null; then
if echo "$response" | grep '"restart_httpd":true' >/dev/null; then
_info "Restarting HTTP services succeeded"
_info "Restart HTTP services succeeded."
else
_info "Restarting HTTP services failed"
_info "Restart HTTP services failed."
fi
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
_logout
return 0
else
_err "Unable to update certificate, error code $response"
_temp_admin_cleanup "$SYNO_USE_TEMP_ADMIN" "$SYNO_USERNAME"
_err "Unable to update certificate, got error response: $response."
_logout
return 1
fi
@@ -223,7 +402,44 @@ synology_dsm_deploy() {
#################### Private functions below ##################################
_logout() {
# Logout to not occupy a permanent session, e.g. in DSM's "Connected Users" widget
response=$(_get "$_base_url/webapi/entry.cgi?api=SYNO.API.Auth&version=$api_version&method=logout")
# Logout CERT user only to not occupy a permanent session, e.g. in DSM's "Connected Users" widget (based on previous variables)
response=$(_get "$_base_url/webapi/$api_path?api=SYNO.API.Auth&version=$api_version&method=logout&_sid=$sid")
_debug3 response "$response"
}
_temp_admin_create() {
_username="$1"
_password="$2"
synouser --del "$_username" >/dev/null 2>/dev/null
synouser --add "$_username" "$_password" "" 0 "scruelt@hotmail.com" 0 >/dev/null
}
_temp_admin_cleanup() {
_flag=$1
_username=$2
if [ -n "${_flag}" ]; then
_debug "Cleanuping temp admin info..."
synouser --del "$_username" >/dev/null
fi
}
#_cleardeployconf key
_cleardeployconf() {
_cleardomainconf "SAVED_$1"
}
# key
_check2cleardeployconfexp() {
_key="$1"
_clear_key="CLEAR_$_key"
# Clear saved settings if explicitly requested
if [ -n "$(eval echo \$"$_clear_key")" ]; then
_debug2 "$_key: value cleared from config, exported value will be ignored."
_cleardeployconf "$_key"
eval "$_key"=
export "$_key"=
eval SAVED_"$_key"=
export SAVED_"$_key"=
fi
}

8
deploy/vault.sh
View File

@@ -70,10 +70,10 @@ vault_deploy() {
# JSON does not allow multiline strings.
# So replacing new-lines with "\n" here
_ckey=$(sed -z 's/\n/\\n/g' <"$2")
_ccert=$(sed -z 's/\n/\\n/g' <"$3")
_cca=$(sed -z 's/\n/\\n/g' <"$4")
_cfullchain=$(sed -z 's/\n/\\n/g' <"$5")
_ckey=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$2")
_ccert=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$3")
_cca=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$4")
_cfullchain=$(sed -e ':a' -e N -e '$ ! ba' -e 's/\n/\\n/g' <"$5")
export _H1="X-Vault-Token: $VAULT_TOKEN"

35
dnsapi/dns_1984hosting.sh
View File

@@ -1,22 +1,18 @@
#!/usr/bin/env sh
# This file name is "dns_1984hosting.sh"
# So, here must be a method dns_1984hosting_add()
# Which will be called by acme.sh to add the txt record to your api system.
# returns 0 means success, otherwise error.
# Author: Adrian Fedoreanu
# Report Bugs here: https://github.com/acmesh-official/acme.sh
# or here... https://github.com/acmesh-official/acme.sh/issues/2851
# shellcheck disable=SC2034
dns_1984hosting_info='1984.hosting
Domains: 1984.is
Site: 1984.hosting
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_1984hosting
Options:
One984HOSTING_Username Username
One984HOSTING_Password Password
Issues: github.com/acmesh-official/acme.sh/issues/2851
Author: Adrian Fedoreanu
'
######## Public functions #####################
# Export 1984HOSTING username and password in following variables
#
# One984HOSTING_Username=username
# One984HOSTING_Password=password
#
# username/password and csrftoken/sessionid cookies are saved in ~/.acme.sh/account.conf
# Usage: dns_1984hosting_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
# Add a text record.
dns_1984hosting_add() {
@@ -128,7 +124,7 @@ _1984hosting_login() {
_debug "Login to 1984Hosting as user $One984HOSTING_Username."
username=$(printf '%s' "$One984HOSTING_Username" | _url_encode)
password=$(printf '%s' "$One984HOSTING_Password" | _url_encode)
url="https://1984.hosting/accounts/checkuserauth/"
url="https://1984.hosting/api/auth/"
_get "https://1984.hosting/accounts/login/" | grep "csrfmiddlewaretoken"
csrftoken="$(grep -i '^set-cookie:' "$HTTP_HEADER" | _egrep_o 'csrftoken=[^;]*;' | tr -d ';')"
@@ -185,7 +181,7 @@ _check_cookies() {
return 1
fi
_authget "https://1984.hosting/accounts/loginstatus/"
_authget "https://1984.hosting/api/auth/"
if _contains "$_response" '"ok": true'; then
_debug "Cached cookies still valid."
return 0
@@ -215,8 +211,8 @@ _get_root() {
return 1
fi
_authget "https://1984.hosting/domains/soacheck/?zone=$h&nameserver=ns0.1984.is."
if _contains "$_response" "serial" && ! _contains "$_response" "null"; then
_authget "https://1984.hosting/domains/zonestatus/$h/?cached=no"
if _contains "$_response" '"ok": true'; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-"$p")
_domain="$h"
return 0
@@ -250,7 +246,6 @@ _authget() {
}
# Truncate huge HTML response
# Echo: Argument list too long
_htmlget() {
export _H1="Cookie: $One984HOSTING_CSRFTOKEN_COOKIE; $One984HOSTING_SESSIONID_COOKIE"
_response=$(_get "$1" | grep "$2")

28
dnsapi/dns_acmedns.sh
View File

@@ -1,18 +1,18 @@
#!/usr/bin/env sh
#
#Author: Wolfgang Ebner
#Author: Sven Neubuaer
#Report Bugs here: https://github.com/dampfklon/acme.sh
#
# Usage:
# export ACMEDNS_BASE_URL="https://auth.acme-dns.io"
#
# You can optionally define an already existing account:
#
# export ACMEDNS_USERNAME="<username>"
# export ACMEDNS_PASSWORD="<password>"
# export ACMEDNS_SUBDOMAIN="<subdomain>"
#
# shellcheck disable=SC2034
dns_acmedns_info='acme-dns Server API
The acme-dns is a limited DNS server with RESTful API to handle ACME DNS challenges.
Site: github.com/joohoi/acme-dns
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_acmedns
Options:
ACMEDNS_USERNAME Username. Optional.
ACMEDNS_PASSWORD Password. Optional.
ACMEDNS_SUBDOMAIN Subdomain. Optional.
ACMEDNS_BASE_URL API endpoint. Default: "https://auth.acme-dns.io".
Issues: github.com/dampfklon/acme.sh
Author: Wolfgang Ebner, Sven Neubuaer
'
######## Public functions #####################
#Usage: dns_acmedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"

18
dnsapi/dns_acmeproxy.sh Normal file → Executable file
View File

@@ -1,9 +1,17 @@
#!/usr/bin/env sh
## Acmeproxy DNS provider to be used with acmeproxy (https://github.com/mdbraber/acmeproxy)
## API integration by Maarten den Braber
##
## Report any bugs via https://github.com/mdbraber/acme.sh
# shellcheck disable=SC2034
dns_acmeproxy_info='AcmeProxy Server API
AcmeProxy can be used to as a single host in your network to request certificates through a DNS API.
Clients can connect with the one AcmeProxy host so you do not need to store DNS API credentials on every single host.
Site: github.com/mdbraber/acmeproxy
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_acmeproxy
Options:
ACMEPROXY_ENDPOINT API Endpoint
ACMEPROXY_USERNAME Username
ACMEPROXY_PASSWORD Password
Issues: github.com/acmesh-official/acme.sh/issues/2251
Author: Maarten den Braber
'
dns_acmeproxy_add() {
fulldomain="${1}"

11
dnsapi/dns_active24.sh
View File

@@ -1,6 +1,13 @@
#!/usr/bin/env sh
#ACTIVE24_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
# shellcheck disable=SC2034
dns_active24_info='Active24.com
Site: Active24.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_active24
Options:
ACTIVE24_Token API Token
Issues: github.com/acmesh-official/acme.sh/issues/2059
Author: Milan Pála
'
ACTIVE24_Api="https://api.active24.com"

17
dnsapi/dns_ad.sh
View File

@@ -1,12 +1,13 @@
#!/usr/bin/env sh
#
#AD_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje"
#This is the Alwaysdata api wrapper for acme.sh
#
#Author: Paul Koppen
#Report Bugs here: https://github.com/wpk-/acme.sh
# shellcheck disable=SC2034
dns_ad_info='AlwaysData.com
Site: AlwaysData.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ad
Options:
AD_API_KEY API Key
Issues: github.com/acmesh-official/acme.sh/pull/503
Author: Paul Koppen
'
AD_API_URL="https://$AD_API_KEY:@api.alwaysdata.com/v1"

12
dnsapi/dns_ali.sh
View File

@@ -1,10 +1,16 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_ali_info='AlibabaCloud.com
Domains: Aliyun.com
Site: AlibabaCloud.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ali
Options:
Ali_Key API Key
Ali_Secret API Secret
'
Ali_API="https://alidns.aliyuncs.com/"
#Ali_Key="LTqIA87hOKdjevsf5"
#Ali_Secret="0p5EYueFNq501xnCPzKNbx6K51qPH2"
#Usage: dns_ali_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_ali_add() {
fulldomain=$1

184
dnsapi/dns_alviy.sh Normal file
View File

@@ -0,0 +1,184 @@
#!/usr/bin/env sh
# Alviy domain api
#
# Get API key and secret from https://cloud.alviy.com/token
#
# Alviy_token="some-secret-key"
#
# Ex.: acme.sh --issue --staging --dns dns_alviy -d "*.s.example.com" -d "s.example.com"
Alviy_Api="https://cloud.alviy.com/api/v1"
######## Public functions #####################
#Usage: dns_alviy_add _acme-challenge.www.domain.com "content"
dns_alviy_add() {
fulldomain=$1
txtvalue=$2
Alviy_token="${Alviy_token:-$(_readaccountconf_mutable Alviy_token)}"
if [ -z "$Alviy_token" ]; then
Alviy_token=""
_err "Please specify Alviy token."
return 1
fi
#save the api key and email to the account conf file.
_saveaccountconf_mutable Alviy_token "$Alviy_token"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
_debug "Getting existing records"
if _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then
_info "This record already exists, skipping"
return 0
fi
_add_data="{\"content\":\"$txtvalue\",\"type\":\"TXT\"}"
_debug2 _add_data "$_add_data"
_info "Adding record"
if _alviy_rest POST "zone/$_domain/domain/$fulldomain/" "$_add_data"; then
_debug "Checking updated records of '${fulldomain}'"
if ! _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then
_err "TXT record '${txtvalue}' for '${fulldomain}', value wasn't set!"
return 1
fi
else
_err "Add txt record error, value '${txtvalue}' for '${fulldomain}' was not set."
return 1
fi
_sleep 10
_info "Added TXT record '${txtvalue}' for '${fulldomain}'."
return 0
}
#fulldomain
dns_alviy_rm() {
fulldomain=$1
txtvalue=$2
Alviy_token="${Alviy_token:-$(_readaccountconf_mutable Alviy_token)}"
_debug "First detect the root zone"
if ! _get_root "$fulldomain"; then
_err "invalid domain"
return 1
fi
_debug _sub_domain "$_sub_domain"
_debug _domain "$_domain"
if ! _alviy_txt_exists "$_domain" "$fulldomain" "$txtvalue"; then
_info "The record does not exist, skip"
return 0
fi
_add_data=""
uuid=$(echo "$response" | tr "{" "\n" | grep "$txtvalue" | tr "," "\n" | grep uuid | cut -d \" -f4)
# delete record
_debug "Delete TXT record for '${fulldomain}'"
if ! _alviy_rest DELETE "zone/$_domain/record/$uuid" "{\"confirm\":1}"; then
_err "Cannot delete empty TXT record for '$fulldomain'"
return 1
fi
_info "The record '$fulldomain'='$txtvalue' deleted"
}
#################### Private functions below ##################################
#_acme-challenge.www.domain.com
#returns
# _sub_domain=_acme-challenge.www
# _domain=domain.com
_get_root() {
domain=$1
i=3
a="init"
while [ -n "$a" ]; do
a=$(printf "%s" "$domain" | cut -d . -f $i-)
i=$((i + 1))
done
n=$((i - 3))
h=$(printf "%s" "$domain" | cut -d . -f $n-)
if [ -z "$h" ]; then
#not valid
_alviy_rest GET "zone/$domain/"
_debug "can't get host from $domain"
return 1
fi
if ! _alviy_rest GET "zone/$h/"; then
return 1
fi
if _contains "$response" '"code":"NOT_FOUND"'; then
_debug "$h not found"
else
s=$((n - 1))
_sub_domain=$(printf "%s" "$domain" | cut -d . -f -$s)
_domain="$h"
return 0
fi
return 1
}
_alviy_txt_exists() {
zone=$1
domain=$2
content_data=$3
_debug "Getting existing records"
if ! _alviy_rest GET "zone/$zone/domain/$domain/TXT/"; then
_info "The record does not exist"
return 1
fi
if ! _contains "$response" "$3"; then
_info "The record has other value"
return 1
fi
# GOOD code return - TRUE function
return 0
}
_alviy_rest() {
method=$1
path="$2"
content_data="$3"
_debug "$path"
export _H1="Authorization: Bearer $Alviy_token"
export _H2="Content-Type: application/json"
if [ "$content_data" ] || [ "$method" = "DELETE" ]; then
_debug "data ($method): " "$content_data"
response="$(_post "$content_data" "$Alviy_Api/$path" "" "$method")"
else
response="$(_get "$Alviy_Api/$path")"
fi
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
if [ "$_code" = "401" ]; then
_err "It seems that your api key or secret is not correct."
return 1
fi
if [ "$_code" != "200" ]; then
_err "API call error ($method): $path Response code $_code"
fi
if [ "$?" != "0" ]; then
_err "error on rest call ($method): $path. Response:"
_err "$response"
return 1
fi
_debug2 response "$response"
return 0
}

16
dnsapi/dns_anx.sh
View File

@@ -1,9 +1,12 @@
#!/usr/bin/env sh
# Anexia CloudDNS acme.sh hook
# Author: MA
#ANX_Token="xxxx"
# shellcheck disable=SC2034
dns_anx_info='Anexia.com CloudDNS
Site: Anexia.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_anx
Options:
ANX_Token API Token
Issues: github.com/acmesh-official/acme.sh/issues/3238
'
ANX_API='https://engine.anexia-it.com/api/clouddns/v1'
@@ -127,8 +130,6 @@ _get_root() {
i=1
p=1
_anx_rest GET "zone.json"
while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
_debug h "$h"
@@ -137,6 +138,7 @@ _get_root() {
return 1
fi
_anx_rest GET "zone.json/${h}"
if _contains "$response" "\"name\":\"$h\""; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain=$h

23
dnsapi/dns_artfiles.sh
View File

@@ -1,17 +1,14 @@
#!/usr/bin/env sh
################################################################################
# ACME.sh 3rd party DNS API plugin for ArtFiles.de
################################################################################
# Author: Martin Arndt, https://troublezone.net/
# Released: 2022-02-27
# Issues: https://github.com/acmesh-official/acme.sh/issues/4718
################################################################################
# Usage:
# 1. export AF_API_USERNAME='api12345678'
# 2. export AF_API_PASSWORD='apiPassword'
# 3. acme.sh --issue -d example.com --dns dns_artfiles
################################################################################
# shellcheck disable=SC2034
dns_artfiles_info='ArtFiles.de
Site: ArtFiles.de
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_artfiles
Options:
AF_API_USERNAME API Username
AF_API_PASSWORD API Password
Issues: github.com/acmesh-official/acme.sh/issues/4718
Author: Martin Arndt <https://troublezone.net/>
'
########## API configuration ###################################################

15
dnsapi/dns_arvan.sh
View File

@@ -1,11 +1,16 @@
#!/usr/bin/env sh
# Arvan_Token="Apikey xxxx"
# shellcheck disable=SC2034
dns_arvan_info='ArvanCloud.ir
Site: ArvanCloud.ir
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_arvan
Options:
Arvan_Token API Token
Issues: github.com/acmesh-official/acme.sh/issues/2796
Author: Vahid Fardi
'
ARVAN_API_URL="https://napi.arvancloud.ir/cdn/4.0/domains"
# Author: Vahid Fardi
# Report Bugs here: https://github.com/Neilpang/acme.sh
#
######## Public functions #####################
#Usage: dns_arvan_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"

16
dnsapi/dns_aurora.sh
View File

@@ -1,9 +1,15 @@
#!/usr/bin/env sh
#
#AURORA_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
#
#AURORA_Secret="sdfsdfsdfljlbjkljlkjsdfoiwje"
# shellcheck disable=SC2034
dns_aurora_info='versio.nl AuroraDNS
Domains: pcextreme.nl
Site: versio.nl
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_aurora
Options:
AURORA_Key API Key
AURORA_Secret API Secret
Issues: github.com/acmesh-official/acme.sh/issues/3459
Author: Jasper Zonneveld
'
AURORA_Api="https://api.auroradns.eu"

23
dnsapi/dns_autodns.sh
View File

@@ -1,16 +1,15 @@
#!/usr/bin/env sh
# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*-
# This is the InternetX autoDNS xml api wrapper for acme.sh
# Author: auerswald@gmail.com
# Created: 2018-01-14
#
# export AUTODNS_USER="username"
# export AUTODNS_PASSWORD="password"
# export AUTODNS_CONTEXT="context"
#
# Usage:
# acme.sh --issue --dns dns_autodns -d example.com
# shellcheck disable=SC2034
dns_autodns_info='InternetX autoDNS
InternetX autoDNS XML API
Site: InternetX.com/autodns/
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_autodns
Options:
AUTODNS_USER Username
AUTODNS_PASSWORD Password
AUTODNS_CONTEXT Context
Author: <auerswald@gmail.com>
'
AUTODNS_API="https://gateway.autodns.com"

51
dnsapi/dns_aws.sh
View File

@@ -1,13 +1,15 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_aws_info='Amazon AWS Route53 domain API
Site: docs.aws.amazon.com/route53/
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_aws
Options:
AWS_ACCESS_KEY_ID API Key ID
AWS_SECRET_ACCESS_KEY API Secret
'
#
#AWS_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje"
#
#AWS_SECRET_ACCESS_KEY="xxxxxxx"
#This is the Amazon Route53 api wrapper for acme.sh
#All `_sleep` commands are included to avoid Route53 throttling, see
#https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests
# All `_sleep` commands are included to avoid Route53 throttling, see
# https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests
AWS_HOST="route53.amazonaws.com"
AWS_URL="https://$AWS_HOST"
@@ -145,7 +147,6 @@ dns_aws_rm() {
fi
_sleep 1
return 1
}
#################### Private functions below ##################################
@@ -157,7 +158,7 @@ _get_root() {
# iterate over names (a.b.c.d -> b.c.d -> c.d -> d)
while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
h=$(printf "%s" "$domain" | cut -d . -f $i-100 | sed 's/\./\\./g')
_debug "Checking domain: $h"
if [ -z "$h" ]; then
_error "invalid domain"
@@ -207,24 +208,40 @@ _use_container_role() {
}
_use_instance_role() {
_url="http://169.254.169.254/latest/meta-data/iam/security-credentials/"
_debug "_url" "$_url"
if ! _get "$_url" true 1 | _head_n 1 | grep -Fq 200; then
_instance_role_name_url="http://169.254.169.254/latest/meta-data/iam/security-credentials/"
if _get "$_instance_role_name_url" true 1 | _head_n 1 | grep -Fq 401; then
_debug "Using IMDSv2"
_token_url="http://169.254.169.254/latest/api/token"
export _H1="X-aws-ec2-metadata-token-ttl-seconds: 21600"
_token="$(_post "" "$_token_url" "" "PUT")"
_secure_debug3 "_token" "$_token"
if [ -z "$_token" ]; then
_debug "Unable to fetch IMDSv2 token from instance metadata"
return 1
fi
export _H1="X-aws-ec2-metadata-token: $_token"
fi
if ! _get "$_instance_role_name_url" true 1 | _head_n 1 | grep -Fq 200; then
_debug "Unable to fetch IAM role from instance metadata"
return 1
fi
_aws_role=$(_get "$_url" "" 1)
_debug "_aws_role" "$_aws_role"
_use_metadata "$_url$_aws_role"
_instance_role_name=$(_get "$_instance_role_name_url" "" 1)
_debug "_instance_role_name" "$_instance_role_name"
_use_metadata "$_instance_role_name_url$_instance_role_name" "$_token"
}
_use_metadata() {
export _H1="X-aws-ec2-metadata-token: $2"
_aws_creds="$(
_get "$1" "" 1 |
_normalizeJson |
tr '{,}' '\n' |
while read -r _line; do
_key="$(echo "${_line%%:*}" | tr -d '"')"
_key="$(echo "${_line%%:*}" | tr -d '\"')"
_value="${_line#*:}"
_debug3 "_key" "$_key"
_secure_debug3 "_value" "$_value"

14
dnsapi/dns_azion.sh
View File

@@ -1,9 +1,13 @@
#!/usr/bin/env sh
#
#AZION_Email=""
#AZION_Password=""
#
# shellcheck disable=SC2034
dns_azion_info='Azion.om
Site: Azion.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_azion
Options:
AZION_Email Email
AZION_Password Password
Issues: github.com/acmesh-official/acme.sh/issues/3555
'
AZION_Api="https://api.azionapi.net"

13
dnsapi/dns_azure.sh
View File

@@ -1,6 +1,15 @@
#!/usr/bin/env sh
WIKI="https://github.com/acmesh-official/acme.sh/wiki/How-to-use-Azure-DNS"
# shellcheck disable=SC2034
dns_azure_info='Azure
Site: Azure.microsoft.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_azure
Options:
AZUREDNS_SUBSCRIPTIONID Subscription ID
AZUREDNS_TENANTID Tenant ID
AZUREDNS_APPID App ID. App ID of the service principal
AZUREDNS_CLIENTSECRET Client Secret. Secret from creating the service principal
AZUREDNS_MANAGEDIDENTITY Use Managed Identity. Use Managed Identity assigned to a resource instead of a service principal. "true"/"false"
'
######## Public functions #####################

21
dnsapi/dns_bookmyname.sh
View File

@@ -1,18 +1,17 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_bookmyname_info='BookMyName.com
Site: BookMyName.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bookmyname
Options:
BOOKMYNAME_USERNAME Username
BOOKMYNAME_PASSWORD Password
Issues: github.com/acmesh-official/acme.sh/issues/3209
Author: Neilpang
'
#Here is a sample custom api script.
#This file name is "dns_bookmyname.sh"
#So, here must be a method dns_bookmyname_add()
#Which will be called by acme.sh to add the txt record to your api system.
#returns 0 means success, otherwise error.
#
#Author: Neilpang
#Report Bugs here: https://github.com/acmesh-official/acme.sh
#
######## Public functions #####################
# Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide
# BookMyName urls:
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=add&value="XXXXXXXX"'
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=remove&value="XXXXXXXX"'

21
dnsapi/dns_bunny.sh
View File

@@ -1,16 +1,13 @@
#!/usr/bin/env sh
## Will be called by acme.sh to add the TXT record via the Bunny DNS API.
## returns 0 means success, otherwise error.
## Author: nosilver4u <nosilver4u at ewww.io>
## GitHub: https://github.com/nosilver4u/acme.sh
##
## Environment Variables Required:
##
## BUNNY_API_KEY="75310dc4-ca77-9ac3-9a19-f6355db573b49ce92ae1-2655-3ebd-61ac-3a3ae34834cc"
##
# shellcheck disable=SC2034
dns_bunny_info='Bunny.net
Site: Bunny.net/dns/
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_bunny
Options:
BUNNY_API_KEY API Key
Issues: github.com/acmesh-official/acme.sh/issues/4296
Author: <nosilver4u@ewww.io>
'
##################### Public functions #####################

21
dnsapi/dns_cf.sh
View File

@@ -1,13 +1,16 @@
#!/usr/bin/env sh
#
#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
#
#CF_Email="xxxx@sss.com"
#CF_Token="xxxx"
#CF_Account_ID="xxxx"
#CF_Zone_ID="xxxx"
# shellcheck disable=SC2034
dns_cf_info='CloudFlare
Site: CloudFlare.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cf
Options:
CF_Key API Key
CF_Email Your account email
OptionsAlt:
CF_Token API Token
CF_Account_ID Account ID
CF_Zone_ID Zone ID. Optional.
'
CF_Api="https://api.cloudflare.com/client/v4"

17
dnsapi/dns_clouddns.sh
View File

@@ -1,10 +1,15 @@
#!/usr/bin/env sh
# Author: Radek Sprta <sprta@vshosting.cz>
#CLOUDDNS_EMAIL=XXXXX
#CLOUDDNS_PASSWORD="YYYYYYYYY"
#CLOUDDNS_CLIENT_ID=XXXXX
# shellcheck disable=SC2034
dns_clouddns_info='vshosting.cz CloudDNS
Site: github.com/vshosting/clouddns
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_clouddns
Options:
CLOUDDNS_EMAIL Email
CLOUDDNS_PASSWORD Password
CLOUDDNS_CLIENT_ID Client ID
Issues: github.com/acmesh-official/acme.sh/issues/2699
Author: Radek Sprta <sprta@vshosting.cz>
'
CLOUDDNS_API='https://admin.vshosting.cloud/clouddns'
CLOUDDNS_LOGIN_API='https://admin.vshosting.cloud/api/public/auth/login'

17
dnsapi/dns_cloudns.sh
View File

@@ -1,12 +1,15 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_cloudns_info='ClouDNS.net
Site: ClouDNS.net
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cloudns
Options:
CLOUDNS_AUTH_ID Regular auth ID
CLOUDNS_SUB_AUTH_ID Sub auth ID
CLOUDNS_AUTH_PASSWORD Auth Password
Author: Boyan Peychev <boyan@cloudns.net>
'
# Author: Boyan Peychev <boyan at cloudns dot net>
# Repository: https://github.com/ClouDNS/acme.sh/
# Editor: I Komang Suryadana
#CLOUDNS_AUTH_ID=XXXXX
#CLOUDNS_SUB_AUTH_ID=XXXXX
#CLOUDNS_AUTH_PASSWORD="YYYYYYYYY"
CLOUDNS_API="https://api.cloudns.net"
DOMAIN_TYPE=
DOMAIN_MASTER=

13
dnsapi/dns_cn.sh
View File

@@ -1,7 +1,14 @@
#!/usr/bin/env sh
# DNS API for acme.sh for Core-Networks (https://beta.api.core-networks.de/doc/).
# created by 5ll and francis
# shellcheck disable=SC2034
dns_cn_info='Core-Networks.de
Site: beta.api.Core-Networks.de/doc/
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cn
Options:
CN_User User
CN_Password Password
Issues: github.com/acmesh-official/acme.sh/issues/2142
Author: 5ll, francis
'
CN_API="https://beta.api.core-networks.de"

11
dnsapi/dns_conoha.sh
View File

@@ -1,4 +1,15 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_conoha_info='ConoHa.jp
Domains: ConoHa.io
Site: ConoHa.jp
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_conoha
Options:
CONOHA_Username Username
CONOHA_Password Password
CONOHA_TenantId TenantId
CONOHA_IdentityServiceApi Identity Service API. E.g. "https://identity.xxxx.conoha.io/v2.0"
'
CONOHA_DNS_EP_PREFIX_REGEXP="https://dns-service\."

14
dnsapi/dns_constellix.sh
View File

@@ -1,10 +1,16 @@
#!/usr/bin/env sh
# Author: Wout Decre <wout@canodus.be>
# shellcheck disable=SC2034
dns_constellix_info='Constellix.com
Site: Constellix.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_constellix
Options:
CONSTELLIX_Key API Key
CONSTELLIX_Secret API Secret
Issues: github.com/acmesh-official/acme.sh/issues/2724
Author: Wout Decre <wout@canodus.be>
'
CONSTELLIX_Api="https://api.dns.constellix.com/v1"
#CONSTELLIX_Key="XXX"
#CONSTELLIX_Secret="XXX"
######## Public functions #####################

26
dnsapi/dns_cpanel.sh
View File

@@ -1,18 +1,18 @@
#!/usr/bin/env sh
#
#Author: Bjarne Saltbaek
#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732
#
#
# shellcheck disable=SC2034
dns_cpanel_info='cPanel Server API
Manage DNS via cPanel Dashboard.
Site: cPanel.net
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_cpanel
Options:
cPanel_Username Username
cPanel_Apitoken API Token
cPanel_Hostname Server URL. E.g. "https://hostname:port"
Issues: github.com/acmesh-official/acme.sh/issues/3732
Author: Bjarne Saltbaek
'
######## Public functions #####################
#
# Export CPANEL username,api token and hostname in the following variables
#
# cPanel_Username=username
# cPanel_Apitoken=apitoken
# cPanel_Hostname=hostname
#
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
# Used to add txt record
dns_cpanel_add() {

16
dnsapi/dns_curanet.sh
View File

@@ -1,9 +1,15 @@
#!/usr/bin/env sh
#Script to use with curanet.dk, scannet.dk, wannafind.dk, dandomain.dk DNS management.
#Requires api credentials with scope: dns
#Author: Peter L. Hansen <peter@r12.dk>
#Version 1.0
# shellcheck disable=SC2034
dns_curanet_info='Curanet.dk
Domains: scannet.dk wannafind.dk dandomain.dk
Site: Curanet.dk
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_curanet
Options:
CURANET_AUTHCLIENTID Auth ClientID. Requires scope dns
CURANET_AUTHSECRET Auth Secret
Issues: github.com/acmesh-official/acme.sh/issues/3933
Author: Peter L. Hansen <peter@r12.dk>
'
CURANET_REST_URL="https://api.curanet.dk/dns/v1/Domains"
CURANET_AUTH_URL="https://apiauth.dk.team.blue/auth/realms/Curanet/protocol/openid-connect/token"

28
dnsapi/dns_cyon.sh
View File

@@ -1,21 +1,15 @@
#!/usr/bin/env sh
########
# Custom cyon.ch DNS API for use with [acme.sh](https://github.com/acmesh-official/acme.sh)
#
# Usage: acme.sh --issue --dns dns_cyon -d www.domain.com
#
# Dependencies:
# -------------
# - oathtool (When using 2 Factor Authentication)
#
# Issues:
# -------
# Any issues / questions / suggestions can be posted here:
# https://github.com/noplanman/cyon-api/issues
#
# Author: Armando Lüscher <armando@noplanman.ch>
########
# shellcheck disable=SC2034
dns_cyon_info='cyon.ch
Site: cyon.ch
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cyon
Options:
CY_Username Username
CY_Password API Token
CY_OTP_Secret OTP token. Only required if using 2FA
Issues: github.com/noplanman/cyon-api/issues
Author: Armando Lüscher <armando@noplanman.ch>
'
dns_cyon_add() {
_cyon_load_credentials &&

37
dnsapi/dns_da.sh
View File

@@ -1,31 +1,14 @@
#!/usr/bin/env sh
# -*- mode: sh; tab-width: 2; indent-tabs-mode: s; coding: utf-8 -*-
# vim: et ts=2 sw=2
#
# DirectAdmin 1.41.0 API
# The DirectAdmin interface has it's own Let's encrypt functionality, but this
# script can be used to generate certificates for names which are not hosted on
# DirectAdmin
#
# User must provide login data and URL to DirectAdmin incl. port.
# You can create login key, by using the Login Keys function
# ( https://da.example.com:8443/CMD_LOGIN_KEYS ), which only has access to
# - CMD_API_DNS_CONTROL
# - CMD_API_SHOW_DOMAINS
#
# See also https://www.directadmin.com/api.php and
# https://www.directadmin.com/features.php?id=1298
#
# Report bugs to https://github.com/TigerP/acme.sh/issues
#
# Values to export:
# export DA_Api="https://remoteUser:remotePassword@da.example.com:8443"
# export DA_Api_Insecure=1
#
# Set DA_Api_Insecure to 1 for insecure and 0 for secure -> difference is
# whether ssl cert is checked for validity (0) or whether it is just accepted
# (1)
#
# shellcheck disable=SC2034
dns_da_info='DirectAdmin Server API
Site: DirectAdmin.com/api.php
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_da
Options:
DA_Api API Server URL. E.g. "https://remoteUser:remotePassword@da.domain.tld:8443"
DA_Api_Insecure Insecure TLS. 0: check for cert validity, 1: always accept
Issues: github.com/TigerP/acme.sh/issues
'
######## Public functions #####################
# Usage: dns_myapi_add _acme-challenge.www.example.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"

21
dnsapi/dns_ddnss.sh
View File

@@ -1,16 +1,13 @@
#!/usr/bin/env sh
#Created by RaidenII, to use DuckDNS's API to add/remove text records
#modified by helbgd @ 03/13/2018 to support ddnss.de
#modified by mod242 @ 04/24/2018 to support different ddnss domains
#Please note: the Wildcard Feature must be turned on for the Host record
#and the checkbox for TXT needs to be enabled
# Pass credentials before "acme.sh --issue --dns dns_ddnss ..."
# --
# export DDNSS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
# --
#
# shellcheck disable=SC2034
dns_ddnss_info='DDNSS.de
Site: DDNSS.de
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ddnss
Options:
DDNSS_Token API Token
Issues: github.com/acmesh-official/acme.sh/issues/2230
Author: RaidenII, helbgd, mod242
'
DDNSS_DNS_API="https://ddnss.de/upd.php"

16
dnsapi/dns_desec.sh
View File

@@ -1,11 +1,13 @@
#!/usr/bin/env sh
#
# deSEC.io Domain API
#
# Author: Zheng Qian
#
# deSEC API doc
# https://desec.readthedocs.io/en/latest/
# shellcheck disable=SC2034
dns_desec_info='deSEC.io
Site: desec.readthedocs.io/en/latest/
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_desec
Options:
DDNSS_Token API Token
Issues: github.com/acmesh-official/acme.sh/issues/2180
Author: Zheng Qian
'
REST_API="https://desec.io/api/v1/domains"

25
dnsapi/dns_df.sh
View File

@@ -1,18 +1,15 @@
#!/usr/bin/env sh
########################################################################
# https://dyndnsfree.de hook script for acme.sh
#
# Environment variables:
#
# - $DF_user (your dyndnsfree.de username)
# - $DF_password (your dyndnsfree.de password)
#
# Author: Thilo Gass <thilo.gass@gmail.com>
# Git repo: https://github.com/ThiloGa/acme.sh
#-- dns_df_add() - Add TXT record --------------------------------------
# Usage: dns_df_add _acme-challenge.subdomain.domain.com "XyZ123..."
# shellcheck disable=SC2034
dns_df_info='DynDnsFree.de
Domains: dynup.de
Site: DynDnsFree.de
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_df
Options:
DF_user Username
DF_password Password
Issues: github.com/acmesh-official/acme.sh/issues/2897
Author: Thilo Gass <thilo.gass@gmail.com>
'
dyndnsfree_api="https://dynup.de/acme.php"

20
dnsapi/dns_dgon.sh
View File

@@ -1,16 +1,12 @@
#!/usr/bin/env sh
## Will be called by acme.sh to add the txt record to your api system.
## returns 0 means success, otherwise error.
## Author: thewer <github at thewer.com>
## GitHub: https://github.com/gitwer/acme.sh
##
## Environment Variables Required:
##
## DO_API_KEY="75310dc4ca779ac39a19f6355db573b49ce92ae126553ebd61ac3a3ae34834cc"
##
# shellcheck disable=SC2034
dns_dgon_info='DigitalOcean.com
Site: DigitalOcean.com/help/api/
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dgon
Options:
DO_API_KEY API Key
Author: <github@thewer.com>
'
##################### Public functions #####################

19
dnsapi/dns_dnsexit.sh
View File

@@ -1,13 +1,16 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_dnsexit_info='DNSExit.com
Site: DNSExit.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsexit
Options:
DNSEXIT_API_KEY API Key
DNSEXIT_AUTH_USER Username
DNSEXIT_AUTH_PASS Password
Issues: github.com/acmesh-official/acme.sh/issues/4719
Author: Samuel Jimenez
'
#use dns-01 at DNSExit.com
#Author: Samuel Jimenez
#Report Bugs here: https://github.com/acmesh-official/acme.sh
#DNSEXIT_API_KEY=ABCDEFGHIJ0123456789abcdefghij
#DNSEXIT_AUTH_USER=login@email.address
#DNSEXIT_AUTH_PASS=aStrongPassword
DNSEXIT_API_URL="https://api.dnsexit.com/dns/"
DNSEXIT_HOSTS_URL="https://update.dnsexit.com/ipupdate/hosts.jsp"

21
dnsapi/dns_dnshome.sh
View File

@@ -1,15 +1,14 @@
#!/usr/bin/env sh
# dnsHome.de API for acme.sh
#
# This Script adds the necessary TXT record to a Subdomain
#
# Author dnsHome.de (https://github.com/dnsHome-de)
#
# Report Bugs to https://github.com/acmesh-official/acme.sh/issues/3819
#
# export DNSHOME_Subdomain=""
# export DNSHOME_SubdomainPassword=""
# shellcheck disable=SC2034
dns_dnshome_info='dnsHome.de
Site: dnsHome.de
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnshome
Options:
DNSHOME_Subdomain Subdomain
DNSHOME_SubdomainPassword Subdomain Password
Issues: github.com/acmesh-official/acme.sh/issues/3819
Author: dnsHome.de https://github.com/dnsHome-de
'
# Usage: add subdomain.ddnsdomain.tld "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
# Used to add txt record

16
dnsapi/dns_dnsimple.sh
View File

@@ -1,12 +1,12 @@
#!/usr/bin/env sh
# DNSimple domain api
# https://github.com/pho3nixf1re/acme.sh/issues
#
# This is your oauth token which can be acquired on the account page. Please
# note that this must be an _account_ token and not a _user_ token.
# https://dnsimple.com/a/<your account id>/account/access_tokens
# DNSimple_OAUTH_TOKEN="sdfsdfsdfljlbjkljlkjsdfoiwje"
# shellcheck disable=SC2034
dns_dnsimple_info='DNSimple.com
Site: DNSimple.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dnsimple
Options:
DNSimple_OAUTH_TOKEN OAuth Token
Issues: github.com/pho3nixf1re/acme.sh/issues
'
DNSimple_API="https://api.dnsimple.com/v2"

17
dnsapi/dns_dnsservices.sh
View File

@@ -1,12 +1,15 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_dnsservices_info='DNS.Services
Site: DNS.Services
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dnsservices
Options:
DnsServices_Username Username
DnsServices_Password Password
Issues: github.com/acmesh-official/acme.sh/issues/4152
Author: Bjarke Bruun <bbruun@gmail.com>
'
#This file name is "dns_dnsservices.sh"
#Script for Danish DNS registra and DNS hosting provider https://dns.services
#Author: Bjarke Bruun <bbruun@gmail.com>
#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/4152
# Global variable to connect to the DNS.Services API
DNSServices_API=https://dns.services/api
######## Public functions #####################

148
dnsapi/dns_do.sh
View File

@@ -1,148 +0,0 @@
#!/usr/bin/env sh
# DNS API for Domain-Offensive / Resellerinterface / Domainrobot
# Report bugs at https://github.com/seidler2547/acme.sh/issues
# set these environment variables to match your customer ID and password:
# DO_PID="KD-1234567"
# DO_PW="cdfkjl3n2"
DO_URL="https://soap.resellerinterface.de/"
######## Public functions #####################
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_do_add() {
fulldomain=$1
txtvalue=$2
if _dns_do_authenticate; then
_info "Adding TXT record to ${_domain} as ${fulldomain}"
_dns_do_soap createRR origin "${_domain}" name "${fulldomain}" type TXT data "${txtvalue}" ttl 300
if _contains "${response}" '>success<'; then
return 0
fi
_err "Could not create resource record, check logs"
fi
return 1
}
#fulldomain
dns_do_rm() {
fulldomain=$1
if _dns_do_authenticate; then
if _dns_do_list_rrs; then
_dns_do_had_error=0
for _rrid in ${_rr_list}; do
_info "Deleting resource record $_rrid for $_domain"
_dns_do_soap deleteRR origin "${_domain}" rrid "${_rrid}"
if ! _contains "${response}" '>success<'; then
_dns_do_had_error=1
_err "Could not delete resource record for ${_domain}, id ${_rrid}"
fi
done
return $_dns_do_had_error
fi
fi
return 1
}
#################### Private functions below ##################################
_dns_do_authenticate() {
_info "Authenticating as ${DO_PID}"
_dns_do_soap authPartner partner "${DO_PID}" password "${DO_PW}"
if _contains "${response}" '>success<'; then
_get_root "$fulldomain"
_debug "_domain $_domain"
return 0
else
_err "Authentication failed, are DO_PID and DO_PW set correctly?"
fi
return 1
}
_dns_do_list_rrs() {
_dns_do_soap getRRList origin "${_domain}"
if ! _contains "${response}" 'SOAP-ENC:Array'; then
_err "getRRList origin ${_domain} failed"
return 1
fi
_rr_list="$(echo "${response}" |
tr -d "\n\r\t" |
sed -e 's/<item xsi:type="ns2:Map">/\n/g' |
grep ">$(_regexcape "$fulldomain")</value>" |
sed -e 's/<\/item>/\n/g' |
grep '>id</key><value' |
_egrep_o '>[0-9]{1,16}<' |
tr -d '><')"
[ "${_rr_list}" ]
}
_dns_do_soap() {
func="$1"
shift
# put the parameters to xml
body="<tns:${func} xmlns:tns=\"${DO_URL}\">"
while [ "$1" ]; do
_k="$1"
shift
_v="$1"
shift
body="$body<$_k>$_v</$_k>"
done
body="$body</tns:${func}>"
_debug2 "SOAP request ${body}"
# build SOAP XML
_xml='<?xml version="1.0" encoding="UTF-8"?>
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<env:Body>'"$body"'</env:Body>
</env:Envelope>'
# set SOAP headers
export _H1="SOAPAction: ${DO_URL}#${func}"
if ! response="$(_post "${_xml}" "${DO_URL}")"; then
_err "Error <$1>"
return 1
fi
_debug2 "SOAP response $response"
# retrieve cookie header
_H2="$(_egrep_o 'Cookie: [^;]+' <"$HTTP_HEADER" | _head_n 1)"
export _H2
return 0
}
_get_root() {
domain=$1
i=1
_dns_do_soap getDomainList
_all_domains="$(echo "${response}" |
tr -d "\n\r\t " |
_egrep_o 'domain</key><value[^>]+>[^<]+' |
sed -e 's/^domain<\/key><value[^>]*>//g')"
while true; do
h=$(printf "%s" "$domain" | cut -d . -f $i-100)
if [ -z "$h" ]; then
return 1
fi
if _contains "${_all_domains}" "^$(_regexcape "$h")\$"; then
_domain="$h"
return 0
fi
i=$(_math $i + 1)
done
_debug "$domain not found"
return 1
}
_regexcape() {
echo "$1" | sed -e 's/\([]\.$*^[]\)/\\\1/g'
}

19
dnsapi/dns_doapi.sh
View File

@@ -1,12 +1,15 @@
#!/usr/bin/env sh
# Official Let's Encrypt API for do.de / Domain-Offensive
#
# This is different from the dns_do adapter, because dns_do is only usable for enterprise customers
# This API is also available to private customers/individuals
#
# Provide the required LetsEncrypt token like this:
# DO_LETOKEN="FmD408PdqT1E269gUK57"
# shellcheck disable=SC2034
dns_doapi_info='Domain-Offensive do.de
Official LetsEncrypt API for do.de / Domain-Offensive.
This is different from the dns_do adapter, because dns_do is only usable for enterprise customers.
This API is also available to private customers/individuals.
Site: do.de
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_doapi
Options:
DO_LETOKEN LetsEncrypt Token
Issues: github.com/acmesh-official/acme.sh/issues/2057
'
DO_API="https://www.do.de/api/letsencrypt"

9
dnsapi/dns_domeneshop.sh
View File

@@ -1,4 +1,13 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_domeneshop_info='DomeneShop.no
Site: DomeneShop.no
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_domeneshop
Options:
DOMENESHOP_Token Token
DOMENESHOP_Secret Secret
Issues: github.com/acmesh-official/acme.sh/issues/2457
'
DOMENESHOP_Api_Endpoint="https://api.domeneshop.no/v0"

14
dnsapi/dns_dp.sh
View File

@@ -1,10 +1,12 @@
#!/usr/bin/env sh
# Dnspod.cn Domain api
#
#DP_Id="1234"
#
#DP_Key="sADDsdasdgdsf"
# shellcheck disable=SC2034
dns_dp_info='DNSPod.cn
Site: DNSPod.cn
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dp
Options:
DP_Id Id
DP_Key Key
'
REST_API="https://dnsapi.cn"

14
dnsapi/dns_dpi.sh
View File

@@ -1,10 +1,12 @@
#!/usr/bin/env sh
# Dnspod.com Domain api
#
#DPI_Id="1234"
#
#DPI_Key="sADDsdasdgdsf"
# shellcheck disable=SC2034
dns_dpi_info='DNSPod.com
Site: DNSPod.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dpi
Options:
DPI_Id Id
DPI_Key Key
'
REST_API="https://api.dnspod.com"

14
dnsapi/dns_dreamhost.sh
View File

@@ -1,10 +1,14 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_dreamhost_info='DreamHost.com
Site: DreamHost.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dreamhost
Options:
DH_API_KEY API Key
Issues: github.com/RhinoLance/acme.sh
Author: RhinoLance
'
#Author: RhinoLance
#Report Bugs here: https://github.com/RhinoLance/acme.sh
#
#define the api endpoint
DH_API_ENDPOINT="https://api.dreamhost.com/"
querystring=""

18
dnsapi/dns_duckdns.sh
View File

@@ -1,14 +1,12 @@
#!/usr/bin/env sh
#Created by RaidenII, to use DuckDNS's API to add/remove text records
#06/27/2017
# Pass credentials before "acme.sh --issue --dns dns_duckdns ..."
# --
# export DuckDNS_Token="aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
# --
#
# Due to the fact that DuckDNS uses StartSSL as cert provider, --insecure may need to be used with acme.sh
# shellcheck disable=SC2034
dns_duckdns_info='DuckDNS.org
Site: www.DuckDNS.org
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns
Options:
DuckDNS_Token API Token
Author: RaidenII
'
DuckDNS_API="https://www.duckdns.org/update"

12
dnsapi/dns_durabledns.sh
View File

@@ -1,7 +1,13 @@
#!/usr/bin/env sh
#DD_API_User="xxxxx"
#DD_API_Key="xxxxxx"
# shellcheck disable=SC2034
dns_durabledns_info='DurableDNS.com
Site: DurableDNS.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_durabledns
Options:
DD_API_User API User
DD_API_Key API Key
Issues: github.com/acmesh-official/acme.sh/issues/2281
'
_DD_BASE="https://durabledns.com/services/dns"

25
dnsapi/dns_dyn.sh
View File

@@ -1,10 +1,16 @@
#!/usr/bin/env sh
#
# Dyn.com Domain API
#
# Author: Gerd Naschenweng
# https://github.com/magicdude4eva
#
# shellcheck disable=SC2034
dns_dyn_info='Dyn.com
Domains: dynect.net
Site: Dyn.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dyn
Options:
DYN_Customer Customer
DYN_Username API Username
DYN_Password Secret
Author: Gerd Naschenweng <https://github.com/magicdude4eva>
'
# Dyn Managed DNS API
# https://help.dyn.com/dns-api-knowledge-base/
#
@@ -20,13 +26,6 @@
# ZoneRemoveNode
# ZonePublish
# --
#
# Pass credentials before "acme.sh --issue --dns dns_dyn ..."
# --
# export DYN_Customer="customer"
# export DYN_Username="apiuser"
# export DYN_Password="secret"
# --
DYN_API="https://api.dynect.net/REST"

21
dnsapi/dns_dynu.sh
View File

@@ -1,20 +1,21 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_dynu_info='Dynu.com
Site: Dynu.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_dynu
Options:
Dynu_ClientId Client ID
Dynu_Secret Secret
Issues: github.com/shar0119/acme.sh
Author: Dynu Systems Inc
'
#Client ID
#Dynu_ClientId="0b71cae7-a099-4f6b-8ddf-94571cdb760d"
#
#Secret
#Dynu_Secret="aCUEY4BDCV45KI8CSIC3sp2LKQ9"
#
#Token
Dynu_Token=""
#
#Endpoint
Dynu_EndPoint="https://api.dynu.com/v2"
#
#Author: Dynu Systems, Inc.
#Report Bugs here: https://github.com/shar0119/acme.sh
#
######## Public functions #####################
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"

15
dnsapi/dns_dynv6.sh
View File

@@ -1,8 +1,15 @@
#!/usr/bin/env sh
#Author StefanAbl
#Usage specify a private keyfile to use with dynv6 'export KEY="path/to/keyfile"'
#or use the HTTP REST API by by specifying a token 'export DYNV6_TOKEN="value"
#if no keyfile is specified, you will be asked if you want to create one in /home/$USER/.ssh/dynv6 and /home/$USER/.ssh/dynv6.pub
# shellcheck disable=SC2034
dns_dynv6_info='DynV6.com
Site: DynV6.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_dynv6
Options:
DYNV6_TOKEN REST API token. Get from https://DynV6.com/keys
OptionsAlt:
KEY Path to SSH private key file. E.g. "/root/.ssh/dynv6"
Issues: github.com/acmesh-official/acme.sh/issues/2702
Author: StefanAbl
'
dynv6_api="https://dynv6.com/api/v2"
######## Public functions #####################

19
dnsapi/dns_easydns.sh
View File

@@ -1,14 +1,17 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_easydns_info='easyDNS.net
Site: easyDNS.net
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_easydns
Options:
EASYDNS_Token API Token
EASYDNS_Key API Key
Issues: github.com/acmesh-official/acme.sh/issues/2647
Author: Neilpang, wurzelpanzer <wurzelpanzer@maximolider.net>
'
#######################################################
#
# easyDNS REST API for acme.sh by Neilpang based on dns_cf.sh
#
# API Documentation: https://sandbox.rest.easydns.net:3001/
#
# Author: wurzelpanzer [wurzelpanzer@maximolider.net]
# Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/2647
#
#################### Public functions #################
#EASYDNS_Key="xxxxxxxxxxxxxxxxxxxxxxxx"

25
dnsapi/dns_edgedns.sh
View File

@@ -1,4 +1,15 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_edgedns_info='Akamai.com Edge DNS
Site: techdocs.Akamai.com/edge-dns/reference/edge-dns-api
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_edgedns
Options: Specify individual credentials
AKAMAI_HOST Host
AKAMAI_ACCESS_TOKEN Access token
AKAMAI_CLIENT_TOKEN Client token
AKAMAI_CLIENT_SECRET Client secret
Issues: github.com/acmesh-official/acme.sh/issues/3157
'
# Akamai Edge DNS v2 API
# User must provide Open Edgegrid API credentials to the EdgeDNS installation. The remote user in EdgeDNS must have CRUD access to
@@ -6,18 +17,10 @@
# Report bugs to https://control.akamai.com/apps/support-ui/#/contact-support
# Values to export:
# --EITHER--
# *** TBD. NOT IMPLEMENTED YET ***
# specify Edgegrid credentials file and section
# AKAMAI_EDGERC=<full file path>
# AKAMAI_EDGERC_SECTION="default"
## --OR--
# specify indiviual credentials
# export AKAMAI_HOST = <host>
# export AKAMAI_ACCESS_TOKEN = <access token>
# export AKAMAI_CLIENT_TOKEN = <client token>
# export AKAMAI_CLIENT_SECRET = <client secret>
# Specify Edgegrid credentials file and section.
# AKAMAI_EDGERC Edge RC. Full file path
# AKAMAI_EDGERC_SECTION Edge RC Section. E.g. "default"
ACME_EDGEDNS_VERSION="0.1.0"

24
dnsapi/dns_euserv.sh
View File

@@ -1,18 +1,14 @@
#!/usr/bin/env sh
#This is the euserv.eu api wrapper for acme.sh
#
#Author: Michael Brueckner
#Report Bugs: https://www.github.com/initit/acme.sh or mbr@initit.de
#
#EUSERV_Username="username"
#
#EUSERV_Password="password"
#
# Dependencies:
# -------------
# - none -
# shellcheck disable=SC2034
dns_euserv_info='EUserv.com
Domains: EUserv.eu
Site: EUserv.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_euserv
Options:
EUSERV_Username Username
EUSERV_Password Password
Author: Michael Brueckner
'
EUSERV_Api="https://api.euserv.net"

8
dnsapi/dns_exoscale.sh
View File

@@ -1,4 +1,12 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_exoscale_info='Exoscale.com
Site: Exoscale.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_exoscale
Options:
EXOSCALE_API_KEY API Key
EXOSCALE_SECRET_KEY API Secret key
'
EXOSCALE_API=https://api.exoscale.com/dns/v1

11
dnsapi/dns_fornex.sh
View File

@@ -1,6 +1,13 @@
#!/usr/bin/env sh
#Author: Timur Umarov <inbox@tumarov.com>
# shellcheck disable=SC2034
dns_fornex_info='Fornex.com
Site: Fornex.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_fornex
Options:
FORNEX_API_KEY API Key
Issues: github.com/acmesh-official/acme.sh/issues/3998
Author: Timur Umarov <inbox@tumarov.com>
'
FORNEX_API_URL="https://fornex.com/api/dns/v0.1"

19
dnsapi/dns_freedns.sh
View File

@@ -1,14 +1,15 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_freedns_info='FreeDNS
Site: FreeDNS.afraid.org
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_freedns
Options:
FREEDNS_User Username
FREEDNS_Password Password
Issues: github.com/acmesh-official/acme.sh/issues/2305
Author: David Kerr <https://github.com/dkerr64>
'
#This file name is "dns_freedns.sh"
#So, here must be a method dns_freedns_add()
#Which will be called by acme.sh to add the txt record to your api system.
#returns 0 means success, otherwise error.
#
#Author: David Kerr
#Report Bugs here: https://github.com/dkerr64/acme.sh
#or here... https://github.com/acmesh-official/acme.sh/issues/2305
#
######## Public functions #####################
# Export FreeDNS userid and password in following variables...

29
dnsapi/dns_gandi_livedns.sh
View File

@@ -1,19 +1,22 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_gandi_livedns_info='Gandi.net LiveDNS
Site: Gandi.net/domain/dns
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gandi_livedns
Options:
GANDI_LIVEDNS_KEY API Key
Issues: github.com/fcrozat/acme.sh
Author: Frédéric Crozat <fcrozat@suse.com>, Dominik Röttsches <drott@google.com>
'
# Gandi LiveDNS v5 API
# https://api.gandi.net/docs/livedns/
# https://api.gandi.net/docs/authentication/ for token + apikey (deprecated) authentication
# currently under beta
#
# Requires GANDI API KEY set in GANDI_LIVEDNS_KEY set as environment variable
#
#Author: Frédéric Crozat <fcrozat@suse.com>
# Dominik Röttsches <drott@google.com>
#Report Bugs here: https://github.com/fcrozat/acme.sh
#
######## Public functions #####################
GANDI_LIVEDNS_API="https://dns.api.gandi.net/api/v5"
GANDI_LIVEDNS_API="https://api.gandi.net/v5/livedns"
#Usage: dns_gandi_livedns_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
dns_gandi_livedns_add() {
@@ -78,7 +81,7 @@ dns_gandi_livedns_rm() {
_gandi_livedns_rest PUT \
"domains/$_domain/records/$_sub_domain/TXT" \
"{\"rrset_ttl\": 300, \"rrset_values\": $_new_rrset_values}" &&
_contains "$response" '{"message": "DNS Record Created"}' &&
_contains "$response" '{"message":"DNS Record Created"}' &&
_info "Removing record $(__green "success")"
}
@@ -134,7 +137,7 @@ _dns_gandi_append_record() {
_debug new_rrset_values "$_rrset_values"
_gandi_livedns_rest PUT "domains/$_domain/records/$sub_domain/TXT" \
"{\"rrset_ttl\": 300, \"rrset_values\": $_rrset_values}" &&
_contains "$response" '{"message": "DNS Record Created"}' &&
_contains "$response" '{"message":"DNS Record Created"}' &&
_info "Adding record $(__green "success")"
}
@@ -144,11 +147,11 @@ _dns_gandi_existing_rrset_values() {
if ! _gandi_livedns_rest GET "domains/$domain/records/$sub_domain"; then
return 1
fi
if ! _contains "$response" '"rrset_type": "TXT"'; then
if ! _contains "$response" '"rrset_type":"TXT"'; then
_debug "Does not have a _acme-challenge TXT record yet."
return 1
fi
if _contains "$response" '"rrset_values": \[\]'; then
if _contains "$response" '"rrset_values":\[\]'; then
_debug "Empty rrset_values for TXT record, no previous TXT record."
return 1
fi
@@ -169,7 +172,7 @@ _gandi_livedns_rest() {
if [ -n "$GANDI_LIVEDNS_TOKEN" ]; then
export _H2="Authorization: Bearer $GANDI_LIVEDNS_TOKEN"
else
export _H2="X-Api-Key: $GANDI_LIVEDNS_KEY"
export _H2="Authorization: Apikey $GANDI_LIVEDNS_KEY"
fi
if [ "$m" = "GET" ]; then

12
dnsapi/dns_gcloud.sh
View File

@@ -1,6 +1,12 @@
#!/usr/bin/env sh
# Author: Janos Lenart <janos@lenart.io>
# shellcheck disable=SC2034
dns_gcloud_info='Google Cloud DNS
Site: Cloud.Google.com/dns
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gcloud
Options:
CLOUDSDK_ACTIVE_CONFIG_NAME Active config name. E.g. "default"
Author: Janos Lenart <janos@lenart.io>
'
######## Public functions #####################
@@ -42,7 +48,7 @@ dns_gcloud_rm() {
echo "$rrdatas" | grep -F -v -- "\"$txtvalue\"" | _dns_gcloud_add_rrs || return $?
_dns_gcloud_execute_tr || return $?
_info "$fulldomain record added"
_info "$fulldomain record removed"
}
#################### Private functions below ##################################

16
dnsapi/dns_gcore.sh
View File

@@ -1,11 +1,15 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_gcore_info='Gcore.com
Site: Gcore.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gcore
Options:
GCORE_Key API Key
Issues: github.com/acmesh-official/acme.sh/issues/4460
'
#
#GCORE_Key='773$7b7adaf2a2b32bfb1b83787b4ff32a67eb178e3ada1af733e47b1411f2461f7f4fa7ed7138e2772a46124377bad7384b3bb8d87748f87b3f23db4b8bbe41b2bb'
#
GCORE_Api="https://api.gcorelabs.com/dns/v2"
GCORE_Doc="https://apidocs.gcore.com/dns"
GCORE_Api="https://api.gcore.com/dns/v2"
GCORE_Doc="https://api.gcore.com/docs/dns"
######## Public functions #####################

16
dnsapi/dns_gd.sh
View File

@@ -1,12 +1,12 @@
#!/usr/bin/env sh
#Godaddy domain api
# Get API key and secret from https://developer.godaddy.com/
#
# GD_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
# GD_Secret="asdfsdfsfsdfsdfdfsdf"
#
# Ex.: acme.sh --issue --staging --dns dns_gd -d "*.s.example.com" -d "s.example.com"
# shellcheck disable=SC2034
dns_gd_info='GoDaddy.com
Site: GoDaddy.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_gd
Options:
GD_Key API Key
GD_Secret API Secret
'
GD_Api="https://api.godaddy.com/v1"

16
dnsapi/dns_geoscaling.sh
View File

@@ -1,12 +1,12 @@
#!/usr/bin/env sh
########################################################################
# Geoscaling hook script for acme.sh
#
# Environment variables:
#
# - $GEOSCALING_Username (your Geoscaling username - this is usually NOT an amail address)
# - $GEOSCALING_Password (your Geoscaling password)
# shellcheck disable=SC2034
dns_geoscaling_info='GeoScaling.com
Site: GeoScaling.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_geoscaling
Options:
GEOSCALING_Username Username. This is usually NOT an email address
GEOSCALING_Password Password
'
#-- dns_geoscaling_add() - Add TXT record --------------------------------------
# Usage: dns_geoscaling_add _acme-challenge.subdomain.domain.com "XyZ123..."

15
dnsapi/dns_googledomains.sh
View File

@@ -1,10 +1,15 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_googledomains_info='Google Domains
Site: Domains.Google.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_googledomains
Options:
GOOGLEDOMAINS_ACCESS_TOKEN API Access Token
GOOGLEDOMAINS_ZONE Zone
Issues: github.com/acmesh-official/acme.sh/issues/4545
Author: Alex Leigh <leigh@alexleigh.me>
'
# Author: Alex Leigh <leigh at alexleigh dot me>
# Created: 2023-03-02
#GOOGLEDOMAINS_ACCESS_TOKEN="xxxx"
#GOOGLEDOMAINS_ZONE="xxxx"
GOOGLEDOMAINS_API="https://acmedns.googleapis.com/v1/acmeChallengeSets"
######## Public functions ########

21
dnsapi/dns_he.sh
View File

@@ -1,15 +1,14 @@
#!/usr/bin/env sh
########################################################################
# Hurricane Electric hook script for acme.sh
#
# Environment variables:
#
# - $HE_Username (your dns.he.net username)
# - $HE_Password (your dns.he.net password)
#
# Author: Ondrej Simek <me@ondrejsimek.com>
# Git repo: https://github.com/angel333/acme.sh
# shellcheck disable=SC2034
dns_he_info='Hurricane Electric HE.net
Site: dns.he.net
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_he
Options:
HE_Username Username
HE_Password Password
Issues: github.com/angel333/acme.sh/issues/
Author: Ondrej Simek <me@ondrejsimek.com>
'
#-- dns_he_add() - Add TXT record --------------------------------------
# Usage: dns_he_add _acme-challenge.subdomain.domain.com "XyZ123..."

12
dnsapi/dns_hetzner.sh
View File

@@ -1,8 +1,12 @@
#!/usr/bin/env sh
#
#HETZNER_Token="sdfsdfsdfljlbjkljlkjsdfoiwje"
#
# shellcheck disable=SC2034
dns_hetzner_info='Hetzner.com
Site: Hetzner.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_hetzner
Options:
HETZNER_Token API Token
Issues: github.com/acmesh-official/acme.sh/issues/2943
'
HETZNER_Api="https://dns.hetzner.com/api/v1"

14
dnsapi/dns_hexonet.sh
View File

@@ -1,9 +1,13 @@
#!/usr/bin/env sh
#
# Hexonet_Login="username!roleId"
#
# Hexonet_Password="rolePassword"
# shellcheck disable=SC2034
dns_hexonet_info='Hexonet.com
Site: Hexonet.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_hexonet
Options:
Hexonet_Login Login. E.g. "username!roleId"
Hexonet_Password Role Password
Issues: github.com/acmesh-official/acme.sh/issues/2389
'
Hexonet_Api="https://coreapi.1api.net/api/call.cgi"

15
dnsapi/dns_hostingde.sh
View File

@@ -1,10 +1,13 @@
#!/usr/bin/env sh
# hosting.de API
# Values to export:
# export HOSTINGDE_ENDPOINT='https://secure.hosting.de'
# export HOSTINGDE_APIKEY='xxxxx'
# shellcheck disable=SC2034
dns_hostingde_info='Hosting.de
Site: Hosting.de
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_hostingde
Options:
HOSTINGDE_ENDPOINT Endpoint. E.g. "https://secure.hosting.de"
HOSTINGDE_APIKEY API Key
Issues: github.com/acmesh-official/acme.sh/issues/2058
'
######## Public functions #####################

18
dnsapi/dns_huaweicloud.sh
View File

@@ -1,8 +1,14 @@
#!/usr/bin/env sh
# HUAWEICLOUD_Username
# HUAWEICLOUD_Password
# HUAWEICLOUD_DomainName
# shellcheck disable=SC2034
dns_huaweicloud_info='HuaweiCloud.com
Site: HuaweiCloud.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_huaweicloud
Options:
HUAWEICLOUD_Username Username
HUAWEICLOUD_Password Password
HUAWEICLOUD_DomainName DomainName
Issues: github.com/acmesh-official/acme.sh/issues/3265
'
iam_api="https://iam.myhuaweicloud.com"
dns_api="https://dns.ap-southeast-1.myhuaweicloud.com" # Should work
@@ -204,7 +210,7 @@ _get_recordset_id() {
_zoneid=$3
export _H1="X-Auth-Token: ${_token}"
response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}")
response=$(_get "${dns_api}/v2/zones/${_zoneid}/recordsets?name=${_domain}&status=ACTIVE")
if _contains "${response}" '"id"'; then
_id="$(echo "${response}" | _egrep_o "\"id\": *\"[^\"]*\"" | cut -d : -f 2 | tr -d \" | tr -d " ")"
printf "%s" "${_id}"
@@ -221,7 +227,7 @@ _add_record() {
# Get Existing Records
export _H1="X-Auth-Token: ${_token}"
response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}")
response=$(_get "${dns_api}/v2/zones/${zoneid}/recordsets?name=${_domain}&status=ACTIVE")
_debug2 "${response}"
_exist_record=$(echo "${response}" | _egrep_o '"records":[^]]*' | sed 's/\"records\"\:\[//g')

14
dnsapi/dns_infoblox.sh
View File

@@ -1,8 +1,14 @@
#!/usr/bin/env sh
## Infoblox API integration by Jason Keller and Elijah Tenai
##
## Report any bugs via https://github.com/jasonkeller/acme.sh
# shellcheck disable=SC2034
dns_infoblox_info='Infoblox.com
Site: Infoblox.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_infoblox
Options:
Infoblox_Creds Credentials. E.g. "username:password"
Infoblox_Server Server hostname. IP or FQDN of infoblox appliance
Issues: github.com/jasonkeller/acme.sh
Author: Jason Keller, Elijah Tenai
'
dns_infoblox_add() {

15
dnsapi/dns_infomaniak.sh
View File

@@ -1,19 +1,20 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_infomaniak_info='Infomaniak.com
Site: Infomaniak.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_infomaniak
Options:
INFOMANIAK_API_TOKEN API Token
Issues: github.com/acmesh-official/acme.sh/issues/3188
'
###############################################################################
# Infomaniak API integration
#
# To use this API you need visit the API dashboard of your account
# once logged into https://manager.infomaniak.com add /api/dashboard to the URL
#
# Please report bugs to
# https://github.com/acmesh-official/acme.sh/issues/3188
#
# Note: the URL looks like this:
# https://manager.infomaniak.com/v3/<account_id>/api/dashboard
# Then generate a token with the scope Domain
# this is given as an environment variable INFOMANIAK_API_TOKEN
###############################################################################
# base variables

18
dnsapi/dns_internetbs.sh
View File

@@ -1,12 +1,14 @@
#!/usr/bin/env sh
#This is the Internet.BS api wrapper for acme.sh
#
#Author: <alexey@nelexa.ru> Ne-Lexa
#Report Bugs here: https://github.com/Ne-Lexa/acme.sh
#INTERNETBS_API_KEY="sdfsdfsdfljlbjkljlkjsdfoiwje"
#INTERNETBS_API_PASSWORD="sdfsdfsdfljlbjkljlkjsdfoiwje"
# shellcheck disable=SC2034
dns_internetbs_info='InternetBS.net
Site: InternetBS.net
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_internetbs
Options:
INTERNETBS_API_KEY API Key
INTERNETBS_API_PASSWORD API Password
Issues: github.com/acmesh-official/acme.sh/issues/2261
Author: Ne-Lexa <alexey@nelexa.ru>
'
INTERNETBS_API_URL="https://api.internet.bs"

13
dnsapi/dns_inwx.sh
View File

@@ -1,10 +1,13 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_inwx_info='INWX.de
Site: INWX.de
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_inwx
Options:
INWX_User Username
INWX_Password Password
'
#
#INWX_User="username"
#
#INWX_Password="password"
#
# Dependencies:
# -------------
# - oathtool (When using 2 Factor Authentication)

19
dnsapi/dns_ionos.sh
View File

@@ -1,14 +1,13 @@
#!/usr/bin/env sh
# Supports IONOS DNS API v1.0.1
#
# Usage:
# Export IONOS_PREFIX and IONOS_SECRET before calling acme.sh:
#
# $ export IONOS_PREFIX="..."
# $ export IONOS_SECRET="..."
#
# $ acme.sh --issue --dns dns_ionos ...
# shellcheck disable=SC2034
dns_ionos_info='IONOS.de
Site: IONOS.de
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_ionos
Options:
IONOS_PREFIX Prefix
IONOS_SECRET Secret
Issues: github.com/acmesh-official/acme.sh/issues/3379
'
IONOS_API="https://api.hosting.ionos.com/dns"
IONOS_ROUTE_ZONES="/v1/zones"

145
dnsapi/dns_ionos_cloud.sh Normal file
View File

@@ -0,0 +1,145 @@
#!/usr/bin/env sh
# Supports IONOS Cloud DNS API v1.15.4
#
# Usage:
# Export IONOS_TOKEN before calling acme.sh:
# $ export IONOS_TOKEN="..."
#
# $ acme.sh --issue --dns dns_ionos_cloud ...
IONOS_CLOUD_API="https://dns.de-fra.ionos.com"
IONOS_CLOUD_ROUTE_ZONES="/zones"
dns_ionos_cloud_add() {
fulldomain=$1
txtvalue=$2
if ! _ionos_init; then
return 1
fi
_record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1)
_body="{\"properties\":{\"name\":\"$_record_name\", \"type\":\"TXT\", \"content\":\"$txtvalue\"}}"
if _ionos_cloud_rest POST "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records" "$_body" && [ "$_code" = "202" ]; then
_info "TXT record has been created successfully."
return 0
fi
return 1
}
dns_ionos_cloud_rm() {
fulldomain=$1
txtvalue=$2
if ! _ionos_init; then
return 1
fi
if ! _ionos_cloud_get_record "$_zone_id" "$txtvalue" "$fulldomain"; then
_err "Could not find _acme-challenge TXT record."
return 1
fi
if _ionos_cloud_rest DELETE "$IONOS_CLOUD_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ "$_code" = "202" ]; then
_info "TXT record has been deleted successfully."
return 0
fi
return 1
}
_ionos_init() {
IONOS_TOKEN="${IONOS_TOKEN:-$(_readaccountconf_mutable IONOS_TOKEN)}"
if [ -z "$IONOS_TOKEN" ]; then
_err "You didn't specify an IONOS token yet."
_err "Read https://api.ionos.com/docs/authentication/v1/#tag/tokens/operation/tokensGenerate to learn how to get a token."
_err "You need to set it before calling acme.sh:"
_err "\$ export IONOS_TOKEN=\"...\""
_err "\$ acme.sh --issue -d ... --dns dns_ionos_cloud"
return 1
fi
_saveaccountconf_mutable IONOS_TOKEN "$IONOS_TOKEN"
if ! _get_cloud_zone "$fulldomain"; then
_err "Cannot find zone $zone in your IONOS account."
return 1
fi
return 0
}
_get_cloud_zone() {
domain=$1
zone=$(printf "%s" "$domain" | cut -d . -f 2-)
if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES?filter.zoneName=$zone"; then
_response="$(echo "$_response" | tr -d "\n")"
_zone_list_items=$(echo "$_response" | _egrep_o "\"items\":.*")
_zone_id=$(printf "%s\n" "$_zone_list_items" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"')
if [ "$_zone_id" ]; then
return 0
fi
fi
return 1
}
_ionos_cloud_get_record() {
zone_id=$1
txtrecord=$2
# this is to transform the domain to lower case
fulldomain=$(printf "%s" "$3" | _lower_case)
# this is to transform record name to lower case
# IONOS Cloud API transforms all record names to lower case
_record_name=$(printf "%s" "$fulldomain" | cut -d . -f 1 | _lower_case)
if _ionos_cloud_rest GET "$IONOS_CLOUD_ROUTE_ZONES/$zone_id/records"; then
_response="$(echo "$_response" | tr -d "\n")"
pattern="\{\"id\":\"[a-fA-F0-9\-]*\",\"type\":\"record\",\"href\":\"/zones/$zone_id/records/[a-fA-F0-9\-]*\",\"metadata\":\{\"createdDate\":\"[A-Z0-9\:\.\-]*\",\"lastModifiedDate\":\"[A-Z0-9\:\.\-]*\",\"fqdn\":\"$fulldomain\",\"state\":\"AVAILABLE\",\"zoneId\":\"$zone_id\"\},\"properties\":\{\"content\":\"$txtrecord\",\"enabled\":true,\"name\":\"$_record_name\",\"priority\":[0-9]*,\"ttl\":[0-9]*,\"type\":\"TXT\"\}\}"
_record="$(echo "$_response" | _egrep_o "$pattern")"
if [ "$_record" ]; then
_record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"')
return 0
fi
fi
return 1
}
_ionos_cloud_rest() {
method="$1"
route="$2"
data="$3"
export _H1="Authorization: Bearer $IONOS_TOKEN"
# clear headers
: >"$HTTP_HEADER"
if [ "$method" != "GET" ]; then
_response="$(_post "$data" "$IONOS_CLOUD_API$route" "" "$method" "application/json")"
else
_response="$(_get "$IONOS_CLOUD_API$route")"
fi
_code="$(grep "^HTTP" "$HTTP_HEADER" | _tail_n 1 | cut -d " " -f 2 | tr -d "\\r\\n")"
if [ "$?" != "0" ]; then
_err "Error $route: $_response"
return 1
fi
_debug2 "_response" "$_response"
_debug2 "_code" "$_code"
return 0
}

18
dnsapi/dns_ipv64.sh
View File

@@ -1,13 +1,13 @@
#!/usr/bin/env sh
#Created by Roman Lumetsberger, to use ipv64.net's API to add/remove text records
#2022/11/29
# Pass credentials before "acme.sh --issue --dns dns_ipv64 ..."
# --
# export IPv64_Token="aaaaaaaaaaaaaaaaaaaaaaaaaa"
# --
#
# shellcheck disable=SC2034
dns_ipv64_info='IPv64.net
Site: IPv64.net
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_ipv64
Options:
IPv64_Token API Token
Issues: github.com/acmesh-official/acme.sh/issues/4419
Author: Roman Lumetsberger
'
IPv64_API="https://ipv64.net/api"

21
dnsapi/dns_ispconfig.sh
View File

@@ -1,17 +1,20 @@
#!/usr/bin/env sh
# shellcheck disable=SC2034
dns_ispconfig_info='ISPConfig Server API
Site: ISPConfig.org
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_ispconfig
Options:
ISPC_User Remote User
ISPC_Password Remote Password
ISPC_Api API URL. E.g. "https://ispc.domain.tld:8080/remote/json.php"
ISPC_Api_Insecure Insecure TLS. 0: check for cert validity, 1: always accept
'
# ISPConfig 3.1 API
# User must provide login data and URL to the ISPConfig installation incl. port. The remote user in ISPConfig must have access to:
# User must provide login data and URL to the ISPConfig installation incl. port.
# The remote user in ISPConfig must have access to:
# - DNS txt Functions
# Report bugs to https://github.com/sjau/acme.sh
# Values to export:
# export ISPC_User="remoteUser"
# export ISPC_Password="remotePassword"
# export ISPC_Api="https://ispc.domain.tld:8080/remote/json.php"
# export ISPC_Api_Insecure=1 # Set 1 for insecure and 0 for secure -> difference is whether ssl cert is checked for validity (0) or whether it is just accepted (1)
######## Public functions #####################
#Usage: dns_myapi_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"

15
dnsapi/dns_jd.sh
View File

@@ -1,9 +1,14 @@
#!/usr/bin/env sh
#
#JD_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje"
#JD_ACCESS_KEY_SECRET="xxxxxxx"
#JD_REGION="cn-north-1"
# shellcheck disable=SC2034
dns_jd_info='jdcloud.com
Site: jdcloud.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_jd
Options:
JD_ACCESS_KEY_ID Access key ID
JD_ACCESS_KEY_SECRET Access key secret
JD_REGION Region. E.g. "cn-north-1"
Issues: github.com/acmesh-official/acme.sh/issues/2388
'
_JD_ACCOUNT="https://uc.jdcloud.com/account/accesskey"

33
dnsapi/dns_joker.sh
View File

@@ -1,27 +1,14 @@
#!/usr/bin/env sh
# Joker.com API for acme.sh
#
# This script adds the necessary TXT record to a domain in Joker.com.
#
# You must activate Dynamic DNS in Joker.com DNS configuration first.
# Username and password below refer to Dynamic DNS authentication,
# not your Joker.com login credentials.
# See: https://joker.com/faq/content/11/427/en/what-is-dynamic-dns-dyndns.html
#
# NOTE: This script does not support wildcard certificates, because
# Joker.com API does not support adding two TXT records with the same
# subdomain. Adding the second record will overwrite the first one.
# See: https://joker.com/faq/content/6/496/en/let_s-encrypt-support.html
# "... this request will replace all TXT records for the specified
# label by the provided content"
#
# Author: aattww (https://github.com/aattww/)
#
# Report bugs to https://github.com/acmesh-official/acme.sh/issues/2840
#
# JOKER_USERNAME="xxxx"
# JOKER_PASSWORD="xxxx"
# shellcheck disable=SC2034
dns_joker_info='Joker.com
Site: Joker.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_joker
Options:
JOKER_USERNAME Username
JOKER_PASSWORD Password
Issues: github.com/acmesh-official/acme.sh/issues/2840
Author: <https://github.com/aattww/>
'
JOKER_API="https://svc.joker.com/nic/replace"

30
dnsapi/dns_kappernet.sh
View File

@@ -1,13 +1,13 @@
#!/usr/bin/env sh
# kapper.net domain api
# for further questions please contact: support@kapper.net
# please report issues here: https://github.com/acmesh-official/acme.sh/issues/2977
#KAPPERNETDNS_Key="yourKAPPERNETapikey"
#KAPPERNETDNS_Secret="yourKAPPERNETapisecret"
KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret"
# shellcheck disable=SC2034
dns_kappernet_info='kapper.net
Site: kapper.net
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_kappernet
Options:
KAPPERNETDNS_Key API Key
KAPPERNETDNS_Secret API Secret
Issues: github.com/acmesh-official/acme.sh/issues/2977
'
###############################################################################
# called with
@@ -19,10 +19,9 @@ dns_kappernet_add() {
KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}"
KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}"
KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret"
if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then
KAPPERNETDNS_Key=""
KAPPERNETDNS_Secret=""
_err "Please specify your kapper.net api key and secret."
_err "If you have not received yours - send your mail to"
_err "support@kapper.net to get your key and secret."
@@ -41,7 +40,7 @@ dns_kappernet_add() {
_debug _domain "DOMAIN: $_domain"
_info "Trying to add TXT DNS Record"
data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D"
data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%22300%22%2C%22prio%22%3A%22%22%7D"
if _kappernet_api GET "action=new&subject=$_domain&data=$data"; then
if _contains "$response" "{\"OK\":true"; then
@@ -66,10 +65,9 @@ dns_kappernet_rm() {
KAPPERNETDNS_Key="${KAPPERNETDNS_Key:-$(_readaccountconf_mutable KAPPERNETDNS_Key)}"
KAPPERNETDNS_Secret="${KAPPERNETDNS_Secret:-$(_readaccountconf_mutable KAPPERNETDNS_Secret)}"
KAPPERNETDNS_Api="https://dnspanel.kapper.net/API/1.2?APIKey=$KAPPERNETDNS_Key&APISecret=$KAPPERNETDNS_Secret"
if [ -z "$KAPPERNETDNS_Key" ] || [ -z "$KAPPERNETDNS_Secret" ]; then
KAPPERNETDNS_Key=""
KAPPERNETDNS_Secret=""
_err "Please specify your kapper.net api key and secret."
_err "If you have not received yours - send your mail to"
_err "support@kapper.net to get your key and secret."
@@ -81,7 +79,7 @@ dns_kappernet_rm() {
_saveaccountconf_mutable KAPPERNETDNS_Secret "$KAPPERNETDNS_Secret"
_info "Trying to remove the TXT Record: $fullhostname containing $txtvalue"
data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%223600%22%2C%22prio%22%3A%22%22%7D"
data="%7B%22name%22%3A%22$fullhostname%22%2C%22type%22%3A%22TXT%22%2C%22content%22%3A%22$txtvalue%22%2C%22ttl%22%3A%22300%22%2C%22prio%22%3A%22%22%7D"
if _kappernet_api GET "action=del&subject=$fullhostname&data=$data"; then
if _contains "$response" "{\"OK\":true"; then
return 0
@@ -141,7 +139,7 @@ _kappernet_api() {
if [ "$method" = "GET" ]; then
response="$(_get "$url")"
else
_err "Unsupported method"
_err "Unsupported method or missing Secret/Key"
return 1
fi

27
dnsapi/dns_kas.sh
View File

@@ -1,19 +1,16 @@
#!/usr/bin/env sh
########################################################################
# All-inkl Kasserver hook script for acme.sh
#
# Environment variables:
#
# - $KAS_Login (Kasserver API login name)
# - $KAS_Authtype (Kasserver API auth type. Default: plain)
# - $KAS_Authdata (Kasserver API auth data.)
#
# Last update: squared GmbH <github@squaredgmbh.de>
# Credits:
# - dns_he.sh. Thanks a lot man!
# - Martin Kammerlander, Phlegx Systems OG <martin.kammerlander@phlegx.com>
# - Marc-Oliver Lange <git@die-lang.es>
# - https://github.com/o1oo11oo/kasapi.sh
# shellcheck disable=SC2034
dns_kas_info='All-inkl Kas Server
Site: kas.all-inkl.com
Docs: github.com/acmesh-official/acme.sh/wiki/dnsapi2#dns_kas
Options:
KAS_Login API login name
KAS_Authtype API auth type. Default: "plain"
KAS_Authdata API auth data
Issues: github.com/acmesh-official/acme.sh/issues/2715
Author: squared GmbH <github@squaredgmbh.de>, Martin Kammerlander <martin.kammerlander@phlegx.com>, Marc-Oliver Lange <git@die-lang.es>
'
########################################################################
KAS_Api_GET="$(_get "https://kasapi.kasserver.com/soap/wsdl/KasApi.wsdl")"
KAS_Api="$(echo "$KAS_Api_GET" | tr -d ' ' | grep -i "<soap:addresslocation=" | sed "s/='/\n/g" | grep -i "http" | sed "s/'\/>//g")"

Some files were not shown because too many files have changed in this diff Show More