Merge branch 'acmesh-official:master' into master

.github/workflows/FreeBSD.yml

@@ -24,20 +24,23 @@ jobs:
            CA_ECDSA: ""
            CA: ""
            CA_EMAIL: ""
+           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
          - TEST_ACME_Server: "ZeroSSL.com"
            CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
            CA: "ZeroSSL RSA Domain Secure Site CA"
            CA_EMAIL: "githubtest@acme.sh"
-    runs-on: macos-latest
+           TEST_PREFERRED_CHAIN: ""
+    runs-on: macos-10.15
     env:
       TEST_LOCAL: 1
       TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
       CA_ECDSA: ${{ matrix.CA_ECDSA }}
       CA: ${{ matrix.CA }}
       CA_EMAIL: ${{ matrix.CA_EMAIL }}
+      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
     steps:
     - uses: actions/checkout@v2
-    - uses: vmactions/cf-tunnel@v0.0.2
+    - uses: vmactions/cf-tunnel@v0.0.3
       id: tunnel
       with:
         protocol: http
@@ -46,9 +49,9 @@ jobs:
       run: echo "TestingDomain=${{steps.tunnel.outputs.server}}" >> $GITHUB_ENV
     - name: Clone acmetest
       run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
-    - uses: vmactions/freebsd-vm@v0.1.4
+    - uses: vmactions/freebsd-vm@v0.1.5
       with:
-        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL'
+        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN'
         nat: |
           "8080": "80"
         prepare: pkg install -y socat curl

.github/workflows/Linux.yml

@@ -24,6 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     env:
       TEST_LOCAL: 1
+      TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
     steps:
     - uses: actions/checkout@v2
     - name: Clone acmetest

.github/workflows/MacOS.yml

@@ -24,10 +24,12 @@ jobs:
            CA_ECDSA: ""
            CA: ""
            CA_EMAIL: ""
+           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
          - TEST_ACME_Server: "ZeroSSL.com"
            CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
            CA: "ZeroSSL RSA Domain Secure Site CA"
            CA_EMAIL: "githubtest@acme.sh"
+           TEST_PREFERRED_CHAIN: ""
     runs-on: macos-latest
     env:
       TEST_LOCAL: 1
@@ -35,6 +37,7 @@ jobs:
       CA_ECDSA: ${{ matrix.CA_ECDSA }}
       CA: ${{ matrix.CA }}
       CA_EMAIL: ${{ matrix.CA_EMAIL }}
+      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
     steps:
     - uses: actions/checkout@v2
     - name: Install tools

.github/workflows/Solaris.yml

@@ -24,20 +24,23 @@ jobs:
            CA_ECDSA: ""
            CA: ""
            CA_EMAIL: ""
+           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
          - TEST_ACME_Server: "ZeroSSL.com"
            CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
            CA: "ZeroSSL RSA Domain Secure Site CA"
            CA_EMAIL: "githubtest@acme.sh"
-    runs-on: macos-latest
+           TEST_PREFERRED_CHAIN: ""
+    runs-on: macos-10.15
     env:
       TEST_LOCAL: 1
       TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
       CA_ECDSA: ${{ matrix.CA_ECDSA }}
       CA: ${{ matrix.CA }}
       CA_EMAIL: ${{ matrix.CA_EMAIL }}
+      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
     steps:
     - uses: actions/checkout@v2
-    - uses: vmactions/cf-tunnel@v0.0.2
+    - uses: vmactions/cf-tunnel@v0.0.3
       id: tunnel
       with:
         protocol: http
@@ -48,7 +51,7 @@ jobs:
       run: cd .. && git clone https://github.com/acmesh-official/acmetest.git  && cp -r acme.sh acmetest/
     - uses: vmactions/solaris-vm@v0.0.3
       with:
-        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL'
+        envs: 'TEST_LOCAL TestingDomain TEST_ACME_Server CA_ECDSA CA CA_EMAIL TEST_PREFERRED_CHAIN'
         nat: |
           "8080": "80"
         prepare: pkgutil -y -i socat curl

.github/workflows/Ubuntu.yml

@@ -24,10 +24,12 @@ jobs:
            CA_ECDSA: ""
            CA: ""
            CA_EMAIL: ""
+           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
          - TEST_ACME_Server: "ZeroSSL.com"
            CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
            CA: "ZeroSSL RSA Domain Secure Site CA"
            CA_EMAIL: "githubtest@acme.sh"
+           TEST_PREFERRED_CHAIN: ""
 
     runs-on: ubuntu-latest
     env:
@@ -37,6 +39,7 @@ jobs:
       CA: ${{ matrix.CA }}
       CA_EMAIL: ${{ matrix.CA_EMAIL }}
       NO_ECC_384: ${{ matrix.NO_ECC_384 }}
+      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
     steps:
     - uses: actions/checkout@v2
     - name: Install tools

.github/workflows/Windows.yml

@@ -24,10 +24,12 @@ jobs:
            CA_ECDSA: ""
            CA: ""
            CA_EMAIL: ""
+           TEST_PREFERRED_CHAIN: (STAGING) Pretend Pear X1
          - TEST_ACME_Server: "ZeroSSL.com"
            CA_ECDSA: "ZeroSSL ECC Domain Secure Site CA"
            CA: "ZeroSSL RSA Domain Secure Site CA"
            CA_EMAIL: "githubtest@acme.sh"
+           TEST_PREFERRED_CHAIN: ""
     runs-on: windows-latest
     env:
       TEST_ACME_Server: ${{ matrix.TEST_ACME_Server }}
@@ -37,6 +39,7 @@ jobs:
       TEST_LOCAL: 1
       #The 80 port is used by Windows server, we have to use a custom port, tunnel will also use this port.
       Le_HTTPPort: 8888
+      TEST_PREFERRED_CHAIN: ${{ matrix.TEST_PREFERRED_CHAIN }}
     steps:
     - name: Set git to use LF
       run: |
@@ -49,7 +52,7 @@ jobs:
       shell: cmd
     - name: Install cygwin additional packages
       run: |
-          C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git
+          C:\tools\cygwin\cygwinsetup.exe -qgnNdO -R C:/tools/cygwin -s http://mirrors.kernel.org/sourceware/cygwin/ -P socat,curl,cron,unzip,git,xxd
       shell: cmd
     - name: Set ENV
       shell: cmd

acme.sh

@@ -3168,7 +3168,7 @@ _checkConf() {
       for included in $(cat "$2" | tr "\t" " " | grep "^ *include *.*;" | sed "s/include //" | tr -d " ;"); do
         _debug "check included $included"
         if ! _startswith "$included" "/" && _exists dirname; then
-          _relpath="$(dirname "$_c_file")"
+          _relpath="$(dirname "$2")"
           _debug "_relpath" "$_relpath"
           included="$_relpath/$included"
         fi
@@ -4222,12 +4222,6 @@ issue() {
     return 1
   fi
 
-  _debug "Using ACME_DIRECTORY: $ACME_DIRECTORY"
-
-  if ! _initAPI; then
-    return 1
-  fi
-
   if [ -f "$DOMAIN_CONF" ]; then
     Le_NextRenewTime=$(_readdomainconf Le_NextRenewTime)
     _debug Le_NextRenewTime "$Le_NextRenewTime"
@@ -4247,6 +4241,11 @@ issue() {
     fi
   fi
 
+  _debug "Using ACME_DIRECTORY: $ACME_DIRECTORY"
+  if ! _initAPI; then
+    return 1
+  fi
+
   _savedomainconf "Le_Domain" "$_main_domain"
   _savedomainconf "Le_Alt" "$_alt_domains"
   _savedomainconf "Le_Webroot" "$_web_roots"
@@ -5131,7 +5130,6 @@ renew() {
     CA_CONF=""
     _debug3 "initpath again."
     _initpath "$Le_Domain" "$_isEcc"
-    _initAPI
   fi
 
   if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(_time)" -lt "$Le_NextRenewTime" ]; then

dnsapi/dns_cpanel.sh

@@ -0,0 +1,159 @@
+#!/usr/bin/env sh
+#
+#Author: Bjarne Saltbaek
+#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732
+#
+#
+########  Public functions #####################
+#
+# Export CPANEL username,api token and hostname in the following variables
+#
+# cPanel_Username=username
+# cPanel_Apitoken=apitoken
+# cPanel_Hostname=hostname
+#
+# Usage: add   _acme-challenge.www.domain.com   "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs"
+# Used to add txt record
+dns_cpanel_add() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Adding TXT record to cPanel based system"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+  _debug cPanel_Username "$cPanel_Username"
+  _debug cPanel_Apitoken "$cPanel_Apitoken"
+  _debug cPanel_Hostname "$cPanel_Hostname"
+
+  if ! _cpanel_login; then
+    _err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file"
+    return 1
+  fi
+
+  _debug "First detect the root zone"
+  if ! _get_root "$fulldomain"; then
+    _err "No matching root domain for $fulldomain found"
+    return 1
+  fi
+  # adding entry
+  _info "Adding the entry"
+  stripped_fulldomain=$(echo "$fulldomain" | sed "s/.$_domain//")
+  _debug "Adding $stripped_fulldomain to $_domain zone"
+  _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=add_zone_record&domain=$_domain&name=$stripped_fulldomain&type=TXT&txtdata=$txtvalue&ttl=1"
+  if _successful_update; then return 0; fi
+  _err "Couldn't create entry!"
+  return 1
+}
+
+# Usage: fulldomain txtvalue
+# Used to remove the txt record after validation
+dns_cpanel_rm() {
+  fulldomain=$1
+  txtvalue=$2
+
+  _info "Using cPanel based system"
+  _debug fulldomain "$fulldomain"
+  _debug txtvalue "$txtvalue"
+
+  if ! _cpanel_login; then
+    _err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file"
+    return 1
+  fi
+
+  if ! _get_root; then
+    _err "No matching root domain for $fulldomain found"
+    return 1
+  fi
+
+  _findentry "$fulldomain" "$txtvalue"
+  if [ -z "$_id" ]; then
+    _info "Entry doesn't exist, nothing to delete"
+    return 0
+  fi
+  _debug "Deleting record..."
+  _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=remove_zone_record&domain=$_domain&line=$_id"
+  # removing entry
+  _debug "_result is: $_result"
+
+  if _successful_update; then return 0; fi
+  _err "Couldn't delete entry!"
+  return 1
+}
+
+####################  Private functions below ##################################
+
+_checkcredentials() {
+  cPanel_Username="${cPanel_Username:-$(_readaccountconf_mutable cPanel_Username)}"
+  cPanel_Apitoken="${cPanel_Apitoken:-$(_readaccountconf_mutable cPanel_Apitoken)}"
+  cPanel_Hostname="${cPanel_Hostname:-$(_readaccountconf_mutable cPanel_Hostname)}"
+
+  if [ -z "$cPanel_Username" ] || [ -z "$cPanel_Apitoken" ] || [ -z "$cPanel_Hostname" ]; then
+    cPanel_Username=""
+    cPanel_Apitoken=""
+    cPanel_Hostname=""
+    _err "You haven't specified cPanel username, apitoken and hostname yet."
+    _err "Please add credentials and try again."
+    return 1
+  fi
+  #save the credentials to the account conf file.
+  _saveaccountconf_mutable cPanel_Username "$cPanel_Username"
+  _saveaccountconf_mutable cPanel_Apitoken "$cPanel_Apitoken"
+  _saveaccountconf_mutable cPanel_Hostname "$cPanel_Hostname"
+  return 0
+}
+
+_cpanel_login() {
+  if ! _checkcredentials; then return 1; fi
+
+  if ! _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=CustInfo&cpanel_jsonapi_func=displaycontactinfo"; then
+    _err "cPanel login failed for user $cPanel_Username."
+    return 1
+  fi
+  return 0
+}
+
+_myget() {
+  #Adds auth header to request
+  export _H1="Authorization: cpanel $cPanel_Username:$cPanel_Apitoken"
+  _result=$(_get "$cPanel_Hostname/$1")
+}
+
+_get_root() {
+  _myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones'
+  _domains=$(echo "$_result" | sed 's/.*\(zones.*\[\).*/\1/' | cut -d':' -f2 | sed 's/"//g' | sed 's/{//g')
+  _debug "_result is: $_result"
+  _debug "_domains is: $_domains"
+  if [ -z "$_domains" ]; then
+    _err "Primary domain list not found!"
+    return 1
+  fi
+  for _domain in $_domains; do
+    _debug "Checking if $fulldomain ends with $_domain"
+    if (_endswith "$fulldomain" "$_domain"); then
+      _debug "Root domain: $_domain"
+      return 0
+    fi
+  done
+  return 1
+}
+
+_successful_update() {
+  if (echo "$_result" | grep -q 'newserial'); then return 0; fi
+  return 1
+}
+
+_findentry() {
+  _debug "In _findentry"
+  #returns id of dns entry, if it exists
+  _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain"
+  _id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain.*$txtvalue\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1)
+  _debug "_result is: $_result"
+  _debug "fulldomain. is $fulldomain."
+  _debug "txtvalue is $txtvalue"
+  _debug "_id is: $_id"
+  if [ -n "$_id" ]; then
+    _debug "Entry found with _id=$_id"
+    return 0
+  fi
+  return 1
+}