From 175c9decd7189f15f47f8175f2cad9656a4dddcf Mon Sep 17 00:00:00 2001
From: neil <git@byneil.com>
Date: Sat, 30 Jan 2016 21:00:36 +0800
Subject: [PATCH] init dnsapi
---
dnsapi/dns-cf.sh | 139 +++++++++++++++++++++++++++++++++++++++++++++++
le.sh | 61 ++++++++++++++++-----
2 files changed, 187 insertions(+), 13 deletions(-)
create mode 100644 dnsapi/dns-cf.sh
diff --git a/dnsapi/dns-cf.sh b/dnsapi/dns-cf.sh
new file mode 100644
index 00000000..40987a21
--- /dev/null
+++ b/dnsapi/dns-cf.sh
@@ -0,0 +1,139 @@
+#!/bin/bash
+
+
+#
+#CF_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
+#
+#CF_Email="xxxx@sss.com"
+
+
+CF_Api="https://api.cloudflare.com/client/v4/"
+
+#Usage: _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+dns-cf-add() {
+ fulldomain=$1
+ txtvalue=$2
+
+ _info "first detect the root zone"
+ if ! _get_root $fulldomain > /dev/null ; then
+ _err "invalid domain"
+ return 1
+ fi
+
+ _cf_rest GET "/zones/$_domain_id/dns_records?type=TXT&name=$fulldomain"
+
+ if [ "$?" != "0" ] || ! printf $response | grep \"success\":true > /dev/null ; then
+ _err "Error"
+ return 1
+ fi
+
+ count=$(printf $response | grep -o \"count\":[^,]* | cut -d : -f 2)
+
+ if [ "$count" == "0" ] ; then
+ _info "Adding record"
+ if _cf_rest GET "/zones/$_domain_id/dns_records?type=TXT&name=$fulldomain&content=$txtvalue" ; then
+ _info "Added, sleeping 10 seconds"
+ sleep 10
+ return 0
+ fi
+ _err "Add txt record error."
+ else
+ _info "Updating record"
+ record_id=$(printf $response | grep -o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \")
+ _info "record_id" $record_id
+
+ _cf_rest PUT "/zones/$_domain_id/dns_records/$record_id" "{\"id\":\"$record_id\",\"type\":\"TXT\",\"name\":\"$fulldomain\",\"content\":\"$txtvalue\",\"zone_id\":\"$_domain_id\",\"zone_name\":\"$_domain\"}"
+ if [ "$?" == "0" ]; then
+ _info "Updated, sleeping 10 seconds"
+ sleep 10
+ return 0;
+ fi
+ _err "Update error"
+ return 1
+ fi
+
+}
+
+
+#_acme-challenge.www.domain.com
+# _sub_domain=_acme-challenge.www
+# _domain=domain.com
+# _domain_id=sdjkglgdfewsdfg
+_get_root() {
+ domain=$1
+ i=2
+ p=1
+ while [ '1' ] ; do
+ h=$(printf $domain | cut -d . -f $i-100)
+ if [ -z "$h" ] ; then
+ #not valid
+ return 1;
+ fi
+
+ if ! _cf_get "zones?name=$h" ; then
+ return 1
+ fi
+
+ if printf $response | grep \"name\":\"$h\" ; then
+ _domain_id=$(printf $response | grep -o \"id\":\"[^\"]*\" | cut -d : -f 2 | tr -d \")
+ if [ "$_domain_id" ] ; then
+ _sub_domain=$(printf $domain | cut -d . -f 1-$p)
+ _domain=$h
+ return 0
+ fi
+ return 1
+ fi
+ p=$i
+ let "i+=1"
+ done
+ return 1
+}
+
+
+_cf_rest() {
+ m=$1
+ ep="$2"
+ echo $ep
+ if [ "$3" ] ; then
+ data="--data \"$3\""
+ fi
+ response="$(curl --silent -X $m "$CF_Api/$ep" -H "X-Auth-Email: $CF_Email" -H "X-Auth-Key: $CF_Key" -H "Content-Type: application/json" $data)"
+ if [ "$?" != "0" ] ; then
+ echo $error $ep
+ return 1
+ fi
+ echo $response
+ return 0
+}
+
+
+_debug() {
+
+ if [ -z "$DEBUG" ] ; then
+ return
+ fi
+
+ if [ -z "$2" ] ; then
+ echo $1
+ else
+ echo "$1"="$2"
+ fi
+}
+
+_info() {
+ if [ -z "$2" ] ; then
+ echo "$1"
+ else
+ echo "$1"="$2"
+ fi
+}
+
+_err() {
+ if [ -z "$2" ] ; then
+ echo "$1" >&2
+ else
+ echo "$1"="$2" >&2
+ fi
+}
+
+
diff --git a/le.sh b/le.sh
index f90ebe3e..8e70b04f 100755
--- a/le.sh
+++ b/le.sh
@@ -320,7 +320,6 @@ _initpath() {
if [ -z "$CA_CERT_PATH" ] ; then
CA_CERT_PATH="$WORKING_DIR/$domain/ca.cer"
fi
-
}
@@ -619,12 +618,44 @@ issue() {
_debug txt "$txt"
#dns
#1. check use api
- _err "Add the following TXT record:"
- _err "Domain: $txtdomain"
- _err "TXT value: $txt"
- _err "Please be aware that you prepend _acme-challenge. before your domain"
- _err "so the resulting subdomain will be: $txtdomain"
- #dnsadded='1'
+ d_api=""
+ if [ -f "$WORKING_DIR/$d/$Le_Webroot" ] ; then
+ d_api="$WORKING_DIR/$d/$Le_Webroot"
+ elif [ -f "$WORKING_DIR/$d/$Le_Webroot.sh" ] ; then
+ d_api="$WORKING_DIR/$d/$Le_Webroot.sh"
+ elif [ -f "$WORKING_DIR/$Le_Webroot" ] ; then
+ d_api="$WORKING_DIR/$Le_Webroot"
+ elif [ -f "$WORKING_DIR/$Le_Webroot.sh" ] ; then
+ d_api="$WORKING_DIR/$Le_Webroot.sh"
+ fi
+
+ if [ "$d_api" ]; then
+ _info "Found domain api file: $d_api"
+ else
+ _err "Add the following TXT record:"
+ _err "Domain: $txtdomain"
+ _err "TXT value: $txt"
+ _err "Please be aware that you prepend _acme-challenge. before your domain"
+ _err "so the resulting subdomain will be: $txtdomain"
+ continue
+ fi
+
+ if ! source $d_api ; then
+ _err "Load file $d_api error. Please check your api file and try again."
+ return 1
+ fi
+
+ addcommand="$Le_Webroot-add"
+ if ! command -v $addcommand ; then
+ _err "It seems that your api file is not correct, it must have a function named: $Le_Webroot"
+ return 1
+ fi
+
+ if ! $addcommand $txtdomain $txt ; then
+ _err "Error add txt for domain:$txtdomain"
+ return 1
+ fi
+ dnsadded='1'
fi
done
@@ -806,13 +837,17 @@ renew() {
_initpath $Le_Domain
- if [ -f "$DOMAIN_CONF" ] ; then
- source "$DOMAIN_CONF"
- if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then
- _info "Skip, Next renewal time is: $Le_NextRenewTimeStr"
- return 2
- fi
+ if [ ! -f "$DOMAIN_CONF" ] ; then
+ _err "$Le_Domain is not a issued domain, skip."
+ return 1;
fi
+
+ source "$DOMAIN_CONF"
+ if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then
+ _info "Skip, Next renewal time is: $Le_NextRenewTimeStr"
+ return 2
+ fi
+
IS_RENEW="1"
issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd"
IS_RENEW=""